$type = "updateEmail"; } elseif ($_GET['i'] == 3) { $linkTo = "../article/createarticle.php"; $type = "createArticle"; } elseif ($_GET['i'] == 4 && isset($_GET['a'])) { $articleID = trim(htmlentities($_GET['a'], ENT_QUOTES, "UTF-8")); $_SESSION['articleID'] = $articleID; $linkTo = "../order/orderarticle.php"; $type = "order"; } else { header("Location: ../../404.php"); exit; } $deleteOldToken = $GLOBALS['DB']->query("DELETE FROM securitytoken WHERE userID = '" . $_SESSION['userID'] . "' "); $log = new System\Login(1); $security = new System\Security(); $access = $security->askPassword($_SESSION['userID']); if ($access[0]) { $_SESSION['securityToken'] = System\Helper::generateRandomToken(); $userID = $_SESSION['userID']; $securityToken = $_SESSION['securityToken']; $time = time(); $writeToken = $GLOBALS['DB']->query("INSERT INTO securitytoken (userID, securityToken, type, time) VALUES ('{$userID}', '{$securityToken}', '{$type}', '{$time}') "); if ($writeToken == true) { header("Location: {$linkTo}"); exit; } } else { $info = $access[1]; } System\HTML::printHead();
$email = $GLOBALS['DB']->escapeString($email); $code = md5($email . time() . System\Helper::generateRandomToken()); $time = time(); $result = $GLOBALS['DB']->query("INSERT INTO emailverification (email, verificationCode, time) VALUES ('{$email}', '{$code}', '{$time}') "); $link = "http://www.crollect.de/scripts/user/activateemail.php?e=" . $email . "&c=" . $code; $subject = "Ihre Bestätigungsmail"; $message = "Sie brauchen nur noch ihre E-Mail Adresse zu bestätigen. Klicken Sie hierzu bitte auf den folgenden Link: " . $link; $from = "From: crollect <*****@*****.**>"; $mailsended = mail($email, $subject, $message, $from); if ($mailsended == true) { return true; } else { return false; } } $security = new System\Security(); if ($security->verifySecToken($_SESSION['securityToken'], $_SESSION['userID'], "updateEmail")) { $helper = new System\Helper(); $oldEmail = $helper->getUserInfo($_SESSION['userID'], "email"); if (isset($_POST['updateEmail'])) { if (!empty($_POST['email']) && !empty($_POST['email2'])) { if ($_POST['email'] == $_POST['email2']) { $email = trim(htmlentities($_POST['email'], ENT_QUOTES, "UTF-8")); $email = $GLOBALS['DB']->escapeString($email); if (emailExist($email)) { $info = "Diese Emailadresse existiert bereits."; } else { $userID = $_SESSION['userID']; $time = time(); $writeInUpdated = $GLOBALS['DB']->query("INSERT INTO updateddata (userID, oldData, time) VALUES ('{$userID}', '{$oldEmail}', '{$time}') "); if ($writeInUpdated == false) {
<?php require_once "../../common.php"; require_once "../classes/class.Order.php"; $log = new System\Login(1); //ArticleID überhaupt da? if (isset($_SESSION['articleID'])) { $articleID = trim(htmlentities($_SESSION['articleID'], ENT_QUOTES, "UTF-8")); } else { die; } //Nur wenn vorher ein richtiges Password im Securitybereich einegeben wurde $security = new System\Security(); if ($security->verifySecToken($_SESSION['securityToken'], $_SESSION['userID'], "order")) { $order = new Order(); $order->sendOrder($articleID); System\HTML::printHead(); System\HTML::printHeader(); $adress = new System\Helper(); if ($adress->getUserInfo($_SESSION['userID'], "street") == "") { echo "<div class='container' style='margin-bottom: 250px;'>"; echo "<div class='row'>"; echo "<div class='span12' style='margin-bottom:12px;'>"; echo "<img id='lockimg' src='../../images/adress.png'>"; echo "<p style='padding-top: 30px;'>Hinterlegen Sie bitte ihre <strong>Adresse.</strong><br>"; echo "Ohne eine Adresse können Sie auf crollect keine Bestellungen tätigen.</p>"; echo "<a style='margin-left:5px;' href='../user/updateaddress.php' class='btn btn-primary'>Adresse eingeben</a>"; echo "</div>"; echo "</div>"; echo "</div>"; System\HTML::printFooter();
<?php require_once "../../common.php"; require_once "../classes/class.Article.php"; $log = new System\Login(1); $security = new System\Security(); if ($security->verifySecToken($_SESSION['securityToken'], $_SESSION['userID'], "createArticle")) { $article = new Article(); $article->saveArticle($_SESSION['userID']); System\HTML::printHead(); System\HTML::printHeader(); $user = new System\Helper(); $verifiedAccount = $user->getUserInfo($_SESSION['userID'], "verifiedAccount"); if ($verifiedAccount == 1) { echo "<div class='container' style='margin-bottom: 250px;'>"; echo "<div class='row'>"; echo "<div class='span12' style='margin-bottom:12px;'>"; echo "<img id='lockimg' src='../../images/lock.png'>"; echo "<p style='padding-top: 30px;'>Sie müssen sich <strong>identifizieren</strong><br>"; echo "um eine Aktion starten zu können.</p>"; echo "<a style='margin-left:5px;' href='../account/identverify.php' class='btn btn-primary'>Jetzt identifizieren</a>"; echo "</div>"; echo "</div>"; echo "</div>"; System\HTML::printFooter(); System\HTML::printFoot(); exit; } ?> <div role="main" class="main">