public function showMessage($messageID) { $messageID = trim(htmlentities($messageID, ENT_QUOTES, "UTF-8")); $messageID = $GLOBALS['DB']->escapeString($messageID); $message = $GLOBALS['DB']->query("SELECT * FROM messages WHERE messageID = '{$messageID}' "); //Prüfung nachui ob überhaupt berechtigt zu lesen if ($message[0]['toUser'] != $_SESSION['userID']) { die("Sie sind nicht berechtigt diese Nachricht zu lesen."); } //INfo vlei entfernen die bleibt aber echo "<a href='showallmessages.php'>Zurück zur Übersicht</a> "; echo "<a href='showallmessages.php?d={$messageID}'>Nachricht löschen</a><br /><br />"; $fromUser = new System\Helper(); echo $message[0]['subject'] . "<br />"; echo "von " . $fromUser->getUserInfo($message[0]['fromUser'], "firstName") . " " . $fromUser->getUserInfo($message[0]['fromUser'], "name"); echo " vom " . date("d.m.Y H:i", $message[0]['time']) . "<br /><br />"; echo nl2br($message[0]['message']); echo "<br /><br />"; echo "Antworten: <br />"; $this->printSendMessageForm($message[0]['fromUser'], true); //Gesehen $updateOpened = $GLOBALS['DB']->query("UPDATE messages SET opened = '2' WHERE messageID = '{$messageID}' "); }
<?php require_once "../../common.php"; require_once "../classes/class.Follow.php"; require_once "../classes/class.Order.php"; $log = new System\Login(1); $follow = new Follow(); $sales = new Order(); System\HTML::printHead(); System\HTML::printHeader(); $userID = trim(htmlentities($_SESSION['userID'], ENT_QUOTES, "UTF-8")); $userID = $GLOBALS['DB']->escapeString($userID); $user = new System\Helper(); $firstName = $user->getUserInfo($userID, "firstName"); ?> <div role="main" class="main"> <section class="page-top"> <div class="container"> <div class="row"> <div class="span12"> <ul class="breadcrumb"> <li><a href="../../index.php">Startseite</a> <span class="divider">/</span></li> <li class="active">Mein Account</li> </ul> </div> </div> <div class="row"> <div class="span12"> <h2>Hallo <?php
public function updateComment($commentID, $target) { if (isset($_POST['sendComment'])) { if (empty($_POST['name'])) { $getName = new System\Helper(); $name = $getName->getUserInfo($_POST['userID'], "firstName") . " " . $getName->getUserInfo($_POST['userID'], "name"); } else { $name = trim(htmlentities($_POST['name'], ENT_QUOTES, "UTF-8")); } $comment = trim(htmlentities($_POST['comment'], ENT_QUOTES, "UTF-8")); $commentID = $GLOBALS['DB']->escapeString($commentID); $name = $GLOBALS['DB']->escapeString($name); $comment = $GLOBALS['DB']->escapeString($comment); $time = time(); $query = "UPDATE comments SET name = '{$name}', comment = '{$comment}', time = '{$time}' WHERE commentID = '{$commentID}' "; $write = $GLOBALS['DB']->query($query); if ($write == true) { header("Location: {$target}"); exit; } } }
$log = new System\Login(1); //ArticleID überhaupt da? if (isset($_SESSION['articleID'])) { $articleID = trim(htmlentities($_SESSION['articleID'], ENT_QUOTES, "UTF-8")); } else { die; } //Nur wenn vorher ein richtiges Password im Securitybereich einegeben wurde $security = new System\Security(); if ($security->verifySecToken($_SESSION['securityToken'], $_SESSION['userID'], "order")) { $order = new Order(); $order->sendOrder($articleID); System\HTML::printHead(); System\HTML::printHeader(); $adress = new System\Helper(); if ($adress->getUserInfo($_SESSION['userID'], "street") == "") { echo "<div class='container' style='margin-bottom: 250px;'>"; echo "<div class='row'>"; echo "<div class='span12' style='margin-bottom:12px;'>"; echo "<img id='lockimg' src='../../images/adress.png'>"; echo "<p style='padding-top: 30px;'>Hinterlegen Sie bitte ihre <strong>Adresse.</strong><br>"; echo "Ohne eine Adresse können Sie auf crollect keine Bestellungen tätigen.</p>"; echo "<a style='margin-left:5px;' href='../user/updateaddress.php' class='btn btn-primary'>Adresse eingeben</a>"; echo "</div>"; echo "</div>"; echo "</div>"; System\HTML::printFooter(); System\HTML::printFoot(); exit; } ?>
$result = $GLOBALS['DB']->query("INSERT INTO emailverification (email, verificationCode, time) VALUES ('{$email}', '{$code}', '{$time}') "); $link = "http://www.crollect.de/scripts/user/activateemail.php?e=" . $email . "&c=" . $code; $subject = "Ihre Bestätigungsmail"; $message = "Sie brauchen nur noch ihre E-Mail Adresse zu bestätigen. Klicken Sie hierzu bitte auf den folgenden Link: " . $link; $from = "From: crollect <*****@*****.**>"; $mailsended = mail($email, $subject, $message, $from); if ($mailsended == true) { return true; } else { return false; } } $security = new System\Security(); if ($security->verifySecToken($_SESSION['securityToken'], $_SESSION['userID'], "updateEmail")) { $helper = new System\Helper(); $oldEmail = $helper->getUserInfo($_SESSION['userID'], "email"); if (isset($_POST['updateEmail'])) { if (!empty($_POST['email']) && !empty($_POST['email2'])) { if ($_POST['email'] == $_POST['email2']) { $email = trim(htmlentities($_POST['email'], ENT_QUOTES, "UTF-8")); $email = $GLOBALS['DB']->escapeString($email); if (emailExist($email)) { $info = "Diese Emailadresse existiert bereits."; } else { $userID = $_SESSION['userID']; $time = time(); $writeInUpdated = $GLOBALS['DB']->query("INSERT INTO updateddata (userID, oldData, time) VALUES ('{$userID}', '{$oldEmail}', '{$time}') "); if ($writeInUpdated == false) { die('Etwas ist schiefgelaufen, versuchen sie es bitte später erneut.'); } $write = $GLOBALS['DB']->query("UPDATE user SET email = '{$email}', verifiedEmail = '1' WHERE email = '{$oldEmail}' ");
$get = $GLOBALS['DB']->query("SELECT adminsession FROM adminsession WHERE adminID = '" . $_SESSION['adminID'] . "' "); if (empty($get)) { die('Sie haben keine Berechtigung'); } } else { echo "<a href='admin.php'>Einloggen</a>"; die; } echo "<a href='logout.php'>Logout</a><br /><br />"; $verify = $GLOBALS['DB']->query("SELECT * FROM verifypersonaldata LIMIT 1"); if (empty($verify)) { die("Alle verifiziert."); } echo "<div style='float:left;'><img src='openimg.php?img=" . $verify[0]['IDfile'] . "' height='400' width='600'></div>"; $user = new System\Helper(); $data = $user->getUserInfo($verify[0]['userID']); echo '<div style="float:left; margin-left: 70px;">'; echo "PassportID: <br>"; echo $verify[0]['passportID'] . "<br />"; echo "Name: <br />"; echo $data[0]['firstName'] . " " . $data[0]['name'] . "<br />"; echo "Strasse: <br />"; echo $data[0]['street'] . "<br />"; echo "PLZ und Stadt: <br />"; echo $data[0]['zipCode'] . " " . $data[0]['city'] . "<br />"; echo "Deutschland: <br />"; echo $data[0]['country']; echo "</div>"; ?> <br> <form action="" method="post">
<?php require_once "../../common.php"; require_once "../classes/class.Article.php"; $log = new System\Login(1); $security = new System\Security(); if ($security->verifySecToken($_SESSION['securityToken'], $_SESSION['userID'], "createArticle")) { $article = new Article(); $article->saveArticle($_SESSION['userID']); System\HTML::printHead(); System\HTML::printHeader(); $user = new System\Helper(); $verifiedAccount = $user->getUserInfo($_SESSION['userID'], "verifiedAccount"); if ($verifiedAccount == 1) { echo "<div class='container' style='margin-bottom: 250px;'>"; echo "<div class='row'>"; echo "<div class='span12' style='margin-bottom:12px;'>"; echo "<img id='lockimg' src='../../images/lock.png'>"; echo "<p style='padding-top: 30px;'>Sie müssen sich <strong>identifizieren</strong><br>"; echo "um eine Aktion starten zu können.</p>"; echo "<a style='margin-left:5px;' href='../account/identverify.php' class='btn btn-primary'>Jetzt identifizieren</a>"; echo "</div>"; echo "</div>"; echo "</div>"; System\HTML::printFooter(); System\HTML::printFoot(); exit; } ?> <div role="main" class="main">
public function printOrderForm($articleID) { echo '<script src="' . PROJECT_HTTP_ROOT . '/extLibs/jquery/jquery-1.10.2.min.js"></script>'; echo '<script src="' . PROJECT_HTTP_ROOT . '/extLibs/jquery/jquery.form.js"></script>'; //UserAdresse echo "<strong>Lieferadresse</strong> <br />"; $userData = new System\Helper(); $user = $userData->getUserInfo($_SESSION['userID']); echo $user[0]['firstName'] . " " . $user[0]['name'] . "<br />"; echo $user[0]['street'] . "<br />"; echo $user[0]['zipCode'] . " " . $user[0]['city'] . "<br />"; echo $user[0]['country'] . "<br /><br />"; //Article Daten $articleData = $GLOBALS['DB']->query("SELECT headline, pricePerUnit, shipping, payment, shippingcountries, amount2, price2, purchases\r\n FROM article WHERE articleID = '{$articleID}' "); $price = $articleData[0]['pricePerUnit']; $shipping = $articleData[0]['shipping']; $payment = $articleData[0]['payment']; $payment = explode(", ", $payment); $shippingcountries = $articleData[0]['shippingcountries']; if (strlen($articleData[0]['headline']) > 20) { $articleData[0]['headline'] = substr($articleData[0]['headline'], 0, 15) . "..."; } if ($shippingcountries == "Germany" && $user[0]['country'] == $shippingcountries || $shippingcountries == "worldwide") { echo "<div id='ordersum'>"; echo "<strong>Bestellung</strong><br>"; echo $articleData[0]['headline'] . "<br>"; echo "Preis <strong>max. " . $price . " € </strong> <br>"; echo "Versandkosten " . $shipping . "€ <br><br>"; echo "<form action='' method='post'>"; echo "<strong>Anzahl</strong> <br />"; echo "<input type='text' id='amount' name='amount' value='1' style='width:32px;'><br><br>"; if ($articleData[0]['payment'] != "not specified") { echo "<strong>Zahlungsmethode </strong> <br>"; $payments = explode(",", $articleData[0]['payment']); foreach ($payments as $payment) { $payment = trim($payment); if ($payment == "prepayment") { echo "<input type='radio' name='payment' value='{$payment}'><img class='payimg' src='../../images/payments/moneyorder.png' alt='Vorüberweisung' >"; } if ($payment == "sofort") { echo "<input type='radio' name='payment' value='{$payment}'><img class='payimg' src='../../images/payments/sofortueberweisung.png' alt='sofort' >"; } if ($payment == "paypal") { echo "<input type='radio' name='payment' value='{$payment}'><img class='payimg' src='../../images/payments/paypal.png' alt='paypal' >"; } if ($payment == "creditcard") { echo "<input type='radio' name='payment' value='{$payment}'>"; echo "<img class='payimg' src='../../images/payments/mastercard.png' alt='Kreditkarten'>"; echo "<img class='payimg' src='../../images/payments/visa.png' alt='Kreditkarten'>"; echo "<img class='payimg' src='../../images/payments/diners-club.png' alt='Kreditkarten'>"; echo "<img class='payimgamx' src='../../images/payments/amex.png' alt='AMEX' height='30' width='50'>"; } } echo "<br>"; } echo "<br>"; echo "<strong>Notiz</strong> <br> <textarea name='note' rows='3'></textarea>"; echo "<br><br>"; echo "<p id='ordprice'><strong>Gesamtpreis max.</strong> " . number_format($price + $shipping, 2, ',', '') . "€ (Versand inkl.)</p>"; echo "<input type='submit' name='order' class='btn btn-success' value='Bestellen' style='margin-top:5px; width:220px'> "; echo "<br><br><p>Mit der Betätigung des Bestellenbuttons erklären <br> Sie nochmals mit unseren <a href='../../staticpages/agb.php'>AGB</a> einverstanden.</p>"; echo "</form>"; echo "</div>"; } else { echo "<div id='ordersum'>"; echo "<strong>Der Versand erfolgt nur innerhalb Deutschlands. <br> <a href='../article/showarticle.php?a={$articleID}'>zurück zu Artikel</a></strong>"; echo "</div>"; } ?> <script type="text/javascript"> $('#amount').keyup(function(){ amount = $('#amount').val(); price = <?php echo $price; ?> ; shipping = <?php echo $shipping; ?> ; if(amount != "") { fullPrice = amount*price+shipping; $('#ordprice').html("<strong>Gesamtpreis max.</strong> "+fullPrice.toFixed(2)+" € (Versand inkl.)"); } }); </script> <?php }
<div class="row"> <div class="span4"> <?php $files = new ArticleFiles(); $files->showPics($articleID); ?> </div> <div class="span4" style="margin-left:0;"> <div id="headlinediv"> <h2 id="headline"><?php echo $articleData[0]['headline']; ?> </h2> von <?php echo $owner->getUserInfo($articleData[0]['userID'], "firstName") . " " . $owner->getUserInfo($articleData[0]['userID'], "name"); ?> </div> <div id="price"> <?php //Wenn UVP angeben, sonst nur Preis if ($articleData[0]['listPrice'] != 0) { echo "UVP: <s>" . $articleData[0]['listPrice'] . " € </s><br>"; echo "<h3 style='display: inline;'><span style='text-transform:lowercase;'>max.</span> € " . $articleData[0]['pricePerUnit'] . "</h3> <br>"; $save = $articleData[0]['listPrice'] - $articleData[0]['pricePerUnit']; $rebate = $save / ($articleData[0]['listPrice'] / 100); echo "Ersparnis: {$save} € <br>"; echo "<strong>" . round($rebate, 2) . " % Rabatt</strong><br>"; } else { echo "<h3 style='display: inline;'><span style='text-transform:lowercase;'>max.</span> € " . $articleData[0]['pricePerUnit'] . "</h3> <br>";