// include header include("inc_header.php"); // initialize parameter variables $p_account = init_param("p_account", ""); $p_address_1 = init_param("p_address_1", ""); $p_address_2 = init_param("p_address_2", ""); $p_city = init_param("p_city", ""); $p_contact = init_param("p_contact", ""); $p_country = init_param("p_country", "US"); $p_email = init_param("p_email", ""); $p_notify = init_param("p_notify", ""); $p_op = init_param("p_op", ""); $p_organization = init_param("p_organization", ""); $p_pass = init_param("p_pass", ""); $p_phone_1 = init_param("p_phone_1", ""); $p_phone_3 = init_param("p_phone_3", ""); $p_postal = init_param("p_postal", ""); $p_state = init_param("p_state", ""); $p_url = init_param("p_url", ""); // check to see if the dealer already exists if($p_op == "register") { // construct sql to retrieve the requested records $l_sql = ("SELECT * FROM dealers WHERE (account = '".$p_account."')"); // retrieve the requested records $rs_dlr = mysqli_query($g_db_connection, $l_sql); // validate user information if(mysqli_num_rows($rs_dlr) > 0) { // initialize table information $l_sql_table = ("dealers"); // initialize field information $l_sql_fields = (""); $l_sql_fields .= ("type = 'dealer', "); $l_sql_fields .= ("status = 'active', "); $l_sql_fields .= ("account = '".addslashes($p_account)."', "); $l_sql_fields .= ("organization = '".addslashes($p_organization)."', "); $l_sql_fields .= ("contact = '".addslashes($p_contact)."', "); $l_sql_fields .= ("address_1 = '".addslashes($p_address_1)."', "); $l_sql_fields .= ("address_2 = '".addslashes($p_address_2)."', "); $l_sql_fields .= ("city = '".addslashes($p_city)."', "); $l_sql_fields .= ("state = '".addslashes($p_state)."', "); $l_sql_fields .= ("postal = '".addslashes($p_postal)."', "); $l_sql_fields .= ("country = '".addslashes($p_country)."', "); $l_sql_fields .= ("phone_1 = '".addslashes($p_phone_1)."', "); $l_sql_fields .= ("phone_3 = '".addslashes($p_phone_3)."', "); $l_sql_fields .= ("email = '".addslashes($p_email)."', "); $l_sql_fields .= ("pass = '".addslashes($p_pass)."', "); $l_sql_fields .= ("url = '".addslashes($p_url)."', "); $l_sql_fields .= ("accessed = '".time()."', "); $l_sql_fields .= ("modified = '".time()."'"); // check to see if we need to insert the content $l_sql = ("UPDATE ".$l_sql_table." SET ".$l_sql_fields." WHERE (account = '".$p_account."')"); // execute sql mysqli_query($g_db_connection, $l_sql); // check to see if we need to notify the dealer if($p_notify == "yes") { // initialize email subject $mail_sub = ("C'est Papier Dealer Account Information"); // initialize email message $mail_msg = ("\n"); $mail_msg .= ("
\n"); $mail_msg .= ("Visit the C'est Papier Dealer Website and use your email address (".$p_email.") and password (".$p_pass.") to login. Once logged in, you will be able to access Dealer specific activities.");
$mail_msg .= ("
Email Address : ".$p_email."\n");
$mail_msg .= ("
Password : ".$p_pass."\n");
$mail_msg .= ("
Account Number : ".$p_account."\n");
$mail_msg .= ("
Organization : ".$p_organization."\n");
$mail_msg .= ("
Contact : ".$p_contact."\n");
$mail_msg .= ("
Address 1 : ".$p_address_1."\n");
$mail_msg .= ("
Address 2 : ".$p_address_2."\n");
$mail_msg .= ("
City : ".$p_city."\n");
$mail_msg .= ("
State : ".$p_state."\n");
$mail_msg .= ("
Postal : ".$p_postal."\n");
$mail_msg .= ("
Country : ".$p_country."\n");
$mail_msg .= ("
Phone Number : ".$p_phone_1."\n");
$mail_msg .= ("
Fax Number : ".$p_phone_3."\n");
$mail_msg .= ("
Website URL : ".$p_url."\n");
$mail_msg .= ("\n");
$mail_msg .= ("\n");
// initialize recipients
$p_to_email[0] = ($p_email);
$p_to_name[0] = ($p_contact);
// send email
phpmail($p_to_email, $p_to_name, $g_email_from, $g_email_from_name, $mail_sub, $mail_msg);
}
// update operation
$p_op = ("login");
}
// initialize response
else $l_response = ("register");
}
// check to see if a dealer is trying to login
if($p_op == "login")
{
// verify dealer information
if(($p_email != "") && ($p_pass != ""))
{
// construct sql to retrieve the requested records
$l_sql = ("SELECT * FROM dealers WHERE ((email = '".$p_email."') AND (pass = '".$p_pass."'))");
// retrieve the requested records
$rs_dlr = mysqli_query($g_db_connection, $l_sql);
// validate user information
if($r_dlr = mysqli_fetch_array($rs_dlr))
{
// retrieve the record data
$dlr_account = stripslashes($r_dlr["account"]);
$dlr_contact = stripslashes($r_dlr["contact"]);
$dlr_email = stripslashes($r_dlr["email"]);
$dlr_organization = stripslashes($r_dlr["organization"]);
$dlr_pk = stripslashes($r_dlr["pk"]);
$dlr_type = stripslashes($r_dlr["type"]);
// initialize session dealer information
$_SESSION["s_dealer_account"] = ($dlr_account);
$_SESSION["s_dealer_contact"] = ($dlr_contact);
$_SESSION["s_dealer_email"] = ($dlr_email);
$_SESSION["s_dealer_organization"] = ($dlr_organization);
$_SESSION["s_dealer_pk"] = ($dlr_pk);
$_SESSION["s_dealer_type"] = ($dlr_type);
// initialize table information
$l_sql_table = ("dealers");
// initialize field information
$l_sql_fields = ("");
$l_sql_fields .= ("accessed = '".time()."', ");
$l_sql_fields .= ("modified = '".time()."'");
// check to see if we need to update the content
$l_sql = ("UPDATE ".$l_sql_table." SET ".$l_sql_fields." WHERE (pk = '".$dlr_pk."')");
// execute sql
mysqli_query($g_db_connection, $l_sql);
// redirect to appropriate destination
exit("");
}
else $l_response = ("login");
}
// get error message
else $l_response = ("login");
}
// check to see if a dealer is trying to logout
else if($p_op == "logout")
{
// initialize session dealer information
$_SESSION["s_dealer_contact"] = ("");
$_SESSION["s_dealer_email"] = ("");
$_SESSION["s_dealer_pk"] = ("");
}
?>