PageRenderTime 52ms CodeModel.GetById 25ms RepoModel.GetById 0ms app.codeStats 0ms

/account.php

https://bitbucket.org/VasjaUa/pks_pl
PHP | 269 lines | 233 code | 22 blank | 14 comment | 68 complexity | e387ee4139786b2ac365bdd1ac3acb82 MD5 | raw file
Possible License(s): LGPL-2.1, MPL-2.0-no-copyleft-exception, BSD-3-Clause, LGPL-3.0 
    

  1. <?php
    2. 

  2. $connection = mysql_connect("localhost", "pkskrakow_4", "Dond33st4S!");
    3. 

  3. $db = mysql_select_db("pkskrakow_4");
    4. 

  4. mysql_query("SET NAMES 'utf8'");
    5. 

  5. 

  6. if (!$connection || !$db) {exit(mysql_error());}
    7. 

  7. 

  8. if (isset($_GET['reset'])) {
    9. 

  9.     if ($_COOKIE['resetPass'] == $_GET['resetPassword']) {
    10. 

  10.         $id = $_GET['id'];
    11. 

  11.         $_COOKIE['resetPass'] = '';
    12. 

  12.         ?>
    13. 

  13.         <link rel="stylesheet" href="libs/sweetalert/sweetalert.css">
    14. 

  14.         <script src="libs/jquery/jquery-1.9.1.min.js"></script>
    15. 

  15.         <script src="libs/sweetalert/sweetalert.min.js"></script>
    16. 

  16.         <script>
    17. 

  17.             $(document).ready(function () {
    18. 

  18.                 swal({
    19. 

  19.                         title: "Wprowadź nowe hasło",
    20. 

  20.                         input: "password",
    21. 

  21.                         closeOnConfirm: false,
    22. 

  22.                         showLoaderOnConfirm: true,
    23. 

  23.                         animation: "slide-from-top",
    24. 

  24.                         inputPlaceholder: "Nowe hasło",
    25. 

  25.                         preConfirm: function (inputValue) {
    26. 

  26.                             return new Promise(function (resolve, reject) {
    27. 

  27.                                 if (inputValue.length < 6) {
    28. 

  28.                                     swal.showInputError("Minimum 6 symbols");
    29. 

  29.                                     reject();
    30. 

  30.                                 } else {
    31. 

  31.                                     setTimeout(function () {
    32. 

  32.                                         $.ajax({
    33. 

  33.                                             url: "/registration.php",
    34. 

  34.                                             type: "POST",
    35. 

  35.                                             data: {
    36. 

  36.                                                 resetPassword: true,
    37. 

  37.                                                 id: <?= $id ?>,
    38. 

  38.                                                 password: inputValue
    39. 

  39.                                             },
    40. 

  40.                                             success: function (check) {
    41. 

  41.                                                 swal('Success', 'Your password has been changed, now you can login with a new password', 'success')
    42. 

  42.                                                 setTimeout(function () {
    43. 

  43.                                                     location.href = '/'
    44. 

  44.                                                 }, 2000)
    45. 

  45.                                             },
    46. 

  46.                                             error: function () {
    47. 

  47.                                                 console.log('error')
    48. 

  48.                                             }
    49. 

  49.                                         });
    50. 

  50.                                     }, 1500)
    51. 

  51.                                 }
    52. 

  52.                             })
    53. 

  53.                         }
    54. 

  54.                     });
    55. 

  55.             })
    56. 

  56.         </script>
    57. 

  57.         <?
    58. 

  58.     } else {
    59. 

  59.         header('location:/');
    60. 

  60.     }
    61. 

  61. }
    62. 

  62. 

  63. if (isset($_POST['resetPassword'])) {
    64. 

  64.     $email = $_POST['email'];
    65. 

  65.     $query = mysql_query("SELECT * FROM `userdata` WHERE `email` LIKE '$email'");
    66. 

  66.     $result = mysql_fetch_assoc($query);
    67. 

  67. 

  68.     if ($result['email'] == $email) {
    69. 

  69.         $token = md5(date('D:h:m:s'));
    70. 

  70.         $id = $result['idUser'];
    71. 

  71.         setcookie('resetPass', $token);
    72. 

  72.         echo 'true;' . $token . ";" . $id;
    73. 

  73.     } else {
    74. 

  74.         echo 'false';
    75. 

  75.     }
    76. 

  76. 

  77. }
    78. 

  78. 

  79. if (isset($_POST['data2db'])) {
    80. 

  80.     $id = $_COOKIE['logged'];
    81. 

  81.     $array = $_POST['data2db'];
    82. 

  82. 

  83.     if ($id != '') {
    84. 

  84.         for ($i = 0; $i < count($array); $i++) {
    85. 

  85.             $ticket = $array[$i]['reserve_num'][$i];
    86. 

  86.             $arrival_time = $array[$i]['arrival'];
    87. 

  87.             $departure_time = $array[$i]['departure'];
    88. 

  88.             $total_time_road = $array[$i]['duration_minutes'];
    89. 

  89.             $station_from = $array[$i]['station_from'];
    90. 

  90.             $station_to = $array[$i]['station_to'];
    91. 

  91.             $price = $array[$i]['price'][$i];
    92. 

  92. 

  93.             if (is_array($ticket)) {
    94. 

  94.                 for ($n = 0; $n < count($ticket); $n++) {
    95. 

  95.                     $num = $ticket[$n]['ticket_number'];
    96. 

  96.                     $newPrice = $price / count($ticket);
    97. 

  97.                     mysql_query("INSERT INTO `tickets` (`arrival_time`, `departure_time`, `number_ticket`, `price`, `status`, `total_time_road`, `id`, `station_from`, `station_to`)
    98. 

  98.                                     VALUES('$arrival_time','$departure_time', '$num','$newPrice', 'paid','$total_time_road','$id','$station_from','$station_to')");
    99. 

  99.                 }
    100. 

  100.             } else {
    101. 

  101.                 mysql_query("INSERT INTO `tickets` (`arrival_time`, `departure_time`, `number_ticket`, `price`, `status`, `total_time_road`, `id`, `station_from`, `station_to`)
    102. 

  102.                                     VALUES('$arrival_time','$departure_time','$ticket','$price', 'paid','$total_time_road','$id','$station_from','$station_to')");
    103. 

  103.             }
    104. 

  104.         }
    105. 

  105.         mysql_close();
    106. 

  106.     } else {
    107. 

  107.         echo "no access";
    108. 

  108.     }
    109. 

  109.     goto end;
    110. 

  110. }
    111. 

  111. 

  112. if (isset($_POST['cancellation']) && $_POST['cancellation'] != '') {
    113. 

  113.     include_once("helpers/session/Helper.php");
    114. 

  114. 

  115.     $helper = new Helper();
    116. 

  116.     $num = $_POST['cancellation'];
    117. 

  117.     $id = $_COOKIE['logged'];
    118. 

  118. 

  119.     $query = mysql_query("SELECT * FROM `tickets` WHERE `Number` LIKE '$num'");
    120. 

  120.     $result = mysql_fetch_assoc($query);
    121. 

  121. 

  122.     $reqData = array(
    123. 

  123.         "method" => "TicketsCancelation",
    124. 

  124.         "ticket_number" => "$result[number_ticket]"
    125. 

  125.     );
    126. 

  126. 

  127.     $output = json_decode($helper::apiRequest($reqData), true);
    128. 

  128.     if($output['canceled'] == false){
    129. 

  129.         echo $output['Reclamation'];
    130. 

  130.     }else{
    131. 

  131.         echo 'ok';
    132. 

  132.         if($output['FakturaVAT'] == true){
    133. 

  133.             mysql_query('UPDATE `transactions` SET uuid = "'. $output['UUIDSalesInvoice'] .'", invoice_number = "'. $output['InvoiceNumber'] .'", SalesDate = "'. $output['SalesDate'] .'", firm = "'. $output['FirmSalesInvoice'] .'", Exhibitor = "'. $output['Exhibitor'] .'", DocumentTotal = "'. $output['DocumentTotal'] .'", response = "'. $output['PrintFile'] .'" WHERE id = "'. $result[transaction_id] .'"');
    134. 

  134.         }
    135. 

  135.         mysql_query("INSERT INTO `cancelledTickets` (`transaction_id`,`arrival_time`, `departure_time`, `number_ticket`, `price`, `status`, `total_time_road`, `id_user`, `station_from`, `station_to`, `Number`, `FiscalNumber`)
    136. 

  136.         VALUES('$result[transaction_id]', '$result[arrival_time]','$result[departure_time]','$result[number_ticket]','$result[price]', 'cancelled','$result[total_time_road]','$id','$result[station_from]','$result[station_to]', '$result[Number]', '$result[FiscalNumber]')");
    137. 

  137.         mysql_query("DELETE FROM `tickets` WHERE `Number` LIKE '$num'");
    138. 

  138.     }
    139. 

  139. }
    140. 

  140. 

  141. 

  142. // Код для входа ползователя в кабинет
    143. 

  143. if (isset($_POST['login']) && isset($_POST['password'])) {
    144. 

  144.     $password_check = 'false';
    145. 

  145.     if ($_POST['login'] != '') {
    146. 

  146.         $login = $_POST['login'];
    147. 

  147.         $password = $_POST['password'];
    148. 

  148.         $query = mysql_query("SELECT * FROM `userdata` WHERE `login` LIKE '$login' OR `email` LIKE '$login'");
    149. 

  149.         $result = mysql_fetch_assoc($query);
    150. 

  150.         if ($result['login'] || $result['email'] == $login) {
    151. 

  151.             //проверка на подтверждения пользователя
    152. 

  152.             $query_status = mysql_query("SELECT activation FROM `userdata` WHERE `login` LIKE '$login' OR `email` LIKE '$login'");
    153. 

  153.             $result_status = mysql_fetch_assoc($query_status);
    154. 

  154.             if ($result_status['activation'] == 0) {
    155. 

  155.                 $password_check = 'status';
    156. 

  156.             } else {
    157. 

  157.                 if ($password == $result['password']) {
    158. 

  158.                     $id = mysql_query("SELECT idUser FROM `userdata` WHERE `login` LIKE '$login' OR `email` LIKE '$login'");
    159. 

  159.                     $result_id = mysql_fetch_assoc($id);
    160. 

  160.                     setcookie("logged", $result_id['idUser']);
    161. 

  161.                     $password_check = 'true';
    162. 

  162.                     echo 'true';
    163. 

  163.                 }
    164. 

  164.             }
    165. 

  165.         }
    166. 

  166.     }
    167. 

  167. }
    168. 

  168. 

  169. // Edit password in user cabinet
    170. 

  170. if (isset($_POST['password_old']) && isset($_POST['password_new'])) {
    171. 

  171.     $password_check = 'false';
    172. 

  172.     if ($_POST['password_old'] != '' && $_POST['password_new']) {
    173. 

  173.         $id = $_COOKIE['logged'];
    174. 

  174.         $password_old = $_POST['password_old'];
    175. 

  175.         $password_new = $_POST['password_new'];
    176. 

  176.         $query = mysql_query("SELECT password FROM `userdata` WHERE `password` LIKE '$password_old'");
    177. 

  177.         $result = mysql_fetch_assoc($query);
    178. 

  178.         if ($result['password'] == $password_old) {
    179. 

  179.             $result = mysql_query("UPDATE userdata SET password='$password_new' WHERE idUser='$id'");
    180. 

  180.             $password_check = 'true';
    181. 

  181.         }
    182. 

  182.     }
    183. 

  183.     print_r($password_check);
    184. 

  184. }
    185. 

  185. 

  186. // Edit user data in user cabinet
    187. 

  187. if (isset($_POST['array'])) {
    188. 

  188.     $array = $_POST['array'];
    189. 

  189.     $id = $_COOKIE['logged'];
    190. 

  190.     $email = $array[0];
    191. 

  191.     $phone = $array[1];
    192. 

  192.     $name = $array[2];
    193. 

  193.     $surname = $array[3];
    194. 

  194.     $birthday = $array[4];
    195. 

  195.     $country = $array[6];
    196. 

  196.     $city = $array[7];
    197. 

  197.     $profession = $array[8];
    198. 

  198.     if ($array[5] === 'male') {
    199. 

  199.         $gender = 'Mężczyzna';
    200. 

  200.     } elseif ($array[5] === 'female') {
    201. 

  201.         $gender = 'Kobieta';
    202. 

  202.     }
    203. 

  203.     $query = mysql_query("SELECT email FROM `userdata` WHERE idUser='$id'");
    204. 

  204.     $result = mysql_fetch_assoc($query);
    205. 

  205.     if ($result['email'] === $email) {
    206. 

  206.         $query = mysql_query("UPDATE userdata SET phone='$phone', name= '$name', gender='$gender', surname= '$surname', birthday= '$birthday', country= '$country', city= '$city', profession= '$profession' WHERE idUser='$id'");
    207. 

  207.         print_r('true');
    208. 

  208.     } else {
    209. 

  209.         $query = mysql_query("SELECT email FROM `userdata` WHERE `email` LIKE '$email'");
    210. 

  210.         $result = mysql_fetch_assoc($query);
    211. 

  211.         if (isset($result['email'])) {
    212. 

  212.             print_r('email');
    213. 

  213.         } else {
    214. 

  214.             $query = mysql_query("UPDATE userdata SET email='$email', phone='$phone', name= '$name',gender='$gender', surname= '$surname', birthday= '$birthday', country= '$country', city= '$city', profession= '$profession' WHERE idUser='$id'");
    215. 

  215.             print_r('true');
    216. 

  216.         }
    217. 

  217.     }
    218. 

  218. }
    219. 

  219. 

  220. if (isset($_FILES["file"])) {
    221. 

  221.     $login = $_POST['login'];
    222. 

  222.     $file_name = date('y-m-d-H-i-s') . "_" . $_FILES["file"]["name"];
    223. 

  223.     $extension = end(explode(".", $_FILES["file"]["name"]));
    224. 

  224. 

  225.     if ((strtolower($_FILES["file"]["type"]) == "image/jpg") || (strtolower($_FILES["file"]["type"]) == "image/jpeg") || (strtolower($_FILES["file"]["type"]) == "image/png") && ($_FILES["file"]["size"] < 200000000)) {
    226. 

  226.         if ($_FILES["file"]["error"] > 0) {
    227. 

  227.             echo "Return Code: " . $_FILES["file"]["error"] . "<br>";
    228. 

  228.         } else {
    229. 

  229.             if (is_uploaded_file($_FILES["file"]["tmp_name"])) {
    230. 

  230.                 move_uploaded_file($_FILES["file"]["tmp_name"], "user_img/" . str_replace(" ", "_", $file_name));
    231. 

  231.                 $messageFile .= "/user_img/" . str_replace(" ", "_", $file_name);
    232. 

  232.             }
    233. 

  233.             mysql_query("UPDATE `userdata` SET `url`= '$messageFile' WHERE `login` LIKE '$login'");
    234. 

  234.         }
    235. 

  235.     } else {
    236. 

  236.         echo $_FILES["file"]["type"];
    237. 

  237.     }
    238. 

  238. }
    239. 

  239. // edit faktury
    240. 

  240. if (isset($_POST['faktury'])) {
    241. 

  241.     $obj = $_POST['faktury'];
    242. 

  242.     $id = $_COOKIE['logged'];
    243. 

  243.     if($obj['firm_or_person'] == 'false'){
    244. 

  244.         $is_company = 0;
    245. 

  245.     }else{
    246. 

  246.         $is_company = 1;
    247. 

  247.     }
    248. 

  248.     
    249. 

  249.     mysql_query('UPDATE userdata SET firm = "'. $obj['firm'] .'", nip = "'. $obj['nip'] .'", f_post_code = "'. $obj['f_post_code'] .'", f_city = "'. $obj['f_city'] .'", f_country = "'. $obj['f_country'] .'", f_street = "'. $obj['f_street'] .'", is_company = "'. $is_company .'" WHERE idUser = '. $id );
    250. 

  250. 

  251.     // mysql_query("UPDATE userdata SET 
    252. 

  252.     //                                     firm='$obj[firm]',
    253. 

  253.     //                                     nip='$obj[nip]',
    254. 

  254.     //                                     f_post_code='$obj[f_post_code]',
    255. 

  255.     //                                     f_country='$obj[f_country]',
    256. 

  256.     //                                     f_city='$obj[f_city]',
    257. 

  257.     //                                     f_street='$obj[f_street]',
    258. 

  258.     //                                     is_company='(int)$obj[firm_or_person]'
    259. 

  259.     //                                                     WHERE idUser='$id'");
    260. 

  260. }
    261. 

  261. 

  262. if (isset($_POST['checkFacture'])) {
    263. 

  263.     $id = $_COOKIE['logged'];
    264. 

  264.     $checkFacture = $_POST['checkFacture'];
    265. 

  265.     mysql_query("UPDATE userdata SET checkFacture='$checkFacture' WHERE idUser='$id'");
    266. 

  266.     $result = mysql_fetch_assoc($query);
    267. 

  267.     echo $result;
    268. 

  268. }
    269. 

  269. end:
    270.