| [ PHPXref.com ] | [ Generated: Sun Jul 20 19:54:47 2008 ] | [ phpShop 0.8.0 ] |
| [ Index ] [ Variables ] [ Functions ] [ Classes ] [ Constants ] [ Statistics ] | ||
[Summary view] [Print] [Text view]
1 <?php 2 // Copyright (C) 1996-2004 Edikon Corporation. All rights reserved. 3 // 4 // This source file is part of phpShop(R). 5 // 6 // This file may be distributed and/or modified under the terms of the 7 // "GNU General Public License" version 2 as published by the Free 8 // Software Foundation and appearing in the file LICENSE.GPL included in 9 // the packaging of this file. 10 // 11 // This file is provided AS IS with NO WARRANTY OF ANY KIND, INCLUDING 12 // THE WARRANTY OF DESIGN, MERCHANTABILITY AND FITNESS FOR A PARTICULAR 13 // PURPOSE. 14 // 15 // The "GNU General Public License" (GPL) is available at 16 // http://www.gnu.org/copyleft/gpl.html. 17 // 18 // Contact license@edikon.com if any conditions of this licencing isn't clear to 19 // you. 20 21 // $Id: index.php,v 1.1.1.1 2004/07/27 14:58:07 pablo Exp $ 22 23 // EDIT 24 define('PS_BASE', '/cygwin/home/pablo/htdocs/phpshop/'); 25 26 // DO NOT EDIT FROM HERE ON 27 //************************************************** 28 29 // Set error reporting level 30 error_reporting(E_ALL ^ E_NOTICE); 31 32 // force register_globals off 33 ini_set("register_globals", 0); 34 35 // check if magic quotes is enabled, die if not 36 if (!get_magic_quotes_gpc()) { 37 die("You must enable magic_quotes_gpc in php.ini in order to run phpShop. Read <a href=\"http://www.php.net/manual/en/ref.info.php#ini.magic-quotes-gpc\"> the docs</a>."); 38 } 39 40 // Set global path 41 ini_set("include_path", ".".PATH_SEPARATOR.PS_BASE.PATH_SEPARATOR.PS_BASE."modules"); 42 43 // define webroot so that image uploads work 44 define("WEBROOT",dirname($_SERVER['SCRIPT_FILENAME'])); 45 46 // left for backwards compatibility 47 define("MODROOT",PS_BASE."modules/"); 48 49 // Compatibility patch to be able to leave Register_globals = off 50 // && 51 // XSS fixes 52 if (function_exists ("import_request_variables") && 53 False == ini_get('register_globals')) { 54 import_request_variables ("CGP",""); // php >=4.1 55 $HTTP_GET_VARS = $_GET; 56 $HTTP_POST_VARS = $_POST; 57 $HTTP_COOKIE_VARS = $_COOKIE; 58 $PHP_SELF = $_SERVER["PHP_SELF"]; 59 $SERVER_NAME = $_SERVER["SERVER_NAME"]; 60 $REMOTE_ADDR = $_SERVER["REMOTE_ADDR"]; 61 $HTTP_X_FORWARDED_FOR = $_SERVER["HTTP_X_FORWARDED_FOR"]; 62 $HTTP_VIA = $_SERVER["HTTP_VIA"]; 63 foreach($_FILES as $k=>$v) { 64 $$k = $v['tmp_name']; 65 $k_name = $k . "_name"; 66 $$k_name = $v['name']; 67 $k_size = $k . "_size"; 68 $$k_size = $v['size']; 69 } 70 } else { 71 //http://de.php.net/manual/de/function.import-request-variables.php 72 //if you're stuck using a pre-4.10 version of php 73 extract($HTTP_GET_VARS, EXTR_PREFIX_ALL, ""); 74 extract($HTTP_POST_VARS, EXTR_PREFIX_ALL, ""); 75 } 76 77 // Load Required Files 78 require(PS_BASE. "etc/config.php"); 79 require(PS_BASE . "db/db_mysql.inc"); 80 require("admin/lib/ps_main.inc"); 81 require("admin/lib/ps_include.inc"); 82 83 // Timer Start 84 if (DEBUG) { 85 $start = utime(); 86 } 87 88 // some input validation for offset 89 if (!empty($_REQUEST['offset'])) { 90 if (is_string($_REQUEST['offset']) and $_REQUEST['offset'] == (string)(int) $_REQUEST['offset']) { 91 } 92 else die('Please provide an permitted value for offset'); 93 } 94 95 // basic SQL inject detection 96 $my_insecure_array = array('keyword' => $_REQUEST['keyword'], 97 'category_id' => $_REQUEST['category_id'], 98 'product_id' => $_REQUEST['product_id'], 99 'user_id' => $_REQUEST['user_id'], 100 'user_info_id' => $_REQUEST['user_info_id'], 101 'page' => $_REQUEST['page'], 102 'func' => $_REQUEST['func']); 103 104 while(list($key,$value)=each($my_insecure_array)) { 105 if (stristr($value,'FROM ') || 106 stristr($value,'UPDATE ') || 107 stristr($value,'WHERE ') || 108 stristr($value,'ALTER ') || 109 stristr($value,'SELECT ') || 110 stristr($value,'SHUTDOWN ') || 111 stristr($value,'CREATE ') || 112 stristr($value,'DROP ') || 113 stristr($value,'DELETE FROM') || 114 stristr($value,'script') || 115 stristr($value,'<>') || 116 stristr($value,'=') || 117 stristr($value,'SET ')) 118 die('Please provide a permitted value for '.$key); 119 } 120 121 // Load module definitions 122 $module = array(); 123 $label = array(); 124 125 // Instantiate db and session class 126 $db = new ps_DB; 127 $sess = new ps_session; 128 $perm = new ps_perm; 129 $vars = array(); 130 131 // In case someone tries to be sneaky 132 $run_dir=0; 133 $run_func=0; 134 135 // Set default language as specified in phpshop.cfg 136 if (!isset($lang)) { 137 $lang = LANGUAGE; 138 $sess->register("lang"); 139 } 140 141 // Save current page call 142 $this_page=$page; 143 144 // Register previous page 145 if (!isset($last_page)) { 146 $sess->register("last_page"); 147 } 148 // Register the cart 149 if (!isset($cart)) { 150 $cart = array(); 151 $cart["idx"] = 0; 152 $sess->register("cart"); 153 } 154 // Register the auth array 155 if (!isset($auth)) { 156 $auth = array(); 157 $sess->register("auth"); 158 } 159 160 // This is what we work with. 161 $vars = $_REQUEST; 162 163 /* start fixing security hole */ 164 function harden_parse($vars){ 165 $vars2=trim($vars); 166 $vars2=strip_tags($vars2); 167 $vars2=str_replace("#","#",$vars2); 168 $vars2=str_replace("(","(",$vars2); 169 $vars2=str_replace(")",")",$vars2); 170 $vars2=str_replace("%","%",$vars2); 171 return $vars2; 172 } 173 if (count($vars) && $auth["perms"]!="admin" && $auth["perms"]!="storeadmin"){ 174 while (list($key, $value) = each ($vars)) { 175 if (is_array($value)){ 176 while (list($keyA, $valueA) = each ($value)) { 177 $varsA[$keyA]=harden_parse($valueA); 178 } $vars2[$key] = $varsA; unset ($varsA); 179 } 180 else { $vars2[$key]=harden_parse($value); } 181 if ($HTTP_POST_VARS[$key]){ $HTTP_POST_VARS[$key]=$vars2[$key]; } 182 if ($HTTP_GET_VARS[$key]){ $HTTP_GET_VARS[$key]=$vars2[$key]; } 183 $$key = $vars2[$key]; 184 } 185 $vars = $vars2; 186 $QUERY_STRING = harden_parse($QUERY_STRING); 187 } 188 if ($page=="shop/flypage" and !$product_id){ $page="shop/browse"; } 189 unset($vars2); 190 /* end fixing security hole */ 191 192 // Get Function Permissions 193 // Sets $run_func if func is registered and have permission 194 // Displays error if function is not registered 195 if ($func) { 196 $func_list = $ps_function->get_function($func); 197 if ($func_list) { 198 if ($perm->check($func_list["perms"])) { 199 $run_func = 1; 200 $func_perms = $func_list["perms"]; 201 $func_class = $func_list["class"]; 202 $func_method = $func_list["method"]; 203 } 204 else { 205 $error_type = "Insufficient Access Rights"; 206 $error = "You do not have permission to execute $func."; 207 $page = ERRORPAGE; 208 $run_func = 0; 209 } 210 } 211 else { 212 $error_type = "Function Not Registered"; 213 $error = "$func is not a valid phpShop function."; 214 $page = ERRORPAGE; 215 $run_func = 0; 216 } 217 } 218 219 // Get Page/Directory Permissions 220 // Sets $run_dir if we can run it 221 // Displays error if directory is not registered, 222 // no permission, or file does not exist 223 if (!$page) { 224 $page = HOMEPAGE; 225 } 226 227 $modulename = dirname("$page"); 228 $pagename = basename("$page"); 229 230 if (empty($modulename)) { 231 $modulename=dirname(HOMEPAGE); 232 $pagename = basename(HOMEPAGE); 233 } 234 235 $dir_list = $ps_module->get_dir($modulename); 236 if ($dir_list) { 237 if ($perm->check($dir_list["perms"])) { 238 if (!file_exists(PS_BASE."modules/$modulename/html/$pagename.ihtml")) { 239 $error_type = "Page Does Not Exist"; 240 $error = "Given filename does not exist. Cannot find file:<BR>"; 241 $error .= $modulename."/html/".$pagename.".ihtml"; 242 $page = ERRORPAGE; 243 } 244 } 245 else { 246 if ($func != "userLogin") { 247 unset($error); 248 $page = $last_page; 249 $vars["login"]=1; 250 } 251 } 252 253 // Load MODULE 254 $module = load_module($modulename); 255 require("$modulename/lib/ps_include.inc"); 256 $label = load_labels($modulename); 257 } 258 else { 259 $error_type = "Module Not Registered"; 260 $error = "$modulename is not a valid phpShop module."; 261 $page = ERRORPAGE; 262 } 263 264 // Run the function if we have permission 265 if ($run_func) { 266 267 $q = "SELECT module.module_name FROM module,function WHERE "; 268 $q .= "module.module_id=function.module_id AND "; 269 $q .= "function.function_method='$func_method' AND "; 270 $q .= "function.function_class='$func_class'"; 271 $db->query($q); 272 $db->next_record(); 273 274 // Load class definition file and run function 275 require_once($db->f("module_name")."/lib/$func_class.inc"); 276 $$func_class = new $func_class; 277 $ok = $$func_class->{$func_method}($vars); 278 279 // for debug 280 $cmd = $func_class.'->'.$func_method.'()'; 281 282 if (!$ok) { 283 if ($vars["login"] == "1") { 284 $error = $vars["error"]; 285 $vars["login"]=1; 286 } 287 else { 288 $no_last=1; 289 $page = $last_page; 290 $error = $vars["error"]; 291 } 292 } 293 else { 294 $no_last = 0; 295 unset($error); 296 $page = $vars["page"]; 297 } 298 } 299 300 // LOAD PAGE 301 302 // If this is a login, then load the approprate module information based on wher 303 // the login page is. 304 if ($vars["login"] == "1" || $page==LOGINPAGE || !$perm->check($dir_list["perms"])) { 305 $last_page = $this_page; 306 $page = LOGINPAGE; 307 $modulename = dirname($page); 308 $module = load_module($modulename); 309 require("$modulename/lib/ps_include.inc"); 310 $label = load_labels($modulename); 311 } 312 313 if (!$no_last) { 314 $last_page = $this_page; 315 } 316 if (!$page) { 317 $page = HOMEPAGE; 318 } 319 // Show the page! 320 $modulename = dirname($page); 321 $pagename = basename($page) . ".ihtml"; 322 323 // Load global file 324 require("templates/global.inc"); 325 326 // Load language file for this module 327 328 if (file_exists(PS_BASE."$modulename/lib/lang_$lang.inc")) { 329 include("$modulename/lib/lang_$lang.inc"); 330 } 331 else { 332 //Default to english if not set. 333 include("$modulename/lib/lang_eng.inc"); 334 } 335 336 // Load Header 337 if ($module[$modulename]["module_header"] && $print!="1") { 338 include("templates/".$module[$modulename]["module_header"]); 339 } 340 341 // Load PAGE 342 include("$modulename/html/$pagename"); 343 344 // Load footer 345 if ($module[$modulename]["module_footer"] && $print!="1") { 346 include("templates/".$module[$modulename]["module_footer"]); 347 } 348 349 // Save the session variables for the next run 350 $sess->save(); 351 352 // Set debug option on/off 353 if (DEBUG) { 354 $end = utime(); 355 $runtime = $end - $start; 356 $messages = dirname(DEBUGPAGE); 357 $pagename = basename(DEBUGPAGE) . ".ihtml"; 358 include("$messages/html/$pagename"); 359 } 360 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| [ Powered by PHPXref - Served by Debian GNU/Linux ] |