Analytica Business Systems: Pervasive.SQL and Btrieve Specialists

Partner Login

'; } if ($_SESSION["ValidUser"]){ redirect("register.php");exit; } $success=true; // MAB 8/25/04 why is it prefaced with an @? //if(@$_POST["posted"]=="1") if( isset($_POST["posted"]) && $_POST["posted"]=="1" ){ $strEMail = $_POST["email"]; $strPassword = $_POST["password"]; // AWF 16 Jan 2008 - Modified this query to accommodate multiple email addresses in the customer table $strSQL = "SELECT * FROM customers WHERE Active = 1 And Email like '".$_POST["email"]."%'"; // AWF 16 Jan 2008 - End //$strSQL = "SELECT * FROM customers WHERE Email = '".$_POST["email"]."'"; $rs=mysql_query($strSQL); $theuser = trim(mysql_escape_string(@$_POST["email"])); // AWF 16 Jan 2008 - Modified this query to accommodate multiple email addresses in the customer table $strSQL = "SELECT clientUser,clientActions,clientLoginLevel,clientPercentDiscount FROM clientlogin WHERE clientUser like '" . $theuser . "%'"; // AWF 16 Jan 2008 - End //echo $strSQL; //echo $rsA["clientActions"]; //echo $rsA["clientLoginLevel"]; //echo $rsA["clientPercentDiscount"]; $rsA=mysql_query($strSQL); // User not found if (!$rs || mysql_num_rows($rs)==0 ){ $_SESSION["Email"] = $_POST["email"]; echo '

Email address not found or your account has not been activated.

'; }else{ // One or more users found - check password $num_res=mysql_num_rows($rs); for ($i=0; $i<$num_res; $i++){ $row=mysql_fetch_array($rs); // password matched If (strtoupper(htmlspecialchars(stripslashes($row["custPassword"]))) == strtoupper($strPassword)) { $num_f=mysql_num_fields($rs); for ($ii=0; $ii<$num_f; $ii++) { // populate session variables $strName = mysql_field_name($rs,$ii); $strValue = htmlspecialchars(stripslashes($row[$strName])); $_SESSION[$strName] = $strValue; } $_SESSION["ValidUser"] = true; //$sName = $_SESSION["Name"]." "; //y = Instr(sName," ") //sName = Left(sName,y) $rowA=mysql_fetch_array($rsA); $_SESSION["clientUser"]=trim(mysql_escape_string(@$_POST["email"])); $_SESSION["clientEmail"]=htmlspecialchars(stripslashes($row[$email])); $_SESSION["clientActions"]=$rowA["clientActions"]; $_SESSION["clientLoginLevel"]=$rowA["clientLoginLevel"]; $_SESSION["clientPercentDiscount"]=(100.0-(double)$rowA["clientPercentDiscount"])/100.0; //echo "PctDisc = " . $rowA["clientPercentDiscount"]; //echo "
ClientActions: ".$_SESSION["clientActions"]; //echo "
LoginLevel".$_SESSION["clientLoginLevel"]; //echo "
PercentDiscout: ".$_SESSION["clientPercentDiscount"]; //exit; //strRequest = REQUEST.SERVERVARIABLES("QUERY_STRING") //$strRequest =$_GET[0]; $strRequest = $_SERVER['QUERY_STRING']; //echo "******strRequest=".$strRequest."******loginredirect=".$loginredirect; //exit; If ($strRequest == "") { If ($loginredirect == "") { //echo "REDIRECT 1"; redirect("register.php?update=true"); exit; //Response.Redirect "register.php?update=true" // successful login }else{ //echo "REDIRECT 2"; redirect($loginredirect); exit; //Response.Redirect loginredirect } }else{ If ($strRequest == "action=xpwd"){ // echo "redirect 4"; redirect("register.php?update=true"); exit; // successful login }else{ // echo "redirect 5"; redirect($strRequest); // redirect("cuslogin.php?".$strRequest); exit; } } } } // if we get this far then... $_SESSION["Email"] = $_POST["email"]; // echo "REDIRECT 3"; redirect("cuslogin.php?action=xpwd"); exit; } } $action = $_GET["action"]; switch ($action) { case "pwdsent" : echo '

Success: Your password has been sent to your e-mail address.

'; break; case "xpwd" : echo '

Incorrect Password

'; break; } If ($action == "sendpwd"){ $strSQL = "SELECT * FROM customers where Email = '".$_POST["email_address"]."';"; $rs = mysql_query($strSQL); // This whole section is unecessary and the resulting variable is not used anywhere /* $sSQL = "SELECT adminEmail, adminStoreURL, emailObject FROM admin WHERE adminID=1"; $rsE = mysql_query($sSQL); if ($rsE) { $rowE = mysql_fetch_array($rsE); $sStoreURL = $rowE["adminStoreURL"]; }else{ $sStoreURL = ""; }*/ $num_res=mysql_num_rows($rs); if ($num_res==0) { echo "

Email address not found.

"; }else{ $row = mysql_fetch_array($rs); $name = $row["Name"]; $password = $row["custPassword"]; if ($htmlemails==true) { $cRt = "
"; } else {$cRt="\n"; } //Construct the message body $sBody = "Dear " .$name.",\n"; $sBody = $sBody . "\n"; $sBody = $sBody ."Your password was requested from " .$REMOTE_HOST. "\n"; $sBody = $sBody ."\n"; $sBody = $sBody . "Your Password is: " . $password . "\n"; $sBody = $sBody ."\n"; $sBody = $sBody ."\n"; $sBody = $sBody . "Please reply to this email if you have any questions." . "\n"; //Retrieve required form fields; $sEmailFrom = $row["adminEmail"]; $sEmailObject = $row["emailObject"]; $sEmailTo = $_POST["email_address"]; $sSubject = $xxStoreName . " - New Password"; //Call DoSendEmailEO(sEmailTo,sEmailFrom,sEmailFrom,sSubject,sBody,sEmailObject) //Response.redirect "cuslogin.php?action=pwdsent" //echo "redirect 8"; //echo "$sEmailTo,$sSubject,$sBody"; mail($sEmailTo,$sSubject,$sBody); redirect("cuslogin.php?action=pwdsent"); exit; } } If ($_GET["pwd"]!= "forgot") { ?>

To login you must first register.


Please enter your email address and password.

Email:

Password:

Forgot your password?



 

I've Forgotten My Password!
 
 
If you've forgotten your password, enter your e-mail address below and we'll send you an e-mail message containing your new password.
 
E-Mail Address:">