/account.php
PHP | 269 lines | 233 code | 22 blank | 14 comment | 68 complexity | e387ee4139786b2ac365bdd1ac3acb82 MD5 | raw file
Possible License(s): LGPL-2.1, MPL-2.0-no-copyleft-exception, BSD-3-Clause, LGPL-3.0
- <?php
- $connection = mysql_connect("localhost", "pkskrakow_4", "Dond33st4S!");
- $db = mysql_select_db("pkskrakow_4");
- mysql_query("SET NAMES 'utf8'");
- if (!$connection || !$db) {exit(mysql_error());}
- if (isset($_GET['reset'])) {
- if ($_COOKIE['resetPass'] == $_GET['resetPassword']) {
- $id = $_GET['id'];
- $_COOKIE['resetPass'] = '';
- ?>
- <link rel="stylesheet" href="libs/sweetalert/sweetalert.css">
- <script src="libs/jquery/jquery-1.9.1.min.js"></script>
- <script src="libs/sweetalert/sweetalert.min.js"></script>
- <script>
- $(document).ready(function () {
- swal({
- title: "Wprowadź nowe hasło",
- input: "password",
- closeOnConfirm: false,
- showLoaderOnConfirm: true,
- animation: "slide-from-top",
- inputPlaceholder: "Nowe hasło",
- preConfirm: function (inputValue) {
- return new Promise(function (resolve, reject) {
- if (inputValue.length < 6) {
- swal.showInputError("Minimum 6 symbols");
- reject();
- } else {
- setTimeout(function () {
- $.ajax({
- url: "/registration.php",
- type: "POST",
- data: {
- resetPassword: true,
- id: <?= $id ?>,
- password: inputValue
- },
- success: function (check) {
- swal('Success', 'Your password has been changed, now you can login with a new password', 'success')
- setTimeout(function () {
- location.href = '/'
- }, 2000)
- },
- error: function () {
- console.log('error')
- }
- });
- }, 1500)
- }
- })
- }
- });
- })
- </script>
- <?
- } else {
- header('location:/');
- }
- }
- if (isset($_POST['resetPassword'])) {
- $email = $_POST['email'];
- $query = mysql_query("SELECT * FROM `userdata` WHERE `email` LIKE '$email'");
- $result = mysql_fetch_assoc($query);
- if ($result['email'] == $email) {
- $token = md5(date('D:h:m:s'));
- $id = $result['idUser'];
- setcookie('resetPass', $token);
- echo 'true;' . $token . ";" . $id;
- } else {
- echo 'false';
- }
- }
- if (isset($_POST['data2db'])) {
- $id = $_COOKIE['logged'];
- $array = $_POST['data2db'];
- if ($id != '') {
- for ($i = 0; $i < count($array); $i++) {
- $ticket = $array[$i]['reserve_num'][$i];
- $arrival_time = $array[$i]['arrival'];
- $departure_time = $array[$i]['departure'];
- $total_time_road = $array[$i]['duration_minutes'];
- $station_from = $array[$i]['station_from'];
- $station_to = $array[$i]['station_to'];
- $price = $array[$i]['price'][$i];
- if (is_array($ticket)) {
- for ($n = 0; $n < count($ticket); $n++) {
- $num = $ticket[$n]['ticket_number'];
- $newPrice = $price / count($ticket);
- mysql_query("INSERT INTO `tickets` (`arrival_time`, `departure_time`, `number_ticket`, `price`, `status`, `total_time_road`, `id`, `station_from`, `station_to`)
- VALUES('$arrival_time','$departure_time', '$num','$newPrice', 'paid','$total_time_road','$id','$station_from','$station_to')");
- }
- } else {
- mysql_query("INSERT INTO `tickets` (`arrival_time`, `departure_time`, `number_ticket`, `price`, `status`, `total_time_road`, `id`, `station_from`, `station_to`)
- VALUES('$arrival_time','$departure_time','$ticket','$price', 'paid','$total_time_road','$id','$station_from','$station_to')");
- }
- }
- mysql_close();
- } else {
- echo "no access";
- }
- goto end;
- }
- if (isset($_POST['cancellation']) && $_POST['cancellation'] != '') {
- include_once("helpers/session/Helper.php");
- $helper = new Helper();
- $num = $_POST['cancellation'];
- $id = $_COOKIE['logged'];
- $query = mysql_query("SELECT * FROM `tickets` WHERE `Number` LIKE '$num'");
- $result = mysql_fetch_assoc($query);
- $reqData = array(
- "method" => "TicketsCancelation",
- "ticket_number" => "$result[number_ticket]"
- );
- $output = json_decode($helper::apiRequest($reqData), true);
- if($output['canceled'] == false){
- echo $output['Reclamation'];
- }else{
- echo 'ok';
- if($output['FakturaVAT'] == true){
- mysql_query('UPDATE `transactions` SET uuid = "'. $output['UUIDSalesInvoice'] .'", invoice_number = "'. $output['InvoiceNumber'] .'", SalesDate = "'. $output['SalesDate'] .'", firm = "'. $output['FirmSalesInvoice'] .'", Exhibitor = "'. $output['Exhibitor'] .'", DocumentTotal = "'. $output['DocumentTotal'] .'", response = "'. $output['PrintFile'] .'" WHERE id = "'. $result[transaction_id] .'"');
- }
- mysql_query("INSERT INTO `cancelledTickets` (`transaction_id`,`arrival_time`, `departure_time`, `number_ticket`, `price`, `status`, `total_time_road`, `id_user`, `station_from`, `station_to`, `Number`, `FiscalNumber`)
- VALUES('$result[transaction_id]', '$result[arrival_time]','$result[departure_time]','$result[number_ticket]','$result[price]', 'cancelled','$result[total_time_road]','$id','$result[station_from]','$result[station_to]', '$result[Number]', '$result[FiscalNumber]')");
- mysql_query("DELETE FROM `tickets` WHERE `Number` LIKE '$num'");
- }
- }
- // Код для входа ползователя в кабинет
- if (isset($_POST['login']) && isset($_POST['password'])) {
- $password_check = 'false';
- if ($_POST['login'] != '') {
- $login = $_POST['login'];
- $password = $_POST['password'];
- $query = mysql_query("SELECT * FROM `userdata` WHERE `login` LIKE '$login' OR `email` LIKE '$login'");
- $result = mysql_fetch_assoc($query);
- if ($result['login'] || $result['email'] == $login) {
- //проверка на подтверждения пользователя
- $query_status = mysql_query("SELECT activation FROM `userdata` WHERE `login` LIKE '$login' OR `email` LIKE '$login'");
- $result_status = mysql_fetch_assoc($query_status);
- if ($result_status['activation'] == 0) {
- $password_check = 'status';
- } else {
- if ($password == $result['password']) {
- $id = mysql_query("SELECT idUser FROM `userdata` WHERE `login` LIKE '$login' OR `email` LIKE '$login'");
- $result_id = mysql_fetch_assoc($id);
- setcookie("logged", $result_id['idUser']);
- $password_check = 'true';
- echo 'true';
- }
- }
- }
- }
- }
- // Edit password in user cabinet
- if (isset($_POST['password_old']) && isset($_POST['password_new'])) {
- $password_check = 'false';
- if ($_POST['password_old'] != '' && $_POST['password_new']) {
- $id = $_COOKIE['logged'];
- $password_old = $_POST['password_old'];
- $password_new = $_POST['password_new'];
- $query = mysql_query("SELECT password FROM `userdata` WHERE `password` LIKE '$password_old'");
- $result = mysql_fetch_assoc($query);
- if ($result['password'] == $password_old) {
- $result = mysql_query("UPDATE userdata SET password='$password_new' WHERE idUser='$id'");
- $password_check = 'true';
- }
- }
- print_r($password_check);
- }
- // Edit user data in user cabinet
- if (isset($_POST['array'])) {
- $array = $_POST['array'];
- $id = $_COOKIE['logged'];
- $email = $array[0];
- $phone = $array[1];
- $name = $array[2];
- $surname = $array[3];
- $birthday = $array[4];
- $country = $array[6];
- $city = $array[7];
- $profession = $array[8];
- if ($array[5] === 'male') {
- $gender = 'Mężczyzna';
- } elseif ($array[5] === 'female') {
- $gender = 'Kobieta';
- }
- $query = mysql_query("SELECT email FROM `userdata` WHERE idUser='$id'");
- $result = mysql_fetch_assoc($query);
- if ($result['email'] === $email) {
- $query = mysql_query("UPDATE userdata SET phone='$phone', name= '$name', gender='$gender', surname= '$surname', birthday= '$birthday', country= '$country', city= '$city', profession= '$profession' WHERE idUser='$id'");
- print_r('true');
- } else {
- $query = mysql_query("SELECT email FROM `userdata` WHERE `email` LIKE '$email'");
- $result = mysql_fetch_assoc($query);
- if (isset($result['email'])) {
- print_r('email');
- } else {
- $query = mysql_query("UPDATE userdata SET email='$email', phone='$phone', name= '$name',gender='$gender', surname= '$surname', birthday= '$birthday', country= '$country', city= '$city', profession= '$profession' WHERE idUser='$id'");
- print_r('true');
- }
- }
- }
- if (isset($_FILES["file"])) {
- $login = $_POST['login'];
- $file_name = date('y-m-d-H-i-s') . "_" . $_FILES["file"]["name"];
- $extension = end(explode(".", $_FILES["file"]["name"]));
- if ((strtolower($_FILES["file"]["type"]) == "image/jpg") || (strtolower($_FILES["file"]["type"]) == "image/jpeg") || (strtolower($_FILES["file"]["type"]) == "image/png") && ($_FILES["file"]["size"] < 200000000)) {
- if ($_FILES["file"]["error"] > 0) {
- echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
- } else {
- if (is_uploaded_file($_FILES["file"]["tmp_name"])) {
- move_uploaded_file($_FILES["file"]["tmp_name"], "user_img/" . str_replace(" ", "_", $file_name));
- $messageFile .= "/user_img/" . str_replace(" ", "_", $file_name);
- }
- mysql_query("UPDATE `userdata` SET `url`= '$messageFile' WHERE `login` LIKE '$login'");
- }
- } else {
- echo $_FILES["file"]["type"];
- }
- }
- // edit faktury
- if (isset($_POST['faktury'])) {
- $obj = $_POST['faktury'];
- $id = $_COOKIE['logged'];
- if($obj['firm_or_person'] == 'false'){
- $is_company = 0;
- }else{
- $is_company = 1;
- }
-
- mysql_query('UPDATE userdata SET firm = "'. $obj['firm'] .'", nip = "'. $obj['nip'] .'", f_post_code = "'. $obj['f_post_code'] .'", f_city = "'. $obj['f_city'] .'", f_country = "'. $obj['f_country'] .'", f_street = "'. $obj['f_street'] .'", is_company = "'. $is_company .'" WHERE idUser = '. $id );
- // mysql_query("UPDATE userdata SET
- // firm='$obj[firm]',
- // nip='$obj[nip]',
- // f_post_code='$obj[f_post_code]',
- // f_country='$obj[f_country]',
- // f_city='$obj[f_city]',
- // f_street='$obj[f_street]',
- // is_company='(int)$obj[firm_or_person]'
- // WHERE idUser='$id'");
- }
- if (isset($_POST['checkFacture'])) {
- $id = $_COOKIE['logged'];
- $checkFacture = $_POST['checkFacture'];
- mysql_query("UPDATE userdata SET checkFacture='$checkFacture' WHERE idUser='$id'");
- $result = mysql_fetch_assoc($query);
- echo $result;
- }
- end: