| [ PHPXref.com ] | [ Generated: Sun Jul 20 19:13:40 2008 ] | [ osCommRes 1.2.0 ] |
| [ Index ] [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 /* 3 4 osCommerce, Open Source E-Commerce Solutions 5 http://www.oscommerce.com 6 7 Copyright (c) 2003 osCommerce 8 9 osCommRes, Services Oline 10 http://www.oscommres.com 11 12 Copyright (c) 2005 osCommRes 13 14 Released under the GNU General Public License 15 */ 16 17 // start the timer for the page pars e time log 18 define('PAGE_PARSE_START_TIME', microtime()); 19 20 // set the level of error reporting 21 error_reporting(E_ALL & ~E_NOTICE); 22 23 // check if register_globals is enabled. 24 // since this is a temporary measure this message is hardcoded. The requirement will be removed before 2.2 is finalized. 25 if (function_exists('ini_get')) { 26 ini_get('register_globals') or exit('FATAL ERROR: register_globals is disabled in php.ini, please enable it!'); 27 } 28 29 // Set the local configuration parameters - mainly for developers 30 if (file_exists('includes/local/configure.php')) include('includes/local/configure.php'); 31 32 // include server parameters 33 require ('includes/configure.php'); 34 35 if (strlen(DB_SERVER) < 1) { 36 if (is_dir('install')) { 37 header('Location: install/index.php'); 38 } 39 } 40 41 // define the project version 42 define('PROJECT_VERSION', 'osCommRes 1.0.1'); 43 44 // set the type of request (secure or not) 45 $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL'; 46 47 // set php_self in the local scope 48 if (!isset($PHP_SELF)) $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; 49 50 if ($request_type == 'NONSSL') { 51 define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG); 52 } else { 53 define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG); 54 } 55 56 // include the list of project filenames 57 require (DIR_WS_INCLUDES . 'filenames.php'); 58 59 // include the list of project database tables 60 require (DIR_WS_INCLUDES . 'database_tables.php'); 61 62 // customization for the design layout 63 //define('BOX_WIDTH', 125); // how wide the boxes should be in pixels (default: 125) 64 65 // include the database functions 66 require(DIR_WS_FUNCTIONS . 'database.php'); 67 68 // make a connection to the database... now 69 tep_db_connect() or die('Unable to connect to database server!'); 70 71 // set the application parameters 72 $configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION); 73 while ($configuration = tep_db_fetch_array($configuration_query)) { 74 define($configuration['cfgKey'], $configuration['cfgValue']); 75 } 76 77 // if gzip_compression is enabled, start to buffer the output 78 if ( (GZIP_COMPRESSION == 'true') && ($ext_zlib_loaded = extension_loaded('zlib')) && (PHP_VERSION >= '4') ) { 79 if (($ini_zlib_output_compression = (int)ini_get('zlib.output_compression')) < 1) { 80 if (PHP_VERSION >= '4.0.4') { 81 ob_start('ob_gzhandler'); 82 } else { 83 include(DIR_WS_FUNCTIONS . 'gzip_compression.php'); 84 ob_start(); 85 ob_implicit_flush(); 86 } 87 } else { 88 ini_set('zlib.output_compression_level', GZIP_LEVEL); 89 } 90 } 91 92 // set the HTTP GET parameters manually if search_engine_friendly_urls is enabled 93 if (SEARCH_ENGINE_FRIENDLY_URLS == 'true') { 94 if (strlen(getenv('PATH_INFO')) > 1) { 95 $GET_array = array(); 96 $PHP_SELF = str_replace(getenv('PATH_INFO'), '', $PHP_SELF); 97 $vars = explode('/', substr(getenv('PATH_INFO'), 1)); 98 for ($i=0, $n=sizeof($vars); $i<$n; $i++) { 99 if (strpos($vars[$i], '[]')) { 100 $GET_array[substr($vars[$i], 0, -2)][] = $vars[$i+1]; 101 } else { 102 $HTTP_GET_VARS[$vars[$i]] = $vars[$i+1]; 103 } 104 $i++; 105 } 106 107 if (sizeof($GET_array) > 0) { 108 while (list($key, $value) = each($GET_array)) { 109 $HTTP_GET_VARS[$key] = $value; 110 } 111 } 112 } 113 } 114 115 // define general functions used application-wide 116 require(DIR_WS_FUNCTIONS . 'general.php'); 117 require(DIR_WS_FUNCTIONS . 'html_output.php'); 118 119 // set the cookie domain 120 $cookie_domain = (($request_type == 'NONSSL') ? HTTP_COOKIE_DOMAIN : HTTPS_COOKIE_DOMAIN); 121 $cookie_path = (($request_type == 'NONSSL') ? HTTP_COOKIE_PATH : HTTPS_COOKIE_PATH); 122 123 // include cache functions if enabled 124 if (USE_CACHE == 'true') include(DIR_WS_FUNCTIONS . 'cache.php'); 125 126 // include shopping cart class 127 require (DIR_WS_CLASSES . 'shopping_cart.php'); 128 129 // include navigation history class 130 require(DIR_WS_CLASSES . 'navigation_history.php'); 131 132 // some code to solve compatibility issues 133 require(DIR_WS_FUNCTIONS . 'compatibility.php'); 134 135 136 137 138 // check if sessions are supported, otherwise use the php3 compatible session class 139 if (!function_exists('session_start')) { 140 define('PHP_SESSION_NAME', 'osCsid'); 141 define('PHP_SESSION_PATH', $cookie_path); 142 define('PHP_SESSION_DOMAIN', $cookie_domain); 143 define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY); 144 145 include(DIR_WS_CLASSES . 'sessions.php'); 146 } 147 148 // define how the session functions will be used 149 require(DIR_WS_FUNCTIONS . 'sessions.php'); 150 151 // set the session name and save path 152 tep_session_name('osCsid'); 153 tep_session_save_path(SESSION_WRITE_DIRECTORY); 154 155 // set the session cookie parameters 156 if (function_exists('session_set_cookie_params')) { 157 session_set_cookie_params(0, $cookie_path,$cookie_domain); 158 } elseif (function_exists('ini_set')) { 159 ini_set('session.cookie_lifetime', '0'); 160 ini_set('session.cookie_path', $cookie_path); 161 ini_set('session.cookie_domain', $cookie_domain); 162 } 163 164 $plugin_connect=false; 165 if (isset($HTTP_GET_VARS["user_id"]) && isset($HTTP_GET_VARS["session_key"])){ 166 $customer_id=$HTTP_GET_VARS["user_id"]; 167 $session_key=$HTTP_GET_VARS["session_key"]; 168 169 // Check if email exists 170 $check_customer_query = tep_db_query("select customers_id, customers_firstname, customers_password, customers_email_address, customers_default_address_id,customers_type from " . TABLE_CUSTOMERS . " where customers_id = '" . tep_db_input($customer_id) . "'"); 171 172 $session_query=tep_db_query("SELECT * from sessions where sesskey='" . tep_db_input($session_key) . "' and expiry > '" . time() . "'"); 173 174 if (tep_db_num_rows($session_query)>0 && tep_db_num_rows($check_customer_query)>0) { 175 $plugin_connect=true; 176 if (isset($_COOKIE[tep_session_name()])){ 177 $_COOKIE[tep_session_name()]=$session_key; 178 if (isset($HTTP_COOKIE_VARS[tep_session_name()])) $HTTP_COOKIE_VARS[tep_session_name()]=$session_key; 179 tep_setcookie(tep_session_name(),$session_key,time()+60*60*24*30); 180 //setcookie (tep_session_name(), '', time() - 3600); 181 } 182 tep_session_id($session_key); 183 } 184 tep_db_free_result($session_query); 185 } 186 187 188 // set the session ID if it exists 189 if (isset($HTTP_POST_VARS[tep_session_name()])) { 190 tep_session_id($HTTP_POST_VARS[tep_session_name()]); 191 } elseif ( ($request_type == 'SSL') && isset($HTTP_GET_VARS[tep_session_name()]) ) { 192 tep_session_id($HTTP_GET_VARS[tep_session_name()]); 193 } 194 195 // start the session 196 $session_started = false; 197 if (SESSION_FORCE_COOKIE_USE == 'True') { 198 tep_setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, $cookie_path, $cookie_domain); 199 200 if (isset($HTTP_COOKIE_VARS['cookie_test'])) { 201 tep_session_start(); 202 $session_started = true; 203 } 204 } elseif (SESSION_BLOCK_SPIDERS == 'True') { 205 $user_agent = strtolower(getenv('HTTP_USER_AGENT')); 206 $spider_flag = false; 207 208 if (tep_not_null($user_agent)) { 209 $spiders = file(DIR_WS_INCLUDES . 'spiders.txt'); 210 211 for ($i=0, $n=sizeof($spiders); $i<$n; $i++) { 212 if (tep_not_null($spiders[$i])) { 213 if (is_integer(strpos($user_agent, trim($spiders[$i])))) { 214 $spider_flag = true; 215 break; 216 } 217 } 218 } 219 } 220 if ($spider_flag == false) { 221 tep_session_start(); 222 $session_started = true; 223 } 224 } else { 225 tep_session_start(); 226 $session_started = true; 227 } 228 // set SID once, even if empty 229 230 $SID = (defined('SID') ? SID : ''); 231 232 // verify the ssl_session_id if the feature is enabled 233 if ( ($request_type == 'SSL') && (SESSION_CHECK_SSL_SESSION_ID == 'True') && (ENABLE_SSL == true) && ($session_started == true) ) { 234 $ssl_session_id = getenv('SSL_SESSION_ID'); 235 if (!tep_session_is_registered('SSL_SESSION_ID')) { 236 $SESSION_SSL_ID = $ssl_session_id; 237 tep_session_register('SESSION_SSL_ID'); 238 } 239 240 if ($SESSION_SSL_ID != $ssl_session_id) { 241 tep_session_destroy(); 242 tep_redirect(tep_href_link(FILENAME_SSL_CHECK)); 243 } 244 } 245 246 // verify the browser user agent if the feature is enabled 247 if (SESSION_CHECK_USER_AGENT == 'True') { 248 $http_user_agent = getenv('HTTP_USER_AGENT'); 249 if (!tep_session_is_registered('SESSION_USER_AGENT')) { 250 $SESSION_USER_AGENT = $http_user_agent; 251 tep_session_register('SESSION_USER_AGENT'); 252 } 253 254 if ($SESSION_USER_AGENT != $http_user_agent) { 255 tep_session_destroy(); 256 tep_redirect(tep_href_link(FILENAME_LOGIN)); 257 } 258 } 259 260 // verify the IP address if the feature is enabled 261 if (SESSION_CHECK_IP_ADDRESS == 'True') { 262 $ip_address = tep_get_ip_address(); 263 if (!tep_session_is_registered('SESSION_IP_ADDRESS')) { 264 $SESSION_IP_ADDRESS = $ip_address; 265 tep_session_register('SESSION_IP_ADDRESS'); 266 } 267 268 if ($SESSION_IP_ADDRESS != $ip_address) { 269 tep_session_destroy(); 270 tep_redirect(tep_href_link(FILENAME_LOGIN)); 271 } 272 } 273 274 // create the shopping cart & fix the cart if necesary 275 if (tep_session_is_registered('cart') && is_object($cart)) { 276 if (PHP_VERSION < 4) { 277 $broken_cart = $cart; 278 $cart = new shoppingCart; 279 $cart->unserialize($broken_cart); 280 } 281 } else { 282 tep_session_register('cart'); 283 $cart = new shoppingCart; 284 } 285 if (tep_session_is_registered('customer_id') && (!isset($HTTP_COOKIE_VARS['survey_login_id']))){ 286 tep_setcookie('survey_login_id',$customer_id,time()+(30*24*60*60)); 287 } 288 289 // check for first time entry 290 if ($plugin_connect && !tep_session_is_registered('customer_id')){ 291 $check_customer = tep_db_fetch_array($check_customer_query); 292 293 $check_country_query = tep_db_query("select entry_country_id, entry_zone_id from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$check_customer['customers_id'] . "' and address_book_id = '" . (int)$check_customer['customers_default_address_id'] . "'"); 294 $check_country = tep_db_fetch_array($check_country_query); 295 296 $customer_id = $check_customer['customers_id']; 297 $customer_default_address_id = $check_customer['customers_default_address_id']; 298 $customer_first_name = $check_customer['customers_firstname']; 299 $customer_country_id = $check_country['entry_country_id']; 300 $customer_zone_id = $check_country['entry_zone_id']; 301 $customers_type=$check_customer['customers_type']; 302 303 tep_session_register('customer_id'); 304 tep_session_register('customer_default_address_id'); 305 tep_session_register('customer_first_name'); 306 tep_session_register('customer_country_id'); 307 tep_session_register('customer_zone_id'); 308 tep_session_register('customers_type'); 309 $cart->restore_contents(); 310 tep_db_free_result($check_country_query); 311 } 312 313 // include currencies class and create an instance 314 require (DIR_WS_CLASSES . 'currencies.php'); 315 $currencies = new currencies(); 316 317 // include the mail classes 318 require(DIR_WS_CLASSES . 'mime.php'); 319 require(DIR_WS_CLASSES . 'email.php'); 320 321 // set the language 322 if (!tep_session_is_registered('language') || isset($HTTP_GET_VARS['language'])) { 323 if (!tep_session_is_registered('language')) { 324 tep_session_register('language'); 325 tep_session_register('languages_id'); 326 } 327 328 include(DIR_WS_CLASSES . 'language.php'); 329 $lng = new language(); 330 331 if (isset($HTTP_GET_VARS['language']) && tep_not_null($HTTP_GET_VARS['language'])) { 332 $lng->set_language($HTTP_GET_VARS['language']); 333 } else { 334 $lng->get_browser_language(); 335 } 336 337 $language = $lng->language['directory']; 338 $languages_id = $lng->language['id']; 339 } 340 341 // include the language translations 342 require(DIR_WS_LANGUAGES . $language . '.php'); 343 344 345 346 347 // currency 348 if (!tep_session_is_registered('currency') || isset($HTTP_GET_VARS['currency']) || ( (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && (LANGUAGE_CURRENCY != $currency) ) ) { 349 if (!tep_session_is_registered('currency')) tep_session_register('currency'); 350 351 if (isset($HTTP_GET_VARS['currency'])) { 352 if (!$currency = tep_currency_exists($HTTP_GET_VARS['currency'])) $currency = (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY; 353 } else { 354 $currency = (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY; 355 } 356 } 357 358 // navigation history 359 if (tep_session_is_registered('navigation')) { 360 if (PHP_VERSION < 4) { 361 $broken_navigation = $navigation; 362 $navigation = new navigationHistory; 363 $navigation->unserialize($broken_navigation); 364 } 365 } else { 366 tep_session_register('navigation'); 367 $navigation = new navigationHistory; 368 } 369 $navigation->add_current_page(); 370 371 // BOF: Down for Maintenance except for admin ip 372 if (EXCLUDE_ADMIN_IP_FOR_MAINTENANCE != getenv('REMOTE_ADDR')){ 373 if (DOWN_FOR_MAINTENANCE=='true' and !strstr($PHP_SELF,DOWN_FOR_MAINTENANCE_FILENAME)) { tep_redirect(tep_href_link(DOWN_FOR_MAINTENANCE_FILENAME)); } 374 } 375 // do not let people get to down for maintenance page if not turned on 376 if (DOWN_FOR_MAINTENANCE=='false' and strstr($PHP_SELF,DOWN_FOR_MAINTENANCE_FILENAME)) { 377 tep_redirect(tep_href_link(FILENAME_DEFAULT)); 378 } 379 // EOF: WebMakers.com Added: Down for Maintenance 380 381 382 // BOF: WebMakers.com Added: Functions Library 383 include(DIR_WS_FUNCTIONS . 'webmakers_added_functions.php'); 384 // EOF: WebMakers.com Added: Functions Library 385 386 if (isset($HTTP_GET_VARS['action'])) { 387 // redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled 388 if ($session_started == false) { 389 tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE)); 390 } 391 if (DISPLAY_CART == 'true') { 392 $goto = FILENAME_SHOPPING_CART; 393 $parameters = array('action', 'cPath', 'products_id', 'pid'); 394 } else { 395 $goto = basename($PHP_SELF); 396 if ($HTTP_GET_VARS['action'] == 'buy_now') { 397 $parameters = array('action', 'pid', 'products_id'); 398 } else { 399 $parameters = array('action', 'pid'); 400 } 401 } 402 switch ($HTTP_GET_VARS['action']) { 403 // customer wants to update the product quantity in their shopping cart 404 case 'update_product' : for ($i=0, $n=sizeof($HTTP_POST_VARS['products_id']); $i<$n; $i++) { 405 if (in_array($HTTP_POST_VARS['products_id'][$i], (is_array($HTTP_POST_VARS['cart_delete']) ? $HTTP_POST_VARS['cart_delete'] : array()))) { 406 $cart->remove($HTTP_POST_VARS['products_id'][$i]); 407 } else { 408 if (PHP_VERSION < 4) { 409 // if PHP3, make correction for lack of multidimensional array. 410 reset($HTTP_POST_VARS); 411 while (list($key, $value) = each($HTTP_POST_VARS)) { 412 if (is_array($value)) { 413 while (list($key2, $value2) = each($value)) { 414 if (ereg ("(.*)\]\[(.*)", $key2, $var)) { 415 $id2[$var[1]][$var[2]] = $value2; 416 } 417 } 418 } 419 } 420 $attributes = ($id2[$HTTP_POST_VARS['products_id'][$i]]) ? $id2[$HTTP_POST_VARS['products_id'][$i]] : ''; 421 } else { 422 $attributes = ($HTTP_POST_VARS['id'][$HTTP_POST_VARS['products_id'][$i]]) ? $HTTP_POST_VARS['id'][$HTTP_POST_VARS['products_id'][$i]] : ''; 423 } 424 $cart->add_cart($HTTP_POST_VARS['products_id'][$i], $HTTP_POST_VARS['cart_quantity'][$i], $attributes, false); 425 } 426 } 427 tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); 428 break; 429 // customer adds a product from the products page 430 case 'add_product' : 431 if (isset($HTTP_POST_VARS['products_id']) && is_numeric($HTTP_POST_VARS['products_id'])) { 432 $products_id=(int)$HTTP_POST_VARS['products_id']; 433 $cart->add_cart($products_id, $cart->get_quantity(tep_get_uprid($products_id, $HTTP_POST_VARS['id']))+1, $HTTP_POST_VARS['id'],true,array(),0); 434 // check for forced products; 435 $xsell_ids=(isset($HTTP_POST_VARS["xsell_forced_id"])?$HTTP_POST_VARS["xsell_forced_id"]:array()); 436 if (count($xsell_ids)>0){ 437 for ($lcnt=0;$lcnt<count($xsell_ids);$lcnt++){ 438 $attr=(isset($xsell_forced_attributes[$xsell_ids[$lcnt]])?$xsell_forced_attributes[$xsell_ids[$lcnt]]:array()); 439 $cart->add_cart($xsell_ids[$lcnt], 1, $attr,true,array(),0); 440 } 441 } 442 } 443 tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); 444 break; 445 // performed by the 'buy now' button in product listings and review page 446 case 'buy_now' : 447 if (isset($HTTP_GET_VARS['products_id']) && is_numeric($HTTP_GET_VARS['products_id'])) { 448 if (tep_has_product_attributes($HTTP_GET_VARS['products_id'])) { 449 tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $HTTP_GET_VARS['products_id'])); 450 } else { 451 $cart->add_cart($HTTP_GET_VARS['products_id'], $cart->get_quantity($HTTP_GET_VARS['products_id'])+1); 452 } 453 } 454 tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters))); 455 break; 456 case 'notify' : if (tep_session_is_registered('customer_id')) { 457 if (isset($HTTP_GET_VARS['products_id'])) { 458 $notify = $HTTP_GET_VARS['products_id']; 459 } elseif (isset($HTTP_GET_VARS['notify'])) { 460 $notify = $HTTP_GET_VARS['notify']; 461 } elseif (isset($HTTP_POST_VARS['notify'])) { 462 $notify = $HTTP_POST_VARS['notify']; 463 } else { 464 tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action', 'notify'))));