Sindbad~EG File Manager

Current Path : /usr/home/beeson/public_html/helpwithmath/
Upload File :
Current File : /usr/home/beeson/public_html/helpwithmath/CheckSN.php

<?php 
require_once('DB.php');
require_once('query.php');
session_start();
 if(!empty($_REQUEST['Submit32']))
   $_SESSION['OS'] = "Win32";
 if(!empty($_REQUEST['Submit64']))
   $_SESSION['OS'] = "Win64";
 if(!empty($_REQUEST['SubmitMac']))
   $_SESSION['OS'] = "Mac";
//  these values will be checked in download4.php to determine what file to download

// this function is not used.
 function SerialNumberInDatabase($SerialN)
   // return 1, 3, or 7 if $SerialN is in our database
{ $sql = "SELECT * FROM `Registered` WHERE SerialNumber=?;";
  $data = array($SerialN);
  $qr = PreparedQuery($sql, $data);
  $qr->fetchInto($rowreg);
  $RegisteredFlag = $qr->nrows == 0 ? false : true;
  $CustomerID = $rowreg[1];
  return $RegisteredFlag;  
}

$SerialNumber = $_POST['SerialNumber'];  // these are sent from the form in download3.php
$Email = $_POST['Email'];
$SerialNumber = trim(strip_tags($SerialNumber));
$Email = strip_tags($Email);
$_SESSION['Email'] = $Email;
if(is_null($_SESSION['Nattempts']))
   $_SESSION['Nattempts'] = 0;
if(is_null($SerialNumber)  // they didn't come by the correct referring page
   || $SerialNumber == ""
   || $_SESSION['Nattempts'] > 5
  )
   {  header("Location: ../index.php");  
   //  $SerialNumber = "87WE9X-4WC2VH-594SCT";
  }
// following lines are a security risk, putting user input into a SQL command.
// $sql = "SELECT CustomerID FROM `Registered` WHERE SerialNumber='$SerialNumber';";
// $q = query($sql);

$output = "foo";
// check if this serial number is valid and determine WhichDisk
// if $SerialNumber contains any blanks, it's not valid:
$test = explode(" ",$SerialNumber);
if(count($test) > 1 || $SerialNumber == "")
   $output = "Not valid1";
if($output == "foo")
  { $test = explode("-",$SerialNumber);
    if(count($test) != 3)
       $output = "Not valid2";
  }
if($output == "foo")
  { for($i=0;$i<3;$i++)
      { if(strlen($test[$i]) != 6)
          { $output = "Not valid4";
            break;
          }
        for($j=0;$j<6;$j++)
           { $c = $test[$i][$j];
             if(($c < 'A' || $c > 'Z') && ($c < '0' || $c > '9'))
                 $output = "Not valid4";
          } 
      } 
  }
if($output == "foo")
  {  
    $command = "../../GenerateSerialNumbers/GenerateSerialNumbers $SerialNumber";
    exec($command,$lines);
    $output = trim($lines[0]);
  }
if($output == "Valid, days = 0")
    { $WhichDisk = $lines[1];
      $_SESSION['OK'] = "ok";
      $_SESSION['WhichDisk'] =  "" . $WhichDisk;  // make sure it is a string, not a number
	  $_SESSION['TimeLimit'] = 0;
      if(isset($lines[2]) && trim($lines[2]) == "Lab Edition")
          { if(isset($lines[3]) && trim($lines[3])=="407")
			     $_SESSION['ProductType'] = "WebGradesLabEdition";
		    else if(isset($lines[3]) && trim($lines[3])=="406")
			     $_SESSION['ProductType'] = "WebGradesCalculus4";
			else
			     $_SESSION['ProductType'] = "lab";
		  }
      else
          $_SESSION['ProductType'] = "paid";     
      mail("contactHelpWithMath@gmail.com","download","User attempted to download using a valid serial number:  $SerialNumber\nCustomer email: $Email\n");
      header("Location: download4.php?SerialNumber=$SerialNumber" );  //  ok, they can download   
    }
 $days = 153;   // number of days in one-semester time-limited version 
 if($output == "Valid, days = $days")
    { $WhichDisk = $lines[1];
      $_SESSION['OK'] = "ok";
      $_SESSION['WhichDisk'] =  "" . $WhichDisk;  // make sure it is a string, not a number
      $_SESSION['ProductType'] = "paid";     
	  $_SESSION['TimeLimit'] =  $days;
      mail("contactHelpWithMath@gmail.com","download","User attempted to download using a valid serial number:  $SerialNumber\nCustomer email: $Email\n");
      ++$_SESSION['Nattempts'];  // BEFORE the download, so they can't download again and again
      header("Location: download4.php?SerialNumber=$SerialNumber" );  //  ok, they can download   
     
	}
?>   
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<!-- DW6 -->
<?php include ('include/head.php'); ?>
<body onmousemove="closesubnav(event);"> 
<?php include ('include/body.php'); ?>
<div class=\"style1\" id=\"pageName\">
<h2>Error. That serial number <?php echo $SerialNumber?> is not valid.  </h2>
 
<?php if($_SESSION['Nattempts'] > 1)
    echo("<p>You will get only one more opportunity to enter your serial number correctly. </p>");
    // echo($_SESSION['Nattempts']);
?>
<img alt="MathXpert logo" src="TransparentMathXpertLogo.gif" height="50" width="118"/></h2>
<?php include ('include/footer.php'); ?>
</body>
</html>

Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists