if (!empty($user_agent)) { foreach (file('includes/spiders.txt') as $spider) { if (!empty($spider)) { if (strpos($user_agent, $spider) !== false) { $spider_flag = true; break; } } } } if ($spider_flag === false) { tep_session_start(); $session_started = true; } } else { tep_session_start(); $session_started = true; } // initialize a session token if (!isset($_SESSION['sessiontoken'])) { $_SESSION['sessiontoken'] = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand()); } // set SID once, even if empty $SID = defined('SID') ? SID : ''; // verify the ssl_session_id if the feature is enabled if ($request_type == 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && ENABLE_SSL == true && $session_started === true) { if (!isset($_SESSION['SSL_SESSION_ID'])) { $_SESSION['SESSION_SSL_ID'] = $_SERVER['SSL_SESSION_ID']; } if ($_SESSION['SESSION_SSL_ID'] != $_SERVER['SSL_SESSION_ID']) { tep_session_destroy();
protected function init() { global $request_type, $cookie_domain, $cookie_path, $PHP_SELF, $SID, $currencies, $messageStack, $oscTemplate, $breadcrumb; Registry::set('Cache', new Cache()); $OSCOM_Db = Db::initialize(); Registry::set('Db', $OSCOM_Db); // set the application parameters $Qcfg = $OSCOM_Db->get('configuration', ['configuration_key as k', 'configuration_value as v']); //, null, null, null, 'configuration'); // TODO add cache when supported by admin while ($Qcfg->fetch()) { define($Qcfg->value('k'), $Qcfg->value('v')); } // set the type of request (secure or not) if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' || isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) { $request_type = 'SSL'; define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG); $cookie_domain = HTTPS_COOKIE_DOMAIN; $cookie_path = HTTPS_COOKIE_PATH; } else { $request_type = 'NONSSL'; define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG); $cookie_domain = HTTP_COOKIE_DOMAIN; $cookie_path = HTTP_COOKIE_PATH; } // set php_self in the global scope $req = parse_url($_SERVER['SCRIPT_NAME']); $PHP_SELF = substr($req['path'], $request_type == 'NONSSL' ? strlen(DIR_WS_HTTP_CATALOG) : strlen(DIR_WS_HTTPS_CATALOG)); // set the session name and save path session_name('oscomid'); session_save_path(SESSION_WRITE_DIRECTORY); // set the session cookie parameters session_set_cookie_params(0, $cookie_path, $cookie_domain); if (function_exists('ini_set')) { ini_set('session.use_only_cookies', SESSION_FORCE_COOKIE_USE == 'True' ? 1 : 0); } // set the session ID if it exists if (SESSION_FORCE_COOKIE_USE == 'False') { if (isset($_GET[session_name()]) && (!isset($_COOKIE[session_name()]) || $_COOKIE[session_name()] != $_GET[session_name()])) { session_id($_GET[session_name()]); } elseif (isset($_POST[session_name()]) && (!isset($_COOKIE[session_name()]) || $_COOKIE[session_name()] != $_POST[session_name()])) { session_id($_POST[session_name()]); } } // start the session if (SESSION_FORCE_COOKIE_USE == 'True') { tep_setcookie('cookie_test', 'please_accept_for_session', time() + 60 * 60 * 24 * 30); if (isset($_COOKIE['cookie_test'])) { tep_session_start(); } } elseif (SESSION_BLOCK_SPIDERS == 'True') { $user_agent = ''; if (isset($_SERVER['HTTP_USER_AGENT'])) { $user_agent = strtolower($_SERVER['HTTP_USER_AGENT']); } $spider_flag = false; if (!empty($user_agent)) { foreach (file(OSCOM::BASE_DIR . 'spiders.txt') as $spider) { if (!empty($spider)) { if (strpos($user_agent, $spider) !== false) { $spider_flag = true; break; } } } } if ($spider_flag === false) { tep_session_start(); } } else { tep_session_start(); } $this->ignored_actions[] = session_name(); // initialize a session token if (!isset($_SESSION['sessiontoken'])) { $_SESSION['sessiontoken'] = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand()); } // set SID once, even if empty $SID = defined('SID') ? SID : ''; // verify the ssl_session_id if the feature is enabled if ($request_type == 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && ENABLE_SSL == true && session_status() === PHP_SESSION_ACTIVE) { if (!isset($_SESSION['SSL_SESSION_ID'])) { $_SESSION['SESSION_SSL_ID'] = $_SERVER['SSL_SESSION_ID']; } if ($_SESSION['SESSION_SSL_ID'] != $_SERVER['SSL_SESSION_ID']) { tep_session_destroy(); OSCOM::redirect('ssl_check.php'); } } // verify the browser user agent if the feature is enabled if (SESSION_CHECK_USER_AGENT == 'True') { if (!isset($_SESSION['SESSION_USER_AGENT'])) { $_SESSION['SESSION_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; } if ($_SESSION['SESSION_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) { tep_session_destroy(); OSCOM::redirect('index.php', 'Account&LogIn'); } } // verify the IP address if the feature is enabled if (SESSION_CHECK_IP_ADDRESS == 'True') { if (!isset($_SESSION['SESSION_IP_ADDRESS'])) { $_SESSION['SESSION_IP_ADDRESS'] = tep_get_ip_address(); } if ($_SESSION['SESSION_IP_ADDRESS'] != tep_get_ip_address()) { tep_session_destroy(); OSCOM::redirect('index.php', 'Account&LogIn'); } } // create the shopping cart if (!isset($_SESSION['cart']) || !is_object($_SESSION['cart']) || get_class($_SESSION['cart']) != 'shoppingCart') { $_SESSION['cart'] = new \shoppingCart(); } // include currencies class and create an instance $currencies = new \currencies(); // set the language if (!isset($_SESSION['language']) || isset($_GET['language'])) { $lng = new \language(); if (isset($_GET['language']) && !empty($_GET['language'])) { $lng->set_language($_GET['language']); } else { $lng->get_browser_language(); } $_SESSION['language'] = $lng->language['directory']; $_SESSION['languages_id'] = $lng->language['id']; } // include the language translations $system_locale_numeric = setlocale(LC_NUMERIC, 0); include OSCOM::BASE_DIR . 'languages/' . $_SESSION['language'] . '.php'; setlocale(LC_NUMERIC, $system_locale_numeric); // Prevent LC_ALL from setting LC_NUMERIC to a locale with 1,0 float/decimal values instead of 1.0 (see bug #634) // currency if (!isset($_SESSION['currency']) || isset($_GET['currency']) || USE_DEFAULT_LANGUAGE_CURRENCY == 'true' && LANGUAGE_CURRENCY != $_SESSION['currency']) { if (isset($_GET['currency']) && $currencies->is_set($_GET['currency'])) { $_SESSION['currency'] = $_GET['currency']; } else { $_SESSION['currency'] = USE_DEFAULT_LANGUAGE_CURRENCY == 'true' && $currencies->is_set(LANGUAGE_CURRENCY) ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY; } } // navigation history if (!isset($_SESSION['navigation']) || !is_object($_SESSION['navigation']) || get_class($_SESSION['navigation']) != 'navigationHistory') { $_SESSION['navigation'] = new \navigationHistory(); } $_SESSION['navigation']->add_current_page(); $messageStack = new \messageStack(); tep_update_whos_online(); tep_activate_banners(); tep_expire_banners(); tep_expire_specials(); $oscTemplate = new \oscTemplate(); $breadcrumb = new \breadcrumb(); $breadcrumb->add(HEADER_TITLE_TOP, HTTP_SERVER); $breadcrumb->add(HEADER_TITLE_CATALOG, OSCOM::link('index.php')); Registry::set('Hooks', new Hooks()); }
function tep_session_recreate() { if (PHP_VERSION >= 4.1) { $session_backup = $_SESSION; unset($_COOKIE[tep_session_name()]); tep_session_destroy(); if (STORE_SESSIONS == 'mysql') { session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc'); } tep_session_start(); $_SESSION = $session_backup; unset($session_backup); } }
protected function init() { global $request_type, $cookie_domain, $cookie_path, $PHP_SELF, $login_request, $messageStack, $cfgModules; Registry::set('Cache', new Cache()); $OSCOM_Db = Db::initialize(); Registry::set('Db', $OSCOM_Db); // TODO legacy tep_db_connect() or die('Unable to connect to database server!'); // set the application parameters $Qcfg = $OSCOM_Db->get('configuration', ['configuration_key as k', 'configuration_value as v']); //, null, null, null, 'configuration'); // TODO add cache when supported by admin while ($Qcfg->fetch()) { define($Qcfg->value('k'), $Qcfg->value('v')); } // Used in the "Backup Manager" to compress backups define('LOCAL_EXE_GZIP', 'gzip'); define('LOCAL_EXE_GUNZIP', 'gunzip'); define('LOCAL_EXE_ZIP', 'zip'); define('LOCAL_EXE_UNZIP', 'unzip'); // Define how do we update currency exchange rates // Possible values are 'oanda' 'xe' or '' define('CURRENCY_SERVER_PRIMARY', 'oanda'); define('CURRENCY_SERVER_BACKUP', 'xe'); // set the type of request (secure or not) if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' || isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) { $request_type = 'SSL'; $cookie_domain = HTTPS_COOKIE_DOMAIN; $cookie_path = HTTPS_COOKIE_PATH; } else { $request_type = 'NONSSL'; $cookie_domain = HTTP_COOKIE_DOMAIN; $cookie_path = HTTP_COOKIE_PATH; } // set php_self in the global scope $req = parse_url($_SERVER['SCRIPT_NAME']); $PHP_SELF = substr($req['path'], $request_type == 'SSL' ? strlen(DIR_WS_HTTPS_ADMIN) : strlen(DIR_WS_ADMIN)); // set the session name and save path tep_session_name('oscomadminid'); tep_session_save_path(SESSION_WRITE_DIRECTORY); // set the session cookie parameters // set the session cookie parameters session_set_cookie_params(0, $cookie_path, $cookie_domain); if (function_exists('ini_set')) { ini_set('session.use_only_cookies', SESSION_FORCE_COOKIE_USE == 'True' ? 1 : 0); } // lets start our session tep_session_start(); // TODO remove when no more global sessions exist foreach ($_SESSION as $k => $v) { $GLOBALS[$k] =& $_SESSION[$k]; } // set the language if (!isset($_SESSION['language']) || isset($_GET['language'])) { $lng = new \language(); if (isset($_GET['language']) && !empty($_GET['language'])) { $lng->set_language($_GET['language']); } else { $lng->get_browser_language(); } $_SESSION['language'] = $lng->language['directory']; $_SESSION['languages_id'] = $lng->language['id']; } // redirect to login page if administrator is not yet logged in if (!isset($_SESSION['admin'])) { $redirect = false; $current_page = $PHP_SELF; // if the first page request is to the login page, set the current page to the index page // so the redirection on a successful login is not made to the login page again if ($current_page == FILENAME_LOGIN && !isset($_SESSION['redirect_origin'])) { $current_page = FILENAME_DEFAULT; } if ($current_page != FILENAME_LOGIN) { if (!isset($_SESSION['redirect_origin'])) { $_SESSION['redirect_origin'] = ['page' => $current_page, 'get' => []]; } // try to automatically login with the HTTP Authentication values if it exists if (!isset($_SESSION['auth_ignore'])) { if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && !empty($_SERVER['PHP_AUTH_PW'])) { $_SESSION['redirect_origin']['auth_user'] = $_SERVER['PHP_AUTH_USER']; $_SESSION['redirect_origin']['auth_pw'] = $_SERVER['PHP_AUTH_PW']; } } $redirect = true; } if (!isset($login_request) || isset($_GET['login_request']) || isset($_POST['login_request']) || isset($_COOKIE['login_request']) || isset($_SESSION['login_request']) || isset($_FILES['login_request']) || isset($_SERVER['login_request'])) { $redirect = true; } if ($redirect == true) { tep_redirect(tep_href_link(FILENAME_LOGIN, isset($_SESSION['redirect_origin']['auth_user']) ? 'action=process' : '')); } } // include the language translations $_system_locale_numeric = setlocale(LC_NUMERIC, 0); require DIR_FS_ADMIN . 'includes/languages/' . $_SESSION['language'] . '.php'; setlocale(LC_NUMERIC, $_system_locale_numeric); // Prevent LC_ALL from setting LC_NUMERIC to a locale with 1,0 float/decimal values instead of 1.0 (see bug #634) $current_page = basename($PHP_SELF); if (file_exists(DIR_FS_ADMIN . 'includes/languages/' . $_SESSION['language'] . '/' . $current_page)) { include DIR_FS_ADMIN . 'includes/languages/' . $_SESSION['language'] . '/' . $current_page; } $messageStack = new \messageStack(); $cfgModules = new \cfg_modules(); Registry::set('Hooks', new Hooks()); }