print "<div align=\"center\" class=\"error\">Are you sure you want to delete this product? <a class=\"error\" href=\"product.php?" . (isset($_GET['category']) ? "category={$_GET['category']}" : "user={$_GET['user']}") . "&delete=" . $_GET['delete'] . "&confirm=y\">Yes</a> <a class=\"error\" href=\"product.php?" . (isset($_GET[category]) ? "category={$_GET['category']}" : "user={$_GET['user']}") . "\">No</a></div><br>";
}
}
$db = new dbi();
if (isset($_GET['category'])) {
$results = mysql_query("select name from product_category where id = '" . $_GET['category'] . "'", $dbh);
$bar_title = "Products for '" . mysql_result($results, 0, "name") . "'";
$db->query("select * from product where category = '{$_GET['category']}' and user = '******' order by sort, description asc");
} else {
$results = mysql_query("select email from account where id = '" . $_GET['user'] . "'", $dbh);
$bar_title = "Products for '" . mysql_result($results, 0, "email") . "'";
$db->query("select product_category.site,product.* from product inner join product_category on product_category.id = product.category where user = '******'user']}' order by sort, description asc");
}
print "<table align=\"center\" cellpadding=\"2\" cellspacing=\"0\">";
print "<tr class=\"bar\"><td>{$bar_title}</td><td align=\"right\"><a href=\"product.php?" . (isset($_GET[category]) ? "category=" . $_GET['category'] : "user="******"&add=1\">Add a Product</a></td></tr>";
if ($db->numrows()) {
while ($db->loop()) {
print "<tr><td align=\"left\"><a href=\"product.php?" . (isset($_GET[category]) ? "category={$_GET['category']}" : "user={$_GET['user']}") . "&mod=" . $db->result("id");
if (isset($_GET[user])) {
print "&setsite=" . $db->result("product_category.site");
}
print "\">" . substr($db->result("description"), 0, 60) . "</td><td align=\"right\"><a href=\"product.php?" . (isset($_GET[category]) ? "category=" . $_GET['category'] : "user={$_GET['user']}") . "&delete=" . $db->result("id") . "\">Delete?</a></td></tr>";
}
} else {
print "<tr><td colspan=\"2\" align=\"center\">No Products for that Category/User!</td></tr>";
}
print "</table>";
}
include "footer.inc";
?>
</body>
$error = "Please select a valid type! {$type_id}";
}
if (!$error) {
if (isset($_GET['add'])) {
mysql_query("insert into menu (site, name, parent, sort, type, type_id) values('" . SITE . "', '" . $_POST['name'] . "', '" . $_POST['parent'] . "', '" . $_POST['sort'] . "', '" . $_POST['type'] . "', '{$type_id}')");
} else {
mysql_query("update menu set name = '" . $_POST['name'] . "', parent = '" . $_POST['parent'] . "', sort = '" . $_POST['sort'] . "', type = '" . $_POST['type'] . "', type_id = '{$type_id}' where id = '{$mod}'");
}
print "<div align=\"center\" class=\"success\">Menu updated successfully!</div><br>";
$success = 1;
}
}
if (isset($mod)) {
$moddb = new dbi();
$moddb->query("select * from menu where site = '" . SITE . "' and id = '{$mod}'");
if (!$moddb->numrows()) {
print "<div align=\"center\">No Menu Entry with ID of '{$mod}'!</div>";
unset($moddb);
}
}
if (!isset($success)) {
if ($error) {
print "<div align=\"center\" class=\"error\">{$error}</div>";
}
?>
<form action="menu.php?<?php
if (isset($add)) {
print "add=1";
} elseif (isset($mod)) {
print "mod={$mod}";
}
<body>
<?php
include "../inc/header.inc";
?>
<h1>Password Reminder</h1>
<table align="center" cellpadding="4" cellspacing="0" align="center">
<?php
if (isset($_POST[email])) {
if ($_POST[email] == "") {
$error = "Please specify a valid email address!";
}
if (!$error) {
$edb = new dbi();
$edb->query("select email,password from account where email = '{$_POST['email']}' limit 0,1");
if ($edb->numrows()) {
$from = "DBS Support <*****@*****.**>";
$header = "Return-Path: {$from}\r\nFrom: {$from}\r\nReply-To: {$from}";
$message = "This is your requested password reminder from a Data Business Systems Site. Below is your account email address and password.\n\n Email Address: " . $edb->result("email") . "\n Password: "******"password")), substr($edb->result("email"), 0, 2))) . "\n\nThis information was requested from (" . $_SERVER[REMOTE_ADDR] . ").\n\nRegards,\nCustomer Support\nsupport@databusinesssystems.com";
mail($edb->result("email"), "Password Reminder", $message, $header);
print "<tr><td align=\"left\">Your password has been sent! If you do not receive the email or if you are still having difficulties using your account, please email us at <a href=\"mailto:support@databusinesssystems.com\">support@databusinesssystems.com</a> or call us at 1-800-778-6247.</td></tr>";
} else {
$error = "No account with that email address!";
}
}
}
if (!isset($_POST[email]) || $error) {
?>
<tr><td>If you have lost your password, enter your email address below and your information will be sent to you.<br><br></td></tr>
<?php
if ($error) {
print_address($db->result("bill_address"));
?>
</td><td valign="top">
<table align="right" cellpadding="2" cellspacing="0" border="0">
<tr><td align="right" class="order_header">Payment Type:</td><td align="left"><?php
if ($db->result("payment_method") == 'cc') {
print "Credit Card";
} else {
print "Purchase Order";
}
?>
</td></tr>
<?php
if ($db->result("payment_method") == 'cc') {
$tdb->query("select * from cc_charges where order_id = '{$order_id}' order by datetime desc limit 0,1");
if ($tdb->numrows()) {
?>
<tr><td align="right" class="order_header">Name on Card:</td><td align="left"><?php
echo $tdb->result("first_name") . " " . $tdb->result("last_name");
?>
</td></tr>
<tr><td align="right" class="order_header">Card Number:</td><td align="left"><?php
if ($tdb->result("card_number")) {
$card_number = trim(decrypto(base64_decode($tdb->result("card_number")), substr($tdb->result("order_id"), strlen($tdb->result("order_id")) - 2, 2)));
for ($i = 0; $i < strlen($card_number) - 4; $i++) {
print "x";
}
print substr($card_number, strlen($card_number) - 4, 4);
} else {
print "Removed for Security";
}
print $_GET['id'];
}
?>
</title>
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<?php
function dollar($num)
{
return "\$" . number_format($num, 2, ".", ",");
}
if (isset($_GET[id])) {
$db->query("select orders.*,account.email from orders inner join account on account.id = orders.account where orders.id = '" . $_GET['id'] . "'");
if (!$db->numrows()) {
print "No Such Order!";
} else {
?>
<table align="center" width="98%" cellpadding="2" cellspacing="0" border="0" style="border-bottom:2px solid black;">
<tr><td align="left" style="font-size:16px;"><b>Data Business Systems, Inc.</b></td><td align="right" style="font-size:16px;"><b>Order #: <?php
echo $db->result("id");
?>
</b></td></tr>
</table>
<table bgcolor="#FFFFFF" width="96%" cellpadding="0" cellspacing="0" style="margin:2px auto 2px auto;">
<tr><td colspan="2">
<table width="100%" cellpadding="5" cellspacing="0">
<tr><td align="left" nowrap="nowrap"><?php
if ($_GET['history']) {
?>
