Beispiel #1
0
 public function execute()
 {
     global $login_customer_id;
     $OSCOM_Db = Registry::get('Db');
     if (is_int($login_customer_id) && $login_customer_id > 0) {
         if (SESSION_RECREATE == 'True') {
             tep_session_recreate();
         }
         $Qcustomer = $OSCOM_Db->prepare('select c.customers_firstname, c.customers_default_address_id, ab.entry_country_id, ab.entry_zone_id from :table_customers c left join :table_address_book ab on (c.customers_id = ab.customers_id and c.customers_default_address_id = ab.address_book_id) where c.customers_id = :customers_id');
         $Qcustomer->bindInt(':customers_id', $login_customer_id);
         $Qcustomer->execute();
         $_SESSION['customer_id'] = $login_customer_id;
         $_SESSION['customer_default_address_id'] = $Qcustomer->valueInt('customers_default_address_id');
         $_SESSION['customer_first_name'] = $Qcustomer->value('customers_firstname');
         $_SESSION['customer_country_id'] = $Qcustomer->valueInt('entry_country_id');
         $_SESSION['customer_zone_id'] = $Qcustomer->valueInt('entry_zone_id');
         $Qupdate = $OSCOM_Db->prepare('update :table_customers_info set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1, password_reset_key = null, password_reset_date = null where customers_info_id = :customers_info_id');
         $Qupdate->bindInt(':customers_info_id', $_SESSION['customer_id']);
         $Qupdate->execute();
         // reset session token
         $_SESSION['sessiontoken'] = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());
         // restore cart contents
         $_SESSION['cart']->restore_contents();
         if (count($_SESSION['navigation']->snapshot) > 0) {
             $origin_href = OSCOM::link($_SESSION['navigation']->snapshot['page'], tep_array_to_string($_SESSION['navigation']->snapshot['get'], array(session_name())), $_SESSION['navigation']->snapshot['mode']);
             $_SESSION['navigation']->clear_snapshot();
             HTTP::redirect($origin_href);
         }
         OSCOM::redirect('index.php');
     }
 }
Beispiel #2
0
function tep_create_random_value($length, $type = 'mixed')
{
    if ($type != 'mixed' && $type != 'chars' && $type != 'digits') {
        return false;
    }
    $rand_value = '';
    while (strlen($rand_value) < $length) {
        if ($type == 'digits') {
            $char = tep_rand(0, 9);
        } else {
            $char = chr(tep_rand(0, 255));
        }
        if ($type == 'mixed') {
            if (preg_match('/^[a-z0-9]$/i', $char)) {
                $rand_value .= $char;
            }
        } elseif ($type == 'chars') {
            if (preg_match('/^[a-z]$/i', $char)) {
                $rand_value .= $char;
            }
        } elseif ($type == 'digits') {
            if (preg_match('/^[0-9]$/i', $char)) {
                $rand_value .= $char;
            }
        }
    }
    return $rand_value;
}
Beispiel #3
0
function tep_encrypt_password($plain)
{
    $password = '';
    for ($i = 0; $i < 10; $i++) {
        $password .= tep_rand();
    }
    $salt = substr(md5($password), 0, 2);
    $password = md5($salt . $plain) . ':' . $salt;
    return $password;
}
function tep_random_name()
{
    $letters = 'abcdefghijklmnopqrstuvwxyz';
    $dirname = '.';
    $length = floor(tep_rand(16, 20));
    for ($i = 1; $i <= $length; $i++) {
        $q = floor(tep_rand(1, 26));
        $dirname .= $letters[$q];
    }
    return $dirname;
}
Beispiel #5
0
function tep_random_select($query)
{
    $random_product = '';
    $random_query = tep_db_query($query);
    $num_rows = tep_db_num_rows($random_query);
    if ($num_rows > 0) {
        $random_row = tep_rand(0, $num_rows - 1);
        tep_db_data_seek($random_query, $random_row);
        $random_product = tep_db_fetch_array($random_query);
    }
    return $random_product;
}
Beispiel #6
0
function session_start()
{
    global $session, $SID, $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS;
    // Define the global variable $SID?
    $define_sid = true;
    // Send the session cookie?
    $send_cookie = true;
    // Is track_vars enabled?
    $track_vars = isset($HTTP_COOKIE_VARS) || isset($HTTP_GET_VARS) || isset($HTTP_POST_VARS) ? true : false;
    // Check if session_start() has been called once already
    if ($session->nr_open_sessions != 0) {
        return false;
    }
    // If our only resource is the global symbol_table, then check it.
    // If track_vars are enabled, we prefer these, because they are more
    // reliable, and we always know whether the user has accepted the
    // cookie.
    if (isset($GLOBALS[$session->name]) && !empty($GLOBALS[$session->name]) && !$track_vars) {
        $session->id = $GLOBALS[$session->name];
        $send_cookie = false;
    }
    // Now check the track_vars. Cookies are preferred, because initially
    // cookie and get variables will be available.
    if (empty($session->id) && $track_vars) {
        if (isset($HTTP_COOKIE_VARS[$session->name])) {
            $session->id = $HTTP_COOKIE_VARS[$session->name];
            $define_sid = false;
            $send_cookie = false;
        }
        if (isset($HTTP_GET_VARS[$session->name])) {
            $session->id = $HTTP_GET_VARS[$session->name];
        }
        if (isset($HTTP_POST_VARS[$session->name])) {
            $session->id = $HTTP_POST_VARS[$session->name];
        }
    }
    /*
    // Check the REQUEST_URI symbol for a string of the form
    // '<session-name>=<session-id>' to allow URLs of the form
    // http://yoursite/<session-name>=<session-id>/script.php 
        if (empty($session->id)) {
          eregi($session->name . '=([^/]+)', $GLOBALS['REQUEST_URI'], $regs);
          $regs[1] = trim($regs[1]);
          if (!empty($regs[1])) {
            $session->id = $regs[1];
          }
        }
    */
    // Check whether the current request was referred to by
    // an external site which invalidates the previously found ID
    if (!empty($session->id) && $session->referer_check) {
        $url = parse_url($GLOBALS['HTTP_REFERER']);
        if (trim($url['host']) != $GLOBALS['SERVER_NAME']) {
            unset($session->id);
            $send_cookie = true;
            $define_sid = true;
        }
    }
    // Do we have an existing session ID?
    if (empty($session->id)) {
        // Create new session ID
        $session->id = _session_create_id();
    }
    // Is use_cookies set to false?
    if (!$session->use_cookies && $send_cookie) {
        $define_sid = true;
        $send_cookie = false;
    }
    // Should we send a cookie?
    if ($send_cookie) {
        setcookie($session->name, $session->id, $session->cookie_lifetime, $session->cookie_path, $session->cookie_domain);
    }
    // Should we define the SID?
    if ($define_sid) {
        $SID = $session->name . '=' . $session->id;
    }
    $session->nr_open_sessions++;
    // Send caching headers
    // Start session
    $mod = $GLOBALS[$session->mod_name];
    if (!$mod->open($session->save_path, $session->name)) {
        die('Failed to initialize session module.');
    }
    // Read session data
    if ($val = $mod->read($session->id)) {
        // Decode session data
        session_decode($val);
    }
    // Send HTTP cache headers
    _session_cache_limiter();
    // Check if we should clean up (call the garbage collection routines)
    if ($session->gc_probability > 0) {
        $randmax = getrandmax();
        $nrand = (int) (100 * tep_rand() / $randmax);
        if ($nrand < $session->gc_probability) {
            $mod->gc($session->gc_maxlifetime);
        }
    }
    if ($define_sid) {
        define('SID', $SID);
    } else {
        define('SID', '');
    }
    return true;
}
Beispiel #7
0
function db_random_select($query)
{
    $random_info = '';
    $random_query = db_query($query);
    $num_rows = db_num_rows($random_query);
    if ($num_rows > 0) {
        $random_row = tep_rand(0, $num_rows - 1);
        db_data_seek($random_query, $random_row);
        $random_info = db_fetch_array($random_query);
    }
    return $random_info;
}
Beispiel #8
0
 /**
  * encode()
  * 
  * Encodes and returns the email. Also stores
  * it in the encoded member variable
  *
  * @return An associative array containing two elements,
  *         body and headers. The headers element is itself
  *         an indexed array.
  * @access public
  */
 function encode()
 {
     $encoded = $this->_encoded;
     if (tep_not_null($this->_subparts)) {
         $boundary = '=_' . md5(uniqid(tep_rand()) . microtime());
         $this->_headers['Content-Type'] .= ';' . $this->lf . chr(9) . 'boundary="' . $boundary . '"';
         // Add body parts to $subparts
         for ($i = 0; $i < count($this->_subparts); $i++) {
             $headers = array();
             $_subparts = $this->_subparts[$i];
             $tmp = $_subparts->encode();
             foreach ($tmp['headers'] as $key => $value) {
                 $headers[] = $key . ': ' . $value;
             }
             $subparts[] = implode($this->lf, $headers) . $this->lf . $this->lf . $tmp['body'];
         }
         $encoded['body'] = '--' . $boundary . $this->lf . implode('--' . $boundary . $this->lf, $subparts) . '--' . $boundary . '--' . $this->lf;
     } else {
         $encoded['body'] = $this->_getEncodedData($this->_body, $this->_encoding) . $this->lf;
     }
     // Add headers to $encoded
     $encoded['headers'] = $this->_headers;
     return $encoded;
 }
 function createRandomValue($length, $type = 'mixed')
 {
     if ($type != 'mixed' && $type != 'chars' && $type != 'digits') {
         $type = 'mixed';
     }
     $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
     $digits = '0123456789';
     $base = '';
     if ($type == 'mixed' || $type == 'chars') {
         $base .= $chars;
     }
     if ($type == 'mixed' || $type == 'digits') {
         $base .= $digits;
     }
     $value = '';
     if (!class_exists('PasswordHash') && file_exists(DIR_FS_CATALOG . 'includes/classes/passwordhash.php')) {
         include DIR_FS_CATALOG . 'includes/classes/passwordhash.php';
         $hasher = new PasswordHash(10, true);
         do {
             $random = base64_encode($hasher->get_random_bytes($length));
             for ($i = 0, $n = strlen($random); $i < $n; $i++) {
                 $char = substr($random, $i, 1);
                 if (strpos($base, $char) !== false) {
                     $value .= $char;
                 }
             }
         } while (strlen($value) < $length);
         if (strlen($value) > $length) {
             $value = substr($value, 0, $length);
         }
         return $value;
     }
     // fallback for v2.3.1
     while (strlen($value) < $length) {
         if ($type == 'digits') {
             $char = tep_rand(0, 9);
         } else {
             $char = chr(tep_rand(0, 255));
         }
         if ($type == 'mixed') {
             if (preg_match('/^[a-z0-9]$/i', $char)) {
                 $value .= $char;
             }
         } elseif ($type == 'chars') {
             if (preg_match('/^[a-z]$/i', $char)) {
                 $value .= $char;
             }
         } elseif ($type == 'digits') {
             if (preg_match('/^[0-9]$/i', $char)) {
                 $value .= $char;
             }
         }
     }
     return $value;
 }
Beispiel #10
0
 function expire()
 {
     extract(tep_load('database'));
     $value = tep_rand(0, 19);
     if (!$value) {
         $db->query("delete from " . TABLE_SESSIONS_ADMIN . " where expiry < '" . time() . "'");
     }
 }
Beispiel #11
0
 function randomQueryMulti($query)
 {
     $resource = $this->simpleQuery($query);
     $num_rows = $this->numberOfRows($resource);
     if ($num_rows > 0) {
         $random_row = tep_rand(0, $num_rows - 1);
         $this->dataSeek($random_row, $resource);
         return $resource;
     } else {
         return false;
     }
 }
Beispiel #12
0
function tep_random_buttons_css(&$selection, $selector, $count = 10)
{
    $entries_array = array();
    $chars = 'abcdefghijklmnopqrstuvwxyz';
    $hidden = 'none;' . "\n";
    $visible = 'inline;' . "\n";
    $k = tep_rand(0, $count);
    $css = array();
    for ($i = 0; $i < $count; $i++) {
        for ($entry = '', $i2 = 0; $i2 < 6; $i2++) {
            $entry .= $chars[tep_rand(0, strlen($chars) - 1)];
        }
        $precount = tep_rand(0, 3);
        //$comment_start = tep_rand(0, 5);
        //$comment_end = tep_rand($comment_start, 5);
        if (isset($entries_array[$entry])) {
            continue;
        }
        $css[$entry] = $selector . ' .' . $entry . ' {' . "\n";
        $entries_array[$entry] = '';
        for ($i2 = 0; $i2 < $precount; $i2++) {
            $pre_random = tep_rand(0, 1) == 1 ? $visible : $hidden;
            $css[$entry] .= 'display: ' . $pre_random;
        }
        if ($i == $k) {
            $selection = $entry;
            $css[$entry] .= 'display: ' . $visible;
        } else {
            $css[$entry] .= 'display: ' . $hidden;
        }
        $css[$entry] .= '}' . "\n";
    }
    return $css;
}
Beispiel #13
0
 function get_banners()
 {
     extract(tep_load('defs', 'database'));
     $result_array = array();
     $content_type = 0;
     switch ($cDefs->script) {
         case FILENAME_GENERIC_PAGES:
             $content_type = 1;
             break;
         case FILENAME_COLLECTIONS:
             $content_type = 2;
             break;
         default:
             $content_type = 0;
             break;
     }
     $result_array = $db->query_to_array("select auto_id, group_id, filename, content_id, content_name, content_type, content_link from " . TABLE_BANNERS . " where (content_type = '" . (int) $content_type . "' or content_type = '0') and status_id = 1 order by sort_id");
     if (empty($result_array)) {
         return $result_array;
     }
     $tmp_array = tep_array_invert_flat($result_array, 'group_id', 'group_id');
     $groups_array = $db->query_to_array("select group_id, group_pos, group_type, group_width, group_height from " . TABLE_BANNERS_GROUP . " where group_id in (" . implode(',', array_keys($tmp_array)) . ")", 'group_id');
     $tmp_array = array();
     for ($i = 0, $j = count($result_array); $i < $j; $i++) {
         $group_id = $result_array[$i]['group_id'];
         $tmp_array[$group_id] = isset($tmp_array[$group_id]) ? count($tmp_array[$group_id]) : 0;
         $result_array[$i]['group_pos'] = $groups_array[$group_id]['group_pos'];
     }
     foreach ($tmp_array as $group_id => $count) {
         if ($groups_array[$group_id]['group_type'] == 1 && $count) {
             $index = 0;
             $keep = tep_rand(0, $count);
             for ($i = 0, $j = count($result_array); $i < $j; $i++) {
                 if ($result_array[$i]['group_id'] == $group_id) {
                     if ($keep != $index) {
                         unset($result_array[$i]);
                     }
                     $index++;
                 }
             }
             $result_array = array_values($result_array);
         }
     }
     return $result_array;
 }
        }
    }
    if ($spider_flag == false) {
        tep_session_start();
        $session_started = true;
    }
} else {
    tep_session_start();
    $session_started = true;
}
if ($session_started == true && PHP_VERSION >= 4.3 && function_exists('ini_get') && ini_get('register_globals') == false) {
    extract($_SESSION, EXTR_OVERWRITE + EXTR_REFS);
}
// initialize a session token
if (!tep_session_is_registered('sessiontoken')) {
    $sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());
    tep_session_register('sessiontoken');
}
// set SID once, even if empty
$SID = defined('SID') ? SID : '';
// verify the ssl_session_id if the feature is enabled
if ($request_type == 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && ENABLE_SSL == true && $session_started == true) {
    $ssl_session_id = getenv('SSL_SESSION_ID');
    if (!tep_session_is_registered('SSL_SESSION_ID')) {
        $SESSION_SSL_ID = $ssl_session_id;
        tep_session_register('SESSION_SSL_ID');
    }
    if ($SESSION_SSL_ID != $ssl_session_id) {
        tep_session_destroy();
        tep_redirect(tep_href_link(FILENAME_SSL_CHECK));
    }
Beispiel #15
0
 protected function init()
 {
     global $request_type, $cookie_domain, $cookie_path, $PHP_SELF, $SID, $currencies, $messageStack, $oscTemplate, $breadcrumb;
     Registry::set('Cache', new Cache());
     $OSCOM_Db = Db::initialize();
     Registry::set('Db', $OSCOM_Db);
     // set the application parameters
     $Qcfg = $OSCOM_Db->get('configuration', ['configuration_key as k', 'configuration_value as v']);
     //, null, null, null, 'configuration'); // TODO add cache when supported by admin
     while ($Qcfg->fetch()) {
         define($Qcfg->value('k'), $Qcfg->value('v'));
     }
     // set the type of request (secure or not)
     if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' || isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) {
         $request_type = 'SSL';
         define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG);
         $cookie_domain = HTTPS_COOKIE_DOMAIN;
         $cookie_path = HTTPS_COOKIE_PATH;
     } else {
         $request_type = 'NONSSL';
         define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG);
         $cookie_domain = HTTP_COOKIE_DOMAIN;
         $cookie_path = HTTP_COOKIE_PATH;
     }
     // set php_self in the global scope
     $req = parse_url($_SERVER['SCRIPT_NAME']);
     $PHP_SELF = substr($req['path'], $request_type == 'NONSSL' ? strlen(DIR_WS_HTTP_CATALOG) : strlen(DIR_WS_HTTPS_CATALOG));
     // set the session name and save path
     session_name('oscomid');
     session_save_path(SESSION_WRITE_DIRECTORY);
     // set the session cookie parameters
     session_set_cookie_params(0, $cookie_path, $cookie_domain);
     if (function_exists('ini_set')) {
         ini_set('session.use_only_cookies', SESSION_FORCE_COOKIE_USE == 'True' ? 1 : 0);
     }
     // set the session ID if it exists
     if (SESSION_FORCE_COOKIE_USE == 'False') {
         if (isset($_GET[session_name()]) && (!isset($_COOKIE[session_name()]) || $_COOKIE[session_name()] != $_GET[session_name()])) {
             session_id($_GET[session_name()]);
         } elseif (isset($_POST[session_name()]) && (!isset($_COOKIE[session_name()]) || $_COOKIE[session_name()] != $_POST[session_name()])) {
             session_id($_POST[session_name()]);
         }
     }
     // start the session
     if (SESSION_FORCE_COOKIE_USE == 'True') {
         tep_setcookie('cookie_test', 'please_accept_for_session', time() + 60 * 60 * 24 * 30);
         if (isset($_COOKIE['cookie_test'])) {
             tep_session_start();
         }
     } elseif (SESSION_BLOCK_SPIDERS == 'True') {
         $user_agent = '';
         if (isset($_SERVER['HTTP_USER_AGENT'])) {
             $user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
         }
         $spider_flag = false;
         if (!empty($user_agent)) {
             foreach (file(OSCOM::BASE_DIR . 'spiders.txt') as $spider) {
                 if (!empty($spider)) {
                     if (strpos($user_agent, $spider) !== false) {
                         $spider_flag = true;
                         break;
                     }
                 }
             }
         }
         if ($spider_flag === false) {
             tep_session_start();
         }
     } else {
         tep_session_start();
     }
     $this->ignored_actions[] = session_name();
     // initialize a session token
     if (!isset($_SESSION['sessiontoken'])) {
         $_SESSION['sessiontoken'] = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());
     }
     // set SID once, even if empty
     $SID = defined('SID') ? SID : '';
     // verify the ssl_session_id if the feature is enabled
     if ($request_type == 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && ENABLE_SSL == true && session_status() === PHP_SESSION_ACTIVE) {
         if (!isset($_SESSION['SSL_SESSION_ID'])) {
             $_SESSION['SESSION_SSL_ID'] = $_SERVER['SSL_SESSION_ID'];
         }
         if ($_SESSION['SESSION_SSL_ID'] != $_SERVER['SSL_SESSION_ID']) {
             tep_session_destroy();
             OSCOM::redirect('ssl_check.php');
         }
     }
     // verify the browser user agent if the feature is enabled
     if (SESSION_CHECK_USER_AGENT == 'True') {
         if (!isset($_SESSION['SESSION_USER_AGENT'])) {
             $_SESSION['SESSION_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
         }
         if ($_SESSION['SESSION_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) {
             tep_session_destroy();
             OSCOM::redirect('index.php', 'Account&LogIn');
         }
     }
     // verify the IP address if the feature is enabled
     if (SESSION_CHECK_IP_ADDRESS == 'True') {
         if (!isset($_SESSION['SESSION_IP_ADDRESS'])) {
             $_SESSION['SESSION_IP_ADDRESS'] = tep_get_ip_address();
         }
         if ($_SESSION['SESSION_IP_ADDRESS'] != tep_get_ip_address()) {
             tep_session_destroy();
             OSCOM::redirect('index.php', 'Account&LogIn');
         }
     }
     // create the shopping cart
     if (!isset($_SESSION['cart']) || !is_object($_SESSION['cart']) || get_class($_SESSION['cart']) != 'shoppingCart') {
         $_SESSION['cart'] = new \shoppingCart();
     }
     // include currencies class and create an instance
     $currencies = new \currencies();
     // set the language
     if (!isset($_SESSION['language']) || isset($_GET['language'])) {
         $lng = new \language();
         if (isset($_GET['language']) && !empty($_GET['language'])) {
             $lng->set_language($_GET['language']);
         } else {
             $lng->get_browser_language();
         }
         $_SESSION['language'] = $lng->language['directory'];
         $_SESSION['languages_id'] = $lng->language['id'];
     }
     // include the language translations
     $system_locale_numeric = setlocale(LC_NUMERIC, 0);
     include OSCOM::BASE_DIR . 'languages/' . $_SESSION['language'] . '.php';
     setlocale(LC_NUMERIC, $system_locale_numeric);
     // Prevent LC_ALL from setting LC_NUMERIC to a locale with 1,0 float/decimal values instead of 1.0 (see bug #634)
     // currency
     if (!isset($_SESSION['currency']) || isset($_GET['currency']) || USE_DEFAULT_LANGUAGE_CURRENCY == 'true' && LANGUAGE_CURRENCY != $_SESSION['currency']) {
         if (isset($_GET['currency']) && $currencies->is_set($_GET['currency'])) {
             $_SESSION['currency'] = $_GET['currency'];
         } else {
             $_SESSION['currency'] = USE_DEFAULT_LANGUAGE_CURRENCY == 'true' && $currencies->is_set(LANGUAGE_CURRENCY) ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY;
         }
     }
     // navigation history
     if (!isset($_SESSION['navigation']) || !is_object($_SESSION['navigation']) || get_class($_SESSION['navigation']) != 'navigationHistory') {
         $_SESSION['navigation'] = new \navigationHistory();
     }
     $_SESSION['navigation']->add_current_page();
     $messageStack = new \messageStack();
     tep_update_whos_online();
     tep_activate_banners();
     tep_expire_banners();
     tep_expire_specials();
     $oscTemplate = new \oscTemplate();
     $breadcrumb = new \breadcrumb();
     $breadcrumb->add(HEADER_TITLE_TOP, HTTP_SERVER);
     $breadcrumb->add(HEADER_TITLE_CATALOG, OSCOM::link('index.php'));
     Registry::set('Hooks', new Hooks());
 }
                    break;
                }
            }
        }
    }
    if ($spider_flag === false) {
        tep_session_start();
        $session_started = true;
    }
} else {
    tep_session_start();
    $session_started = true;
}
// initialize a session token
if (!isset($_SESSION['sessiontoken'])) {
    $_SESSION['sessiontoken'] = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());
}
// set SID once, even if empty
$SID = defined('SID') ? SID : '';
// verify the ssl_session_id if the feature is enabled
if ($request_type == 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && ENABLE_SSL == true && $session_started === true) {
    if (!isset($_SESSION['SSL_SESSION_ID'])) {
        $_SESSION['SESSION_SSL_ID'] = $_SERVER['SSL_SESSION_ID'];
    }
    if ($_SESSION['SESSION_SSL_ID'] != $_SERVER['SSL_SESSION_ID']) {
        tep_session_destroy();
        OSCOM::redirect('ssl_check.php');
    }
}
// verify the browser user agent if the feature is enabled
if (SESSION_CHECK_USER_AGENT == 'True') {
Beispiel #17
0
function tep_create_random_value($length, $type = 'mixed', $unique = false)
{
    $digits = '1234567890';
    $chars = 'abcdefghijklmnopqrstuvwxyz';
    $result = $pattern = '';
    switch ($type) {
        case 'digits':
            $pattern = $digits;
            break;
        case 'chars':
            $pattern = $chars . strtoupper($chars);
            break;
        case 'chars_lower':
            $pattern = $chars;
            break;
        case 'mixed_upper':
            $pattern = $digits . strtoupper($chars);
            break;
        case 'mixed_lower':
            $pattern = $digits . $chars;
            break;
        default:
            if ($unique) {
                $pattern = $digits . $chars . strtoupper($chars);
            } else {
                $pattern = $digits . $chars . strrev($digits) . strtoupper($chars);
            }
            break;
    }
    for ($i = 0; $i < $length && strlen($pattern); $i++) {
        $index = tep_rand(0, strlen($pattern) - 1);
        $result .= substr($pattern, $index, 1);
        if ($unique) {
            if ($index >= strlen($pattern)) {
                $pattern = substr($pattern, 0, -1);
            } elseif (!$index) {
                $pattern = substr($pattern, 1);
            } else {
                $pattern = substr($pattern, 0, $index) . substr($pattern, $index + 1);
            }
        }
    }
    return $result;
}