'; //print_r($f["attr_name"]); //print ''; // check for existing domain record $dbf = new ps_DB; $q = "SELECT domain_id FROM domains WHERE domain_account_id = '$f[account_id]'"; $dbf->query($q); $dbf->next_record(); $domain_exists = $dbf->f("domain_id"); // create the record $db = new ps_DB; $today = date("Y-m-d"); $order_id = next_order_id(); if ($domain_exists == 0) { // create a new domain record $q = "INSERT INTO domains SET domain_account_id = '$f[account_id]', domain_order_id = '$order_id', domain_billing_id = '', domain_type_id = '$domain_type', domain_start_date = '$today', domain_years = '', domain_host_id = '$f[membership_id]', domain_host_status = '1', domain_host_periods = '1', domain_host_last_billed = '$today'"; } else { // else update the existing domain record $q = "UPDATE domains SET domain_account_id = '$f[account_id]', domain_order_id = '$order_id', domain_billing_id = '', domain_type_id = '$domain_type', domain_start_date = '$today', domain_years = '', domain_host_id = '$f[membership_id]', domain_host_status = '1', domain_host_periods = '1', domain_host_last_billed = '$today' WHERE domain_id = '$domain_exists'"; } $db->query($q); $account_id = $f[account_id]; $billing_id = ''; $sess = ''; $attr = $f[attr]; $attrname = $f[attr_name]; $value = $f[attr_value]; $membership_id = $f[membership_id]; if(in_array('Domain',$attrname)){ $value[2] = $membership_id; $attrname[2] = 'Domain'; $attrname[1] = ''; } create_order_record_manual("1",$order_id,$account_id,$billing_id,$sess,$attr,$attrname,$value,$membership_id); //create_order_record("1",$order_id,$account_id,$billing_id,$sess,$attr,$attrname,$value); //echo $q."
$message"; $company_name = setup("company"); $company_email= setup("email"); $headers = "From: $company_name <$company_email>\n"; $headers .= "X-Sender: <$company_email>\n"; $headers .= "Return-Path: <$company_email>\n"; mail($old_email,"Please Validate Email Change Request!",$message,$headers); global $message; $message .="An email has been sent to $old_email to verify this change, please check your email for details."; return "An email has been sent to $old_email to verify this change, please check your email for details."; } // REQUEST VALIDATION FOR AN EMAIL CHANGE FROM THE EMAIL ON FILE function validate_email_change_2($new_email,$old_email,$v) { $db = new ps_DB; $q = "SELECT * FROM account WHERE account_email = '" . sql_string_filter($db->lid, $old_email) . "'"; $db->query($q); $db->next_record(); if ($db->num_rows() <=0) { return FALSE; } $pass = $db->f("account_password"); $id = $db->f("account_id"); // CREATE THE md5 Hash to compare... $md5 = strtoupper(md5($old_email . '|' . $new_email . '|' . $pass . '|' . $id)); if ($v != $md5) { return FALSE; } else { $md5 = strtoupper(md5($old_email . '|' . $new_email . '|' . $pass . '|' . $id . '|' . date("Y-m-d") . '|VALID')); $url = setup("url"); $company = setup("company"); $message = 'This is an automated message from ' . $company . '. In order to complete the email change you requested, you must first validate this email address by clicking the link below. If you do not click the link, your email on file at ' . $company . ' will not be changed. Your current email address on file is ' . $old_email . ' and clicking the link below will permanently change your email address to ' . $new_email . '. ' . $url . '?page=email_change_2&e1=' . $old_email . '&e2=' . $new_email . '&v=' . $md5 . ' or Verify Update Request This link will expire after today, so you must use it immediately... Thank you! ' . $company . ' '; //echo "
$message"; $company_name = setup("company"); $company_email= setup("email"); $headers = "From: $company_name <$company_email>\n"; $headers .= "X-Sender: <$company_email>\n"; $headers .= "Return-Path: <$company_email>\n"; mail($old_email,"Please Validate Email Change Request!",$message,$headers); global $message; $message .="An email has been sent to $old_email to verify this change, please check your email for details."; return TRUE; } } // REQUEST VALIDATION FOR AN EMAIL CHANGE FROM THE EMAIL ON FILE function validate_email_change_3($new_email,$old_email,$v) { $db = new ps_DB; $q = "SELECT * FROM account WHERE account_email = '" . sql_string_filter($db->lid, $old_email) . "'"; $db->query($q); $db->next_record(); if ($db->num_rows() <=0) { return FALSE; } $pass = $db->f("account_password"); $id = $db->f("account_id"); // CREATE THE md5 Hash to compare... $md5 = strtoupper(md5($old_email . '|' . $new_email . '|' . $pass . '|' . $id . '|' . date("Y-m-d") . '|VALID')); if ($v != $md5) { return FALSE; } else { // VERIFY NON-DUPLICATE EMAIL! $dbs = new ps_DB; $q = "SELECT account_email FROM account WHERE account_email='" . sql_string_filter($dbs->lid, $new_email) . "'"; $dbs->query($q); if ($dbs->num_rows() <= 0) { $db = new ps_DB; $q = "UPDATE account SET account_email = '" . sql_string_filter($db->lid, $new_email) . "' WHERE account_id = '" . sql_string_filter($db->lid, $id) . "'"; $db->query($q); $db = new ps_DB; $q = "SELECT * FROM account WHERE account_id = '" . sql_string_filter($db->lid, $id) . "'"; $db->query($q); $db->next_record(); $f[name] = $db->f("account_name"); $f[address] = $db->f("account_address"); $f[city] = $db->f("account_city"); $f[state] = $db->f("account_state"); $f[zip] = $db->f("account_zip"); $f[company] = $db->f("account_company"); $f[old_password] = $db->f("account_password"); $f[old_email] = $new_email; $f[email] = $old_email; // determine if any external database update functions need run: global $path; unset($API_ACTION); $API_ACTION ='update_member_account'; include ($path . 'auth.api.php'); // update this account authentication $f[account_id] = $id; unset($API_ACTION); $API_ACTION ='auth_account'; include ($path . 'auth.api.php'); return TRUE; } else { //echo "Match found in db!" . $dbs->num_rows(); return FALSE; } return TRUE; } } function validate_pass_change_1($new_password,$old_password,$email,$id) { $str = $old_password . '|' . $new_password . '|' . $email . '|' . $id . '|' . date("Y-m-d"); $md5=strtoupper(md5($str)); $link = setup("url") . '?page=account&next_page=account&action=verify_pass_change&id=' . RC4($id,"en") . '&p1=' . RC4($old_password,"en") . '&p2=' . RC4($new_password,"en") . '&v=' . $md5; $company = setup("company"); $message = 'This is an automated message from ' . $company . '. In order to complete the password change you requested, you must first validate your request by clicking the link below. If you do not click the link, your password on file at ' . $company . ' will not be changed. If you or someone you authorized did not request this password change, we recommend that you log into your account and change your email address, as someone may have gained unauthorized access to your account. ' . $link . ' or Verify Password Change Request This link will expire after midnight today, so you must use it immediately... Thank you! ' . $company . ' '; // echo "
$message"; $company_name = setup("company"); $company_email= setup("email"); $headers = "From: $company_name <$company_email>\n"; $headers .= "X-Sender: <$company_email>\n"; $headers .= "Return-Path: <$company_email>\n"; mail($email,"Please Verify Password Request Change",$message,$headers); return "A message has been sent to your email account for you to validate this password change request."; } function validate_pass_change($new_password,$old_password,$id,$v) { global $path; $new_password = RC4($new_password,"de"); $old_password = RC4($old_password,"de"); $id = RC4($id,"de"); $db = new ps_DB; $q = "SELECT * FROM account WHERE account_id = '" . sql_string_filter($db->lid, $id) . "'"; $db->query($q); $db->next_record(); if($id!=$db->f("account_id")) { return "You are not authorized to make this change!"; } else { $email = $db->f("account_email"); $str = $old_password . '|' . $new_password . '|' . $email . '|' . $id . '|' . date("Y-m-d"); $md5=strtoupper(md5($str)); $acpass = $db->f("account_password"); if (($v != $md5) && ($old_password == $acpass)) { return "You have submitted a password change request that is invalid or expired!"; } else { // run the auth api before updating, if the username or password has changed... // at the end of the function, we will run it again to restore the new username/password set.... // get each domain id currently active, and remove the login for it from the db $db = new ps_DB; $q = "select domain_id from domains where domain_account_id = '" . sql_string_filter($db->lid, $id) . "' and domain_host_status='1'"; $db->query($q); while($db->next_record()) { // remove this login from the specified location $f[account_id] = $id; $f[domain_id] = $db->f("domain_id"); unset($API_ACTION); $API_ACTION ='auth_deactivate'; include($path . 'auth.api.php'); } // Ok! Update account... $db = new ps_DB; $q = "UPDATE account SET account_password = '" . sql_string_filter($db->lid, $new_password) . "' WHERE account_id = '" . sql_string_filter($db->lid, $id) . "'"; $db->query($q); $db = new ps_DB; $q = "SELECT * FROM account WHERE account_id = '$id'"; $db->query($q); $db->next_record(); $f[name] = $db->f("account_name"); $f[address] = $db->f("account_address"); $f[city] = $db->f("account_city"); $f[state] = $db->f("account_state"); $f[zip] = $db->f("account_zip"); $f[company] = $db->f("account_company"); $f[old_email] = $db->f("account_email"); $f[email] = $db->f("account_email"); $f[old_password] = $new_password; // determine if any external database update functions need run: global $path; unset($API_ACTION); $API_ACTION ='update_member_account'; include ($path . 'auth.api.php'); // Sync Authentication... $f[account_id] = $id; unset($API_ACTION); $API_ACTION ='auth_account'; include ($path . 'auth.api.php'); return "Your account password has been updated as requested!"; // EMAIL CUSTOMER if(setup("email_13")==Y) { send_mail("13",$account_id,"","",""); } } } } // UPDATE MEMBER ACCOUNT INFO function update_member_account($f,$sess) { global $path; $ret=""; // Validate that the user submitting this info is logged in to the account being changed.... $pass = is_logged($sess); if($pass == "Y") { $account_id = get_account_id($sess); // check the current account id against the one submitted... if($account_id != $f[account_id]) { // Account not logged in ... return "You must be logged into the account you wish to update in order to make the requested changes!"; } else { // We are ok to proceed.... // Check the old email and password against the new ones submitted to see if validation emails need to be sent.... $db = new ps_DB; $q = "SELECT account_email,account_password FROM account WHERE account_id = '$account_id'"; $db->query($q); $db->next_record(); $old_email = $db->f("account_email"); $old_password = $db->f("account_password"); //Compare old email... if($f[email] != $old_email) { // Send out an email authorization change... $ret .= validate_email_change_1($f[email],$old_email,$old_password,$account_id); } //Compare old pass... if($f[password] != $old_password) { // Send out an password authorization change... $ret .= validate_pass_change_1($f[password],$old_password,$old_email,$account_id); } // VALIDATE THE REQUIRED INFORMATION... include($path . "setup_reg_fields.php"); // BUILD THE INSERT STATEMENT $db = new ps_DB; $q ="UPDATE account SET "; // NAME if ($f_required[name]) { // Validate this field... //if (eregi("^[a-zA-Z0-9_]{1,}$", $f[name])) { if (preg_match("/^[a-zA-Z.,]{2,} {1,}[a-zA-Z,. ?]{1,}[a-zA-Z.]{2,}$/i", $f[name])) { if($comma) $q.= ' , '; $q.=" account_name = '" . sql_string_filter($db->lid, $f[name]) . "' "; $comma = TRUE; } else { $ret.="
$message"; mail($email,$company_name . " Account Activation Instructions",$message,$headers); } global $message; $message = "Thank you, your account has been added, but is currently inactive. You must check the email address you provided during the registration process for activation instructions."; return "Thank you, your account has been added, but is currently inactive. You must check the email address you provided during the registration process for activation instructions."; } // GET THE AFFILIATE ID FROM THE LOGIN RECORD... function get_aid($sess) { $db = new ps_DB; $q = "SELECT login_affiliate_id FROM login WHERE login_id='" . sql_string_filter($db->lid, $sess) . "'"; $db->query($q); $db->next_record(); $ret = $db->f("login_affiliate_id"); return $ret; } // SHOW LIST OF CATEGORIES function show_category_menu($id) { $db = new ps_DB; $q = "SELECT * FROM category ORDER BY sort,name ASC"; $db->query($q); echo ""; } // SHOW LIST OF DEPENDANCY MEMBERSHIPS function show_dependancy_menu($id) { $db = new ps_DB; $q = "SELECT * FROM membership ORDER BY membership_name ASC"; $db->query($q); echo ""; } // SHOW LIST OF TRIAL MEMBERSHIPS function show_trial_menu($id) { $db = new ps_DB; $q = "SELECT * FROM membership ORDER BY membership_name ASC"; $db->query($q); echo ""; } // SHOW LIST OF COUNTRIES function show_country_menu() { $default = "840"; $db = new ps_DB; $q = "SELECT country_id,country_name FROM country ORDER BY 'country_name'"; $db->query($q); echo ""; } // SHOW CLIENTS DUE SUBSCRIPTIONS function show_due_subscriptions($id) { $db = new ps_DB; $q = "SELECT domain_id,domain_host_id FROM domains WHERE domain_account_id ='$id'"; $db->query($q); echo "