Location: PHPKode > projects > Uiga Cart > library/userreg-functions.php
<?php 
	
	function doUserLogout()
	{
			
		
		if (isset($_SESSION['user_id'])) {
			unset($_SESSION['user_id']);
			//session_unregister('user_id');
			if(isset($_SESSION['order_id'])){
				$orderId=$_SESSION['order_id'];
				$sqlB = "DELETE FROM tbl_temp_order WHERE od_id='$orderId'";
				dbQuery($sqlB);
			}
			$cartContent = getCartContent();
			$numItem     = count($cartContent);
			for ($i = 0; $i < $numItem; $i++) {
				$sql = "DELETE FROM tbl_cart
						WHERE ct_id = {$cartContent[$i]['ct_id']}";
				$result = dbQuery($sql);					
			}
			unset($_SESSION['order_id']);
			//session_unregister('order_id');
		}
	}
	function doUserLogin()
	{
		
		global $message;
		global $message2;
		global $message3;
		global $message4;
		$userName = mysql_real_escape_string($_POST['txtUser']);
		$password = md5($_POST['txtPassword']);
	
	// first, make sure the username & password are not empty
	if ($userName == '') {
		$message = 'You must enter your username';
	} else if ($password == '') {
		$message = 'You must enter the password';
	} else {
		$sql = "SELECT *
		        FROM tbl_user 
				WHERE user_name = '$userName' AND user_password = '$password'";
		$result = dbQuery($sql);
		
		if (dbNumRows($result) == 1) {
			$row = dbFetchAssoc($result);
			$_SESSION['ecart_user_id'] = $row['user_id'];
			
			$sql = "UPDATE tbl_user 
			        SET user_last_login = NOW() 
					WHERE user_id = '{$row['user_id']}'";
			dbQuery($sql);
			
			//if (isset($_SESSION['login_return_url'])) {
				//redirect3();
			//	header('Location: ' . $_SESSION['login_return_url']);
				
			//}else			 {				
				//redirect();
				//header('Location: ' . WEB_ROOT . 'admin');
				$_SESSION['user_id']=$row['user_id'];
				$message3 = "Welcome  " . $row['user_name'] . "!";
				$message4 = "Thank you for your login " . $userName . ", click <a href='javascript: history.go(-2)' class='arialmediumlink'>here</a> to continue";
				$message2 = "Log Out";
			//}
		} else {
			$message = 'Wrong username or password';
		}		
			
	}
	}
	
	function regUser()
	{
		global $msg;
		global $ok;
		
			$requiredField = array('txtShippingFirstName', 'txtShippingLastName','txtShippingEmail','txtShippingAddress1','txtShippingStateProv','txtShippingContact', 'txtShippingCity', 'txtShippingPostalCode',
                'txtPaymentFirstName', 'txtPaymentLastName', 'txtPaymentEmail','txtPaymentAddress1', 'txtPaymentCity', 'txtPaymentStateProv','txtPaymentContact','txtPaymentPostalCode','txtUserN','txtPass');
				
		if(checkRequiredPost($requiredField) && checkEmail($_POST['txtPaymentEmail']) && checkEmail($_POST['txtShippingEmail'])){
			$userName = mysql_real_escape_string($_POST['txtUserN']);
			$password = md5($_POST['txtPass']);
			
			/*
			// the password must be at least 6 characters long and is 
			// a mix of alphabet & numbers
			if(strlen($password) < 6 || !preg_match('/[a-z]/i', $password) ||
			!preg_match('/[0-9]/', $password)) {
			  //bad password
			}
			*/	
			// check if the username is taken
			$sql = "SELECT user_name
					FROM tbl_user
					WHERE user_name = '$userName'";
			$result =dbQuery($sql);
			
			if (dbNumRows($result) == 1) {
				$msg = 'Username already taken. Choose another one';	
			} else {			
				$sql   = "INSERT INTO tbl_user (user_name, user_password, user_regdate)
						  VALUES ('$userName', '$password', NOW())";
			
				dbQuery($sql);
				
				$hidShippingFirstName= mysql_real_escape_string($_POST['txtShippingFirstName']);
				$hidShippingLastName= mysql_real_escape_string($_POST['txtShippingLastName']);
				$hidShippingEmail= mysql_real_escape_string($_POST['txtShippingEmail']);
				$hidShippingAddress1= mysql_real_escape_string($_POST['txtShippingAddress1']);
				$hidShippingAddress2= mysql_real_escape_string($_POST['txtShippingAddress2']);
				$hidShippingCountry= mysql_real_escape_string($_POST['shippingCountry']);
				$hidShippingContact= mysql_real_escape_string($_POST['txtShippingContact']);
				$hidShippingStateProv= mysql_real_escape_string($_POST['txtShippingStateProv']);
				$hidShippingCity= mysql_real_escape_string($_POST['txtShippingCity']);
				$hidShippingPostalCode= mysql_real_escape_string($_POST['txtShippingPostalCode']);			
				$hidPaymentFirstName= mysql_real_escape_string($_POST['txtPaymentFirstName']);
				$hidPaymentLastName= mysql_real_escape_string($_POST['txtPaymentLastName']);
				$hidPaymentEmail= mysql_real_escape_string($_POST['txtPaymentEmail']);
				$hidPaymentAddress1= mysql_real_escape_string($_POST['txtPaymentAddress1']);
				$hidPaymentAddress2= mysql_real_escape_string($_POST['txtPaymentAddress2']);
				$hidPaymentCountry= mysql_real_escape_string($_POST['paymentCountry']);
				$hidPaymentContact= mysql_real_escape_string($_POST['txtPaymentContact']);				
				$hidPaymentStateProv= mysql_real_escape_string($_POST['txtPaymentStateProv']);
				$hidPaymentCity= mysql_real_escape_string($_POST['txtPaymentCity']);
				$hidPaymentPostalCode= mysql_real_escape_string($_POST['txtPaymentPostalCode']);
				
                   
				$sqla = "SELECT *
						FROM tbl_user
						WHERE user_name = '$userName'";
				$result = dbQuery($sqla);
										
				extract(dbFetchAssoc($result));
				
				$sqlb   = "INSERT INTO tbl_user_info (user_id,user_shipping_first_name, user_shipping_last_name,user_shipping_email, 
							user_shipping_address1, user_shipping_address2, user_shipping_city, user_shipping_postal_code, 
							user_payment_first_name, user_payment_last_name,user_payment_email, user_payment_address1, 
							user_payment_address2, user_payment_city, user_payment_postal_code, user_shipping_country,
							user_shipping_state_prov,user_shipping_contact, user_payment_country,user_payment_state_prov,user_payment_contact)
						  	VALUES ('$user_id', '$hidShippingFirstName', '$hidShippingLastName','$hidShippingEmail',
							'$hidShippingAddress1', '$hidShippingAddress2', '$hidShippingCity', '$hidShippingPostalCode',
							'$hidPaymentFirstName', '$hidPaymentLastName', '$hidPaymentEmail','$hidPaymentAddress1', 
							'$hidPaymentAddress2', '$hidPaymentCity', '$hidPaymentPostalCode','$hidShippingCountry','$hidShippingStateProv',
							'$hidShippingContact','$hidPaymentCountry','$hidPaymentStateProv','$hidPaymentContact')";
		
				dbQuery($sqlb);
				$ok=mysql_errno();
				if($ok==0)
				{
					$msg = 'User details successfully added!';
					
				}
				else
				{
					$msg='Addition of user to the tbl_user_info table unsuccessful!';	
				}
			}
			}
		if(!checkRequiredPost($requiredField) && checkEmail($_POST['txtPaymentEmail']) && checkEmail($_POST['txtShippingEmail']))
		{
			$msg = 'Error: One or more Fields are missing!';				
		}
		else if(checkRequiredPost($requiredField) && (!checkEmail($_POST['txtPaymentEmail']) || !checkEmail($_POST['txtShippingEmail'])))
			{
				$msg='Error: Invalid Email Address!';
			}
		else if (!checkRequiredPost($requiredField) && (!checkEmail($_POST['txtPaymentEmail']) || !checkEmail($_POST['txtShippingEmail'])))
			{
				$msg = 'Error: One or more Fields are missing, Invalid Email Address!';	
			}
		
}		
	function getUserInfo($id)
	{
		$userinfo=array();
		$sql = "SELECT *
				FROM tbl_user_info
				WHERE user_id = '$id'";
		$result = dbQuery($sql);
										
		while($row=dbFetchAssoc($result))
		{	extract($row);
			
			$userinfo[]=array('user_shipping_first_name'=>$user_shipping_first_name,
							'user_shipping_last_name'=>$user_shipping_last_name,
							'user_shipping_email'=>$user_shipping_email,
							'user_shipping_address1'=>$user_shipping_address1,
							'user_shipping_address2'=>$user_shipping_address2,
							'user_shipping_country'=>$user_shipping_country,
							'user_shipping_state_prov'=>$user_shipping_state_prov,
							'user_shipping_contact'=>$user_shipping_contact,
							'user_shipping_city'=>$user_shipping_city,
							'user_shipping_postal_code'=>$user_shipping_postal_code,
							'user_payment_first_name'=>$user_payment_first_name,
							'user_payment_last_name'=>$user_payment_last_name,
							'user_payment_email'=>$user_payment_email,
							'user_payment_address1'=>$user_payment_address1,
							'user_payment_address2'=>$user_payment_address2,
							'user_payment_country'=>$user_payment_country,
							'user_payment_state_prov'=>$user_payment_state_prov,
							'user_payment_contact'=>$user_payment_contact,
							'user_payment_city'=>$user_payment_city,
							'user_payment_postal_code'=>$user_payment_postal_code);
		}
		return $userinfo;
	}
	function updateUserInfo($id)
	{
		
			$hidShippingFirstName= mysql_real_escape_string($_POST['txtShippingFirstName']);
			$hidShippingLastName= mysql_real_escape_string($_POST['txtShippingLastName']);
			$hidShippingEmail= mysql_real_escape_string($_POST['txtShippingEmail']);
			$hidShippingAddress1= mysql_real_escape_string($_POST['txtShippingAddress1']);
			$hidShippingAddress2= mysql_real_escape_string($_POST['txtShippingAddress2']);
			$hidShippingCountry= mysql_real_escape_string($_POST['shippingCountry']);
			$hidShippingContact= mysql_real_escape_string($_POST['txtShippingContact']);
			$hidShippingStateProv= mysql_real_escape_string($_POST['txtShippingStateProv']);
			$hidShippingCity= mysql_real_escape_string($_POST['txtShippingCity']);
			$hidShippingPostalCode= mysql_real_escape_string($_POST['txtShippingPostalCode']);			
			$hidPaymentFirstName= mysql_real_escape_string($_POST['txtPaymentFirstName']);
			$hidPaymentLastName= mysql_real_escape_string($_POST['txtPaymentLastName']);
			$hidPaymentEmail= mysql_real_escape_string($_POST['txtPaymentEmail']);
			$hidPaymentAddress1= mysql_real_escape_string($_POST['txtPaymentAddress1']);
			$hidPaymentAddress2= mysql_real_escape_string($_POST['txtPaymentAddress2']);
			$hidPaymentCountry= mysql_real_escape_string($_POST['paymentCountry']);
			$hidPaymentContact= mysql_real_escape_string($_POST['txtPaymentContact']);				
			$hidPaymentStateProv= mysql_real_escape_string($_POST['txtPaymentStateProv']);
			$hidPaymentCity= mysql_real_escape_string($_POST['txtPaymentCity']);
			$hidPaymentPostalCode= mysql_real_escape_string($_POST['txtPaymentPostalCode']);
			
						$sqlb   = "UPDATE tbl_user_info set user_shipping_first_name='$hidShippingFirstName', user_shipping_last_name='$hidShippingLastName',user_shipping_email='$hidShippingEmail', 
									user_shipping_address1='$hidShippingAddress1', user_shipping_address2='$hidShippingAddress2', user_shipping_city='$hidShippingCity', user_shipping_postal_code='$hidShippingPostalCode', 
									user_payment_first_name='$hidPaymentFirstName', user_payment_last_name='$hidPaymentLastName',user_payment_email='$hidPaymentEmail', user_payment_address1='$hidPaymentAddress1', 
									user_payment_address2='$hidPaymentAddress2', user_payment_city='$hidPaymentCity', user_payment_postal_code='$hidPaymentPostalCode', user_shipping_country='$hidShippingCountry',
									user_shipping_state_prov='$hidShippingStateProv', user_shipping_contact='$hidShippingContact', user_payment_country='$hidPaymentCountry', user_payment_state_prov='$hidPaymentStateProv',
									user_payment_contact='$hidPaymentContact'
									WHERE user_id ='$id'";
				
						dbQuery($sqlb);
						
	
		
	}
	function getMessage($id)
	{
		global $message;
		global $message2;
		global $message3;
		global $message4;
		$sql = "SELECT *
				FROM tbl_user
				WHERE user_id = '$id'";
		$result = dbQuery($sql);
										
		extract(dbFetchAssoc($result));
		$message3 = "Welcome  " . $user_name . "!";
		$message2 = "Log Out";
		$message4 = "Thank you for your login " . $user_name . ", click <a href='javascript: history.go(-2)' class='arialmediumlink'>here</a> to continue";
	}
	function getUserListOfOrders($id)
	{
		$orderList=array();
		$sql = "SELECT * FROM tbl_order od, tbl_order_item odi, tbl_product pd
				WHERE od.od_id=odi.od_id AND pd.pd_id=odi.pd_id AND od.user_id='$id'";
		$result = dbQuery($sql);
		while ($row = dbFetchAssoc($result)) 		
		{
				extract($row);
				if ($pd_thumbnail) {
					$pd_thumbnail = WEB_ROOT . 'images/product/' . $pd_thumbnail;
				} else {
					$pd_thumbnail = WEB_ROOT . 'images/no-image-small.png';
				}
				$orderList[]=array('od_id'         => $od_id,
								   'od_date'       => $od_date,								   
								   'od_status'     => $od_status,
								   'od_qty'        => $od_qty,
								   'pd_price'      => $pd_price,
								   'pd_name'       => $pd_name,
								   'pd_thumbnail'  => $pd_thumbnail);
		}
		return $orderList;
	}
	function getUserOrdersInfo($id)
	{
		$sqlNew = "SELECT
					  COUNT(od_status) AS statusNew
					FROM
					  tbl_order
					WHERE
					  od_status = 'New' AND user_id='$id'";
		$resultNew = dbQuery($sqlNew);
		extract(dbFetchAssoc($resultNew));
		$sqlShipped = "SELECT
					  COUNT(od_status) AS statusShipped
					FROM
					  tbl_order
					WHERE
					  od_status = 'Shipped' AND user_id='$id'";
		$resultShipped = dbQuery($sqlShipped);
		extract(dbFetchAssoc($resultShipped));
		$sqlCompleted = "SELECT
					  COUNT(od_status) AS statusCompleted
					FROM
					  tbl_order
					WHERE
					  od_status = 'Completed' AND user_id='$id'";
		$resultCompleted = dbQuery($sqlCompleted);
		extract(dbFetchAssoc($resultCompleted));
		$sqlCancelled = "SELECT
					  COUNT(od_status) AS statusCancelled
					FROM
					  tbl_order
					WHERE
					  od_status = 'Cancelled' AND user_id='$id'";
		$resultCancelled = dbQuery($sqlCancelled);
		extract(dbFetchAssoc($resultCancelled));
		
		$orderStatus = array('statusNew'       => $statusNew,
							 'statusShipped'   => $statusShipped,
							 'statusCompleted' => $statusCompleted,
							 'statusCancelled' => $statusCancelled);
		return $orderStatus;
	}
	function getCountrySelected($country)
	{
		$listCountry=array('United States ',
					'Canada ',
					'Afghanistan ',
					'Albania ',
					'Algeria ',
					'American Samoa ',
					'Andorra ',
					'Angola ',
					'Anguilla ',
					'Antarctica ',
					'Antigua and Barbuda ',
					'Argentina ',
					'Armenia ',
					'Aruba ',
					'Australia ',
					'Austria ',
					'Azerbaijan ',
					'Bahamas ',
					'Bahrain ',
					'Bangladesh ',
					'Barbados ',
					'Belarus ',
					'Belgium ',
					'Belize ',
					'Benin ',
					'Bermuda ',
					'Bhutan ',
					'Bolivia ',
					'Bosnia and Herzegovina ',
					'Botswana ',
					'Bouvet Island ',
					'Brazil ',
					'British Indian Ocean Territory ',
					'British Virgin Islands ',
					'Brunei ',
					'Bulgaria ',
					'Burkina Faso ',
					'Burundi ',
					'Cambodia ',
					'Cameroon ',
					'Cape Verde ',
					'Cayman Islands ',
					'Central African Republic ',
					'Chad ',
					'Chile ',
					'China ',
					'Christmas Island ',
					'Cocos Islands ',
					'Colombia ',
					'Comoros ',
					'Congo ',
					'Cook Islands ',
					'Costa Rica ',
					'Croatia ',
					'Cuba ',
					'Cyprus ',
					'Czech Republic ',
					'Denmark ',
					'Djibouti ',
					'Dominica ',
					'Dominican Republic ',
					'East Timor ',
					'Ecuador ',
					'Egypt ',
					'El Salvador ',
					'Equatorial Guinea ',
					'Eritrea ',
					'Estonia ',
					'Ethiopia ',
					'Falkland Islands ',
					'Faroe Islands ',
					'Fiji ',
					'Finland ',
					'France ',
					'French Guiana ',
					'French Polynesia ',
					'French Southern Territories ',
					'Gabon ',
					'Gambia ',
					'Georgia ',
					'Germany ',
					'Ghana ',
					'Gibraltar ',
					'Greece ',
					'Greenland ',
					'Grenada ',
					'Guadeloupe ',
					'Guam ',
					'Guatemala ',
					'Guinea ',
					'Guinea-Bissau ',
					'Guyana ',
					'Haiti ',
					'Heard and McDonald Islands ',
					'Honduras ',
					'Hong Kong ',
					'Hungary ',
					'Iceland ',
					'India ',
					'Indonesia ',
					'Iran ',
					'Iraq ',
					'Ireland ',
					'Israel ',
					'Italy ',
					'Ivory Coast ',
					'Jamaica ',
					'Japan ',
					'Jordan ',
					'Kazakhstan ',
					'Kenya ',
					'Kiribati ',
					'North Korea ',
					'South Korea ',
					'Kuwait ',
					'Kyrgyzstan ',
					'Laos ',
					'Latvia ',
					'Lebanon ',
					'Lesotho ',
					'Liberia ',
					'Libya ',
					'Liechtenstein ',
					'Lithuania ',
					'Luxembourg ',
					'Macau ',
					'Macedonia ',
					'Madagascar ',
					'Malawi ',
					'Malaysia ',
					'Maldives ',
					'Mali ',
					'Malta ',
					'Marshall Islands ',
					'Martinique ',
					'Mauritania ',
					'Mauritius ',
					'Mayotte ',
					'Mexico ',
					'Micronesia ',
					'Moldova ',
					'Monaco ',
					'Mongolia ',
					'Montserrat ',
					'Morocco ',
					'Mozambique ',
					'Myanmar ',
					'Namibia ',
					'Nauru ',
					'Nepal ',
					'Netherlands ',
					'Netherlands Antilles ',
					'New Caledonia ',
					'New Zealand ',
					'Nicaragua ',
					'Niger ',
					'Nigeria ',
					'Niue ',
					'Norfolk Island ',
					'Northern Mariana Islands ',
					'Norway ',
					'Oman ',
					'Pakistan ',
					'Palau ',
					'Panama ',
					'Papua New Guinea ',
					'Paraguay ',
					'Peru ',
					'Philippines ',
					'Pitcairn Island ',
					'Poland ',
					'Portugal ',
					'Puerto Rico ',
					'Qatar ',
					'Reunion ',
					'Romania ',
					'Russia ',
					'Rwanda ',
					'S. Georgia and S. Sandwich Isls. ',
					'Saint Kitts &amp; Nevis ',
					'Saint Lucia ',
					'Saint Vincent and The Grenadines ',
					'Samoa ',
					'San Marino ',
					'Sao Tome and Principe ',
					'Saudi Arabia ',
					'Senegal ',
					'Seychelles ',
					'Sierra Leone ',
					'Singapore ',
					'Slovakia ',
					'Slovenia ',
					'Solomon Islands ',
					'Somalia ',
					'South Africa ',
					'Spain ',
					'Sri Lanka ',
					'St. Helena ',
					'St. Pierre and Miquelon ',
					'Sudan ',
					'Suriname ',
					'Svalbard and Jan Mayen Islands ',
					'Swaziland ',
					'Sweden ',
					'Switzerland ',
					'Syria ',
					'Taiwan ',
					'Tajikistan ',
					'Tanzania ',
					'Thailand ',
					'Togo ',
					'Tokelau ',
					'Tonga ',
					'Trinidad and Tobago ',
					'Tunisia ',
					'Turkey ',
					'Turkmenistan ',
					'Turks and Caicos Islands ',
					'Tuvalu ',
					'U.S. Minor Outlying Islands ',
					'Uganda ',
					'Ukraine ',
					'United Arab Emirates ',
					'United Kingdom ',
					'Uruguay ',
					'Uzbekistan ',
					'Vanuatu ',
					'Vatican City ',
					'Venezuela ',
					'Vietnam ',
					'Virgin Islands ',
					'Wallis and Futuna Islands ',
					'Western Sahara ',
					'Yemen ',
					'Serbia and Montenegro ',
					'Zaire ',
					'Zambia ',
					'Zimbabwe ');
			$numList =count($listCountry);
			$i=0;
			$selected='';
			for($i=0; $i<$numList; $i++)
			{
				if($country==trim($listCountry[$i]))
					$selected='selected';
				else
					$selected='';
				echo "<option $selected>" . trim($listCountry[$i]) . "</option>";
			}
	}
	function sendEmail($email, $subject, $body)
{

	$ok=false;
	$to = $email;
    
    if (mail($to, $subject, $body,
     "From: franklin@{$_SERVER['SERVER_NAME']}\r\n" .
     "Reply-To: franklin@{$_SERVER['SERVER_NAME']}\r\n" .
     "X-Mailer: PHP/" . phpversion()))
     {
       //echo("<p>Message successfully sent!</p>");
	   $ok=true;
    }
    else
    {
       //echo("<p>Message delivery failed...</p>");
	   $ok=false;
    }
	return $ok;
}
function checkEmail($email) {
    #characters allowed on name: 0-9a-Z-._ on host: 0-9a-Z-. on between: @
    if (!preg_match('/^[0-9a-zA-Z\.\-\_]+\@[0-9a-zA-Z\.\-]+$/', $email))
        return false;

    #must start or end with alpha or num
    if ( preg_match('/^[^0-9a-zA-Z]|[^0-9a-zA-Z]$/', $email))
        return false;

    #name must end with alpha or num
    if (!preg_match('/([0-9a-zA-Z_]{1})\@./',$email) )                    
        return false;

    #host must start with alpha or num
    if (!preg_match('/.\@([0-9a-zA-Z_]{1})/',$email) )                    
        return false;

    #pair .- or -. or -- or .. not allowed
    if ( preg_match('/.\.\-.|.\-\..|.\.\..|.\-\-./',$email) )
        return false;

    #pair ._ or -_ or _. or _- or __ not allowed
    if ( preg_match('/.\.\_.|.\-\_.|.\_\..|.\_\-.|.\_\_./',$email) )
        return false;

    #host must end with '.' plus 2-5 alpha for TopLevelDomain
    if (!preg_match('/\.([a-zA-Z]{2,5})$/',$email) )
        return false;

    return true;
	}
	function forgotPassword()
	{
		global $message;
	
		$userName = mysql_real_escape_string($_POST['txtUser']);
		$email = mysql_real_escape_string($_POST['txtEmail']);
	
	// first, make sure the username & password are not empty
	if ($userName == '') {
		$message = 'You must enter your username';
	} else if ($email == '') {
		$message = 'You must enter your email address';
	} else {
		$sql = "SELECT *
		        FROM tbl_user_info ui, tbl_user u
				WHERE ui.user_id=u.user_id 
				AND user_name = '$userName' AND user_shipping_email = '$email'";
		$result = dbQuery($sql);
		
		if (dbNumRows($result) == 1) {
			$row = dbFetchAssoc($result);			
			
				$message = "<p class='arialmedium'>Hello" . $row['user_name'] . "<br>Your new password has been sent to your email address<br>click <a href='index.php' class='arialmediumlink'>here</a> to continue" ;
				generatePassword($email,$userName,$row['user_id']);

		} else {
			$message = 'Wrong username or email';
		}		
			
	}
}
function generatePassword($email,$user_name,$id)
	{
		$pass = "";
		// Generate a 8 char password
		$chrs = array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9', 'a', 
				'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 
				'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 
				'z', 'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 
				'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S' ,'T', 'U', 'V', 'W', 'X', 'Y', 'Z');
		$numchrs=count($chrs)-1;
		for ($i=0; $i<8; $i++)
			  $pass .= $chrs[mt_rand(0, $numchrs)];		
	
		$pass1=md5($pass);
	
		$sql = "UPDATE tbl_user 
		        SET user_password = '$pass1'
				WHERE user_id = '$id'";
		dbQuery($sql);
		$body="Filipino Crafts\n\nLogin Details:\n\nUsername: " . $user_name . "\nYour new password: " . $pass;
		sendEmail($email,'Filipino Crafts',$body);
		
}
function changePassword($id)
{
	global $msg;
	$pass=md5($_POST['txtOldPass']);	
	// first, make sure the username & password are not empty
	if(!$_POST['txtOldPass']==''){
		$sql = "SELECT *
		        FROM tbl_user
				WHERE user_id='$id' AND user_password='$pass'";
		$result = dbQuery($sql);
		
		if (dbNumRows($result) == 1) {
			$row = dbFetchAssoc($result);			
			
				$pass=md5($_POST['txtNewPass']);		
				$sql = "UPDATE tbl_user 
						SET user_password = '$pass'
						WHERE user_id = '$id'";
				dbQuery($sql);
				$ok=mysql_errno();
				if($ok==0)
				{
					$msg='Password Sucessfully Changed';
				}
				else
				{
					$msg = mysql_error($ok);
				}

		} else
		{
			$msg='Wrong Password!';
		}
	}
	else
	{
		$msg ="One or more fields are missing";
	}
}
?>
Return current item: Uiga Cart