<?php
if (isset($logged)) {
$now = time();
if ($now > $_SESSION['expire']) {
session_destroy();
echo "<script language='javascript'>\n\t\t\t\t\t\t\twindow.location=" . mainPageURL() . ";\n\t\t\t\t\t\t\talert('Timeout!!!Please login to continue browsing the site');\n\t\t\t\t\t\t</script>";
} else {
echo '<div id="search">
<form action="' . mainPageURL() . '" enctype="multipart/form-data" name="searchForm" id="myForm" method="GET">
<input type="text" class="search_input" name="search" placeholder="Enter Search..." value="" />
</form>
</div>';
$_SESSION['start_reset'] = time();
$_SESSION['expire'] = $_SESSION['start_reset'] + 30 * 60;
$customer = getCustomerById($logged);
$username = $customer['username'];
$token = $customer['token'];
$gravatar_image = $customer['email'];
$gravatar_default = "";
$size = 40;
$grav_url = "http://www.gravatar.com/avatar/" . md5(strtolower(trim($gravatar_image))) . "?d=" . urlencode($gravatar_default) . "&s=" . $size;
echo '<div id="after_log_in">
<div class="user_name">
<img src="' . $grav_url . '" alt="" />
<a href="profile.html">' . $username . '</a>
</div>
<div class="token_left">
Token Left: ' . $token . '
</div>
function editCustomer($data)
{
$info = getCustomerById($data['customerId']);
$sql = "UPDATE " . e01 . " SET id='" . $data['customerId'] . "'";
$implode = array();
if (isset($data['username'])) {
if ($info['username'] != $data['username']) {
$implode[] = " username = '******'username'] . "'";
insertCustomerLog($data['customerId'], 1, $info['username'], $data['username'], $data['modify_by']);
}
}
if (isset($data['email'])) {
if ($info['email'] != $data['email']) {
$implode[] = " email = '" . $data['email'] . "'";
insertCustomerLog($data['customerId'], 2, $info['email'], $data['email'], $data['modify_by']);
}
}
if (isset($data['password'])) {
if ($info['password'] != $data['password']) {
$implode[] = " password = '******'password'] . "'";
insertCustomerLog($data['customerId'], 3, $info['password'], $data['password'], $data['modify_by']);
}
}
if (isset($data['status'])) {
if ($info['status'] != $data['status']) {
$implode[] = " status = '" . $data['status'] . "'";
insertCustomerLog($data['customerId'], 5, $info['status'], $data['status'], $data['modify_by']);
}
}
if (isset($data['token'])) {
if ($info['token'] != $data['token']) {
$implode[] = " token = '" . $data['token'] . "'";
insertCustomerLog($data['customerId'], 4, $info['token'], $data['token'], $data['modify_by']);
}
}
if (isset($data['fcode'])) {
if ($info['fcode'] != $data['fcode']) {
$implode[] = " fcode = '" . $data['fcode'] . "'";
}
}
if ($implode) {
$sql .= " , " . implode(" , ", $implode);
}
$sql .= " WHERE id='" . $data['customerId'] . "'";
$query = mysql_query($sql);
$sql_info = "UPDATE " . e02 . " SET customer_id='" . $data['customerId'] . "'";
$implode_info = array();
if (isset($data['fname'])) {
if ($info['fname'] != $data['fname']) {
$implode_info[] = " first_name = '" . $data['fname'] . "'";
insertCustomerLog($data['customerId'], 6, $info['fname'], $data['fname'], $data['modify_by']);
}
}
if (isset($data['lname'])) {
if ($info['lname'] != $data['lname']) {
$implode_info[] = " last_name = '" . $data['lname'] . "'";
insertCustomerLog($data['customerId'], 7, $info['lname'], $data['lname'], $data['modify_by']);
}
}
if (isset($data['dob'])) {
if ($info['dob'] != $data['dob']) {
$implode_info[] = " date_birth = '" . $data['dob'] . "'";
insertCustomerLog($data['customerId'], 8, $info['dob'], $data['dob'], $data['modify_by']);
}
}
if (isset($data['gender'])) {
if ($info['gender'] != $data['gender']) {
$implode_info[] = " gender = '" . $data['gender'] . "'";
insertCustomerLog($data['customerId'], 9, $info['gender'], $data['gender'], $data['modify_by']);
}
}
if (isset($data['add1'])) {
if ($info['add1'] != $data['add1']) {
$implode_info[] = " address1 = '" . $data['add1'] . "'";
insertCustomerLog($data['customerId'], 10, $info['add1'], $data['add1'], $data['modify_by']);
}
}
if (isset($data['add2'])) {
if ($info['add2'] != $data['add2']) {
$implode_info[] = " address2 = '" . $data['add2'] . "'";
insertCustomerLog($data['customerId'], 11, $info['add2'], $data['add2'], $data['modify_by']);
}
}
if (isset($data['city'])) {
if ($info['city'] != $data['city']) {
$implode_info[] = " city = '" . $data['city'] . "'";
insertCustomerLog($data['customerId'], 12, $info['city'], $data['city'], $data['modify_by']);
}
}
if (isset($data['zip'])) {
if ($info['zip'] != $data['zip']) {
$implode_info[] = " zip = '" . $data['zip'] . "'";
insertCustomerLog($data['customerId'], 13, $info['zip'], $data['zip'], $data['modify_by']);
}
}
if (isset($data['state'])) {
if ($info['state'] != $data['state']) {
$implode_info[] = " state = '" . $data['state'] . "'";
insertCustomerLog($data['customerId'], 14, $info['state'], $data['state'], $data['modify_by']);
}
}
if (isset($data['country'])) {
if ($info['country'] != $data['country']) {
$implode_info[] = " country = '" . $data['country'] . "'";
insertCustomerLog($data['customerId'], 15, $info['country'], $data['country'], $data['modify_by']);
}
}
if (isset($data['phone'])) {
if ($info['phone'] != $data['phone']) {
$implode_info[] = " phone = '" . $data['phone'] . "'";
insertCustomerLog($data['customerId'], 16, $info['phone'], $data['phone'], $data['modify_by']);
}
}
if ($implode_info) {
$sql_info .= " , " . implode(" , ", $implode_info);
}
$sql_info .= " WHERE customer_id='" . $data['customerId'] . "'";
$query_info = mysql_query($sql_info);
if ($query && $query_info) {
return true;
}
return false;
}
<?php
if (!isset($logged)) {
header('Location:login.html');
}
if (!hasPermission($logged, 'access', 'customer_form')) {
header('Location:permission.html');
}
if (isset($_GET['customer_id'])) {
$customer_id = $_GET['customer_id'];
}
if (isset($customer_id) && $_SERVER['REQUEST_METHOD'] != 'POST') {
$customer_info = getCustomerById($customer_id);
}
if (isset($_POST['username'])) {
$username = $_POST['username'];
} elseif (!empty($customer_info)) {
$username = $customer_info['username'];
} else {
$username = '';
}
if (isset($_POST['email'])) {
$email = $_POST['email'];
} elseif (!empty($customer_info)) {
$email = $customer_info['email'];
} else {
$email = '';
}
if (isset($_POST['password'])) {
$password = $_POST['password'];
} else {
