db_connect_id) { die("Could not connect to the database"); } ?> \n\n" . $msg_title . "\n

\n" . $msg_text . "\n

\n" . $sql . "\n"; exit; } function read_config() { global $db; $sql = "select * from config"; $res = $db->sql_query($sql); while ($row = $db->sql_fetchrow($res)) { $config[$row['config_name']] = $row['config_value']; } return $config; } function check_email($mail_address) { $pattern = "/^[\w-]+(\.[\w-]+)*@"; $pattern .= "([0-9a-z][0-9a-z-]*[0-9a-z]\.)+([a-z]{2,4})$/i"; if (preg_match($pattern, $mail_address)) { $parts = explode("@", $mail_address); if (checkdnsrr($parts[1], "MX")) { echo "The e-mail address is valid."; // return true; } else { echo "The e-mail host is not valid."; // return false; } } else { echo "The e-mail address contains invalid characters."; // return false; } } function generate_reference($userid, $orderid) { $ref = sprintf("%s%s", $userid, $orderid); // Calculate reference number if (strlen($ref) < 19) for ($i=strlen($ref);$i<19;$i++) $ref = sprintf("0%s",$ref); $ref1 = "7137137137137137137"; $refsum1 = 0; $refsum2 = 0; for ($i=0;$i<19;$i++) $refsum2 = $refsum2 + $ref[$i] * $ref1[$i]; $refsum1 = ceil($refsum2 / 10) * 10; $reference = sprintf("%s%s",$ref,$refsum1-$refsum2); return trim(ltrim($reference,"0")); } ?> sql_query($sql); $setinfo = $db->sql_fetchrow($result); if (($db->sql_numrows($result)==1) && ($setinfo['user_id'] != 1) && ($setinfo['user_password'] != "")) { if ($setinfo['user_active'] == 1) { $dbpass = $setinfo['user_password']; $non_crypt_pass = $user_password; $new_pass = md5($user_password); // Do we use the new password set by reminder? if ($setinfo['user_newpasswd'] != "" && ($setinfo['user_newpasswd'] == $non_crypt_pass)) { // Yes, will use this password in the future $sql = "update tws_users set user_password = '". md5($setinfo['user_newpasswd']) ."'" .", user_newpasswd = NULL where user_id = ". $setinfo['user_id']; $db->sql_query($sql); $sql = "select user_password from tws_users where user_id = ". $setinfo['user_id']; $res = $db->sql_query($sql); $row = $db->sql_fetchrow($res); $dbpass = $row['user_password']; } else { // No, the old password is used. Delete the new password $sql = "update tws_users set user_newpasswd = null where user_id = ". $setinfo['user_id']; $db->sql_query($sql); } // Update password in database if it's not encrypted if ($dbpass == $non_crypt_pass) { $db->sql_query("update tws_users set user_password='$new_pass' where user_id = ". $setinfo['user_id']); $sql = "select user_password from tws_users where user_id = ". $setinfo['user_id']; $res = $db->sql_query($sql); $row = $db->sql_fetchrow($res); $dbpass = $row['user_password']; } if ($dbpass != $new_pass) { // Wrong pass $msg = "Fel lösenord!"; $needle_start = strpos($msg, "[[reminder/"); if ($needle_start) { $needle_stop = strpos($msg, "]]", $needle_start); if ($needle_stop) { $needle = substr($msg, $needle_start, $needle_stop - $needle_start); $needle_braker = strpos($needle, "/"); if ($needle_braker) { $new_msg = substr($msg, 0, $needle_start); $new_msg .= ''; $new_msg .= substr($needle, $needle_braker +1) .''; $new_msg .= substr($msg, $needle_stop +2); $msg = $new_msg; } } } $message[] .= $msg; } else { // Correct pass $sess = update_session($setinfo['user_id'], 1); set_session_var('user_id', $setinfo['user_id']); set_session_var('username', $username); set_session_var('password', $non_crypt_pass); docookie($setinfo['user_id'], $username, $dbpass); // Update lastvisit $sql = "update tws_users set user_lastvisit = now() where user_id = ". $setinfo['user_id']; $db->sql_query($sql); // View news page if they were on confirm/signup when they logged in if ($section == "tickets" && ($page == "confirm" || $page == "signup" || $page = "reminder")) { $section = "news"; $page = "default"; } } } else if ($setinfo['user_active'] == 0) { // User inactive $message[] .= "Användar kontot är låst!"; } else { // User erased? $message[] .= "Denna användare är raderad!"; } } else { $message[] .= "Användarnamnet finns ej!"; } } function logout() { session_flush(); header("Location: index.php"); die(); } function docookie($setuser_id, $setusername, $setuser_password) { $info = base64_encode("$setuser_id:$setusername:$setuser_password"); set_session_var('user', $info); } function is_user() { global $db, $_session, $_cache_is_user; if (!isset($_session['user'])) return 0; if (isset($_cache_is_user)) return 1; $user = $_session['user']; $user = base64_decode($user); $user = explode(":", $user); $uid = "$user[0]"; $pwd = "$user[2]"; $uid = addslashes($uid); $uid = intval($uid); if ($uid != "" AND $pwd != "") { $sql = "SELECT user_password FROM tws_users WHERE user_id='$uid'"; $result = $db->sql_query($sql); $row = $db->sql_fetchrow($result); $pass = $row['user_password']; if($pass == $pwd && $pass != "") { $_cache_is_user = 1; return 1; } } return 0; } function show_loginform() { echo "
\n"; echo "\n"; echo "\n"; echo "\t\n"; echo "\n"; echo "\t\n"; echo "\n"; echo "\t\n"; echo "\n"; echo "\t\n"; echo "\n"; echo "\t\n"; echo "\n"; echo "
Användarnamn:
Lösenord:
\n"; echo "
\n"; //echo "\n"; } ?> spam = 0 if (!isset($_POST['sign_spam'])) $sign_spam = 1; else $sign_spam = 0; // Check for required fiels and validate them if (!validate_nick($sign_nick)) { $tmpText = str_replace ("[[username]]", $sign_nick, $langa['validate_nick']); $message[] .= $tmpText; } else { // Nick taken? $sql = "select username from users where username = '". $sign_nick ."'"; $res = $db->sql_query($sql); if ($db->sql_numrows($res) > 0) { $nickTaken = 1; $message[] .= $langa['validate_nick_taken']; } $db->sql_freeresult($res); } if (!validate_fname($sign_fname)) { $message[] .= $langa['validate_fname']; } if (!validate_lname($sign_lname)) { $message[] .= $langa['validate_lname']; } if (!validate_email($sign_email)) { $message[] .= $langa['validate_email']; } else { // Email exists? $sql = "select user_email from users where user_email = '". $sign_email ."'"; $res = $db->sql_query($sql); if ($db->sql_numrows($res) > 0) { $emailExists = 1; $message[] .= $langa['validate_email_exists']; } else { // Verify check if ($sign_email != $sign_email_verify) { $message[] .= $langa['validate_email_verify_error']; } } $db->sql_freeresult($res); } if (!validate_birthdate($sign_birthdate)) { $message[] .= $langa['validate_birthdate']; } if (($sign_accept != "accept") && ($sign_nrtickets > 0)) { $message[] .= $langa['you_must_accept']; } if (!$emailExists && !$nickTaken && !isset($message)) { // Register new user $newpass = generate_pass(); $sql = "insert into users (username, fname, lname, user_email, user_hometown,user_phone, user_birthdate, user_password, user_regdate, user_spam) values" ." ('$sign_nick', '$sign_fname', '$sign_lname', '$sign_email', '$sign_hemkommun', '$sign_telefon'," ." '$sign_birthdate', '$newpass', now(), $sign_spam)"; if ($db->sql_query($sql)) { // User registered $sql = "select user_id from users where username = '". $sign_nick ."'"; $res = $db->sql_query($sql); if ($row = $db->sql_fetchrow($res)) { $user_id = $row['user_id']; $db->sql_freeresult($res); // Send activation key send_actkey($user_id); $message[] .= $langa['signup_actkey_sent']; // Reserve tickets if ($sign_nrtickets > 0) { $orderid = reserve_tickets($user_id, $sign_nrtickets); if ($orderid > 0) { // X tickets reserved if ($sign_nrjolt > 0) { $sql = "select rad_id from ord_rad where order_id = ". $orderid ." order by rad_id desc limit 1"; $res = $db->sql_query($sql); $rad_id = $db->sql_fetchfield("rad_id"); $rad_id += 10; $sql = "insert into ord_rad (order_id, rad_id, product_id, pcs, price)" ." values($orderid, $rad_id, 200, $sign_nrjolt, 30)"; $db->sql_query($sql); $jolt_price = $sign_nrjolt * 30; $sql = "update ord set total = total + $jolt_price where faktnr = ". $orderid; $db->sql_query($sql); } // bring up next page (booking) update_session($user_id, 0); set_session_var('user_id', $user_id); set_session_var('newuser_book', 1); $step = 2; // header("Location: index.php?section=tickets&page=book"); // die(); } else { $message[] .= $langa['function_error']; } } else { // He didn't want any tickets, bring up a thank you page $step = 3; } } else { $message[] .= $langa['function_error']; } } } } /* -=- Profile -=- */ if (is_user() && isset($_POST['action']) && ($_POST['action'] == 'profile_change')) { // change profile data $check['username'] = $_session['username']; $check['user_id'] = $_session['user_id']; if ($_session['password'] == $_POST['password']) { $nick = $_POST['uname']; $fname = $_POST['fname']; $lname = $_POST['lname']; $email = strtolower($_POST['email']); $hemkommun = $_POST['hemkommun']; $telefon = $_POST['telefon']; $sql_fields = ""; if (!isset($_POST['spam'])) $spam = 1; else $spam = 0; $sql_fields .= ($sql_fields != "" ? ", " : "") ."user_spam = ". $spam; if (isset($_POST['cl_book'])) $cl_book = 1; else $cl_book = 0; $sql_fields .= ($sql_fields != "" ? ", " : "") ."user_cl_book = ". $cl_book; if (isset($_POST['forum_logout'])) $forum_logout = 1; else $forum_logout = 0; $sql_fields .= ($sql_fields != "" ? ", " : "") ."user_forum_logout = ". $forum_logout; if ($check['user_id'] != 1463) { // fname if (!validate_fname($fname)) { $message[] .= "Otillåtna tecken i förnamn."; } else $sql_fields .= ($sql_fields != "" ? ", " : "") . "fname = '". $fname ."'"; // lname if (!validate_lname($lname)) { $message[] .= "Otillåtna tecken i efternamn."; } else $sql_fields .= ($sql_fields != "" ? ", " : "") . "lname = '". $lname ."'"; } $sql = "update users set ". ($sql_fields != "" ? $sql_fields . ", " : "") ."user_hometown = '$hemkommun', user_phone = '$telefon'" ." where username = '". $check['username'] ."'"; $db->sql_query($sql); // nick if ($check['username'] != $nick) { $res = $db->sql_query("select username from users where username = '". $nick ."'"); if ($res) { $numrows = $db->sql_numrows($res); if ($numrows == 0) { // not found, nick is not occupied if (validate_nick($nick)) { $db->sql_query("UPDATE users SET username = '". $nick ."' WHERE username = '". $check['username'] ."'"); set_session_var('username', $nick); // renew check, TODO, FIXME $sql = "select user_id from users where username = '". $nick ."'"; $res = $db->sql_query($sql); $row = $db->sql_fetchrow($res); $check['username'] = $nick; $check['user_id'] = $row['user_id']; $db->sql_freeresult($res); } else { $tmpText = str_replace ("[[username]]", $nick, $langa['process_nick_error']); $message[] .= $tmpText; } } else { $tmpText = str_replace ("[[username]]", $nick, $langa['process_nick_busy']); $message[] .= $tmpText; } $db->sql_freeresult($res); } } // email $res = $db->sql_query("SELECT user_email FROM users WHERE username = '". $nick ."'"); if ($res) { $row = $db->sql_fetchrow($res); if ($row) { $current_email = $row['user_email']; if ($current_email != $email) { // new email $sql = "SELECT user_email FROM users WHERE username != '". $check['username'] ."'" ." AND (user_email = '". $email ."' OR user_newemail = '". $email ."')"; $res = $db->sql_query($sql); if ($res && ($db->sql_numrows($res) == 0)) { // don't exists -> good if (validate_email($email)) { // new email is in valid format $emailUpdate = "update users set user_newemail = '". $email ."' where user_id = ". $check['user_id']; $db->sql_query($emailUpdate); if (send_actkey($check['user_id'], 0, 1)) { // new confirm key sent $message[] .= $langa['process_new_key_sent']; } else { $message[] .= "Unexpected error. Contact an admin."; } } else { $message[] .= $langa['process_email_error']; } unset ($emailUpdate); } else { $message[] .= $langa['process_email_exist']; } } unset ($row); $db->sql_freeresult($result); } } // password if ($_POST['newpass']) { // check so both passwords match if ($_POST['newpass'] == $_POST['verifypass']) { // validate password if (validate_password($_POST['newpass'])) { $newpass = $_POST['newpass']; $db->sql_query("update users set user_password = '". $newpass ."' where username = '". $check['username'] ."'"); // And the forum... $db->sql_query("update cluster_forum.pun_users set password = '". md5($newpass) ."' where username = '". $check['username'] ."'"); // Save new data cookies login($check['username'], $newpass); unset ($newpass); $message[] .= $langa['process_pass_changed']; } else { // invalid $message[] .= $langa['process_pass_error']; } } else { $message[] .= $langa['process_pass_donot_match']; } } } else { $message[] .= $langa['process_wrong_pass']; } unset ($check); } /* -=- Erase profile/account -=- */ if (is_user() && isset($_POST['action']) && ($_POST['action'] == 'profile_erase')) { // Erase account if no tickets assigned $user_id = $_session['user_id']; if (isset($_POST['step']) && $_POST['step'] == "2") { // User has acknowledge he wants out $sql = "select * from tickets where owner = ". $user_id ." or user = ". $user_id; $res = $db->sql_query($sql); if ($db->sql_numrows($res) > 0) { // There are tickets, not safe to erase account $message[] .= $langa['profile_cant_erase']; } else { // No ticket, erase account //$sql = "delete from users where user_id = ". $user_id; $sql = "update users set user_active = -1 where user_id = ". $user_id; $db->sql_query($sql); // Inactivate forum account $sql = "update cluster_forum.pun_users set status = -2 where user_id = ". $user_id; $db->sql_query($sql); session_flush(); } } else { // Ask user if he's sure $step = 2; $message[] .= $langa['profile_erase_are_you_sure']; } } /* -=- Password / activationkey reminder -=- */ if (isset($_POST['action']) && ($_POST['action'] == 'reminder') && ($_POST['email'] != "")) { // Send new password or activation key $user_email = $_POST['email']; if (validate_email($user_email)) { $sql = "select user_id, username, user_actkey, user_active from users where user_email = '". $user_email ."'"; $res = $db->sql_query($sql); if ($row = $db->sql_fetchrow($res)) { // Found user if ($row['user_actkey'] != "") { cl_log("Skickar ny aktiveringsnyckel till ". $row['username'], $row['user_id']); // Send activation key if (send_actkey($row['user_id'])) { $message[] .= $langa['reminder_new_key_in_email']; $step = 2; } else { $message[] .= $langa['function_error']; } } else { cl_log("Skickar nytt lösenord till ". $row['username'], $row['user_id']); // Scramble new password and send it if (send_newpass($row['user_id'])) { $message[] .= $langa['reminder_new_pass_in_email']; $step = 2; } else { $message[] .= $langa['function_error']; } } } else { // Email not found -> no user using this email cl_log("E-post adressen ". $user_email ." existerar inte"); $message[] .= $langa['user_email_not_exists']; } } else { $message[] .= $langa['validate_email']; } } /* -=- Invoice -=- */ if (is_user() && $_POST['invoice_action'] == "invoice_check") { // Someone has payed their ticket if (isset($_POST['box'])) { $box = $_POST['box']; foreach ($box as $key => $value) { // Who's order? $sql = "select kundnr from ord where faktnr = ". $key; $res = $db->sql_query($sql); if ($res) { if ($row = $db->sql_fetchrow($res)) { $user_id = $row['kundnr']; // Mark order payed $sql = "update ord set status = 4, paydatetime = now()" ." where faktnr = ". $key; $db->sql_query($sql); // Change state on his tickets from (unact) reserved to booked $sql = "update tickets set state = 1" ." where owner = ". $user_id ." and (state = 2 or state = 3)"; $db->sql_query($sql); } } } } } /* -=- Cancel invoice -=- */ if (is_user() && $_POST['invoice_action'] == "invoice_cancel") { // We dont want this order, erase it and free the tickets if (isset($_POST['box'])) { $box = $_POST['box']; foreach ($box as $key => $value) { // Who's order? $sql = "select kundnr from ord where faktnr = ". $key; $res = $db->sql_query($sql); if ($res) { $row = $db->sql_fetchrow($res); $user_id = $row['kundnr']; // Mark order cancelled $sql = "update ord set status = 3 where faktnr = ". $key; $db->sql_query($sql); // Unbook any reserved seats $sql = "select ticketno from tickets" ." where owner = ". $user_id ." and (state = 2 or state = 3)"; $res = $db->sql_query($sql); while ($row = $db->sql_fetchrow($res)) { $sql = "update seats set ticketno = null where ticketno='". $row['ticketno'] ."'"; $db->sql_query($sql); } // Free his tickets $sql = "update tickets set state = 1, owner = null, user = null" ." where owner = ". $user_id ." and (state = 2 or state = 3)"; $db->sql_query($sql); } } } } /* -=- Free invoice -=- */ if (is_user() && $_POST['invoice_action'] == "invoice_free") { // Anullera, men låt jappen få biljetterna if (isset($_POST['box'])) { $box = $_POST['box']; foreach ($box as $key => $value) { // Who's order? $sql = "select kundnr from ord where faktnr = ". $key; $res = $db->sql_query($sql); if ($res) { $row = $db->sql_fetchrow($res); $user_id = $row['kundnr']; // Mark order overdue $sql = "update ord set status = 2 where faktnr = ". $key; $db->sql_query($sql); // Change state on his tickets from (unact) reserved to booked $sql = "update tickets set state = 1" ." where owner = ". $user_id ." and (state = 2 or state = 3)"; $db->sql_query($sql); } } } } ?> Offline Oy Ab -- Kaskö marginheight="0" marginwidth="0" scrolling="auto" noresize> <p>This section (everything between the 'noframes' tags) will only be displayed if the users' browser doesn't support frames. You can provide a link to a non-frames version of the website here. Feel free to use HTML tags within this section.</p>