function makeVerificationCode($email)
{
$email = $GLOBALS['DB']->escapeString($email);
$code = md5($email . time() . System\Helper::generateRandomToken());
$time = time();
$result = $GLOBALS['DB']->query("INSERT INTO emailverification (email, verificationCode, time) VALUES ('{$email}', '{$code}', '{$time}') ");
$link = "http://www.crollect.de/scripts/user/activateemail.php?e=" . $email . "&c=" . $code;
$subject = "Ihre Bestätigungsmail";
$message = "Sie brauchen nur noch ihre E-Mail Adresse zu bestätigen. Klicken Sie hierzu bitte auf den folgenden Link: " . $link;
$from = "From: crollect <*****@*****.**>";
$mailsended = mail($email, $subject, $message, $from);
if ($mailsended == true) {
return true;
} else {
return false;
}
}
function makeVerificationCode($email)
{
$email = $GLOBALS['DB']->escapeString($email);
$code = md5($email . time() . System\Helper::generateRandomToken());
$time = time();
$result = $GLOBALS['DB']->query("INSERT INTO emailverification (email, verificationCode, time) VALUES ('{$email}', '{$code}', '{$time}') ");
$link = "http://crollect.vladempire.de/scripts/user/activateemail.php?e=" . $email . "&c=" . $code;
$subject = "Ihre Bestätigungsmail";
$message = "Wir freuen uns sehr über ihre Anmeldung. Sie brauchen nur noch ihre E-Mail Adresse zu bestätigen. Klicken Sie hierzu bitte auf den folgenden Link oder kopieren Sie\r\n ihn in die Browserleiste falls der Link nicht richtig dargestellt wird: <a href='" . $link . "'>" . $link . "</a>";
$header = "From: crollect ***\n";
$header .= "Reply-To: ***\n";
$header .= "Content-Type: text/html; charset=utf-8 \n";
$mailsended = mail($email, $subject, $message, $header);
if ($mailsended == true) {
return true;
} else {
return false;
}
}
public function sendCodeNewPassword()
{
?>
<form action="" method="post">
<div class="row" style="margin-left:80px;">
<div class="span6">
<input type="text" name="login" size="30" maxLength="100" placeholder="Emailadresse">
</div>
</div>
<div class="row" style="margin-left:80px;">
<div class="span6">
<input type="submit" class="btn btn-primary" style="width:220px;" name="send" value="Senden">
</div>
</div>
</form>
<?php
if (isset($_POST['send'])) {
$email = trim(htmlentities($_POST['login'], ENT_QUOTES, "UTF-8"));
$email = $GLOBALS['DB']->escapeString($email);
if ($this->emailExist($email)) {
$code = md5($email . time() . System\Helper::generateRandomToken());
$time = time();
$codeExist = $GLOBALS['DB']->query("SELECT * FROM newpasswordcode WHERE email = '{$email}' ", true);
if ($codeExist->num_rows > 0) {
$GLOBALS['DB']->query("DELETE FROM newpasswordcode WHERE email = '{$email}' ");
}
$result = $GLOBALS['DB']->query("INSERT INTO newpasswordcode (email, newPasswordCode, time) VALUES ('{$email}', '{$code}', '{$time}') ");
$link = "http://***/scripts/regpassword.php?e=" . $email . "&c=" . $code;
$subject = "Ihr neues Passwort";
$message = "Klicken Sie auf den Link um ihr Passwort wieder her zu stellen oder kopieren Sie den Link in den Browser: " . $link;
$header = "From: crollect <***>\n";
$header .= "Reply-To: ***\n";
$header .= "Content-Type: text/html; charset=utf-8 \n";
$mailsended = mail($email, $subject, $message, $header);
if ($mailsended == true) {
$this->info = "Eine Email wurde an Sie verschickt. Der Code zur Passwortweiderherstellung ist 24 Stunden gültig.";
} else {
$this->info = "Etwas ist schief gelaufen";
}
} else {
$this->info = "Diese Emailadresse exisitert nicht.";
}
}
}
<?php require_once "../../common.php"; require_once "../classes/class.Follow.php"; require_once "../classes/class.Order.php"; $log = new System\Login(1); $follow = new Follow(); $sales = new Order(); System\HTML::printHead(); System\HTML::printHeader(); $userID = trim(htmlentities($_SESSION['userID'], ENT_QUOTES, "UTF-8")); $userID = $GLOBALS['DB']->escapeString($userID); $user = new System\Helper(); $firstName = $user->getUserInfo($userID, "firstName"); ?> <div role="main" class="main"> <section class="page-top"> <div class="container"> <div class="row"> <div class="span12"> <ul class="breadcrumb"> <li><a href="../../index.php">Startseite</a> <span class="divider">/</span></li> <li class="active">Mein Account</li> </ul> </div> </div> <div class="row"> <div class="span12"> <h2>Hallo <?php
public function showMessage($messageID)
{
$messageID = trim(htmlentities($messageID, ENT_QUOTES, "UTF-8"));
$messageID = $GLOBALS['DB']->escapeString($messageID);
$message = $GLOBALS['DB']->query("SELECT * FROM messages WHERE messageID = '{$messageID}' ");
//Prüfung nachui ob überhaupt berechtigt zu lesen
if ($message[0]['toUser'] != $_SESSION['userID']) {
die("Sie sind nicht berechtigt diese Nachricht zu lesen.");
}
//INfo vlei entfernen die bleibt aber
echo "<a href='showallmessages.php'>Zurück zur Übersicht</a> ";
echo "<a href='showallmessages.php?d={$messageID}'>Nachricht löschen</a><br /><br />";
$fromUser = new System\Helper();
echo $message[0]['subject'] . "<br />";
echo "von " . $fromUser->getUserInfo($message[0]['fromUser'], "firstName") . " " . $fromUser->getUserInfo($message[0]['fromUser'], "name");
echo " vom " . date("d.m.Y H:i", $message[0]['time']) . "<br /><br />";
echo nl2br($message[0]['message']);
echo "<br /><br />";
echo "Antworten: <br />";
$this->printSendMessageForm($message[0]['fromUser'], true);
//Gesehen
$updateOpened = $GLOBALS['DB']->query("UPDATE messages SET opened = '2' WHERE messageID = '{$messageID}' ");
}
$type = "createArticle";
} elseif ($_GET['i'] == 4 && isset($_GET['a'])) {
$articleID = trim(htmlentities($_GET['a'], ENT_QUOTES, "UTF-8"));
$_SESSION['articleID'] = $articleID;
$linkTo = "../order/orderarticle.php";
$type = "order";
} else {
header("Location: ../../404.php");
exit;
}
$deleteOldToken = $GLOBALS['DB']->query("DELETE FROM securitytoken WHERE userID = '" . $_SESSION['userID'] . "' ");
$log = new System\Login(1);
$security = new System\Security();
$access = $security->askPassword($_SESSION['userID']);
if ($access[0]) {
$_SESSION['securityToken'] = System\Helper::generateRandomToken();
$userID = $_SESSION['userID'];
$securityToken = $_SESSION['securityToken'];
$time = time();
$writeToken = $GLOBALS['DB']->query("INSERT INTO securitytoken (userID, securityToken, type, time) VALUES ('{$userID}', '{$securityToken}', '{$type}', '{$time}') ");
if ($writeToken == true) {
header("Location: {$linkTo}");
exit;
}
} else {
$info = $access[1];
}
System\HTML::printHead();
System\HTML::printHeader();
?>
require_once "../classes/class.Order.php";
$log = new System\Login(1);
//ArticleID überhaupt da?
if (isset($_SESSION['articleID'])) {
$articleID = trim(htmlentities($_SESSION['articleID'], ENT_QUOTES, "UTF-8"));
} else {
die;
}
//Nur wenn vorher ein richtiges Password im Securitybereich einegeben wurde
$security = new System\Security();
if ($security->verifySecToken($_SESSION['securityToken'], $_SESSION['userID'], "order")) {
$order = new Order();
$order->sendOrder($articleID);
System\HTML::printHead();
System\HTML::printHeader();
$adress = new System\Helper();
if ($adress->getUserInfo($_SESSION['userID'], "street") == "") {
echo "<div class='container' style='margin-bottom: 250px;'>";
echo "<div class='row'>";
echo "<div class='span12' style='margin-bottom:12px;'>";
echo "<img id='lockimg' src='../../images/adress.png'>";
echo "<p style='padding-top: 30px;'>Hinterlegen Sie bitte ihre <strong>Adresse.</strong><br>";
echo "Ohne eine Adresse können Sie auf crollect keine Bestellungen tätigen.</p>";
echo "<a style='margin-left:5px;' href='../user/updateaddress.php' class='btn btn-primary'>Adresse eingeben</a>";
echo "</div>";
echo "</div>";
echo "</div>";
System\HTML::printFooter();
System\HTML::printFoot();
exit;
}
public function updateComment($commentID, $target)
{
if (isset($_POST['sendComment'])) {
if (empty($_POST['name'])) {
$getName = new System\Helper();
$name = $getName->getUserInfo($_POST['userID'], "firstName") . " " . $getName->getUserInfo($_POST['userID'], "name");
} else {
$name = trim(htmlentities($_POST['name'], ENT_QUOTES, "UTF-8"));
}
$comment = trim(htmlentities($_POST['comment'], ENT_QUOTES, "UTF-8"));
$commentID = $GLOBALS['DB']->escapeString($commentID);
$name = $GLOBALS['DB']->escapeString($name);
$comment = $GLOBALS['DB']->escapeString($comment);
$time = time();
$query = "UPDATE comments SET name = '{$name}', comment = '{$comment}', time = '{$time}' WHERE commentID = '{$commentID}' ";
$write = $GLOBALS['DB']->query($query);
if ($write == true) {
header("Location: {$target}");
exit;
}
}
}
if (isset($_SESSION['adminID']) && isset($_SESSION['adminsession'])) {
$get = $GLOBALS['DB']->query("SELECT adminsession FROM adminsession WHERE adminID = '" . $_SESSION['adminID'] . "' ");
if (empty($get)) {
die('Sie haben keine Berechtigung');
}
} else {
echo "<a href='admin.php'>Einloggen</a>";
die;
}
echo "<a href='logout.php'>Logout</a><br /><br />";
$verify = $GLOBALS['DB']->query("SELECT * FROM verifypersonaldata LIMIT 1");
if (empty($verify)) {
die("Alle verifiziert.");
}
echo "<div style='float:left;'><img src='openimg.php?img=" . $verify[0]['IDfile'] . "' height='400' width='600'></div>";
$user = new System\Helper();
$data = $user->getUserInfo($verify[0]['userID']);
echo '<div style="float:left; margin-left: 70px;">';
echo "PassportID: <br>";
echo $verify[0]['passportID'] . "<br />";
echo "Name: <br />";
echo $data[0]['firstName'] . " " . $data[0]['name'] . "<br />";
echo "Strasse: <br />";
echo $data[0]['street'] . "<br />";
echo "PLZ und Stadt: <br />";
echo $data[0]['zipCode'] . " " . $data[0]['city'] . "<br />";
echo "Deutschland: <br />";
echo $data[0]['country'];
echo "</div>";
?>
<br>
<?php
require_once "../../common.php";
require_once "../classes/class.Article.php";
$log = new System\Login(1);
$security = new System\Security();
if ($security->verifySecToken($_SESSION['securityToken'], $_SESSION['userID'], "createArticle")) {
$article = new Article();
$article->saveArticle($_SESSION['userID']);
System\HTML::printHead();
System\HTML::printHeader();
$user = new System\Helper();
$verifiedAccount = $user->getUserInfo($_SESSION['userID'], "verifiedAccount");
if ($verifiedAccount == 1) {
echo "<div class='container' style='margin-bottom: 250px;'>";
echo "<div class='row'>";
echo "<div class='span12' style='margin-bottom:12px;'>";
echo "<img id='lockimg' src='../../images/lock.png'>";
echo "<p style='padding-top: 30px;'>Sie müssen sich <strong>identifizieren</strong><br>";
echo "um eine Aktion starten zu können.</p>";
echo "<a style='margin-left:5px;' href='../account/identverify.php' class='btn btn-primary'>Jetzt identifizieren</a>";
echo "</div>";
echo "</div>";
echo "</div>";
System\HTML::printFooter();
System\HTML::printFoot();
exit;
}
?>
<div role="main" class="main">
public function showBuyer($articleID)
{
$articleID = trim(htmlentities($articleID, ENT_QUOTES, "UTF-8"));
$articleID = $GLOBALS['DB']->escapeString($articleID);
$sales = $GLOBALS['DB']->query("SELECT userID, headline, runtime, purchases, paid FROM article WHERE articleID = '{$articleID}' ");
// Überhaupt berechtigt?
if ($sales[0]['userID'] == $_SESSION['userID']) {
if ($sales[0]['runtime'] > time()) {
$buyers = $GLOBALS['DB']->query("SELECT userID, amount, fullPrice FROM articleorder WHERE articleID = '{$articleID}' ");
echo "<table class='table'>";
echo "<tr><th>Email</th><th>Name</th><th>Gesamtbetrag in €</th><th>Einheiten</th></tr>";
foreach ($buyers as $key => $buyer) {
$buyerData = $GLOBALS['DB']->query("SELECT email, name, firstName FROM user WHERE userID = '" . $buyer['userID'] . "' ");
$email = substr($buyerData[0]['email'], 0, 4) . "***** ";
$price = number_format($buyer['fullPrice'], 2, '.', '');
echo "<td>" . $email . "</td>";
echo "<td>" . $buyerData[0]['firstName'] . " " . $buyerData[0]['name'] . "</td>";
echo "<td>" . $price . "</td>";
echo "<td>" . $buyer['amount'] . "</td>";
}
echo "</table>";
} else {
if ($sales[0]['paid'] == 2) {
$_SESSION['securityToken'] = System\Helper::generateRandomToken();
$_SESSION['articleID'] = $articleID;
$userID = $_SESSION['userID'];
$securityToken = $_SESSION['securityToken'];
$time = time();
$writeToken = $GLOBALS['DB']->query("INSERT INTO securitytoken (userID, securityToken, type, time) \r\n VALUES ('{$userID}', '{$securityToken}', 'list', '{$time}') ");
//zur PDF Datei
echo "<a class='btn btn-success' style='float:right;' href='" . PROJECT_HTTP_ROOT . "/scripts/order/orderlist.php'><i class='icon-file'></i> PDF</a>";
echo "<h3>" . $sales[0]['headline'] . "</h3>";
echo "<table class='table'>";
echo "<tr><th>Email</th><th>Versandadresse</th><th>Gesamtbetrag in €</th><th>Einheiten</th><th>Nachricht</th></tr>";
$buyers = $GLOBALS['DB']->query("SELECT userID, amount, fullPrice FROM articleorder WHERE articleID = '{$articleID}' ");
foreach ($buyers as $key => $buyer) {
$buyerData = $GLOBALS['DB']->query("SELECT * FROM user WHERE userID = '" . $buyer['userID'] . "' ");
$price = number_format($buyer['fullPrice'], 2, '.', '');
echo "<td>" . $buyerData[0]['email'] . "</td>";
echo "<td>" . $buyerData[0]['firstName'] . " " . $buyerData[0]['name'] . "<br>" . $buyerData[0]['street'] . "<br>" . $buyerData[0]['zipCode'] . "<br>" . $buyerData[0]['city'] . "<br>" . $buyerData[0]['country'] . "</td>";
echo "<td>" . $price . "</td>";
echo "<td>" . $buyer['amount'] . "</td>";
echo "<td><a href='../messages/sendmessage.php?a=" . $articleID . "&u=" . $buyer['userID'] . "'><i class='icon-envelope'></i> Nachricht senden</a></td>";
}
echo "</table>";
$this->printPayInfoForm();
} else {
echo "<p style='text-align:center;'><strong>Die Aktion ist beendet.</strong> Gleichen Sie bitte ihren Kontostand aus um \r\n die Käuferdaten zu erhalten und um die Käufer zu kontaktieren.<p><br>";
echo "<a style='margin-left:40%' class='btn btn-success' href='../account/accountbalance.php'>Konto ausgleichen</a>";
}
}
} else {
die("Sie sind nicht berechtigt diese Seite zu betreten.");
}
}
public function saveFile($ajaxDeleteUrl)
{
if (isset($_POST['send'])) {
//ArtikelID?
if (isset($_POST['articleID'])) {
$articleID = trim(htmlentities($_POST['articleID'], ENT_QUOTES, "UTF-8"));
} else {
die("1");
}
if (isset($_FILES['file']) && !$_FILES['file']['error']) {
$mime = $_FILES['file']['type'];
$mimetypes = array("image/gif" => "gif", "image/jpeg" => "jpeg", "image/png" => "png", "video/mp4" => "mp4", "video/ogg" => "ogg");
if (!isset($mimetypes[$mime])) {
die("2");
} else {
$suffix = $mimetypes[$mime];
}
$filename = trim(htmlentities($filename, ENT_QUOTES, "UTF-8"));
$filename = basename($_FILES['file']['name']);
$filename = str_replace(" ", "_", $filename);
$filename = preg_replace("/\\.(jpe?g|gif|png|mp4|ogg)\$/i", "", $filename);
$filename = $filename . ".{$suffix}";
$filename = $GLOBALS['DB']->escapeString($filename);
if (!file_exists("articlefiles/{$articleID}")) {
mkdir("articlefiles/{$articleID}");
}
$dir = "articlefiles/{$articleID}/{$filename}";
if (strlen($dir) > 250) {
die("3");
}
if (file_exists($dir)) {
die("4");
}
// Prüfung nach filesize -- max 20 MB Video
if ($_FILES['file']['size'] > 20971520) {
die("5");
}
// Prüfung ob Bilder nicht mehr als 1 MB
if ($mime == "image/gif" || $mime == "image/jpeg" || $mime == "image/png") {
if ($_FILES['file']['size'] > 1048576) {
die("6");
}
}
// Prüfung es dürfen nur 3 Bild und 1 Videodatei hochgeladen werden.
$getPics = $GLOBALS['DB']->query("SELECT * FROM articlefiles WHERE articleID = '{$articleID}' AND fileType = 'image' ", true);
$getVideo = $GLOBALS['DB']->query("SELECT * FROM articlefiles WHERE articleID = '{$articleID}' AND fileType = 'video' ", true);
if ($getPics->num_rows >= 3 && ($mime == "image/gif" || $mime == "image/jpeg" || $mime == "image/png")) {
die("7");
}
if ($getVideo->num_rows >= 1 && ($mime == "video/mp4" || $mime == "video/ogg")) {
die("8");
}
if ($mime == "image/gif" || $mime == "image/jpeg" || $mime == "image/png") {
$fileType = 'image';
} else {
$fileType = 'video';
}
$write = $GLOBALS['DB']->query("INSERT INTO articlefiles (fileSource, articleID, fileType) VALUES ('{$dir}', '{$articleID}', '{$fileType}') ");
// das eigentliche Speichern
if ($write == true) {
if (move_uploaded_file($_FILES['file']['tmp_name'], $dir)) {
$idname = System\Helper::generateRandomIDName();
//Ajax Rückgabe für img
if ($mime == "image/gif" || $mime == "image/jpeg" || $mime == "image/png") {
echo "<div class='row'><div id='{$idname}'><img class='artfileimg' src='" . PROJECT_HTTP_ROOT . "/scripts/article/{$dir}'><button class='delfilebtn' id='delete{$idname}'><i class='icon-remove'></i></button></div></div> \r\n <script> \$('#delete{$idname}').click(function(){\r\n fileUrl = '{$dir}'; articleID = '{$articleID}'; \$.ajax ({type: 'POST', url: '{$ajaxDeleteUrl}', data: {'fileUrl' : fileUrl, 'articleID' : articleID}, \r\n success: function(data){ if(data == 'true'){ \$('#{$idname}').remove(); } } }); return false; }); </script>";
} else {
echo "<div class='row'><div id='{$idname}' style='height: 160px;'><video controls class='artfilesvid'><source src='" . PROJECT_HTTP_ROOT . "/scripts/article/{$dir}' type='video/ogg' /><source src='" . PROJECT_HTTP_ROOT . "/scripts/{$dir}' type='video/mp4' />\r\n Ihr Browser unterstützt keine HTML Videotags.</video><button class='delfilevidbtn' id='delete{$idname}'><i class='icon-remove'></i></button></div> </div> \r\n <script> \$('#delete{$idname}').click(function(){\r\n fileUrl = '{$dir}'; articleID = '{$articleID}'; \$.ajax ({type: 'POST', url: '{$ajaxDeleteUrl}', data: {'fileUrl' : fileUrl, 'articleID' : articleID}, \r\n success: function(data){ if(data == 'true'){ \$('#{$idname}').remove(); } } }); return false; }); </script>";
}
} else {
die("9");
}
} else {
die("9");
}
}
}
}
<?php
require_once "../../common.php";
require_once "../classes/class.ArticleFiles.php";
require_once "../classes/class.Comment.php";
require_once "../classes/class.Follow.php";
require_once "../classes/class.Order.php";
if (isset($_GET['a'])) {
$articleID = trim(htmlentities($_GET['a'], ENT_QUOTES, "UTF-8"));
$articleID = $GLOBALS['DB']->escapeString($articleID);
$articleData = $GLOBALS['DB']->query("SELECT * FROM article WHERE articleID = '{$articleID}' ");
if (!empty($articleData)) {
$buy = new Order();
$comments = new Comment();
$follow = new Follow();
$owner = new System\Helper();
$comments->verifyComment();
$comments->saveComment("showarticle.php?a={$articleID}");
if (!$_SESSION['userID']) {
$loggedIn = false;
} else {
$userID = trim(htmlentities($_SESSION['userID'], ENT_QUOTES, "UTF-8"));
$userID = $GLOBALS['DB']->escapeString($userID);
$loggedIn = true;
}
if (!$_SESSION['sessionID']) {
$loggedIn = false;
} else {
$loggedIn = true;
}
$query = "SELECT * FROM sessions WHERE userID = '" . $_SESSION['userID'] . "' AND sessionID = '" . $_SESSION['sessionID'] . "' ";