function makeVerificationCode($email) { $email = $GLOBALS['DB']->escapeString($email); $code = md5($email . time() . System\Helper::generateRandomToken()); $time = time(); $result = $GLOBALS['DB']->query("INSERT INTO emailverification (email, verificationCode, time) VALUES ('{$email}', '{$code}', '{$time}') "); $link = "http://www.crollect.de/scripts/user/activateemail.php?e=" . $email . "&c=" . $code; $subject = "Ihre Bestätigungsmail"; $message = "Sie brauchen nur noch ihre E-Mail Adresse zu bestätigen. Klicken Sie hierzu bitte auf den folgenden Link: " . $link; $from = "From: crollect <*****@*****.**>"; $mailsended = mail($email, $subject, $message, $from); if ($mailsended == true) { return true; } else { return false; } }
function makeVerificationCode($email) { $email = $GLOBALS['DB']->escapeString($email); $code = md5($email . time() . System\Helper::generateRandomToken()); $time = time(); $result = $GLOBALS['DB']->query("INSERT INTO emailverification (email, verificationCode, time) VALUES ('{$email}', '{$code}', '{$time}') "); $link = "http://crollect.vladempire.de/scripts/user/activateemail.php?e=" . $email . "&c=" . $code; $subject = "Ihre Bestätigungsmail"; $message = "Wir freuen uns sehr über ihre Anmeldung. Sie brauchen nur noch ihre E-Mail Adresse zu bestätigen. Klicken Sie hierzu bitte auf den folgenden Link oder kopieren Sie\r\n ihn in die Browserleiste falls der Link nicht richtig dargestellt wird: <a href='" . $link . "'>" . $link . "</a>"; $header = "From: crollect ***\n"; $header .= "Reply-To: ***\n"; $header .= "Content-Type: text/html; charset=utf-8 \n"; $mailsended = mail($email, $subject, $message, $header); if ($mailsended == true) { return true; } else { return false; } }
public function sendCodeNewPassword() { ?> <form action="" method="post"> <div class="row" style="margin-left:80px;"> <div class="span6"> <input type="text" name="login" size="30" maxLength="100" placeholder="Emailadresse"> </div> </div> <div class="row" style="margin-left:80px;"> <div class="span6"> <input type="submit" class="btn btn-primary" style="width:220px;" name="send" value="Senden"> </div> </div> </form> <?php if (isset($_POST['send'])) { $email = trim(htmlentities($_POST['login'], ENT_QUOTES, "UTF-8")); $email = $GLOBALS['DB']->escapeString($email); if ($this->emailExist($email)) { $code = md5($email . time() . System\Helper::generateRandomToken()); $time = time(); $codeExist = $GLOBALS['DB']->query("SELECT * FROM newpasswordcode WHERE email = '{$email}' ", true); if ($codeExist->num_rows > 0) { $GLOBALS['DB']->query("DELETE FROM newpasswordcode WHERE email = '{$email}' "); } $result = $GLOBALS['DB']->query("INSERT INTO newpasswordcode (email, newPasswordCode, time) VALUES ('{$email}', '{$code}', '{$time}') "); $link = "http://***/scripts/regpassword.php?e=" . $email . "&c=" . $code; $subject = "Ihr neues Passwort"; $message = "Klicken Sie auf den Link um ihr Passwort wieder her zu stellen oder kopieren Sie den Link in den Browser: " . $link; $header = "From: crollect <***>\n"; $header .= "Reply-To: ***\n"; $header .= "Content-Type: text/html; charset=utf-8 \n"; $mailsended = mail($email, $subject, $message, $header); if ($mailsended == true) { $this->info = "Eine Email wurde an Sie verschickt. Der Code zur Passwortweiderherstellung ist 24 Stunden gültig."; } else { $this->info = "Etwas ist schief gelaufen"; } } else { $this->info = "Diese Emailadresse exisitert nicht."; } } }
$type = "createArticle"; } elseif ($_GET['i'] == 4 && isset($_GET['a'])) { $articleID = trim(htmlentities($_GET['a'], ENT_QUOTES, "UTF-8")); $_SESSION['articleID'] = $articleID; $linkTo = "../order/orderarticle.php"; $type = "order"; } else { header("Location: ../../404.php"); exit; } $deleteOldToken = $GLOBALS['DB']->query("DELETE FROM securitytoken WHERE userID = '" . $_SESSION['userID'] . "' "); $log = new System\Login(1); $security = new System\Security(); $access = $security->askPassword($_SESSION['userID']); if ($access[0]) { $_SESSION['securityToken'] = System\Helper::generateRandomToken(); $userID = $_SESSION['userID']; $securityToken = $_SESSION['securityToken']; $time = time(); $writeToken = $GLOBALS['DB']->query("INSERT INTO securitytoken (userID, securityToken, type, time) VALUES ('{$userID}', '{$securityToken}', '{$type}', '{$time}') "); if ($writeToken == true) { header("Location: {$linkTo}"); exit; } } else { $info = $access[1]; } System\HTML::printHead(); System\HTML::printHeader(); ?>
public function showBuyer($articleID) { $articleID = trim(htmlentities($articleID, ENT_QUOTES, "UTF-8")); $articleID = $GLOBALS['DB']->escapeString($articleID); $sales = $GLOBALS['DB']->query("SELECT userID, headline, runtime, purchases, paid FROM article WHERE articleID = '{$articleID}' "); // Überhaupt berechtigt? if ($sales[0]['userID'] == $_SESSION['userID']) { if ($sales[0]['runtime'] > time()) { $buyers = $GLOBALS['DB']->query("SELECT userID, amount, fullPrice FROM articleorder WHERE articleID = '{$articleID}' "); echo "<table class='table'>"; echo "<tr><th>Email</th><th>Name</th><th>Gesamtbetrag in €</th><th>Einheiten</th></tr>"; foreach ($buyers as $key => $buyer) { $buyerData = $GLOBALS['DB']->query("SELECT email, name, firstName FROM user WHERE userID = '" . $buyer['userID'] . "' "); $email = substr($buyerData[0]['email'], 0, 4) . "***** "; $price = number_format($buyer['fullPrice'], 2, '.', ''); echo "<td>" . $email . "</td>"; echo "<td>" . $buyerData[0]['firstName'] . " " . $buyerData[0]['name'] . "</td>"; echo "<td>" . $price . "</td>"; echo "<td>" . $buyer['amount'] . "</td>"; } echo "</table>"; } else { if ($sales[0]['paid'] == 2) { $_SESSION['securityToken'] = System\Helper::generateRandomToken(); $_SESSION['articleID'] = $articleID; $userID = $_SESSION['userID']; $securityToken = $_SESSION['securityToken']; $time = time(); $writeToken = $GLOBALS['DB']->query("INSERT INTO securitytoken (userID, securityToken, type, time) \r\n VALUES ('{$userID}', '{$securityToken}', 'list', '{$time}') "); //zur PDF Datei echo "<a class='btn btn-success' style='float:right;' href='" . PROJECT_HTTP_ROOT . "/scripts/order/orderlist.php'><i class='icon-file'></i> PDF</a>"; echo "<h3>" . $sales[0]['headline'] . "</h3>"; echo "<table class='table'>"; echo "<tr><th>Email</th><th>Versandadresse</th><th>Gesamtbetrag in €</th><th>Einheiten</th><th>Nachricht</th></tr>"; $buyers = $GLOBALS['DB']->query("SELECT userID, amount, fullPrice FROM articleorder WHERE articleID = '{$articleID}' "); foreach ($buyers as $key => $buyer) { $buyerData = $GLOBALS['DB']->query("SELECT * FROM user WHERE userID = '" . $buyer['userID'] . "' "); $price = number_format($buyer['fullPrice'], 2, '.', ''); echo "<td>" . $buyerData[0]['email'] . "</td>"; echo "<td>" . $buyerData[0]['firstName'] . " " . $buyerData[0]['name'] . "<br>" . $buyerData[0]['street'] . "<br>" . $buyerData[0]['zipCode'] . "<br>" . $buyerData[0]['city'] . "<br>" . $buyerData[0]['country'] . "</td>"; echo "<td>" . $price . "</td>"; echo "<td>" . $buyer['amount'] . "</td>"; echo "<td><a href='../messages/sendmessage.php?a=" . $articleID . "&u=" . $buyer['userID'] . "'><i class='icon-envelope'></i> Nachricht senden</a></td>"; } echo "</table>"; $this->printPayInfoForm(); } else { echo "<p style='text-align:center;'><strong>Die Aktion ist beendet.</strong> Gleichen Sie bitte ihren Kontostand aus um \r\n die Käuferdaten zu erhalten und um die Käufer zu kontaktieren.<p><br>"; echo "<a style='margin-left:40%' class='btn btn-success' href='../account/accountbalance.php'>Konto ausgleichen</a>"; } } } else { die("Sie sind nicht berechtigt diese Seite zu betreten."); } }