} else { $email_text = sprintf(EMAIL_GREET_MS, $lastname); } } else { $email_text = sprintf(EMAIL_GREET_NONE, $firstname); } $email_text .= EMAIL_WELCOME . EMAIL_TEXT . EMAIL_CONTACT . EMAIL_WARNING; tep_mail($name, $email_address, EMAIL_SUBJECT, $email_text, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS); // added by scotty to enable ip of customer if no duplicate ip seen (hacker making 2 accounts) // so they won't have to login after a new account created. mysql_close(); $remote_addr = $HTTP_SERVER_VARS["REMOTE_ADDR"]; //$mysql = new_mysql($username,$password,$database,"localhost"); $mysql = new_mysql($mysql_username, $mysql_password, $mysql_database, $mysql_hostname); if (check_user_already($email_address, $remote_addr, $mysql) == 1) { $expire = update_account($email_address, $remote_addr, $mysql, $configValues); $timenow = time(); if ($timenow < $expire) { ip_enable($HTTP_SERVER_VARS["REMOTE_ADDR"]); } } mysql_close(); tep_redirect(tep_href_link(FILENAME_CREATE_ACCOUNT_SUCCESS, '', 'SSL')); } } $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_CREATE_ACCOUNT, '', 'SSL')); require DIR_WS_INCLUDES . 'template_top.php'; require 'includes/form_check.js.php'; ?> <h1><?php
$password1 = $_POST['password1']; $password2 = $_POST['password2']; if ($password1 != $password2) { echo "Sorry, passwords do not match. Please try again."; die; } $password = $password1; } if (strlen($password1) > 0) { if (strlen($password1) < 6) { echo "Remember, your new password needs to be at least 6 characters long."; die; } $password = $password1; } update_account($country, $password); break; case "view_account": dashboard(); break; case "logout": session_destroy(); header("location: index.php"); break; default: echo "Invalid sub-command."; die; } } ?>
update_account($pass, $id); $message = "<div class = 'alert alert-success' style = 'width: 350px;'>{$fName} {$mName} {$lName} record has been successfully updated.</div>"; echo "<script>"; //go back to viewMed page after 3 seconds. echo "setTimeout(function(){ document.location = '?p=viewWorking'; }, 2000);"; echo "</script>"; } else { if ($photo && !$photo['error']) { $name = $photo['name']; $type = $photo['type']; $path = $photo['tmp_name']; $bytes = file_get_contents($path); $user = $_SESSION['user']; update_photo($name, $type, $bytes, $user, $id); update_working($fName, $mName, $lName, $course, $yr, $lab, $time, $days, $id); update_account($pass, $id); $message = "<div class = 'alert alert-success' style = 'width: 350px;'>{$fName} {$mName} {$lName} record has been successfully updated.</div>"; echo "<script>"; //go back to viewMed page after 3 seconds. echo "setTimeout(function(){ document.location = '?p=viewWorking'; }, 2000);"; echo "</script>"; } else { $message = "<div class = 'alert alert-warning' style = 'width: 350px;'>Invalid File.</div>"; } } } else { //if not submitted we retrieve the data from the database $workingFind = find_working($id); if ($workingFind) { $fName = $workingFind['WORKINGFNAME']; $mName = $workingFind['WORKINGMNAME'];
echo TEXT_NOTIFY_PRODUCTS . '<br /><p class="productsNotifications">'; $products_displayed = array(); for ($i = 0, $n = sizeof($products_array); $i < $n; $i++) { if (!in_array($products_array[$i]['id'], $products_displayed)) { echo tep_draw_checkbox_field('notify[]', $products_array[$i]['id']) . ' ' . $products_array[$i]['text'] . '<br />'; $products_displayed[] = $products_array[$i]['id']; } } echo '</p>'; } echo TEXT_SEE_ORDERS . '<br /><br />' . TEXT_CONTACT_STORE_OWNER; // added by scotty $mysql = new_mysql($mysql_username, $mysql_password, $mysql_database, $mysql_hostname); $emailaddress = GetEmailAddress((int) $customer_id, $mysql); if (strcmp($emailaddress, "nul") != 0) { $ExpireDate = date(" d M Y g:i:sA ", update_account($emailaddress, $HTTP_SERVER_VARS["REMOTE_ADDR"], $mysql, $configValues)); ip_enable($HTTP_SERVER_VARS["REMOTE_ADDR"]); $emailaddress = $emailaddress . " ok"; } mysql_close($mysql); // end scotty add ?> </div> <div class="contentText"> <h3><?php echo TEXT_THANKS_FOR_SHOPPING . '<br> your IP address: ' . $HTTP_SERVER_VARS["REMOTE_ADDR"] . ' <br> for email: ' . $emailaddress . '<br> New Expire Date: ' . $ExpireDate; ?> </h3> </div>
break; case 2: // Search Accounts check_admin_authorization(); $body = new Template("templates/account/account.searchresults.tmpl.php"); if (isset($_POST['lsaccount_id']) && $_POST['lsaccount_id'] != "LS Acct ID") { $results = search_accounts_by_id(); } else { $results = search_accounts_by_name(); } $body->set("results", $results); break; case 3: // Update Account Details check_admin_authorization(); update_account(); header("Location: index.php?editor=account&acctid={$acctid}"); exit; case 4: // Delete Account check_admin_authorization(); delete_account($acctid); header("Location: index.php?editor=account"); exit; case 5: // Character Transfer Selection check_admin_authorization(); $body = new Template("templates/account/account.chartransfer.tmpl.php"); $javascript = new Template("templates/account/js.tmpl.php"); $body->set('acctid', $acctid); $body->set('acctname', getAccountName($acctid));
} else { $message = 'Please sign in to manage your account'; include 'home.php'; } break; case 'editaccount': $user_id = $_SESSION['user_id']; $first_name = filter_input(INPUT_POST, 'firstname', FILTER_SANITIZE_STRING); $last_name = filter_input(INPUT_POST, 'lastname', FILTER_SANITIZE_STRING); $email = filter_input(INPUT_POST, 'email', FILTER_VALIDATE_EMAIL); if ($user_id == NULL || $user_id == FALSE || $first_name == NULL || $first_name == FALSE || $last_name == NULL || $last_name == FALSE || $email == NULL || $email == FALSE) { $user = get_user_details($_SESSION['user_id']); $message = 'No Fields can be blank'; include 'accountManagement.php'; } else { $result = update_account($user_id, $first_name, $last_name, $email); if ($result == 'error') { $user = get_user_details($_SESSION['user_id']); $message = 'An error occurred'; include 'accountManagement.php'; } elseif ($result == 'email') { $user = get_user_details($_SESSION['user_id']); $message = 'That email already exists in the system'; include 'accountManagement.php'; } else { $user = get_user_details($_SESSION['user_id']); $message = 'Account updated'; include 'accountManagement.php'; } } break;
header('location: .'); break; case 'deletecharacter': delete_character(); header('location: .?action=loggedon'); break; case 'savecharacter': $character_id = filter_input(INPUT_POST, 'character_id'); $updated = update_character($character_id); include 'characterForm.php'; break; case 'manageaccount': include 'manageAccount.php'; break; case 'updateaccount': $message = update_account(); include 'manageAccount.php'; break; case 'changepassword': $message = change_password(); include 'manageAccount.php'; break; case 'feedback': include 'feedbackForm.php'; break; case 'feedbacksubmit': $message = store_feedback(); include 'feedbackForm.php'; break; case 'about': include 'about.php';
function checkacc($customers_email, $customers_password, $username, $password, $database, $configValues) { if (strlen($_SESSION['customer_ip']) < 7) { //$ip = $HTTP_SERVER_VARS["REMOTE_ADDR"]; $ip = $_SERVER['REMOTE_ADDR']; $_SESSION['customer_ip'] = $ip; } $ip = $_SESSION['customer_ip']; //echo "ip = $ip <br>"; // set all defaults for not logged in $_SESSION['loggedin'] = 0; $_SESSION['promotion'] = 0; $_SESSION['customers_email'] = $customers_email; $_SESSION['customers_password'] = $customers_password; $_SESSION['login_date_time'] = date("F j, Y, g:i a"); $_SESSION['login_timestamp'] = time(); $_SESSION['bytesleft'] = 0; // check freenet user name $mysql = new_mysql($username, $password, $database, "localhost"); $query = "SELECT * FROM customers WHERE customers_email_address='{$customers_email}'"; $result = get_query($query, $mysql); if ($result == 0) { //echo "<br> Failed Freenet user not fount <br>"; mysql_close(); $_SESSION['code'] = 0; return 0; } // check freenet password and collect needed user info $i = 0; $first = mysql_result($result, $i, "customers_firstname"); $_SESSION['firstname'] = $first; $email = mysql_result($result, $i, "customers_email_address"); $expire = mysql_result($result, $i, "customers_date_account_expires"); $_SESSION['expire'] = $expire; $strlen = strlen($expire); $cust_password = mysql_result($result, $i, "customers_password"); $pass = strcmp($cust_password, $customers_password); if ($pass != 0) { // echo "<br> Failed user name (email) not found in database <br>"; mysql_close(); $_SESSION['code'] = -1; return -1; } // check to see if customer has an IP address set in mysql records // if not make sure they don't already have an account as someone else // if no records with this ip then update there ip address in customer account $cust_ip_address = mysql_result($result, $i, "customers_ip_address"); $strlen = strlen($cust_ip_address); // echo "strlen = $strlen <br>"; if (strlen($cust_ip_address) == 0) { $cust_ip_address = $_SESSION['customer_ip']; if (strlen($cust_ip_address) < 7) { // invalid ip address given to check $_SESSION['code'] = -5; return 5; } // $cust_ip_address = $HTTP_SERVER_VARS["REMOTE_ADDR"]; // echo " ip = $cust_ip_address <br>"; $query = "SELECT * FROM customers WHERE customers_ip_address='{$cust_ip_address}'"; $result = get_query($query, $mysql); if ($result != 0) { // sorry they already have an account they will have to update the other one mysql_close(); $_SESSION['code'] = -3; return -3; } $query = "UPDATE customers SET customers_ip_address='{$cust_ip_address}' WHERE customers_email_address='{$customers_email}'"; get_query($query, $mysql); } $expire = update_account($customers_email, $mysql, $configValues); // check if account time window expired $timenow = time(); if ($timenow > $expire) { // time window has expired so // set code account expired and return -2 $_SESSION['code'] = -2; return -2; } // successfull login $expire = date("F j, Y, g:i a", $expire); $_SESSION['expire'] = $expire; //echo "<b>firstname: $first <br>E-mail: $email<br>Account will expires on: $expire <br><hr><br>"; //echo "<br> cust_password = $cust_password customers_password = $customers_password <br>"; //echo "<br> timenow = $timenow <br>"; $_SESSION['code'] = 1; $_SESSION['loggedin'] = 1; mysql_close(); return 1; }
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>REST/OAuth Example</title> </head> <body> <tt> <?php $access_token = $_SESSION['access_token']; $instance_url = $_SESSION['instance_url']; if (!isset($access_token) || $access_token == "") { die("Error - access token missing from session!"); } if (!isset($instance_url) || $instance_url == "") { die("Error - instance URL missing from session!"); } show_accounts($instance_url, $access_token); $id = create_account("My New Org", $instance_url, $access_token); show_account($id, $instance_url, $access_token); show_accounts($instance_url, $access_token); update_account($id, "My New Org, Inc", "San Francisco", $instance_url, $access_token); show_account($id, $instance_url, $access_token); show_accounts($instance_url, $access_token); delete_account($id, $instance_url, $access_token); show_accounts($instance_url, $access_token); ?> </tt> </body> </html>
$password1 = $_POST['password1']; $password2 = $_POST['password2']; if ($password1 != $password2) { echo "Sorry, passwords do not match. Please try again."; die; } $password = $password1; } if (strlen($password1) > 0) { if (strlen($password1) < 6) { echo "Remember, your new password needs to be at least 6 characters long."; die; } $password = $password1; } update_account($password, $pgpkey); break; case "view_account": dashboard(); break; case "logout": session_destroy(); header("location: index.php"); break; default: echo "Invalid sub-command."; die; } } ?>
if ($account['code'] == '') { $account['code'] = replace_text_for_utf8($this->input->post('name')); // Have barcode? for ($i = is_account_code($account['code']); $i > 0; $i++) { $account['code'] = replace_text_for_utf8($this->input->post('name')) . '-' . $i; $i = is_account_code($account['code'], $account_id); } } else { // Have barcode? if (is_account_code($account['code'], $account_id)) { alertbox('alert-danger', get_lang('This barcode is found in the database.')); $continue = false; } } if ($continue) { if (update_account($account['id'], $account)) { alertbox('alert-success', get_lang('Operation is Successful'), ''); $log['date'] = $this->input->post('log_time'); $log['type'] = 'account'; $log['title'] = get_lang('Account'); $log['description'] = get_lang('Account card has been updated.'); $log['account_id'] = $account_id; add_log($log); } else { alertbox('alert-danger', get_lang('Error!')); } } } } ?>