// $debug=yes;
/**********************
login page .....
**********************/
require'../commonfiles/Functions.php';
require'../commonfiles/MyFunctions.php';
require'../commonfiles/brandconfig.php3';
require'../commonfiles/newtemplate.php';
// connect mysql
$crm = new MySQL_class;
$crm->Create($crm_db,$crm_user,$crm_host,$crm_pass);
// connect SEARCH DB
$crm_search = new MySQL_class;
$crm_search->Create($crm_search_db,$crm_search_user,$crm_search_host,$crm_search_pass);
$cdc = new MySQL_class;
$cdc->Create($cdc_db,$cdc_user,$cdc_host,$cdc_pass);
$tmp = new MySQL_class;
$tmp->Create($template_db,$template_user,$template_host,$template_pass);
$brnd = new MySQL_class;
$brnd->Create($db,$user,$host,$pass);
$gc_sql=$crm; // session handling
if($code=='ASE')
{
exit();
}
// foil hackers
unset($u_type,$u_id,$session_email);
// start session
start_session($php_sessid);
// log it
app_log('store',$PHP_SELF,$search_word,$application_id,'view',$code,$array);
if(page_auth(3,$u_type,$cdc) == "yes")
{
$staging = "yes";
}
unset($u_type,$u_id,$session_email);
if(!$sessid && $code!='EVENTREG')
{
if($login_submit || $register_submit)
{
$message .="
Make sure cookies for this domain are enabled in your browser. ".$_SERVER["HTTP_REFERER"]."";
}
}
$end_user = "yes";
start_session($sessid);
if(trim($new_array[email])!='')
{
$new_array[email] = str_replace("'","",$new_array[email]);
}
// lost password
if($get_password)
{
if($new_array[email]=='')
{
$message = urlencode("
Please enter an email adddress. ");
header("location: $PHP_SELF?message=$message&forgot_password=yes&sessid=$sessid");
exit();
}
$query = "select cdc_id, password from $CDC
where email = '$new_array[email]'
and brand = '$code'";
$data=$cdc->mydata($query);
if($data[cdc_id][0]=='')
{
$message = urlencode("
Unfortunately, the email address you provided is not registered with us. Please enter another email address that is on our system.");
header("location: $PHP_SELF?message=$message&forgot_password=yes&sessid=$sessid");
exit();
}
if($data[password][0]=='')
{
// account found but no password - so we give em a password and send it to them
$new_array = get_cdc($data[cdc_id][0],$code,$cdc);
$new_array[password] = substr(make_rand(),0,6);
$query = "update $CDC set password = '$new_array[password]'
where cdc_id = '".$data[cdc_id][0]."'
and brand = '$code' ";
$cdc->Update($query);
system_email("8","$new_array[email]","$new_array[first_name] $new_array[last_name]",$new_array,$EMAIL,$code,$crm);
$message = urlencode("
A password was created for you and sent to your email address, please come back to this page after you receive the email.");
header("location: $PHP_SELF?message=$message&sessid=$sessid");
exit();
} else {
// password so we send it to them
$new_array = get_cdc($data[cdc_id][0],$code,$cdc);
system_email("9","$new_array[email]","$new_array[first_name] $new_array[last_name]",$new_array,$EMAIL,$code,$crm);
$message = urlencode("
Your password was found and sent to your email address, please come back to this page after you receive the email.");
header("location: $PHP_SELF?message=$message&sessid=$sessid");
exit();
}
}
// logging in
if($login_submit!="")
{
// lets validate
$email = trim($email);
if($email=="")
{
$message .="
You must enter an email address.";
}
// password
if($password=="")
{
$message .="
You must enter a password.";
}
if($customer_relation_id)
{
$message .="
You are already logged in.";
}
$show_login = yes;
}
// test the supplied uid and pass
if($login_submit && !$message)
{
// see if the account even has a password .. if not create one and send it to them.
$query = "select cdc_id, password
from $CDC
where email = '".ass($email)."'
and brand = '$code'";
$data = $cdc->mydata($query);
if($date[cdc_id][0]!='' && $data[password][0]=='' && $email!='')
{
$new_array = get_cdc($data[cdc_id][0],$code,$cdc);
$new_array[password] = substr(make_rand(),0,6);
$query = "update $CDC set
password = '$new_array[password]'
where cdc_id = '".$data[cdc_id][0]."'
and brand = '$code' ";
$cdc->Update($query);
system_email("8","$new_array[email]","$new_array[first_name] $new_array[last_name]",$new_array,$EMAIL,$code,$crm);
$message = urlencode("
A password was created for you and sent to your email address, please come back to this page after you receive the email.");
header("location: $PHP_SELF?message=$message&sessid=$sessid");
}
if(ss($data[password][0])==$password)
{
// if the uid and pass etc were ok
$u_id = $data[cdc_id][0];
$u_type = "customer";
$query = "select relation_id, company_id, division_id
from $CRM_RELATION
where contact_id = '".$data[cdc_id][0]."'
and disable != '1'
and brand = '$code'
order by company_id desc";
$relation_data = $crm->mydata($query);
// first company we find for now ....
for($a=0;$aUpdate($query);
$sql = $crm;
$query = "delete from $SESSION
where session_id = '$sessid'
and brand = '$code' ";
$sql->Delete($query);
store_cookie2($sessid,$u_id,$u_type,$email);
if($next=="")
{
header("location: /store/my_account.html?sessid=$sessid");
exit();
} else {
if(ereg('\?',urldecode($next)))
{
header("location: ".urldecode($next)."&sessid=$sessid");
exit();
} else {
header("location: ".urldecode($next)."?sessid=$sessid");
exit();
}
}
} else {
$message .="
Your email address and password failed, please try again.";
}
}
if($register_submit)
{
if($other_state!="")
{
$new_array[province_1] = $other_state;
} else {
$new_array[province_1] = $state;
}
if($other_country!="")
{
$new_array[country_1] = $other_country;
} else {
$new_array[country_1] = $country;
}
if($cdc_id=="")
{
$message = error_cdc(36,$new_array,$cdc);
if($verify_word_id)
{
if(!verify_word($verify_word_id,$match_word,$code,$crm))
{
$message[] = "The confirmation word you entered is incorrect.";
}
}
} else {
$message = error_cdc(7,$new_array,$cdc);
}
// check for a valid email address
if($new_array[email]!='')
{
if(simple_valid_email(trim($new_array[email]))!='TRUE')
{
$message[] = "You entered an invalid email address.";
}
}
// check for existing email addresses
if($cdc_id)
{
$query = "select cdc_id
from $CDC
where email = '$new_array[email]'
and cdc_id != '$cdc_id'
and brand = '$code' ";
$data = $cdc->mydata($query);
} else {
$query = "select cdc_id
from $CDC
where email = '$new_array[email]'
and brand = '$code' ";
$data = $cdc->mydata($query);
}
if($data[cdc_id][0]!="" && $new_array[email]!='')
{
$message = "
The email address you entered during registration has been previously registered and controls an active account. Please log-in to change mail settings for this account.
If you are attempting to set up a new account, you will need to register with a new email address.";
header("location: login.html?email=$new_array[email]&next=$next&message=".urlencode($message)."&show_login=yes&sessid=$sessid");
exit();
}
// check for conflicting external ids
// ** companies and contacts may have the same external id so
$new_array[external_id] = str_replace(",","",$new_array[external_id]);
if(is_numeric($new_array[external_id]))
{
$new_array[external_id] = abs($new_array[external_id]);
}
if(strlen($new_array[external_id])>6)
{
$message[] = "
State Bar numbers can only be 6 numbers or 5 numbers.";
}
if(trim($new_array[external_id])!='')
{
$new_array[external_id] = trim($new_array[external_id]);
if($cdc_id)
{
$query = "select cdc_id, email, password from $CDC where external_id = '$new_array[external_id]' and brand = '$code' and first_name != '' and cdc_id != '$cdc_id' ";
$data = $cdc->mydata($query);
} else {
$query = "select cdc_id, email, password from $CDC where external_id = '$new_array[external_id]' and brand = '$code' and first_name != '' ";
$data = $cdc->mydata($query);
}
if($data[cdc_id][0]!='')
{
if($code=='EVENTREG')
{
$message[] = "Your State Bar number is already entered into the system.";
// look for an email address and password
if($data[email][0])
{
if(!trim($data[password][0]))
{
$new_array[password] = substr(make_rand(),0,6);
$query = "update $CDC set password = '$new_array[password]' where cdc_id = '".$data[cdc_id][0]."' and brand = '$code' ";
$cdc->Update($query);
} else {
$new_array[password] = $data[password][0];
}
$tmp_email = $new_array[email];
$new_array[email] = $data[email][0];
system_email("8",$data[email][0],"$new_array[first_name] $new_array[last_name]",$new_array,$EMAIL,$code,$crm);
$new_array[email] = $tmp_email;
// el("$PHP_SELF $new_array[email] - $new_array[external_id] ");
$message[] = "We found an email address associated with the bar number you entered and have sent the password to the email address you have on record. NOTE: Often people change email addresses and do not have access to the old email address, if you are having a problem like this please send us an email with your new email address and your bar number to support@ieventreg.com.";
} else {
$message[] = "We did not find an email address associated with the bar number you entered. To complete your registration please call 415.538.2508.";
}
} else {
$message[] = "Your ID is incorrect, it is already taken by another user.";
}
}
}
// check password
$password = trim($password);
$confirm_password = trim($confirm_password);
if($cdc_id=="")
{
if($password=="" || $confirm_password=="")
{
$message[] = "You must enter a password, and confirm it.";
}
}
if($password!="" && $confirm_password!="")
{
if($password!=$confirm_password)
{
$message[] = "The password and confirmation password must match.";
} else {
$new_array[password]=$password;
}
}
$show_register = yes;
}
if($register_submit && $message == "")
{
$s_sql = $crm;
$new_array[first_name] = ucfirst($new_array[first_name]);
$new_array[last_name] = ucfirst($new_array[last_name]);
// cdc
if($cdc_id=="")
{
$temp_array=$new_array;
$temp_array[company_name] = '';
if($temp_array[external_id]=='')
{
$temp_array[external_id] = "".substr(make_rand(),0,7)."";
}
$cdc_id = insert_cdc($temp_array,$cdc);
$query = "update cdc set
created_by = '$cdc_id',
modified_by = '$cdc_id'
where cdc_id = '$cdc_id'
and brand = '$code' ";
$cdc->Update($query);
unset($temp_array);
// crm
$query = "insert into $CRM_CDC set
type_id = '0',
cdc_id = '$cdc_id',
first_name = '".addslashes($new_array[first_name])."',
last_name = '".addslashes($new_array[last_name])."',
created = '$now',
disabled = '0',
brand = '$code' ";
$crm->Insert($query);
// create a company IF a company name exists
if($new_array[company_name]!='')
{
$temp_array=$new_array;
$temp_array[first_name] = '';
$temp_array[last_name] = '';
$temp_array[email] = '';
$temp_array[external_id] = "".substr($cdc_id,0,7)."c";
$company_cdc_id = insert_cdc($temp_array,$cdc);
$query = "update cdc set
created_by = '$cdc_id',
modified_by = '$cdc_id'
where cdc_id = '$company_cdc_id'
and brand = '$code' ";
$cdc->Update($query);
unset($temp_array);
$query = "insert into $CRM_CDC set
type_id = '1',
cdc_id = '$company_cdc_id',
company_name = '".addslashes($new_array[company_name])."',
created = '$now',
brand = '$code' ";
$crm->Insert($query);
search_inserter($company_cdc_id,'Y',$new_array[company_name],'company',$date,$CRM_SEARCH,$crm_search,$code);
}
// lets send an email to sales
system_email("0","","",$new_array,$EMAIL,$code,$crm);
// lets send the thank you letter to the prospect
if($code!='ASE')
{
system_email("1",$new_array[email],"$new_array[first_name] $new_array[last_name]",$new_array,$EMAIL,$code,$crm);
}
} else {
// check permissions -- if it is their account OK if it is an owner ok if anyone else NOT OK
if($cdc_id!=$u_id)
{
// check that they are part of the same company
$query = "select company_id from $CRM_RELATION
where relation_id = '$customer_relation_id'
and brand = '$code' ";
$data = $crm->mydata($query);
$query = "select relation_id from $CRM_RELATION
where company_id = '".$data[company_id][0]."'
and contact_id = '$cdc_id'
and brand = '$code' ";
$data = $crm->mydata($query);
if($data[relation_id][0]=="")
{
echo"access denied -- this account is not part of your company";
exit();
}
}
// do not let people change a first or last name or external ID -- UNLESS THEY ARE EMPTY :)
$c_foo = get_cdc($cdc_id,$code,$cdc);
if($c_foo[first_name])
{
$new_array[first_name] = $c_foo[first_name];
}
if($c_foo[last_name])
{
$new_array[last_name] = $c_foo[last_name];
}
if($c_foo[external_id])
{
$new_array[external_id] = $c_foo[external_id];
}
update_cdc(7,$cdc_id,$new_array,$cdc);
$query = "update cdc set
modified_by = '$u_id'
where cdc_id = '$cdc_id'
and brand = '$code' ";
$cdc->Update($query);
if($password!='')
{
$query = "update cdc set
password = '$password'
where cdc_id = '$cdc_id'
and brand = '$code' ";
$cdc->Update($query);
}
$query = "update $CRM_CDC set
first_name = '".addslashes($new_array[first_name])."',
last_name = '".addslashes($new_array[last_name])."'
where cdc_id = '$cdc_id'
and brand = '$code' ";
// $crm->Insert($query);
$update = "yes";
}
// categories
if($sub_category_id)
{
// delete the categories updated
for($a=0;$aDelete($query);
}
// insert the categories selected
for($a=0;$aInsert($query);
}
}
// CRM search foo
$new_array = get_cdc($cdc_id,$code,$cdc);
$banned[]="created";
$banned[]="brand";
$banned[]="modified";
$banned[]="modified_by";
$banned[]="created_by";
$banned[]="cdc_id";
$banned[]="password";
$array_keys = array_keys($new_array);
for($a=0;$aThank for creating/updating the profile.
");
if($next)
{
if(ereg('\?',urldecode($next)))
{
header("location: ".urldecode($next)."&sessid=$sessid");
} else {
header("location: ".urldecode($next)."?sessid=$sessid");
}
exit();
}
if($store)
{
header("location: /store/checkout.html?sessid=$sessid");
exit();
} else {
header("location: /store/my_account.html?message=$message&sessid=$sessid");
exit();
}
}
if($update!='yes')
{
// relation
$customer_relation_id = make_rand();
$query = "insert into $CRM_RELATION set
relation_id = '$customer_relation_id',
company_id = '$company_cdc_id',
contact_id = '$cdc_id',
brand = '$code' ";
$crm->Insert($query);
}
// update the shopping cart
$query = "update $SHOPPING_CART set
relation_id = '$customer_relation_id'
where session_id = '$sessid'
and brand = '$code' ";
$crm->Update($query);
// log them in
$u_id = $cdc_id;
$u_type = "customer";
$sql = $crm;
$query = "delete from $SESSION
where session_id = '$sessid' and
brand = '$code' ";
$sql->Delete($query);
store_cookie2($sessid,$u_id,$u_type,$new_array[email]);
// send to their next page
if($next)
{
if(ereg('\?',urldecode($next)))
{
header("location: ".urldecode($next)."&sessid=$sessid");
} else {
header("location: ".urldecode($next)."?sessid=$sessid");
}
exit();
} else {
header("location: /store/my_account.html?message=Account+creation+complete.&show_login=yes&sessid=$sessid");
exit();
}
}
// make the form .....
// start template engine
$tpl = new rFastTemplate();
$tpl->no_strict();
$tpl->assign(array( HLI1 => "",
HLO1 => "" ));
$ms = mail_status($session_email,$crm,$code,$tpl,$vars);
$tpl = $ms[tpl];
if(preg_match("/mail_center/i",$PHP_SELF))
{
$tpl->assign(array( CANCEL => "/mail_center/" ));
$main = get_template('73',$TEMPLATE,$tmp,$code,$staging);
}
if(preg_match("/store/i",$PHP_SELF))
{
$tpl->assign(array( CANCEL => "/store/" ));
$main = get_template('13',$TEMPLATE,$tmp,$code,$staging);
}
if(preg_match("/event/i",$PHP_SELF))
{
$tpl->assign(array( CANCEL => "/store/" ));
$main = get_template('40',$TEMPLATE,$tmp,$code,$staging);
}
$tpl->define_raw( array( main => $main,
login_register => get_template('15',$TEMPLATE,$tmp,$code,$staging),
login_only => get_template('18',$TEMPLATE,$tmp,$code,$staging),
register_only => get_template('17',$TEMPLATE,$tmp,$code,$staging),
update_info => get_template('25',$TEMPLATE,$tmp,$code,$staging),
forgot_password => get_template('48',$TEMPLATE,$tmp,$code,$staging) ));
$tpl = show_login($u_id,$tpl);
$tpl->assign(array( TODAY => date("l, F j, Y") ));
$query = "select title, meta
from $TEMPLATE
where template_id = '18'
and brand = '$code' ";
$data = $tmp->mydata($query);
$tpl->assign(array( PAGE_TITLE => ss($data[title][0]),
PAGE_META => ss($data[meta][0]) ));
$tpl->assign(array( HIDE_LOGIN_1 => '' ));
if(is_array($message))
{
for($a=0;$aassign(array(
LOGIN => $login,
HIDE_COMPANY_IMAGE1 => " ",
STATE => $state_list,
COUNTRY => $country_list,
OTHER_STATE => $other_state,
OTHER_COUNTRY => $other_country,
CDC_ID => $cdc_id ));
$tpl->assign( array( SELF => $PHP_SELF ));
if($cn_email!='' && $email=='')
{
$email = $cn_email;
}
if(!$message)
{
$next = urlencode($next);
}
$tpl->assign(array( MESSAGE => urldecode($message),
SESSID => $sessid,
EMAIL => $email,
PASSWORD => $password,
STORE => $store,
SELF => $PHP_SELF,
EVENT_IMAGE => str_replace("http:","https:",$event_image),
NEXT => $next ));
if(!$event_image && !$next)
{
$tpl->assign(array( HIDE_EVENT_1 => ' ' ));
}
if($cdc_id)
{
if($new_array[first_name]=='')
{
$new_array = get_cdc($cdc_id,$code,$cdc);
}
if($cdc_id!=$u_id)
{
// check that they are part of the same company
$query = "select company_id
from $CRM_RELATION
where relation_id = '$customer_relation_id'
and brand = '$code' ";
$data = $crm->mydata($query);
$query = "select relation_id
from $CRM_RELATION
where company_id = '".$data[company_id][0]."'
and contact_id = '$cdc_id'
and brand = '$code' ";
$data = $crm->mydata($query);
if($data[relation_id][0]=="")
{
echo"access denied -- this account is not part of your company";
exit();
}
}
$tpl = category_item($cdc_id,$sub_category_id,$tpl,$code,$crm);
$new_array = cdc_template_array($new_array);
$tpl->assign( $new_array );
$tpl->assign(array( CDC_ID => $cdc_id,
EVENT_ID => $event_id,
ORDER_HEADER_ID => $order_header_id ));
$tpl = html_chunks($staging,$tpl,$code,$brnd);
$tpl->parse( MAIN, array( "update_info", "main" ));
$tpl->FastPrint();
exit();
}
$tpl = html_chunks($staging,$tpl,$code,$brnd);
if($forgot_password)
{
$tpl->parse( MAIN, array( "forgot_password", "main" ));
$tpl->FastPrint();
exit();
}
if($show_register)
{
$tpl = category_item($cdc_id,$sub_category_id,$tpl,$code,$crm);
$tpl = create_word($tpl,$code,$crm);
$new_array = cdc_template_array($new_array);
$tpl->assign( $new_array );
$tpl->parse( MAIN, array( "register_only", "main" ));
$tpl->FastPrint();
exit();
}
if($show_login)
{
$tpl->parse( MAIN, array( "login_only", "main" ));
$tpl->FastPrint();
exit();
}
$tpl = create_word($tpl,$code,$crm);
$tpl->parse( MAIN, array( "login_register", "main" ));
$tpl->FastPrint();
exit();
// functions
function verify_word($verify_word_id,$word,$code,$crm)
{
global $VERIFY_WORD;
$query = "select verify_word_id from $VERIFY_WORD
where brand = '$code'
and verify_word_id = '$verify_word_id'
and match_word = '".trim(addslashes($word))."' ";
$data = $crm->mydata($query);
if($data[verify_word_id][0]!='')
{
return('1');
} else {
return('0');
}
}
function create_word($tpl,$code,$crm)
{
global $VERIFY_WORD;
$query = "select verify_word_id, image_tag from $VERIFY_WORD
where brand = '$code'
order by rand() limit 0,1";
$data = $crm->mydata($query);
$tpl->assign(array( VERIFY_WORD_ID => $data[verify_word_id][0],
VERIFY_IMAGE_TAG => stripslashes($data[image_tag][0]) ));
return($tpl);
}
?>