<?php
require "../../../frame/engine.php";
ENGINE::START();
$user = USER::VERIFY(0, TRUE);
$Fname = FORMAT::TEXT($_GET['Fname']);
$Lname = FORMAT::TEXT($_GET['Lname']);
$Phone = trim($_GET['phone']);
$Sec = trim($_GET['secondarymethod']);
$SecInfo = trim($_GET['secinfo']);
$Zip = trim($_GET['zip']);
$Market = trim($_GET['market']);
$Market_Location = trim($_GET['market_location']);
$Corporate_Account = trim($_GET['corpacc']);
$params = array("{$Fname} {$Lname}", $Zip, $Corporate_Account, $Phone, $Sec, $SecInfo, Date("Y-m-d H:i:s"));
$Main = MYSQL::QUERY('INSERT INTO core_customers (c_name,c_zip,c_acc,c_phone,c_contact_method,c_contact_info,c_join_date) VALUES (?,?,?,?,?,?,?)', $params);
USER::LOG("Customer Added [{$Fname} {$Lname}][{$Phone}]");
TRACKING::ADVERT($Market_Location, $user);
TRACKING::CUSTOMERS($user);
echo '<option value="' . str_pad($Main, 10, "0", STR_PAD_LEFT) . '">' . $Fname . ' ' . $Lname . '</option>';
$w = 0;
} else {
$sof = '6 Months';
$w = 6;
}
} else {
$sof = 'None';
$w = 0;
}
$content .= "<tr>\n\t\t\t\t\t\t\t\t<td>Ticket #" . $b[1] . "</td>\n\t\t\t\t\t\t\t <td style='width:60px;'><center>{$phy}</center></td>\n\t\t\t\t\t\t\t\t<td style='width:60px;'><center>{$sof}</center></td>\n\t\t\t\t\t\t\t\t<td>\$" . $split[1] . "</td>\n\t\t\t\t\t\t\t</tr>";
$nontaxable = $nontaxable + $split[1];
MYSQL::QUERY("INSERT INTO core_tickets_processed (t_id, t_customer, t_manufacturer, t_model, t_imei, t_password, t_phy, t_liq, t_sof, t_created_by, t_store, t_session, t_created, t_estimate_created, t_estimate_price, t_estimate_items, t_estimate_time, t_repair_created, t_repair_price, t_repair_items, t_repair_time) SELECT * FROM core_tickets_checkout WHERE t_id = ? LIMIT 1", array($b[1]));
MYSQL::QUERY("UPDATE core_tickets_processed SET t_warranty=?, t_checkout_created=?, t_checkout_price=?, t_checkout_time=? WHERE t_id = ? LIMIT 1", array($w, Date("Y-m-d H:i:s"), $split[1], $time, $b[1]));
MYSQL::QUERY("UPDATE core_tickets_status SET t_status = ? WHERE t_id = ? LIMIT 1", array(4, $b[1]));
MYSQL::QUERY("DELETE FROM core_tickets_checkout WHERE t_id = ? LIMIT 1", array($b[1]));
USER::LOG("Ticket Checked Out [" . $b[1] . "][" . $split[1] . "][{$time}]");
} else {
if ($b[0] == "ac") {
$taxable = $taxable + $split[1];
$ITEM = MYSQL::QUERY('SELECT * FROM device_accessories WHERE a_id = ? LIMIT 1', array($b[1]));
$content .= "<tr>\n\t\t\t\t\t\t\t\t<td>" . $ITEM['a_name'] . "</td>\n\t\t\t\t\t\t\t <td style='width:60px;'>6 Month</td>\n\t\t\t\t\t\t\t\t<td style='width:60px;'>None</td>\n\t\t\t\t\t\t\t\t<td>\$" . $split[1] . "</td>\n\t\t\t\t\t\t\t</tr>";
} else {
if ($b[0] == "de") {
$taxable = $taxable + $split[1];
$DEVICE = MYSQL::QUERY('SELECT * FROM core_refurb_devices WHERE d_id = ? LIMIT 1', array($b[1]));
$MODEL = MYSQL::QUERY('SELECT m_name FROM device_models WHERE m_id = ? LIMIT 1', array($DEVICE['d_model_id']));
$content .= "<tr>\n\t\t\t\t\t\t\t <td>" . $MODEL['m_name'] . "</td>\n\t\t\t\t\t\t\t\t<td style='width:60px;'>6 Month</td>\n\t\t\t\t\t\t\t\t<td style='width:60px;'>None</td>\n\t\t\t\t\t\t\t\t<td>\$" . $split[1] . "</td>\n\t\t\t\t\t\t\t</tr>";
MYSQL::QUERY("UPDATE core_refurb_devices SET d_sold = ? WHERE d_id = ? LIMIT 1", array($cus . "|" . $split[1], $b[1]));
}
}
}
<?php
require "../../frame/engine.php";
ENGINE::START("HASH");
$Hash = new PasswordHash(8, true);
$USER = $_POST['usr'];
$USER_CLEAN = STRTOLOWER($USER);
$PASS = $_POST['pas'];
if (empty($USER) && empty($PASS)) {
die('e1437');
} else {
$R = MYSQL::QUERY("SELECT * FROM core_users WHERE username_clean = ? LIMIT 1", array($USER_CLEAN));
if (empty($R)) {
die('e1435');
} else {
if (!$Hash->CheckPassword($PASS, $R['password'])) {
die('e1436');
} else {
$S = MYSQL::QUERY('SELECT * FROM core_stores WHERE s_id = ? LIMIT 1', array($R['store']));
DATE_DEFAULT_TIMEZONE_SET($S['s_timezone']);
USER::LOG("Logged In", $R['user_id']);
$SES_EXP = TIME() + 43200;
$SES_GEN = FORMAT::SES(50);
$params = array($SES_GEN, $R['user_id'], $SES_EXP, $SES_GEN, $SES_EXP);
MYSQL::QUERY('INSERT INTO core_users_sessions (session_key,session_user,session_experation) VALUES (?,?,?) ON DUPLICATE KEY UPDATE session_key=?,session_experation=?', $params);
setcookie("core_u", $params[1], $SES_EXP, '/');
setcookie("core_k", $params[0], $SES_EXP, '/');
echo 's1434';
}
}
}
<?php
require "../../../frame/engine.php";
ENGINE::START();
$STRING = $_POST['str'];
$PIN = SUBSTR($STRING, -4);
$USERA = STR_REPLACE($PIN, '', $STRING);
$PIN = SHA1($PIN);
$NEWUSER = MYSQL::QUERY("SELECT * FROM core_users WHERE user_id=? AND pin=? LIMIT 1", array($USERA, $PIN));
if (!empty($NEWUSER)) {
USER::LOG("Switched Accounts", $NEWUSER['user_id']);
$SES_EXP = TIME() + 43200;
$SES_GEN = FORMAT::SES(50);
$params = array($SES_GEN, $NEWUSER['user_id'], $SES_EXP, $SES_GEN, $SES_EXP, DATE("Y-m-d H:i:00"));
MYSQL::QUERY('INSERT INTO core_users_sessions (session_key,session_user,session_experation) VALUES (?,?,?) ON DUPLICATE KEY UPDATE session_key=?,session_experation=?,qas_time=?', $params);
setcookie("core_u", $params[1], $SES_EXP, '/');
setcookie("core_k", $params[0], $SES_EXP, '/');
echo 1;
} else {
echo 2;
}
