account.php

日程 BosDates v4.5 Copyright ?2004-2005 BosDev

			$verCode = substr(md5($userName.$userPass),0,8);
			$msg = sprintf($Languages['account']['forgotemailmsg'],$verCode);
			htmlMail($SystemOptions['from_email'],$email,"{$Languages['account']['forgotemailtopic']}",$msg);

			$verMsg = sprintf($Languages['account']['forgotverifyintro'],$userName,$email);
			$displayData =<<<ENDDATA
			<div id="generalBox">
			<table width="100%" border="0" cellspacing="1" cellpadding="3">
			<form method="post" action="account.php" onSubmit="return checkResetVerify(this);">
			<input type="hidden" name="action" value="forgotProcess">
			<input type="hidden" name="returnTo" value="$returnTo">
			<input type="hidden" name="email" value="$email">
			 <tr>
			  <td colspan="2" class="headtd">{$Languages['account']['forgothead']}</td>
			 </tr>
			 <tr>
			  <td>
			   $verMsg<br>
			   <br>
			   <div align="center">
			   {$Languages['account']['forgotverifycode']}: <input type="text" name="code"><br>
			   {$Languages['account']['forgotverifynewpwd']}: <input type="password" name="pwd1"><br>
			   {$Languages['account']['forgotverifynewpwd2']}: <input type="password" name="pwd2"><br>
			   <input type="submit" value="{$Languages['account']['forgotbutton']}">
			   </div>
			  </td>
			 </tr>
			</form>
			</table>
			</div>
ENDDATA;
			}
			else {
				//Not a valid user, ask again
				$displayData =<<<ENDDATA
				<div id="generalBox">
				<table width="100%" border="0" cellspacing="1" cellpadding="3">
				<form method="post" action="account.php">
				<input type="hidden" name="action" value="forgotVerify">
				<input type="hidden" name="returnTo" value="$returnTo">
				 <tr>
				  <td colspan="2" class="headtd">{$Languages['account']['forgothead']}</td>
				 </tr>
				 <tr>
				  <td>
				   {$Languages['account']['forgotintro']}<br>
				   <br>
				   <div align="center">
				   {$Languages['account']['forgotverifyinvalid']}<br>
				   <br>
				   {$Languages['account']['forgotemail']}: <input type="text" name="email"><br>
				   <input type="submit" value="{$Languages['account']['forgotbutton']}">
				   </div>
				  </td>
				 </tr>
				</form>
				</table>
				</div>
ENDDATA;
				}
		break;

	case "forgotProcess":
		//Forgot password, UUS only
		$email = protect($email);
		$newPass = md5(protect($pwd1));

		$result = query("SELECT username,password FROM bosdevUUS WHERE email='$email'",$uus_link);
		list($userName,$userPass) = mysql_fetch_row($result);

		if(substr(md5($userName.$userPass),0,8) == trim($code)) {
			//Verified, reset password
			$result = query("UPDATE bosdevUUS set password='$newPass' WHERE email='$email'",$uus_link);

			$displayData =<<<ENDDATA
			<div id="generalBox">
			<table width="100%" border="0" cellspacing="1" cellpadding="3">
			<form method="post" action="account.php" onSubmit="return checkLogin(this);">
			<input type="hidden" name="action" value="loginProcess">
			<input type="hidden" name="returnTo" value="$returnTo">
			 <tr>
  			  <td colspan="2" class="headtd">{$Languages['account']['forgothead']}</td>
 			 </tr>
			 <tr>
  			  <td colspan="2">{$Languages['account']['forgotverifyconf']}</td>
 			 </tr>
	 		 <tr>
 			  <td align="right" width="50%">{$Languages['account']['username']}</td>
 			  <td width="50%"><input type="text" name="username" value=""></td>
	 		 </tr>
 			 <tr>
 			  <td align="right" width="50%">{$Languages['account']['password']}</td>
	 		  <td width="50%"><input type="password" name="password" value=""></td>
 			 </tr>
			 <tr>
	  		  <td colspan="2" align="center"><input type="submit" value="{$Languages['account']['loginbutton']}"></td>
 			 </tr>
	 		</form>
			</table>
			</div>
ENDDATA;
			}
			else {
				//Invalid code
				$displayData =<<<ENDDATA
				<div id="generalBox">
				<table width="100%" border="0" cellspacing="1" cellpadding="3">
				<form method="post" action="account.php" onSubmit="return checkResetVerify(this);">
				<input type="hidden" name="action" value="forgotProcess">
				<input type="hidden" name="returnTo" value="$returnTo">
				<input type="hidden" name="email" value="$email">
				 <tr>
				  <td colspan="2" class="headtd">{$Languages['account']['forgothead']}</td>
				 </tr>
				 <tr>
				  <td>
				   {$Languages['account']['forgotverifybadcode']}<br>
				   <br>
				   <div align="center">
				   {$Languages['account']['forgotverifycode']}: <input type="text" name="code"><br>
				   {$Languages['account']['forgotverifynewpwd']}: <input type="password" name="pwd1"><br>
				   {$Languages['account']['forgotverifynewpwd2']}: <input type="password" name="pwd2"><br>
				   <input type="submit" value="{$Languages['account']['forgotbutton']}">
				   </div>
				  </td>
				 </tr>
				</form>
				</table>
				</div>
ENDDATA;
				}

		break;

	case "report":
		//Report an ad to the admin
		$displayTitle = $Languages['account']['reporthead'];
		$displayData =<<<ENDDATA
		<table width="100%" border="0" cellspacing="1" cellpadding="3">
		<form method="post" action="account.php">
		<input type="hidden" name="action" value="reportProcess">
		<input type="hidden" name="listing" value="$listing">
		 <tr>
		  <td>
		   {$Languages['account']['reportintro']}<br>
		   <br>
		   <textarea name="concern" style="width:100%; height:150px;"></textarea><br>
		   <input type="submit" value="{$Languages['account']['reportbutton']}">
		  </td>
		 </tr>
		</form>
		</table>
ENDDATA;
		break;

	case "reportProcess":
		//Report an ad to the admin
		if(strlen($concern) > 10) {
			$fromEmail = $userInfo['email'];
			$listing = protect($listing);
			$result = query("SELECT ad_title,ad_description FROM {$class_prefix}ads WHERE ad_id=$listing",$class_link);
			list($adTitle,$adDesc) = mysql_fetch_row($result);
			$topic = $Languages['emails']['reporttopic'];
			$msg = sprintf($Languages['emails']['reportmsg'],$userInfo['name'],$adTitle,"{$insUrl}classified.php?listing={$listing}",$concern);

			$result = query("SELECT id FROM bosdevUUS WHERE bc1=1 OR bc1=2",$uus_link);
			while(list($adminID) = mysql_fetch_row($result)) {
				$adminInfo = getUserInfo($adminID);
				htmlmail($fromEmail,$adminInfo['email'],$topic,$msg);
				}
			}

		$displayTitle = $Languages['account']['reporthead'];
		$displayData =<<<ENDDATA
		<table width="100%" border="0" cellspacing="1" cellpadding="3">
		 <tr>
		  <td>
		   {$Languages['account']['reportsent']}<br>
		   <br>
		  </td>
		 </tr>
		</table>
ENDDATA;
		break;

	case "ask":
		//Ask a seller a question
		$displayTitle = $Languages['account']['questionhead'];
		$displayData =<<<ENDDATA
		<table width="100%" border="0" cellspacing="1" cellpadding="3">
		<form method="post" action="account.php">
		<input type="hidden" name="action" value="askProcess">
		<input type="hidden" name="listing" value="$listing">
		 <tr>
		  <td>
		   {$Languages['account']['questionintro']}<br>
		   <br>
		   <textarea name="question" style="width:100%; height:150px;"></textarea><br>
		   <input type="submit" value="{$Languages['account']['questionbutton']}">
		  </td>
		 </tr>
		</form>
		</table>
ENDDATA;
		break;

	case "askProcess":
		//Ask a seller a question
		if(strlen($question) > 10) {
			$fromEmail = $userInfo['email'];
			$listing = protect($listing);
			$result = query("SELECT ad_user_id,ad_title FROM {$class_prefix}ads WHERE ad_id=$listing",$class_link);
			list($adUser,$adTitle) = mysql_fetch_row($result);
			$topic = sprintf($Languages['emails']['asktopic'],$SystemOptions['title']);
			$msg = sprintf($Languages['emails']['askmsg'],$SystemOptions['title'],$insUrl,$adTitle,$question);
			$sellerInfo = getUserInfo($adUser);
			htmlmail($fromEmail,$sellerInfo['email'],$topic,$msg);
			}

		$displayTitle = $Languages['account']['questionhead'];
		$displayData =<<<ENDDATA
		<table width="100%" border="0" cellspacing="1" cellpadding="3">
		 <tr>
		  <td>
		   {$Languages['account']['questionsent']}<br>
		   <br>
		  </td>
		 </tr>
		</table>
ENDDATA;
		break;

	case "contactAdmin":
		$displayTitle = $Languages['account']['contacthead'];
		$displayData =<<<ENDDATA
		<table width="100%" border="0" cellspacing="1" cellpadding="3">
		<form method="post" action="account.php" onSubmit="return checkContact(this);">
		<input type="hidden" name="action" value="contactAdminProcess">
		 <tr>
		  <td>
		   {$Languages['account']['contactintro']}<br>
		   <br>
		   {$Languages['account']['contactemail']}: <input type="text" name="email" value="{$userInfo['email']}"><br>
		   <br>
		   {$Languages['account']['contactquestion']}:<br>
		   <textarea name="question" style="width:100%; height:150px;"></textarea><br>
		   <input type="submit" value="{$Languages['account']['contactbutton']}">
		  </td>
		 </tr>
		</form>
		</table>
ENDDATA;

		break;

	case "contactAdminProcess":
		if(strlen($question) > 10) {
			$topic = $Languages['emails']['contacttopic'];
			$msg = sprintf($Languages['emails']['contactmsg'],$question);

			$result = query("SELECT id FROM bosdevUUS WHERE bc1=1 OR bc1=2",$uus_link);
			while(list($adminID) = mysql_fetch_row($result)) {
				$adminInfo = getUserInfo($adminID);
				htmlMail($email,$adminInfo['email'],$topic,$msg);
				}
			}

		$displayTitle = $Languages['account']['contacthead'];
		$displayData =<<<ENDDATA
		<table width="100%" border="0" cellspacing="1" cellpadding="3">
		 <tr>
		  <td>
		   {$Languages['account']['contactconf']}<br>
		   <br>
		  </td>
		 </tr>
		</table>
ENDDATA;
		break;

	case "adClose":
		$adID = intval(protect($adID));
		$result = query("SELECT ad_title FROM {$class_prefix}ads WHERE ad_id=$adID AND ad_user_id=$userID",$class_link);
		list($adTitle) = mysql_fetch_row($result);

		if($adTitle != "") {
			$msg = sprintf($Languages['account']['adcloseintro'],$adTitle);
			$displayTitle = $Languages['account']['adclosehead'];
			$displayData =<<<ENDDATA
			<table width="100%" border="0" cellspacing="1" cellpadding="3">
			<form method="post" action="account.php" onReset="javascript:history.go(-1);">
			<input type="hidden" name="action" value="adCloseProcess">
			<input type="hidden" name="adID" value="$adID">
			 <tr>
			  <td>
			   $msg<br>
			   <br>
			   <input type="reset" value="{$Languages['account']['cancel']}"> <input type="submit" value="{$Languages['account']['process']}">
			  </td>
			 </tr>
			</form>
			</table>
ENDDATA;
			}
			else {
				$displayData = $Languages['account']['noownership'];
				}
		break;

	case "adCloseProcess":
		$adID = intval(protect($adID));
		$result = query("SELECT ad_title FROM {$class_prefix}ads WHERE ad_id=$adID AND ad_user_id=$userID",$class_link);
		list($adTitle) = mysql_fetch_row($result);

		if($adTitle != "") {
			$result = query("UPDATE {$class_prefix}ads SET ad_status=3 WHERE ad_id=$adID",$class_link);
			$displayTitle = $Languages['account']['adclosehead'];
			$displayData = $Languages['account']['adcloseconf'];
			}
			else {
				$displayData = $Languages['account']['noownership'];
				}
		updateCounts();
		updateRSS();
		break;

	case "adDelete":
		$adID = intval(protect($adID));
		$result = query("SELECT ad_title FROM {$class_prefix}ads WHERE ad_id=$adID AND ad_user_id=$userID",$class_link);
		list($adTitle) = mysql_fetch_row($result);

		if($adTitle != "") {
			$msg = sprintf($Languages['account']['addeleteintro'],$adTitle);
			$displayTitle = $Languages['account']['addeletehead'];
			$displayData =<<<ENDDATA
			<table width="100%" border="0" cellspacing="1" cellpadding="3">
			<form method="post" action="account.php" onReset="javascript:history.go(-1);">
			<input type="hidden" name="action" value="adDeleteProcess">
			<input type="hidden" name="adID" value="$adID">
			 <tr>
			  <td>
			   $msg<br>
			   <br>
			   <input type="reset" value="{$Languages['account']['cancel']}"> <input type="submit" value="{$Languages['account']['process']}">
			  </td>
			 </tr>
			</form>
			</table>
ENDDATA;
			}
			else {
				$displayData = $Languages['account']['noownership'];
				}
		break;

	case "adDeleteProcess":
		$adID = intval(protect($adID));
		$result = query("SELECT ad_status,ad_title,ad_image1,ad_image2,ad_image3,ad_image4,ad_image5,ad_fee FROM {$class_prefix}ads WHERE ad_id=$adID AND ad_user_id=$userID",$class_link);
		list($adStatus,$adTitle,$adImage1,$adImage2,$adImage3,$adImage4,$adImage5,$adFee) = mysql_fetch_row($result);