$strUpdateQuery = "UPDATE tbl_UserLogin SET LastLoginTime = '" . $strNow . "', UserStatus = '0' where UserID = '" . $strUserID . "'";
$strUpdateResult = mysql_query($strUpdateQuery) or die("Query Failed:" . mysql_error());
//echo $value;
//echo "<b>" . $cookieData;
//echo $_POST["url"];
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " logged in from " . funcSanitize($_SERVER["HTTP_REFERER"]));
if ($_POST["url"] == 'BasketLogin.php') {
//echo $_POST["url"];
echo "<meta http-equiv='refresh' content='0;url=/ChooseDelivery.php?strUserID=" . $strUserID . "'>";
} elseif ($_POST["pagelink"] == "") {
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " forwarding to account management");
echo "<meta http-equiv='refresh' content='0;url=/UserOutstandingOrders.php?strUserID=" . $strUserID . "'>";
} else {
//echo $_GET["url"];
//echo "<meta http-equiv='refresh' content='0;url=/UserOutstandingOrders.php?strUserID=" . $strUserID ."'>";
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " forwarding to " . funcSanitize($_POST["pagelink"]));
echo "<meta http-equiv='refresh' content='0;url=" . $_POST["pagelink"] . "'>";
}
} elseif ($conNumberofRows == 0) {
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " doesn't appear in the database..");
echo "User and/or Password incorrect";
echo "<meta http-equiv='refresh' content='0;url=/UserLogon.php?UserPassError=1'>";
$strUpdateQuery = "UPDATE tbl_UserLogin SET UserStatus = '" . $strUserState . "' where UserID = '" . $strUserID . "'";
$strUpdateResult = mysql_query($strUpdateQuery) or die("Query Failed:" . mysql_error());
//echo "<br>" . $strUserID;
//echo "<br>" . $strPassword ."(" . md5($strPassword) .")";
//echo "<br>" . $strEmailAddress;
} else {
funcLogtoDebug("AuthenticateUser.php: " . $strUserID . " multiple user entries with this user/pwd/combo");
echo "Serious Error here! More than 1 entry in the database with this user/password/email combination.";
}
}
$strDeliveryPlusTotal = $strPostageCost + $total;
$strMailText = "Order No: " . $txNumber . "\r\nYou have ordered:\r\n\r\n----------------------------------------------------------\r\n Name\t\tQty\t\t\tPrice\r\n----------------------------------------------------------\r\n" . $strOrderList . "\r\n----------------------------------------------------------\r\n\t\t\t\tDELIVERY: £" . $strPostageCost . "\r\n\t\t\t\t----------------------\r\n\t\t\t\tTOTAL: £" . $strDeliveryPlusTotal . "\r\n\t\t\t\t----------------------\r\n\r\nOrder Status: Initial\r\n\r\nYour order is now being processed and it's state will be changed to Paid when your Paypal transaction is completed.\r\n\r\nOrders will be shipped to the address provided by Paypal. If the address you provided during registration is different this may delay your order while we confirm the correct address.\r\n\r\nIf you have any queries in relation to the above order, wish to cancel it or make a change, please contact our Customer Service department at info@scifivault.com. \r\n\r\nThank you for ordering with Sci-Fi Vault Ltd\r\n\r\nBy receiving this email from scifivault.com you are accepting our terms and conditions, a copy of which can be found on the website at: http://shop.scifivault.com/terms.php\r\n";
mail($strEmailAddress, "ScifiVault.com Order Recieved", $strMailText, "From: webmaster@{$_SERVER['SERVER_NAME']}\r\nBCC:webmaster@{$_SERVER['SERVER_NAME']},david@scifivault.com, adrian@nofishhere.com, hilary@scifivault.com\r\n" . "Reply-To: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "X-Mailer: PHP/" . phpversion());
funcLogtoDebug("passThrough.php: " . $strUserName . " sent order summary mail");
funcLogtoDebug("passThrough.php: txNumber - " . $txNumber);
funcLogtoDebug("passThrough.php: PostageCost - " . $strPostageCost);
funcLogtoDebug("passThrough.php: total - " . $total);
funcLogtoDebug("passThrough.php: EmailAddress - " . $strEmailAddress);
funcLogtoDebug("passThrough.php: FirstName - " . $strFirstName);
funcLogtoDebug("passThrough.php: Surname - " . $strSurName);
funcLogtoDebug("passThrough.php: AddressLine1 - " . $strAddressLine1);
funcLogtoDebug("passThrough.php: AddressLine2 - " . $strAddressLine2);
funcLogtoDebug("passThrough.php: Town - " . $strTown);
funcLogtoDebug("passThrough.php: PostCode - " . $strPostCode);
funcLogtoDebug("passThrough.php: DaytimeNo - " . $strDayTimeNo);
?>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" name="frmUserCode">
<!--<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post" name="frmUserCode">-->
<input type="hidden" name="cmd" value="_xclick">
<input type="hidden" name="business" value="*****@*****.**">
<input type="hidden" name="item_name" value="<?php
echo $txNumber;
?>
">
<input type="hidden" name="shipping" value="<?php
echo sprintf("%01.2f", $strPostageCost);
?>
">
<input type="hidden" name="currency_code" value="GBP">
<input type="hidden" name="amount" value="<?php
function funcDeleteItem($itemcode, $qty)
{
funcLogtoDebug("updateOrder.php: funcDeleteItem fired (" . $itemcode . "*" . $qty . ")");
//$qty = funcSanitize($_POST['qty']);
//$itemcode = funcSanitize($_POST['item']);
$strBool = 0;
$counter = 0;
//additional check to make sure $qty is a numeric
if (ereg("[0-9]+", $qty)) {
funcDebug("Quantity string is numeric");
} else {
echo "Invalid Input, stop trying to put non-numerics in the quantity field";
exit;
}
//is row locked?
$strLockCheck = "SELECT ColumnLock FROM tblItem WHERE stockID = '" . $itemcode . "'";
$strLockResult = mysql_query($strLockCheck) or die("Query Failed: " . mysql_error());
while ($line = mysql_fetch_array($strLockResult, MYSQL_ASSOC)) {
if ($line["ColumnLock"] == 'YES') {
echo "Item being edited, please try again";
echo "<br><a href='index3.php'>Back to Shop</a>";
exit;
//possible retry, or forward on back to original page??
} else {
funcLogtoDebug("updateOrder.php: No locks, Free to carry on");
}
}
//set row lock on in tblItem
$strLockQuery = "UPDATE tblItem SET ColumnLock = 'YES' WHERE stockID = '" . $itemcode . "'";
mysql_query($strLockQuery) or die("Query Failed: " . mysql_error());
//Lets see how much stock for this item there is
//$strStockQuery = "SELECT Qty FROM tblBasket where item = '" . $itemcode ."' and PHPSessionID = '" . $strSessionID . "'";
//$strStockResult = mysql_query ($strStockQuery) or die ("Query Failed:" . mysql_error());
//while ($line = mysql_fetch_array($strStockResult, MYSQL_ASSOC))
//{
if ($itemcode != '') {
//great we have some stock
funcDebug($itemcode . " in basket: " . $line["Qty"]);
//$qty = $line["Qty"] - $qty;
funcDebug("Request to return " . $qty . " of " . $itemcode);
//insert/update into tblBasket
$strBasket = "SELECT * FROM tblItem where stockID = '" . $itemcode . "'";
$strBasketResult = mysql_query($strBasket) or die("Basket Query Failed:" . mysql_error());
$conNumberofRows = mysql_num_rows($strBasketResult);
if ($conNumberofRows == 1) {
//need to update the table
$line2 = mysql_fetch_array($strBasketResult, MYSQL_ASSOC);
funcDebug("Quantity of " . $itemcode . " in stock is " . $line2["NoOfItems"]);
$strUpdatedBasketValue = $line2["NoOfItems"] + $qty;
$strAddToBasket = "UPDATE tblItem SET NoOfItems = '" . $strUpdatedBasketValue . "' where stockID = '" . $itemcode . "'";
mysql_query($strAddToBasket) or die("Update Basket Query Failed:" . mysql_error());
} else {
//catchall for invalid entries in basket. stops
//before making any changes in the main tblItems.
echo "Invalid number of rows in stock database, please contact us";
$strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
mysql_query($strLockQuery) or die("Query Failed: " . mysql_error());
exit;
}
//update tblItems with new stock value
/*$strUpdatedStockValue = $line["Qty"] - $qty;
funcDebug ("Updated stock value: " . $strUpdatedStockValue);
if ($strUpdatedStockValue == 0)
{
$strUpdateStockQuery = "DELETE FROM tblBasket where item = '" . $itemcode . "' and PHPSessionID = '" . $strSessionID . "'";
mysql_query ($strUpdateStockQuery) or die ("Update Query Failed: " . mysql_error());
}
else
{
$strUpdateStockQuery = "UPDATE tblBasket SET qty = '" .$strUpdatedStockValue . "' WHERE item = '" . $itemcode ."' and PHPSessionID = '" . $strSessionID . "'";
mysql_query ($strUpdateStockQuery) or die ("Update Query Failed: " . mysql_error());
}
*/
$strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode . "'";
mysql_query($strLockQuery) or die("ColumnLock to blank Query Failed: " . mysql_error());
}
//else
//{
//oh dear, no stock left
// echo "Not enough of that item in your basket";
//$strLockQuery = "UPDATE tblItem SET ColumnLock = '' where stockID = '" . $itemcode ."'";
//mysql_query ($strLockQuery) or die ("Query Failed: " . mysql_error());
//}
//}
//header('location: ' . $_SERVER['PHP_SELF']);
//header('location: ' . $_POST['page']);
echo "<meta http-equiv='refresh' content='0;url=/stock2/default.php?Action=BasketAdmin'>";
}
}
if ($line["DaytimeNo"] != "") {
$strDayTimeNo = trim(funcDecrypt(hex2bin($line["DaytimeNo"])));
}
if ($line["Mobile"] != "") {
$strMobile = trim(funcDecrypt(hex2bin($line["Mobile"])));
}
if ($line["MailUser"] == "1") {
$strMailUser = '******';
} else {
$strMailUser = '';
}
$strEmailAddress = $line["emailAddress"];
}
} else {
funcLogtoDebug("submitPreOrder.php: More than one user with emailaddress (or none?)");
}
//prepare entry of order into tblOrders
$strAddressLine = $strPostCode . "," . $strAddressLine1 . "," . $strAddressLine2 . "," . $strTown . "," . $strCountry;
$strName = $strSurName . ", " . $strFirstName;
//lets get a txn number....
$strInsertQuery = "INSERT INTO tbl_Orders (Cookie, DateTme,Address,emailaddress, Name, Phone,Status) VALUES ('PreOrder','" . $strNow . "','" . $strAddressLine . "','" . $strEmailAddress . "','" . $strName . "','" . $strDayTimeNo . "','INITIAL')";
$strResult = mysql_query($strInsertQuery) or die("Query Failed :" . mysql_error());
$strGetTXNQuery = "SELECT OrderNo from tbl_Orders where DateTme = '" . $strNow . "' and emailaddress = '" . $strEmailAddress . "'";
$strTXNResult = mysql_query($strGetTXNQuery) or die("Query Failed:" . mysql_error());
//make sure we only got back one result from the last query.
$conNumberofRows = mysql_num_rows($strTXNResult);
if ($conNumberofRows != 1) {
echo "A Serious Error has occured. Please contact the helpdesk with the following details";
echo "\n<br> Transaction ID: " . $strSessionID . "(" . $strAuthCookie . ")";
echo "\n<br> Email Address : " . $strEmailAddress;
//echo "Value: " . substr($item, 0, strpos($item, "(" )) . "<br />" ;
$strItemQueryX = "SELECT Name from tblItem where stockID = '" . substr($item, 0, strpos($item, "(")) . "'";
$strItemResultX = mysql_query($strItemQueryX) or die("Query Failed :" . mysql_error());
$strStockIDX = substr($item, 0, strpos($item, "("));
while ($lineItem = mysql_fetch_array($strItemResultX, MYSQL_ASSOC)) {
$strNamedItem = $lineItem["Name"];
$strPrice = substr($item, strpos($item, "(") + 1, strrpos($item, ")") - strpos($item, "(") - 1);
$strQty = substr($item, strpos($item, "x") + 1);
$strOrderList = $strOrderList . " " . $strNamedItem . "\t" . $strQty . "\t\t£" . $strPrice . "\n";
//echo "<tr><td>" . $strQty . "</td><td><a href='displayItem.php?Item=" . $strStockID . "'>" . $strStockID . "</a></td><td><a href='displayItem.php?Item=" . $strStockID . "'>" . $strNamedItem . "</a></td><td align='right'>£" . $strPrice ."</td><td align='right'>£" . $strPrice * $strQty. "</td></tr><br />";
}
}
$strDeliveryPlusTotal = $strShipping + $strCost;
$strMailText = "Order No: " . $strOrderNo . "\r\nYour Item has been sent:\r\n\r\n----------------------------------------------------------\r\n Name\t\tQty\t\t\tPrice\r\n----------------------------------------------------------\r\n" . $strOrderList . "\r\n----------------------------------------------------------\r\n\t\t\t\tDELIVERY: £" . $strShipping . "\r\n\t\t\t\t----------------------\r\n\t\t\t\tTOTAL: £" . $strDeliveryPlusTotal . "\r\n\t\t\t\t----------------------\r\n\r\nOrder Status: Dispatched\r\n\r\nYour order status has been changed to Dispatched and is now on it's way.\r\n\r\nIf you have any queries in relation to the above order, please contact our Customer Service department at info@scifivault.com\r\n\r\nIf you wish to cancel this order, please email info@scifivault.com with your order reference within 7 days of receiving the goods.\r\n\r\nThank you for ordering with Sci-Fi Vault Ltd\r\n\r\nBy receiving this email from scifivault.com you are accepting our terms and conditions, a copy of which can be found on the website at: http://shop.scifivault.com/terms.htm\r\n";
mail($strEmailAddress . ", webmaster@scifivault.com", "ScifiVault.com Order Dispatched", $strMailText, "From: webmaster@{$_SERVER['SERVER_NAME']}\r\nBCC:webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "Reply-To: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "X-Mailer: PHP/" . phpversion());
funcLogtoDebug("updateOrder.php: Order(" . $strOrder . ") sent order dispatched summary mail");
break;
default:
break;
}
//close connection to database
funcDebug("Closing link to db");
mysql_close($link);
redirect("ListOrders.php", 1, "<B>Redirecting...</B><br> <a href='displayBugs.php'>Click here if redirect fails</a>");
?>
</BODY>
</HTML>
$strMailUser = '******';
} else {
$strMailUser = '******';
}
$strEncFirstName = funcEncrypt($strFirstName);
$strEncSurName = funcEncrypt($strSurName);
$strEncAddressLine1 = funcEncrypt($strAddressLine1);
$strEncAddressLine2 = funcEncrypt($strAddressLine2);
$strEncTown = funcEncrypt($strTown);
$strEncCounty = funcEncrypt($strCounty);
$strEncCountry = funcEncrypt($strCountry);
$strEncPostCode = funcEncrypt($strPostCode);
$strEncDayTimeNo = funcEncrypt($strDayTimeNo);
$strEncMobile = funcEncrypt($strMobile);
//connect to server
$link = mysql_connect("localhost", "sfvault_writeSto", "Ti*ESUf3*_b?Km") or die("Could not connect: " . mysql_error());
//change to correct database
mysql_select_db("sfvault_store") or die("Could not select database");
//Does User Exist
$strUpdateQuery = "UPDATE tbl_UserLogin SET FirstName = '" . $strEncFirstName . "', SurName = '" . $strEncSurName . "',AddressLine1 = '" . $strEncAddressLine1 . "',AddressLine2 = '" . $strEncAddressLine2 . "', Town = '" . $strEncTown . "', County = '" . $strEncCounty . "', Country = '" . $strEncCountry . "', PostCode = '" . $strEncPostCode . "', DayTimeNo = '" . $strEncDayTimeNo . "',Mobile = '" . $strEncMobile . "', EmailAddress = '" . $strEmailAddress . "', MailUser = '******' where UserID = '" . $strUserID . "'";
$strResult = mysql_query($strUpdateQuery) or die("Query Failed:" . mysql_error());
echo "<meta http-equiv='refresh' content='0;url=/UserDetails.php?strUserID=" . $strUserID . "'>";
funcLogtoDebug("addDetails.php: " . $strEmailAddress . " amended their details");
mail($strEmailAddress, "ScifiVault.com, User Amended Details", "\n\n This is a notification mail to make you aware that changes we're made to your account. \n\n If you didn't make these changes please get in touch with us immediately.", "From: webmaster@{$_SERVER['SERVER_NAME']}\r\nBCC:webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "Reply-To: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "X-Mailer: PHP/" . phpversion());
?>
</HEAD>
</HTML>
<?php
}
if ($strPTag != $strPages - 1) {
$strNext = $strPTag + 1;
echo "<a href='search.php?Search=" . $strSearch . "&p=" . $strNext . "'> Next >> </a>";
}
}
//end of break up the results sets into a number of pages ***************************************************************
$strQuery = "SELECT * FROM tblItem where NoOfItems <> 0 and (Name like '%" . $strSearch . "%' or Description like '%" . $strSearch . " %' or stockID like '%" . $strSearch . "%') LIMIT " . $strPTag * 5 . ", 5";
if ($strSearch == "") {
echo "You may want to specify some search words<br>";
$strQuery = "SELECT * FROM tblItem where NoOfItems <> 0 and (Name like '%" . $strSearch . "%' or Description like '%" . $strSearch . " %') LIMIT 5";
}
$strResult = mysql_query($strQuery) or die("Query Failed:" . mysql_error());
if (mysql_num_rows($strResult) == 0) {
echo "Sorry, No results returned...";
}
funcLogtoDebug("search.php: " . $strSearch . "(" . $strTotalItems . ")");
echo "<table width='100%'>";
while ($row = mysql_fetch_array($strResult)) {
echo "\t<TR width='100%' valign='center'> <TD width='50'> <img src='" . $row["smallPicture"] . "'> </TD>" . "\n<TD width='100%'> <a href='displayItem.php?Item=" . $row["stockID"] . "'>" . $row["Name"] . "</a> </TD>" . "\n<TD width='100'> ";
if ($row["RRP"] == $row["SaleRRP"] or $row["SaleRRP"] == 0.0) {
echo "£" . $row["RRP"];
} else {
//Item is for sale...
echo "<del>£" . $row["RRP"] . "</del>£" . $row["SaleRRP"];
}
if ($row["NoOfItems"] > 0) {
echo "</td><td valign='center'><form action='addToBasket2.php' method='post'>\r\n <input type='hidden' name='qty' value='1'>\r\n <input TYPE='image' SRC='images/buttons/BUYBUTTON.gif' name='Buy' value='Buy'>\r\n <input type='hidden' name='altBuy' value='Buy'>\r\n <!--<input type='submit' name='Buy' value='Buy'> -->\r\n <input type='hidden' name='item' value='" . $row["stockID"] . "'>\r\n <input type='hidden' name='page' value= '" . $_SERVER['PHP_SELF'] . "?Item=" . $row["stockID"] . "'>\r\n </form></td></tr>";
} else {
echo "</td><td valign='center'><a href='displayItem.php?Item=" . $row["stockID"] . "'><IMG SRC='images/buttons/VIEW.gif' BORDER='0' ALT='View' name='View'></a></td></tr>";
}
}
$rand_pass2 = implode('', $rand_key2);
//echo $rand_pass;
$strNow = date('Y-m-j H:i:s');
//User Doesn't exist so carry on Adding
//$strAddUserQuery = "INSERT tbl_UserLogin values ('', '" . $strUserName . "', '" . $strEmailAddress. "','" . $strMD5 ."', '" . $rand_pass . " ', '" . $strNow . "', '', '" . $strFirstName . "','" . $strSurName . "','" . $strAddressLine1 . "','" . $strAddressLine2 . "','" . $strTown . "','" . $strCounty. "','". $strCountry . "','" . $strPostCode . "','" . $strDayTimeNo. "','".$strMobile."','','')";
$strAddUserQuery = "INSERT tbl_UserLogin values ('', '" . $strUserName . "', '" . $strEmailAddress . "','" . md5($rand_pass2) . "', '" . $rand_pass . "', '" . $strNow . "', '', '" . $strEncFirstName . "','" . $strEncSurName . "','" . $strEncAddressLine1 . "','" . $strEncAddressLine2 . "','" . $strEncTown . "','" . $strEncCounty . "','" . $strEncCountry . "','" . $strEncPostCode . "','" . $strEncDayTimeNo . "','" . $strEncMobile . "','','1','" . $strEmailUser . "')";
$strAddUserResult = mysql_query($strAddUserQuery) or die("Query Failed:" . mysql_error());
$strMailText = " \nWe've taken the time to register you with us at Sci-Fi Vault. \n\r\nYour account login details are as follows:\r\n\nUsername: "******"\r\nPassword: "******"\r\n\r\nIf you would like to order with us in future, click on the verify link below to complete your registration:\r\n\r\nhttp://shop.scifivault.com/verifyUser.php?UserID=" . $strUserName . "&VerifyKey=" . $rand_pass . "\r\n\r\nYou can change your details at any point by logging in to your account and navigating to the Add/Update User Details section.\n\r\nIf you have any queries in relation to your registration, please contact our Customer Service department at info@scifivault.com";
mail($strEmailAddress, "ScifiVault.com Verification Process *", $strMailText, "From: webmaster@{$_SERVER['SERVER_NAME']}\r\nBCC:webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "Reply-To: webmaster@{$_SERVER['SERVER_NAME']}\r\n" . "X-Mailer: PHP/" . phpversion());
funcLogtoDebug("AddUser2.php: " . $strUserName . " sent partial verification email");
//now forward on to submitOrder...
$strExpiry = time() + 600;
$value = funcEncrypt($strUserName . "&" . $strExpiry);
//echo "<meta http-equiv='refresh' content='0;url=/submitOrder2.php?strUserID=" . $strUserName. "&key=" . $value . "'>";
echo "<meta http-equiv='refresh' content='0;url=/ChooseDelivery3.php?strUserID=" . $strUserName . "&key=" . $value . "'>";
} else {
//User Does exist so end
echo "<meta http-equiv='refresh' content='0;url=/ChooseDelivery2.php?UserExistsError=1'>";
}
//funcDebug ($strUserName);
//funcLogtoDebug ("Authenticate.php: " . $strEmailAddress . " " . $strPassword1);
funcLogtoDebug("AddUser2.php: " . $strEmailAddress . " " . funcEncrypt($strPassword1));
//funcDebug ($strPassword1);
//funcDebug ($strMD5);
?>
</BODY>
</HTML>
document.write(dateline[Style]);
//-->
</script>
<br>
</div>
</td>
</tr>
<?php
echo "<tr><td>\n<FONT size='4'>Thank you for Registering with Sci-Fi Vault.\n";
echo "<p>If you are having any problems please e-mail us at <a href='mailto:info@scifivault.com'><b>info@scifivault.com</b></a> and we'll sort it out for you";
echo "<br><br><a href='/index3.php'>Click here to return to the front page here</a></FONT><td></td></tr>";
} else {
//User Does exist so end
echo "<meta http-equiv='refresh' content='0;url=/register.php?UserExistsError=1'>";
}
//funcDebug ($strUserName);
//funcLogtoDebug ("Authenticate.php: " . $strEmailAddress . " " . $strPassword1);
funcLogtoDebug("AddUser.php: " . $strEmailAddress . " " . $strPassword1);
//funcDebug ($strPassword1);
//funcDebug ($strMD5);
?>
</BODY>
</HTML>
echo "<input type='text' name='UserName' size='20'></td>";
}
*/
?>
</tr>-->
<tr>
<th colspan=2>
<p>
<?php
if ($_GET['EmailError'] == 1 or $_GET['UserPassError'] == 1) {
funcLogtoDebug("UserLogon.php: " . $strUserName . " bad email address");
echo "<b><font color=red> Email Address or Password invalid.<BR>Please try again.</b></font>";
echo "</p>\r\n <p><a href='password.php'>If you have forgotten your password please\r\n click here</a></p>\r\n ";
}
if ($_GET['UserPassError'] == 2) {
funcLogtoDebug("UserLogon.php: " . $strUserName . " account locked");
echo "<b><font color=red> Your Account has been locked. <BR>Please contact ScifiVault to unlock the account.</b></font>";
}
?>
</th>
</tr>
</table>
<div align="center"></div>
</FORM>
<p> </p>
<p> </p>
</td>
<td width="200" align="center" valign="top">
<table width="200" border="0" align="center" cellpadding="0" cellspacing="0" bordercolor="#002A54">
