query("SELECT * FROM Users WHERE EmailAddress = '$username'"); if ($db->recordcount() > 0){ $db->next_record(); $_SESSION[forename] = $db->field("Forename"); $_SESSION[username] = $username; $_SESSION[password] = $password; $_SESSION[loggedin] = $siteid; $_SESSION[lastactive] = gmmktime(); $_SESSION[userid] = $db->field("ID"); if ($db->field("Password") <> $_SESSION[password]){ $loggedin = false; $alert = 6; }; } else { $alert = 7; }; }; if ($_SESSION[loggedin] == $siteid){ include ("core/site.security.php"); } function formatorder($id){ global $cur_sign; global $countryid; global $countyid; $db = db(); $db->query("SELECT * FROM Orders WHERE ID = '".$id."'"); $db->next_record(); $t_id = $db->field("ID"); return "

".date("dS M Y",$db->field("DateTime"))."

Order ID : #".$db->field("ID")."

".$cur_sign.$db->field("OrderValue")."

View Details

"; }; //######################################## //########## LOGIN FUNCTION //######################################## //if ($action == "login"){ // $db->query("SELECT * FROM Users WHERE EmailAddress = '$username'"); // if ($db->recordcount() < 1){ // $msg = "No account matches supplied email address

"; // } else { // $db->query("SELECT * FROM Users WHERE EmailAddress = '$username' AND Password = '$password'"); // if ($db->recordcount() < 1){ // $msg = "The password supplied does not match the one on record.

"; // } else { // $db->next_record(); // $loggedin = true; // $userid = $db->field("ID"); // }; // }; //}; ######################################## ########## SAVE USER DETAILS ######################################## if ($action == "savedetails"){ unset($msg); $fld_email = $_SAFE[fld_email]; $old_email = $_SAFE[old_email]; if (!isvalidemail($fld_email)){ $msg = "You must supply a valid email address"; $error_highlight = "*"; }; if (!$msg){ if ($fld_email != $old_email){ $db->query("SELECT * FROM Users WHERE EmailAddress = '$fld_email'"); if ($db->recordcount() < 1){ $emailsql = "EmailAddress = '$fld_email', "; } else { $msg = "This Email Address has Already Been Used"; $error_highlight = "*"; }; }; $sql = "UPDATE Users SET Forename = '{$_SAFE[fld_forename]}', Surname = '{$_SAFE[fld_surname]}', $emailsql". "Telephone = '{$_SAFE[fld_tel]}', Fax = '{$_SAFE[fld_fax]}', Newsletter = '{$_SAFE[fld_newsletter]}' WHERE ID = '$userid'"; $db->query($sql); $msg = "Details Updated Successfully

"; }; }; ######################################## ########## UPDATE ADDRESS DETAILS ######################################## if ($action == "saveaddress"){ $fld_addressids = $_SAFE[fld_addressids]; $savecountry = false; foreach ($fld_addressids as $aid){ if ($_SAFE[fld_address1][$aid] != "") $savecountry = true; $sql = "UPDATE UserAddresses SET Address1 = '".$_SAFE[fld_address1][$aid]."', Address2 = '".$_SAFE[fld_address2][$aid]."', Address3 = '".$_SAFE[fld_address3][$aid]."',". " TownCity = '".$_SAFE[fld_towncity][$aid]."', County = '".$_SAFE[fld_county][$aid]."', Postcode = '".$_SAFE[fld_postcode][$aid]."' WHERE ID = '$aid'"; $db->query($sql); }; if ($savecountry){ $db->query("UPDATE Users SET Country = '{$_SAFE[fld_countryid]}' WHERE ID = '$userid'"); $msg = "Addresses Updated Successfully.

"; } else { $msg = "You need to enter all address information!

"; } }; ######################################## ########## CANCEL ORDER ######################################## if ($action == "CANCEL"){ $db->query("UPDATE Orders SET Status = 'CANCELLED' WHERE ID = '".$fld_orderid."'"); print ""; $page = "outstanding"; }; ######################################## ########## SAVE PASSWORD ######################################## if ($action == "savepassword"){ unset($msg); $fld_new_password = $_SAFE[fld_new_password]; $fld_old_password = $_SAFE[fld_old_password]; $db->query("SELECT * FROM Users WHERE ID = '$userid'"); $db->next_record(); if ($fld_old_password == $db->field("Password")){ $sql = "UPDATE Users SET Password = '$fld_new_password' WHERE ID = '$userid'"; $db->query($sql); $msg = "Password Updated Successfully
"; } else { $msg = "The password you supplied was incorrect.

"; $error_highlight = "*"; }; }; ######################################## ########## LOGIN SECTION ######################################## if ($_SESSION[loggedin] != $siteid){ if (!$msg) $msg = "Please sign in to access your account details"; $body = "

$msg

"; } else { ######################################## ########## PAGE SWITCH ######################################## if ($page == "") $page = "orders"; switch ($page){ //////// BLANK PAGE //////// case "": $body = "Successfully Logged In.

Using the links, you may maintain your account."; break; //////// ACCOUNT DETAILS PAGE //////// case "account": $db->query("SELECT * FROM Users WHERE ID = '$userid'"); $db->next_record(); if ($error_highlight == ""){ $fld_forename = $db->field("Forename"); $fld_surname = $db->field("Surname"); $fld_email = $db->field("EmailAddress"); $fld_tel = $db->field("Telephone"); $fld_fax = $db->field("Fax"); $fld_county = $db->field("County"); $fld_newsletter = $db->field("Newsletter"); }; $body = "

$msg

Forename	:
Surname	:
Email Address	:	$error_highlight
Telephone	:
Mobile	:
Will you accept our newsletter?	:

"; $tdcolor["account"] = "$sitecolor"; $tdclass["account"] = "rightlinkselected"; break; //////// ORDER INFORMATION PAGE //////// case "orders": $db->query("SELECT * FROM Orders WHERE (Status = 'Sent' OR Status = 'PROCESSME') AND UserID = '{$_SESSION[userid]}' ORDER BY DateTime ASC"); $count = $db->recordcount(); $i = 0; while ($db->next_record()){ $i++; $t_id = $db->field("ID"); $orders .= formatorder($t_id); }; if ($count == 0){ $orders = "No Outstanding Orders Found"; }; $body = "ORDER INFORMATION

$currentorder

$orders

"; break; //////// PASSWORD CHANGE SCREEN //////// case "password": $db->query("SELECT * FROM Users WHERE ID = '$userid'"); $db->next_record(); unset($fld_old_password); unset($fld_new_password); unset($fld_confirm_password); $body = " "; break; //////// ADDRESS CHANGE SCREEN //////// case "address": $db->query("SELECT Country FROM Users WHERE ID = '$userid'"); $db->next_record(); $countryid = $db->field("Country"); $db->query("SELECT * FROM UserAddresses WHERE UserID = '$userid'"); if ($db->recordcount() < 1){ $db->query("INSERT INTO UserAddresses (UserID, Type) VALUES ('$userid','Delivery')"); $db->query("INSERT INTO UserAddresses (UserID, Type) VALUES ('$userid','Billing')"); } $db->query("SELECT * FROM UserAddresses WHERE UserID = '$userid' AND Type = 'Delivery'"); if ($db->recordcount() > 0){ $db->next_record(); $d_id = $db->field("ID"); $d_address1 = $db->field("Address1"); $d_address2 = $db->field("Address2"); $d_address3 = $db->field("Address3"); $d_towncity = $db->field("TownCity"); $d_county = $db->field("County"); $d_postcode = $db->field("Postcode"); } else { $db->query("INSERT INTO UserAddresses (UserID, `Type`) VALUES ('$userid','Delivery')"); $d_id = $db->lastid(); }; $db->query("SELECT * FROM UserAddresses WHERE UserID = '$userid' AND Type = 'Billing'"); if ($db->recordcount() > 0){ $db->next_record(); $b_id = $db->field("ID"); $b_address1 = $db->field("Address1"); $b_address2 = $db->field("Address2"); $b_address3 = $db->field("Address3"); $b_towncity = $db->field("TownCity"); $b_county = $db->field("County"); $b_postcode = $db->field("Postcode"); } else { $db->query("INSERT INTO UserAddresses (UserID, `Type`) VALUES ('$userid','Billing')"); $b_id = $db->lastid(); }; $body = " ADDRESS DETAILS

$msg

Delivery Address
Address 1	:
Address 2	:
Address 3	:
Town / City	:
County / State	:
Postcode	:
Country	:
Billing Address
Address 1	:
Address 2	:
Address 3	:
Town / City	:
County / State	:
Postcode	:

"; break; }; $linksbar = " ACCOUNT DETAILS | ADDRESS DETAILS | CHANGE PASSWORD | ORDER INFORMATION"; }; $content = "

".$linksbar."

".$body."

"; $bodystring = <<$s_name

$content

BODY; // // // // //

// // // // // // // // // // //

$s_name

// //

// $content //

"; ######################################## ########## ENABLE USER? ######################################## $db->query("SELECT * FROM UserAddresses WHERE Address1 <> '' AND Address2 <> '' AND TownCity <> '' AND County <> '' AND PostCode <> '' AND UserID = '$userid'"); if ($db->recordcount() == 2) $db->query("UPDATE Users SET Enabled = 'YES' WHERE ID = '$userid'"); include ("template.php"); ?>

Current Password	:	$error_highlight

New Password	:
Confirm New Password	: