Esempio n. 1
0
<?php

require_once "/home/bocawebgroup/public_html/inc/ad_track.inc";
require_once "inc/config.inc";
require_once "../inc/dbi.inc";
$seo__page_title = '';
$seo__meta_kws = '';
$seo__meta_desc = '';
$seo__url_fname = '';
$seo__url_dname = '';
if (isset($_POST['name']) && isset($_POST['data'])) {
    $name = $_POST['name'];
    $date = $_POST['data'];
} else {
    $db = new dbi();
    $db->query("select * from info where id = '" . $_GET[id] . "' and site = '" . SITE . "'");
    if ($db->numrows()) {
        $name = $db->result("info.name");
        $data = $db->result("info.data");
        $seo__page_title = $db->result("info.page_title");
        $seo__meta_kws = $db->result("info.meta_keywords");
        $seo__meta_desc = $db->result("info.meta_description");
        $seo__url_fname = $db->result("info.url_filename");
        $seo__url_dname = $db->result("info.url_foldername");
    } else {
        header($_SERVER['SERVER_PROTOCOL'] . " 404 Not Found");
        include "404.php";
        exit;
    }
}
$newURL = DOCUMENT_BASE . '/' . SEO_format_url($_GET['id'], 'info', $name, $seo__url_fname, $seo__url_dname);
Esempio n. 2
0
<script language="javascript" type="text/javascript">
//<![CDATA[
var tl_loc0=(window.location.protocol == "https:")? "https://secure.comodo.net/trustlogo/javascript/trustlogo.js" :
"http://www.trustlogo.com/trustlogo/javascript/trustlogo.js";
document.writeln('<scr' + 'ipt language="JavaScript" src="'+tl_loc0+'" type="text\/javascript">' + '<\/scr' + 'ipt>');
//]]>
</script>
</head>

<body>
<?php 
include "../inc/header.inc";
?>
<h1>Your Account</h1>
<?php 
$db = new dbi();
if (isset($_POST[newaccount])) {
    if (!preg_match("/^[a-z0-9\\.\\-_]+\\@[a-z0-9\\.\\-_]+\\.[a-z]+\$/", $_POST[email])) {
        $error = "Create a valid e-mail account.";
    } elseif (strlen($_POST[password]) < 4 || strlen($_POST[password]) > 16) {
        $error = "Password must be between 4 and 16 characters.";
    } elseif ($_POST[password] != $_POST[cpassword]) {
        $error = "Passwords do not match.";
    } else {
        $db->query("select * from account where email = '" . $_POST[email] . "'");
        if ($db->numrows()) {
            $error = "Account already exists.  Please try logging in.";
        } else {
            $_SESSION['account_id'] = $db->query("insert into account (email, password, po, created) values('" . strtolower($_POST['email']) . "', '" . base64_encode(encrypto($_POST['password'], strtolower(substr($_POST[email], 0, 2)))) . "', 'n',  '" . date("Y-m-d H:i:s", time()) . "')");
            $_SESSION[email] = $_POST[email];
        }
Esempio n. 3
0
             $_POST['meta_description'] = str_replace('"', '&quot;', trim($_POST['meta_description']));
         }
         if ($_POST['url_filename'] != '') {
             $_POST['url_filename'] = cleanforurl2(trim($_POST['url_filename']));
         }
         if ($_POST['url_foldername'] != '') {
             $_POST['url_foldername'] = cleanforurl2(trim($_POST['url_foldername']));
         }
     }
     if (!$error) {
         if (isset($_POST['samewindow'])) {
             $samewindow = 'y';
         } else {
             $samewindow = 'n';
         }
         $updb = new dbi();
         if (isset($add)) {
             $updb->query("\n\t\t\t\t\tINSERT\n\t\t\t\t\tINTO link\n\t\t\t\t\t(\n\t\t\t\t\t\tsite,\n\t\t\t\t\t\tname,\n\t\t\t\t\t\turl,\n\t\t\t\t\t\tsamewindow,\n\t\t\t\t\t\tpage_title,\n\t\t\t\t\t\tmeta_keywords,\n\t\t\t\t\t\tmeta_description,\n\t\t\t\t\t\turl_filename,\n\t\t\t\t\t\turl_foldername\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'" . SITE . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_POST['name']) . "',\n\t\t\t\t\t\t'{$_POST['url']}',\n\t\t\t\t\t\t'{$samewindow}',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_POST['page_title']) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_POST['meta_keywords']) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_POST['meta_description']) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_POST['url_filename']) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_POST['url_foldername']) . "'\n\t\t\t\t\t)\n\t\t\t\t");
         } else {
             $updb->query("\n\t\t\t\t\tUPDATE link\n\t\t\t\t\tSET\n\t\t\t\t\t\tname = '" . mysql_real_escape_string($_POST['name']) . "',\n\t\t\t\t\t\turl = '{$_POST['url']}',\n\t\t\t\t\t\tsamewindow = '{$samewindow}',\n\t\t\t\t\t\tpage_title = '" . mysql_real_escape_string($_POST['page_title']) . "',\n\t\t\t\t\t\tmeta_keywords = '" . mysql_real_escape_string($_POST['meta_keywords']) . "',\n\t\t\t\t\t\tmeta_description = '" . mysql_real_escape_string($_POST['meta_description']) . "',\n\t\t\t\t\t\turl_filename = '" . mysql_real_escape_string($_POST['url_filename']) . "',\n\t\t\t\t\t\turl_foldername = '" . mysql_real_escape_string($_POST['url_foldername']) . "'\n\t\t\t\t\tWHERE id = '{$mod}'\n\t\t\t\t");
         }
         print "<div align=\"center\" class=\"success\">Link updated successfully!</div><br>";
         $success = 1;
     }
 }
 if (isset($mod)) {
     $moddb = new dbi();
     $moddb->query("select * from link where site = '" . SITE . "' and id = '{$mod}'");
     if (!$moddb->numrows()) {
         print "<div align=\"center\">No Link Entry with ID of '{$mod}'!</div>";
         unset($moddb);
Esempio n. 4
0
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
	<title>dbs - system information</title>
	<link rel="stylesheet" type="text/css" href="style.css">
</head>

<body>
<?php 
include "header.inc";
$db = new dbi();
print "<table cellpadding=\"2\" cellspacing=\"0\" border=\"0\" align=\"center\">";
print "<tr><td colspan=\"4\" align=\"center\" style=\"font-weight:bold;font-size:14px;\">Web Server Status</td></tr>";
print "<tr><td colspan=\"4\" align=\"center\">";
system("uptime");
print "</td></tr>";
print "<tr><td colspan=\"4\" align=\"center\" style=\"font-weight:bold;font-size:14px;\">Database Information</td></tr>";
$db->query("show status");
while ($db->loop()) {
    if ($db->result("Variable_name") == "Threads_connected") {
        $threads_connected = $db->result("Value");
    } elseif ($db->result("Variable_name") == "Threads_running") {
        $threads_running = $db->result("Value");
    } elseif ($db->result("Variable_name") == "Uptime") {
        $uptime = $db->result("Value");
    }
}
$days = floor($uptime / (60 * 60 * 24));
$uptime = $uptime - $days * (60 * 60 * 24);
Esempio n. 5
0
<?php 
    }
}
if (!isset($add) && !isset($mod) || isset($success)) {
    if (isset($delete)) {
        $deldb = new dbi();
        if (isset($confirm) && $confirm == 'y') {
            @unlink(BASE_IMAGE_DIR . $delete . ".jpg");
            @unlink(BASE_PDF_DIR . $delete . ".jpg");
            $deldb->query("delete from sample where id = '{$delete}'");
            print "<div align=\"center\" class=\"success\">Sample deleted!</div><br>";
        } else {
            print "<div align=\"center\" class=\"error\">Are you sure you want to delete this Sample? <a class=\"error\" href=\"sample.php?category={$_GET['category']}&delete={$delete}&confirm=y\">Yes</a>  <a class=\"error\" href=\"sample.php?category={$_GET['category']}\">No</a></div><br>";
        }
    }
    $db = new dbi();
    $db->query("select * from sample where category = '{$_GET['category']}' order by description asc");
    print "<table align=\"center\" cellpadding=\"2\" cellspacing=\"0\">";
    print "<tr bgcolor=\"#990000\"><td style=\"color:#FFFFFF;\">Samples</td><td align=\"right\"><a href=\"sample.php?category={$_GET['category']}&add=1\" style=\"color:#FFFFFF;\">Add a Sample</a></td></tr>";
    if ($db->numrows()) {
        while ($db->loop()) {
            print "<tr><td><a href=\"sample.php?category={$_GET['category']}&mod=" . $db->result("id") . "\">" . substr($db->result("description"), 0, 100) . "</a></td><td align=\"right\"><a href=\"sample.php?category={$_GET['category']}&delete=" . $db->result("id") . "\">Delete?</a></td></tr>";
        }
    } else {
        print "<tr><td colspan=\"2\" align=\"center\">No Samples for that Category!</td></tr>";
    }
    print "</table>";
}
include "footer.inc";
?>
</body>
Esempio n. 6
0
            if (isset($error) && $_POST[type] == "sample" && $prodb->result("id") == $_POST[sample] || !isset($error) && isset($moddb) && $moddb->result("type") == "sample" && $moddb->result("type_id") == $prodb->result("id")) {
                print " selected=\"selected\"";
            }
            print ">" . $prodb->result("name") . "</option>";
        }
        ?>
</select></td></tr>
			<tr><td><input type="radio" name="type" value="product"<?php 
        if (isset($error) && $_POST[type] == 'product') {
            print " checked=\"checked\"";
        } elseif (isset($moddb) && $moddb->result("type") == 'product') {
            print " checked=\"checked\"";
        }
        ?>
></td><td>Product <select name="product"><option value=""></option><?php 
        $prodb = new dbi();
        $prodb->query("select * from product_category where site = '" . SITE . "' order by name asc");
        while ($prodb->loop()) {
            print "<option value=\"" . $prodb->result("id") . "\"";
            if (isset($error) && $_POST[type] == "product" && $prodb->result("id") == $_POST[product] || !isset($error) && isset($moddb) && $moddb->result("type") == "product" && $moddb->result("type_id") == $prodb->result("id")) {
                print " selected=\"selected\"";
            }
            print ">" . $prodb->result("name") . "</option>";
        }
        ?>
</select></td></tr>
			</table>
		</td></tr>
		<tr bgcolor="#990000"><td colspan="2" align="center"><input type="submit" value="Update"></td></tr>
		</table>
	</form>
Esempio n. 7
0
<?php

if ($_SERVER["HTTPS"] != 'on') {
    header("Location: https://www.databusinesssystems.com" . $_SERVER['REQUEST_URI']);
    exit;
}
require_once "../inc/dbi.inc";
require_once "../inc/crypt.inc";
$employee = array("J. Kirschner", "L. Higgs", "A. Picillo", "K. Hou");
$db = new dbi();
if (isset($_POST['status'])) {
    mysql_query("update orders set status = '" . $_POST['status'] . "', placed_by = " . ($_POST['placed_by'] ? "'" . $_POST['placed_by'] . "'" : "NULL") . " where id = '" . $_GET['id'] . "'", $dbh);
    if ($_POST['status'] == "processed" || $_POST['status'] == "canceled") {
        header("Location: index.php");
        exit;
    }
}
if (isset($_POST['history']) && strtotime($_POST['history']) > 0) {
    mysql_query("update orders set datetime = '" . strtotime($_POST['history']) . "' where id = '" . $_GET['id'] . "'", $dbh);
}
if (isset($_POST['oitem'])) {
    $query = "update order_items set vendor = '" . addslashes($_POST['vendor']) . "', job = '" . addslashes($_POST['job']) . "'";
    if ($_POST['reminder'] != $_POST['reminder_prev']) {
        if ($_POST['reminder'] != "") {
            $query .= ", reminder = '" . date("Y-m-d", strtotime($_POST['reminder'])) . "'";
        } else {
            $query .= ", reminder = NULL";
        }
        $query .= ", reminder_sent = NULL";
    }
    $query .= " where id = '{$_POST['oitem']}'";
Esempio n. 8
0
if (!isset($add) && !isset($mod) || isset($success)) {
    if (isset($delete)) {
        $deldb = new dbi();
        $deldb->query("select * from menu where site = '" . SITE . "' and type = 'info' and type_id = '{$delete}'");
        if ($deldb->numrows()) {
            print "<div align=\"center\" class=\"error\">Information attached to Menu!  Please remove from Menu first.</div><br>";
        } else {
            if (isset($confirm) && $confirm == 'y') {
                $deldb->query("delete from info where site = '" . SITE . "' and id = '{$delete}'");
                print "<div align=\"center\" class=\"success\">Information deleted!</div><br>";
            } else {
                print "<div align=\"center\" class=\"error\">Are you sure you want to delete this info? <a class=\"error\" href=\"info.php?delete={$delete}&confirm=y\">Yes</a>  <a class=\"error\" href=\"info.php\">No</a></div><br>";
            }
        }
    }
    $db = new dbi();
    $db->query("select * from info where site = '" . SITE . "'");
    print "<table align=\"center\" cellpadding=\"2\" cellspacing=\"0\">";
    print "<tr bgcolor=\"#990000\"><td style=\"color:#FFFFFF;\">Information</td><td colspan=\"2\"><a href=\"info.php?add=1\" style=\"color:#FFFFFF;\">Add Information Page</a></td></tr>";
    if ($db->numrows()) {
        print "<tr><td class=\"bold\" align=\"left\">Name</td><td class=\"bold\" align=\"center\">View</td><td class=\"bold\" align=\"right\">Delete?</td></tr>";
        while ($db->loop()) {
            print "<tr><td><a href=\"info.php?mod=" . $db->result("id") . "\">" . $db->result("name") . "</a></td><td align=\"center\"><a href=\"" . DOCUMENT_BASE . "/info/" . $db->result("id") . "\" target=\"_blank\">View</a></td><td align=\"right\"><a href=\"info.php?delete=" . $db->result("id") . "\">Delete?</a></td></tr>";
        }
    } else {
        print "<tr><td colspan=\"3\" align=\"center\">No Information available!</td></tr>";
    }
    print "</table>";
}
include "footer.inc";
?>
Esempio n. 9
0
	<link rel="stylesheet" type="text/css" href="../style.css">
</head>

<body>
<?php 
include "../inc/header.inc";
?>
<h1>Password Reminder</h1>
<table align="center" cellpadding="4" cellspacing="0" align="center">
<?php 
if (isset($_POST[email])) {
    if ($_POST[email] == "") {
        $error = "Please specify a valid email address!";
    }
    if (!$error) {
        $edb = new dbi();
        $edb->query("select email,password from account where email = '{$_POST['email']}' limit 0,1");
        if ($edb->numrows()) {
            $from = "DBS Support <*****@*****.**>";
            $header = "Return-Path: {$from}\r\nFrom: {$from}\r\nReply-To: {$from}";
            $message = "This is your requested password reminder from a Data Business Systems Site. Below is your account email address  and password.\n\n  Email Address: " . $edb->result("email") . "\n       Password: "******"password")), substr($edb->result("email"), 0, 2))) . "\n\nThis information was requested from  (" . $_SERVER[REMOTE_ADDR] . ").\n\nRegards,\nCustomer Support\nsupport@databusinesssystems.com";
            mail($edb->result("email"), "Password Reminder", $message, $header);
            print "<tr><td align=\"left\">Your password has been sent!  If you do not receive the email or if you are still having difficulties using your account, please email us at <a href=\"mailto:support@databusinesssystems.com\">support@databusinesssystems.com</a> or call us at 1-800-778-6247.</td></tr>";
        } else {
            $error = "No account with that email address!";
        }
    }
}
if (!isset($_POST[email]) || $error) {
    ?>
<tr><td>If you have lost your password, enter your email address below and your information will be sent to you.<br><br></td></tr>
Esempio n. 10
0
		<tr><td class="field_title">One Time Use</td><td><input type="checkbox" name="oneuse"<?php 
        if (isset($error) && isset($_POST[oneuse])) {
            print " checked=\"checked\"";
        } elseif (isset($moddb) && $moddb->result("oneuse") == 'y') {
            print " checked=\"checked\"";
        }
        ?>
></td></tr>
		<tr bgcolor="#990000"><td colspan="2" align="center"><input type="submit" value="Update"></td></tr>
		</table>
	</form>
<?php 
    }
}
if (!isset($add) && !isset($mod) || isset($success)) {
    $db = new dbi();
    if (isset($delete)) {
        if (isset($confirm) && $confirm == 'y') {
            $db->query("delete from coupon where site = '" . SITE . "' and id = '{$delete}'");
            print "<div align=\"center\" class=\"success\">Coupon deleted!</div><br>";
        } else {
            print "<div align=\"center\" class=\"error\">Are you sure you want to delete this coupon? <a class=\"error\" href=\"{$_SERVER['PHP_SELF']}?delete={$delete}&confirm=y\">Yes</a>  <a class=\"error\" href=\"{$_SERVER['PHP_SELF']}\">No</a></div><br>";
        }
    }
    $db->query("select * from coupon where site = '" . SITE . "'");
    print "<table align=\"center\" cellpadding=\"2\" cellspacing=\"0\">";
    print "<tr bgcolor=\"#990000\"><td style=\"color:#FFFFFF;\" colspan=\"2\">Coupons</td><td><a href=\"{$_SERVER['PHP_SELF']}?add=1\" style=\"color:#FFFFFF;\">Add a Coupon</a></td></tr>";
    if ($db->numrows()) {
        while ($db->loop()) {
            print "<tr><td valign=\"top\"><a href=\"{$_SERVER['PHP_SELF']}?mod=" . $db->result("id") . "\">" . $db->result("code") . "</a></td><td width=\"300\">" . $db->result("description") . "<td align=\"right\" valign=\"top\"><a href=\"{$_SERVER['PHP_SELF']}?delete=" . $db->result("id") . "\">Delete?</a></td></tr>";
        }
Esempio n. 11
0
            if ($_POST['url_foldername'] != '') {
                $_POST['url_foldername'] = cleanforurl2(trim($_POST['url_foldername']));
            }
        }
        if (!$error) {
            if (isset($add)) {
                mysql_query("\n\t\t\t\t\tINSERT\n\t\t\t\t\tINTO affiliate\n\t\t\t\t\t(\n\t\t\t\t\t\tsite,\n\t\t\t\t\t\tname,\n\t\t\t\t\t\turlname,\n\t\t\t\t\t\tproduct,\n\t\t\t\t\t\taccount,\n\t\t\t\t\t\tdata,\n\t\t\t\t\t\tpage_title,\n\t\t\t\t\t\tmeta_keywords,\n\t\t\t\t\t\tmeta_description,\n\t\t\t\t\t\turl_filename,\n\t\t\t\t\t\turl_foldername\n\t\t\t\t\t) VALUES (\n\t\t\t\t\t\t'" . SITE . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_POST['name']) . "',\n\t\t\t\t\t\t'" . $_POST['urlname'] . "',\n\t\t\t\t\t\t'" . $_POST['product'] . "',\n\t\t\t\t\t\t'" . $_POST['account'] . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_POST['data']) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_POST['page_title']) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_POST['meta_keywords']) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_POST['meta_description']) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_POST['url_filename']) . "',\n\t\t\t\t\t\t'" . mysql_real_escape_string($_POST['url_foldername']) . "'\n\t\t\t\t\t)\n\t\t\t\t", $dbh);
            } else {
                mysql_query("\n\t\t\t\t\tUPDATE affiliate\n\t\t\t\t\tSET\n\t\t\t\t\t\tname = '" . mysql_real_escape_string($_POST['name']) . "',\n\t\t\t\t\t\turlname = '" . $_POST['urlname'] . "',\n\t\t\t\t\t\tproduct = '" . $_POST['product'] . "',\n\t\t\t\t\t\taccount = '" . $_POST['account'] . "',\n\t\t\t\t\t\tdata = '" . mysql_real_escape_string($_POST['data']) . "',\n\t\t\t\t\t\tpage_title = '" . mysql_real_escape_string($_POST['page_title']) . "',\n\t\t\t\t\t\tmeta_keywords = '" . mysql_real_escape_string($_POST['meta_keywords']) . "',\n\t\t\t\t\t\tmeta_description = '" . mysql_real_escape_string($_POST['meta_description']) . "',\n\t\t\t\t\t\turl_filename = '" . mysql_real_escape_string($_POST['url_filename']) . "',\n\t\t\t\t\t\turl_foldername = '" . mysql_real_escape_string($_POST['url_foldername']) . "'\n\t\t\t\t\tWHERE id = '{$mod}'\n\t\t\t\t", $dbh);
            }
            print "<div align=\"center\" class=\"success\">Affiliate updated successfully!</div><br>";
            $success = 1;
        }
    }
    if (isset($mod)) {
        $moddb = new dbi();
        $moddb->query("select * from affiliate where site = '" . SITE . "' and id = '{$mod}'");
        if (!$moddb->numrows()) {
            print "<div align=\"center\">No Affiliate with ID of '{$mod}'!</div>";
            unset($moddb);
        }
    }
    if (!isset($success)) {
        if ($error) {
            print "<div align=\"center\" class=\"error\">{$error}</div>";
        }
        ?>
	<form name="information" action="<?php 
        echo $_SERVER[PHP_SELF];
        ?>
?<?php 
Esempio n. 12
0
session_start();
$_SESSION['admin'] = "true";
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
	<title>dbs - customer search</title>
	<link rel="stylesheet" type="text/css" href="style.css">
</head>

<body>
<?php 
require_once "../inc/crypt.inc";
include "header.inc";
$db = new dbi();
if ($_GET['delete_account']) {
    $results = mysql_query("SELECT id, email FROM account WHERE id = '" . mysql_real_escape_string($_GET['delete_account']) . "'", $dbh);
    if (mysql_num_rows($results)) {
        $account = mysql_fetch_assoc($results);
        $results = mysql_query("SELECT id FROM orders WHERE account = '" . $account['id'] . "'", $dbh);
        if (mysql_num_rows($results)) {
            while ($row = mysql_fetch_assoc($results)) {
                mysql_query("DELETE FROM order_po WHERE id = '" . $row['id'] . "'", $dbh);
                mysql_query("DELETE FROM order_items WHERE order_id = '" . $row['id'] . "'", $dbh);
            }
            mysql_query("DELETE FROM order_address WHERE account = '" . $account['id'] . "'", $dbh);
            mysql_query("DELETE FROM orders WHERE account = '" . $account['id'] . "'", $dbh);
        }
        mysql_query("DELETE FROM cc_charges WHERE account = '" . $account['id'] . "'", $dbh);
        mysql_query("DELETE FROM account WHERE id = '" . $account['id'] . "'", $dbh);
Esempio n. 13
0
</head>

<body>
<?php 
require_once "../inc/dbi.inc";
require_once "../inc/crypt.inc";
include "../inc/header.inc";
if (isset($_POST[email])) {
    if (!preg_match("/^[a-z0-9\\.\\-_]+\\@[a-z0-9\\.\\-_]+\\.[a-z]+\$/", $_POST[email])) {
        $error = "Please specify a valid e-mail account.";
    } elseif ($_POST[password] != "" && strlen($_POST[password]) < 4 || strlen($_POST[password]) > 16) {
        $error = "Password must be between 4 and 16 characters.";
    } elseif ($_POST[password] != $_POST[cpassword]) {
        $error = "Passwords do not match.";
    } else {
        $db = new dbi();
        $db->query("select * from account where email = '" . $_POST[email] . "' and id != '{$_SESSION['account_id']}'");
        if ($db->numrows()) {
            $error = "Email account already exists.";
        } else {
            $query = "update account set email = '{$_POST['email']}', password = "******"") {
                $query .= "'" . base64_encode(encrypto($_POST[password], strtolower(substr($_POST[email], 0, 2)))) . "'";
            } else {
                $db->query("select email,password from account where id = '{$_SESSION['account_id']}'");
                $oldpassword = trim(decrypto(base64_decode($db->result("password")), substr($db->result("email"), 0, 2)));
                $query .= "'" . base64_encode(encrypto($oldpassword, strtolower(substr($_POST[email], 0, 2)))) . "'";
            }
            $query .= " where id = '{$_SESSION['account_id']}'";
            $db->query($query);
            $_SESSION[email] = $_POST[email];
Esempio n. 14
0
<?php

require_once "/home/bocawebgroup/public_html/inc/ad_track.inc";
require_once "inc/config.inc";
require_once "../inc/dbi.inc";
if (isset($_POST['name']) && isset($_POST['data'])) {
    $name = $_POST['name'];
    $date = $_POST['data'];
} else {
    $db = new dbi();
    $db->query("select * from info where id = '" . $_GET[id] . "' and site = '" . SITE . "'");
    if ($db->numrows()) {
        $name = $db->result("info.name");
        $data = $db->result("info.data");
    } else {
        header("HTTP/1.1 404 Not Found");
        exit;
    }
}
?>
<html>
<head>
	<title>One-Write - <?php 
echo $name;
?>
</title>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
	<link rel="stylesheet" type="text/css" href="<?php 
echo DOCUMENT_BASE;
?>
/style.css">
Esempio n. 15
0
if (!isset($add) && !isset($mod) || isset($success)) {
    if (isset($delete)) {
        $deldb = new dbi();
        $deldb->query("select * from sample_category where site = '" . SITE . "' and type = 'sample' and type_id = '{$delete}'");
        if ($deldb->numrows()) {
            print "<div align=\"center\" class=\"error\">Sample Category attached to Menu!  Please remove from Menu first.</div><br>";
        } else {
            if (isset($confirm) && $confirm == 'y') {
                $deldb->query("delete from sample_category where site = '" . SITE . "' and id = '{$delete}'");
                print "<div align=\"center\" class=\"success\">Sample Category Item deleted!</div><br>";
            } else {
                print "<div align=\"center\" class=\"error\">Are you sure you want to delete this sample category? <a class=\"error\" href=\"sample_category.php?delete={$delete}&confirm=y\">Yes</a>  <a class=\"error\" href=\"sample_category.php\">No</a></div><br>";
            }
        }
    }
    $db = new dbi();
    $db->query("select * from sample_category where site = '" . SITE . "' order by name asc");
    print "<table align=\"center\" cellpadding=\"2\" cellspacing=\"0\">";
    print "<tr bgcolor=\"#990000\"><td style=\"color:#FFFFFF;\">Sample Categories</td><td colspan=\"3\"><a href=\"sample_category.php?add=1\" style=\"color:#FFFFFF;\">Add a Sample Category</a></td></tr>";
    if ($db->numrows()) {
        print "<tr><td class=\"bold\" align=\"left\">Name</td><td class=\"bold\" align=\"left\">View</td><td class=\"bold\" align=\"left\">Samples</td><td class=\"bold\" align=\"left\">Delete?</td></tr>";
        while ($db->loop()) {
            print "<tr><td><a href=\"sample_category.php?mod=" . $db->result("id") . "\">" . $db->result("name") . "</a></td><td align=\"center\"><a href=\"" . DOCUMENT_BASE . "/sample/" . $db->result("id") . "\" target=\"_blank\">View</a></td><td align=\"center\"><a href=\"sample.php?category=" . $db->result("id") . "\">Edit</a></td><td align=\"right\"><a href=\"sample_category.php?delete=" . $db->result("id") . "\">Delete?</a></td></tr>";
        }
    } else {
        print "<tr><td colspan=\"4\" align=\"center\">No Sample Categories!</td></tr>";
    }
    print "</table>";
}
include "footer.inc";
?>
Esempio n. 16
0
		</table>
	</form>
<?php 
    }
}
if (!isset($add) && !isset($mod) || isset($success)) {
    if (isset($delete)) {
        $deldb = new dbi();
        if (isset($confirm) && $confirm == 'y') {
            $deldb->query("delete from state_tax where id = '{$delete}'");
            print "<div align=\"center\" class=\"success\">State Tax Entry deleted!</div><br>";
        } else {
            print "<div align=\"center\" class=\"error\">Are you sure you want to delete this State Tax Entry? <a class=\"error\" href=\"state_tax.php?delete={$delete}&confirm=y\">Yes</a>  <a class=\"error\" href=\"state_tax.php\">No</a></div><br>";
        }
    }
    $db = new dbi();
    $db->query("select * from state_tax");
    if ($db->numrows()) {
        print "<table align=\"center\" cellpadding=\"2\" cellspacing=\"0\">";
        print "<tr bgcolor=\"#990000\"><td style=\"color:#FFFFFF;\" colspan=\"2\">State Tax</td><td><a href=\"state_tax.php?add=1\" style=\"color:#FFFFFF;\">Add an Entry</a></td></tr>";
        while ($db->loop()) {
            print "<tr><td width=\"50\"><a href=\"state_tax.php?mod=" . $db->result("id") . "\">" . $db->result("state") . "</a></td><td align=\"right\">" . $db->result("tax") . " %</td><td align=\"right\"><a href=\"state_tax.php?delete=" . $db->result("id") . "\">Delete?</a></td></tr>";
        }
        print "</table>";
    }
}
include "footer.inc";
?>
</body>
</html>
Esempio n. 17
0
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>
	<title>Data Business Systems - Order</title>
	<link rel="stylesheet" type="text/css" href="../style.css">
</head>

<body>
<?php 
include "../inc/header.inc";
$db = new dbi();
$tdb = new dbi();
$db->query("select * from orders where account = '" . $_SESSION['account_id'] . "' and orders.id = '{$_SERVER['QUERY_STRING']}' limit 0,1");
if ($db->numrows()) {
    $order_id = $db->result("id");
    ?>
<h1>Invoice for Order #<?php 
    echo $db->result("id");
    ?>
</h1>
<div style="text-align:center;margin:10px;"><a href="invoice.php?<?php 
    echo $db->result("id");
    ?>
" target="_blank"><b>PRINT A COPY OF THIS INVOICE</b></a></div>
<table width="95%" align="center" cellpadding="4" cellspacing="0" style="border:2px solid #000000;">
<tr class="bar"><td align="left" style="font-weight:bold;font-size:14px;" colspan="2">Shipping Information</td></tr>
<tr><td colspan="2">
Esempio n. 18
0
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
	<title>dbs - ad track</title>
	<link rel="stylesheet" type="text/css" href="style.css">
</head>

<body>
<?php 
include "header.inc";
$db = new dbi();
$db->query("select * from ad_track order by timestamp desc limit 0,25");
?>
<table width="98%" align="center" cellpadding="3" cellspacing="0">
<tr class="bar"><td>Date/Time</td><td>Campaign</td><td>IP/HOST</td></tr>
<?php 
while ($db->loop()) {
    ?>
<tr bgcolor="#<?php 
    echo $db->currentrow() % 2 ? "DDDDDD" : "FFFFFF";
    ?>
"><td valign="top"><?php 
    echo date("n/d/Y", strtotime($db->result("timestamp")));
    ?>
 <?php 
    echo date("h:i a", strtotime($db->result("timestamp")));
    ?>
</td><td style="font-weight:bold;"><?php 
    echo $db->result("campaign");
    ?>
Esempio n. 19
0
}
if (!isset($_GET['add']) && !isset($_GET['mod']) || isset($success)) {
    if (isset($_GET['delete'])) {
        if (isset($_GET['confirm']) && $_GET['confirm'] == 'y') {
            @unlink(BASE_IMAGE_DIR . $delete . ".jpg");
            @unlink(BASE_PDF_DIR . $delete . ".pdf");
            mysql_query("delete from product_quantity where product = '" . $_GET['delete'] . "'", $dbh);
            mysql_query("delete from product_warehouse where product = '" . $_GET['delete'] . "'", $dbh);
            mysql_query("delete from product_option where product = '" . $_GET['delete'] . "'", $dbh);
            mysql_query("delete from product where id = '" . $_GET['delete'] . "'", $dbh);
            print "<div align=\"center\" class=\"error\">Product deleted successfully!</div><br>";
        } else {
            print "<div align=\"center\" class=\"error\">Are you sure you want to delete this product? <a class=\"error\" href=\"product.php?" . (isset($_GET['category']) ? "category={$_GET['category']}" : "user={$_GET['user']}") . "&delete=" . $_GET['delete'] . "&confirm=y\">Yes</a>  <a class=\"error\" href=\"product.php?" . (isset($_GET[category]) ? "category={$_GET['category']}" : "user={$_GET['user']}") . "\">No</a></div><br>";
        }
    }
    $db = new dbi();
    if (isset($_GET['category'])) {
        $results = mysql_query("select name from product_category where id = '" . $_GET['category'] . "'", $dbh);
        $bar_title = "Products for '" . mysql_result($results, 0, "name") . "'";
        $db->query("select * from product where category = '{$_GET['category']}' and user = '******' order by sort, description asc");
    } else {
        $results = mysql_query("select email from account where id = '" . $_GET['user'] . "'", $dbh);
        $bar_title = "Products for '" . mysql_result($results, 0, "email") . "'";
        $db->query("select product_category.site,product.* from product inner join product_category on product_category.id = product.category where user = '******'user']}' order by sort, description asc");
    }
    print "<table align=\"center\" cellpadding=\"2\" cellspacing=\"0\">";
    print "<tr class=\"bar\"><td>{$bar_title}</td><td align=\"right\"><a href=\"product.php?" . (isset($_GET[category]) ? "category=" . $_GET['category'] : "user="******"&add=1\">Add a Product</a></td></tr>";
    if ($db->numrows()) {
        while ($db->loop()) {
            print "<tr><td align=\"left\"><a href=\"product.php?" . (isset($_GET[category]) ? "category={$_GET['category']}" : "user={$_GET['user']}") . "&mod=" . $db->result("id");
            if (isset($_GET[user])) {
Esempio n. 20
0
   
<html>
<head>
	<title>Data Business Systems - Change Address Information</title>
	<link rel="stylesheet" type="text/css" href="../style.css">
</head>

<body>
<?php 
require_once "../inc/dbi.inc";
include "../inc/header.inc";
?>
<h1>Change Address Information</h1>
<div style="margin:0 25px 5px 0;" align="right"><a href="index.php">Back to Your Account</a></div>
<?php 
$db = new dbi();
if (isset($_GET['delete'])) {
    if ($db->query("update order_address set disable = 'y' where id = '" . $_GET['delete'] . "' and account = '{$_SESSION['account_id']}'")) {
        print "<div align=\"center\" class=\"success\">Address deleted!</div>";
    } else {
        print "<div align=\"center\" class=\"error\">No such address!</div>";
    }
}
if (isset($_GET['modify'])) {
    $db->query("select * from order_address where account = '" . $_SESSION['account_id'] . "' and id = '" . $_GET['modify'] . "' and disable = 'n' limit 1");
    if ($db->numrows()) {
        if (sizeof($_POST)) {
            if ($_POST['name'] == "") {
                $error = "Please specify a Full Name!";
            } elseif ($_POST['address1'] == "") {
                $error = "Please specify an Address!";