Ejemplo n.º 1
0
<?php

// Security
if ($SMCallback !== true) {
    echo "Unauthorized!";
    // Not executed in the context of Sitemagic
    exit;
}
if (SMAuthentication::Authorized() === false) {
    throw new exception("Unauthorized!");
}
// Parameters
$imagesFolder = SMEnvironment::GetDataDirectory() . "/SMShop";
$command = count($_FILES) > 0 ? "Upload" : "Remove";
// Upload file
if ($command === "Upload") {
    if (isset($_FILES["SelectedFile"]) === false || $_FILES["SelectedFile"]["error"] !== 0 || $_FILES["SelectedFile"]["name"] === "") {
        header("HTTP/1.1 500 Internal Server Error");
        echo "Error";
        exit;
    }
    // File information
    $dir = $imagesFolder;
    $filename = $_FILES["SelectedFile"]["name"];
    // Ensure target folder
    if (SMFileSystem::FolderExists($dir) === false) {
        $res = SMFileSystem::CreateFolder($dir);
        if ($res === false) {
            header("HTTP/1.1 500 Internal Server Error");
            echo "Error - unable to create '" . $dir . "'";
            exit;
Ejemplo n.º 2
0
$json = SMShopGetJsonData();
$model = $json["Model"];
$props = $json["Properties"];
$command = $json["Operation"];
$match = isset($json["Match"]) === true ? $json["Match"] : null;
$dataSourceName = "SMShop" . ($model !== "OrderEntry" ? $model . "s" : "OrderEntries");
// $model contains e.g. "Product", "Order", or "OrderEntry"
// Make sure DataSource is supported
if (in_array($dataSourceName, array_keys($dataSourcesAllowed), true) === false) {
    header("HTTP/1.1 500 Internal Server Error");
    echo "Invalid data source";
    exit;
}
$dsDef = $dataSourcesAllowed[$dataSourceName];
// Make sure user is authorized for operations requiring authorization
if (in_array($command, $dsDef["AuthRequired"]) === true && SMAuthentication::Authorized() === false) {
    header("HTTP/1.1 500 Internal Server Error");
    echo "Unauthorized - '" . $model . "' requires authentication for operation '" . $command . "'";
    exit;
}
// Sanitize input
foreach ($props as $prop => $val) {
    SMShopValidateField($dsDef, $prop, $val);
    if ($dsDef["Fields"][$prop]["DataType"] === "string") {
        $props[$prop] = strip_tags($val);
    }
}
foreach ($match !== null ? $match : array() as $m) {
    SMShopValidateField($dsDef, $m["Field"], $m["Value"]);
    if ($m["Operator"] !== "=" && $m["Operator"] !== "!=" && $m["Operator"] !== "<" && $m["Operator"] !== "<=" && $m["Operator"] !== ">" && $m["Operator"] !== ">=") {
        header("HTTP/1.1 500 Internal Server Error");
Ejemplo n.º 3
0
 public function Render()
 {
     if (SMEnvironment::GetQueryValue("SMShopEditProducts") !== null) {
         if (SMAuthentication::Authorized() === false) {
             SMExtensionManager::ExecuteExtension(SMExtensionManager::GetDefaultExtension());
         }
         $frm = new SMShopFrmShop($this->context);
         return $frm->Render();
     }
     if (SMEnvironment::GetQueryValue("SMShopBasket") !== null) {
         $frm = new SMShopFrmBasket($this->context);
         return $frm->Render();
     } else {
         $frm = new SMShopFrmProducts($this->context);
         return $frm->Render();
     }
 }