function smn_session_start()
{
global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS;
$sane_session_id = true;
if (isset($HTTP_GET_VARS[smn_session_name()])) {
if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_GET_VARS[smn_session_name()]) == false) {
unset($HTTP_GET_VARS[smn_session_name()]);
$sane_session_id = false;
}
} elseif (isset($HTTP_POST_VARS[smn_session_name()])) {
if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_POST_VARS[smn_session_name()]) == false) {
unset($HTTP_POST_VARS[smn_session_name()]);
$sane_session_id = false;
}
} elseif (isset($HTTP_COOKIE_VARS[smn_session_name()])) {
if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_COOKIE_VARS[smn_session_name()]) == false) {
$session_data = session_get_cookie_params();
setcookie(smn_session_name(), '', time() - 42000, $session_data['path'], $session_data['domain']);
$sane_session_id = false;
}
}
if ($sane_session_id == false) {
smn_redirect(smn_href_link(FILENAME_DEFAULT, '', 'NONSSL', false));
}
return session_start();
}
<?php
/*
Copyright (c) 2002 - 2006 SystemsManager.Net
SystemsManager Technologies
oscMall System Version 4
http://www.systemsmanager.net
Portions Copyright (c) 2002 osCommerce
This source file is subject to version 2.0 of the GPL license,
that is bundled with this package in the file LICENSE. If you
did not receive a copy of the oscMall System license and are unable
to obtain it through the world-wide-web, please send a note to
license@systemsmanager.net so we can mail you a copy immediately.
*/
global $page_name;
$breadcrumb->add(NAVBAR_TITLE_1);
$breadcrumb->add(NAVBAR_TITLE_2);
if (sizeof($navigation->snapshot) > 0) {
$origin_href = smn_href_link($navigation->snapshot['page'], smn_array_to_string($navigation->snapshot['get'], array(smn_session_name())), $navigation->snapshot['mode']);
$navigation->clear_snapshot();
} else {
$origin_href = smn_href_link(FILENAME_DEFAULT);
}
require DIR_WS_FUNCTIONS . 'password_funcs.php';
// initialize the logger class
require DIR_WS_CLASSES . 'logger.php';
// include shopping cart class
require DIR_WS_CLASSES . 'shopping_cart.php';
// check to see if php implemented session management functions - if not, include php3/php4 compatible session class
if (!function_exists('session_start')) {
define('PHP_SESSION_NAME', 'osCMallAdmin');
define('PHP_SESSION_PATH', '/');
define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY);
include DIR_WS_CLASSES . 'sessions.php';
}
// define how the session functions will be used
require DIR_WS_FUNCTIONS . 'sessions.php';
// set the session name and save path
smn_session_name('osCMallAdmin');
smn_session_save_path(SESSION_WRITE_DIRECTORY);
// set the session cookie parameters
if (function_exists('session_set_cookie_params')) {
session_set_cookie_params(0, DIR_WS_ADMIN);
} elseif (function_exists('ini_set')) {
ini_set('session.cookie_lifetime', '0');
ini_set('session.cookie_path', DIR_WS_ADMIN);
}
// lets start our session
smn_session_start();
if (PHP_VERSION >= 4.3 && function_exists('ini_get') && ini_get('register_globals') == false) {
extract($_SESSION, EXTR_OVERWRITE + EXTR_REFS);
}
if ($_GET['ID'] && !$store_id) {
if (!smn_session_is_registered('store_id')) {
function smn_hide_session_id()
{
$string = '';
if (defined('SID') && smn_not_null(SID)) {
$string = smn_draw_hidden_field(smn_session_name(), smn_session_id());
}
return $string;
}
function smn_hide_session_id()
{
global $session_started, $SID;
if ($session_started == true && smn_not_null($SID)) {
return smn_draw_hidden_field(smn_session_name(), smn_session_id());
}
}
}
$boxContent .= '<a href="' . smn_href_link(FILENAME_DEFAULT, 'ID=1&manufacturers_id=' . $manufacturers['manufacturers_id']) . '">' . $manufacturers_name . '</a><br>';
}
$boxContent = substr($boxContent, 0, -4);
} else {
// Display a drop-down
$manufacturers_array = array();
if (MAX_MANUFACTURERS_LIST < 2) {
$manufacturers_array[] = array('id' => '', 'text' => PULL_DOWN_DEFAULT);
}
while ($manufacturers = smn_db_fetch_array($manufacturers_query)) {
$manufacturers_name = strlen($manufacturers['manufacturers_name']) > MAX_DISPLAY_MANUFACTURER_NAME_LEN ? substr($manufacturers['manufacturers_name'], 0, MAX_DISPLAY_MANUFACTURER_NAME_LEN) . '..' : $manufacturers['manufacturers_name'];
$manufacturers_array[] = array('id' => $manufacturers['manufacturers_id'], 'text' => $manufacturers_name);
}
if ($session_started == true && smn_not_null($SID)) {
$link = 'ID=1&' . smn_session_name() . '=' . smn_session_id();
} else {
$link = 'ID=1';
}
$boxContent = smn_draw_form('manufacturers', smn_href_link(FILENAME_DEFAULT, $link, 'NONSSL', false), 'get');
$boxContent .= smn_draw_pull_down_menu('manufacturers_id', $manufacturers_array, isset($_GET['manufacturers_id']) ? $_GET['manufacturers_id'] : '', 'onChange="this.form.submit();" size="' . MAX_MANUFACTURERS_LIST . '" style="width: 100%"');
$boxContent .= '</form>';
}
$boxContent .= smn_hide_session_id();
if (file_exists(DIR_WS_BOX_TEMPLATES . $box_base_name . '.php')) {
require DIR_WS_BOX_TEMPLATES . $box_base_name . '.php';
} else {
require DEFAULT_TEMPLATENAME_BOX;
}
$boxContent_attributes = '';
}
function smn_get_all_get_params($exclude_array = '')
{
global $_GET;
if (!is_array($exclude_array)) {
$exclude_array = array();
}
$get_url = '';
if (is_array($_GET) && sizeof($_GET) > 0) {
reset($_GET);
while (list($key, $value) = each($_GET)) {
/* Removed ($key != 'ID')&& from the condition to add store id in the url by Cimi on June 08,2007*/
if (strlen($value) > 0 && $key != smn_session_name() && $key != 'error' && $key != 'SmT' && !in_array($key, $exclude_array) && $key != 'x' && $key != 'y') {
$get_url .= $key . '=' . rawurlencode(stripslashes($value)) . '&';
}
}
}
return $get_url;
}
function smn_get_all_post_params($exclude_array = '')
{
global $_POST;
if ($exclude_array == '') {
$exclude_array = array();
}
$post_url = '';
reset($_POST);
while (list($key, $value) = each($_POST)) {
if ($key != smn_session_name() && $key != 'error' && !in_array($key, $exclude_array)) {
$post_url .= $key . '=' . $value . '&';
}
}
return $post_url;
}
// set the session name and save path
smn_session_name('osCMall');
smn_session_save_path(SESSION_WRITE_DIRECTORY);
// set the session cookie parameters
if (function_exists('session_set_cookie_params')) {
session_set_cookie_params(0, $cookie_path, $cookie_domain);
} elseif (function_exists('ini_set')) {
ini_set('session.cookie_lifetime', '0');
ini_set('session.cookie_path', $cookie_path);
ini_set('session.cookie_domain', $cookie_domain);
}
// set the session ID if it exists
if (isset($_POST[smn_session_name()])) {
smn_session_id($_POST[smn_session_name()]);
} elseif (isset($_GET[smn_session_name()])) {
smn_session_id($_GET[smn_session_name()]);
}
// start the session
$session_started = false;
if (SESSION_FORCE_COOKIE_USE == 'True') {
smn_setcookie('cookie_test', 'please_accept_for_session', time() + 60 * 60 * 24 * 30, $cookie_path, $cookie_domain);
if (isset($HTTP_COOKIE_VARS['cookie_test'])) {
smn_session_start();
$session_started = true;
}
} elseif (SESSION_BLOCK_SPIDERS == 'True') {
$user_agent = strtolower(getenv('HTTP_USER_AGENT'));
$spider_flag = false;
if (smn_not_null($user_agent)) {
$spiders = file(DIR_WS_INCLUDES . 'spiders.txt');
for ($i = 0, $n = sizeof($spiders); $i < $n; $i++) {
function smn_session_recreate()
{
if (PHP_VERSION >= 4.1) {
$session_backup = $_SESSION;
unset($_COOKIE[smn_session_name()]);
smn_session_destroy();
if (STORE_SESSIONS == 'mysql') {
session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
}
smn_session_start();
$_SESSION = $session_backup;
unset($session_backup);
}
}
?>
</td>
<td class="dataTableContent" align="center"><?php
echo $whos_online['ip_address'];
?>
</td>
<td class="dataTableContent"><?php
echo date('H:i:s', $whos_online['time_entry']);
?>
</td>
<td class="dataTableContent" align="center"><?php
echo date('H:i:s', $whos_online['time_last_click']);
?>
</td>
<td class="dataTableContent"><?php
if (eregi('^(.*)' . smn_session_name() . '=[a-f,0-9]+[&]*(.*)', $whos_online['last_page_url'], $array)) {
echo $array[1] . $array[2];
} else {
echo $whos_online['last_page_url'];
}
?>
</td>
</tr>
<?php
}
?>
<tr>
<td class="smallText" colspan="7"><?php
echo sprintf(TEXT_NUMBER_OF_CUSTOMERS, smn_db_num_rows($whos_online_query));
?>
</td>
to obtain it through the world-wide-web, please send a note to
license@systemsmanager.net so we can mail you a copy immediately.
*/
if (isset($currencies) && is_object($currencies)) {
$boxHeading = BOX_HEADING_CURRENCIES;
$box_base_name = 'currencies';
$box_id = $box_base_name . 'Box';
reset($currencies->currencies);
$currencies_array = array();
while (list($key, $value) = each($currencies->currencies)) {
$currencies_array[] = array('id' => $key, 'text' => $value['title']);
}
$hidden_get_variables = '';
reset($_GET);
while (list($key, $value) = each($_GET)) {
if ($key != 'currency' && $key != smn_session_name() && $key != 'x' && $key != 'y') {
$hidden_get_variables .= smn_draw_hidden_field($key, $value);
}
}
$boxContent = smn_draw_form('currencies', smn_href_link(basename($PHP_SELF), '', $request_type, false), 'get');
$boxContent .= smn_draw_pull_down_menu('currency', $currencies_array, $currency, 'onChange="this.form.submit();" style="width: 100%"');
$boxContent .= $hidden_get_variables;
$boxContent .= smn_hide_session_id();
$boxContent .= '</form>';
if (file_exists(DIR_WS_BOX_TEMPLATES . $box_base_name . '.php')) {
require DIR_WS_BOX_TEMPLATES . $box_base_name . '.php';
} else {
require DEFAULT_TEMPLATENAME_BOX;
}
$boxContent_attributes = '';
}
function before_process()
{
global $_POST;
if ($_POST['valid'] == 'true') {
if ($remote_host = getenv('REMOTE_HOST')) {
if ($remote_host != 'secpay.com') {
$remote_host = gethostbyaddr($remote_host);
}
if ($remote_host != 'secpay.com') {
smn_redirect(smn_href_link(FILENAME_CHECKOUT_PAYMENT, smn_session_name() . '=' . $_POST[smn_session_name()] . '&payment_error=' . $this->code, 'NONSSL', false, false));
}
} else {
smn_redirect(smn_href_link(FILENAME_CHECKOUT_PAYMENT, smn_session_name() . '=' . $_POST[smn_session_name()] . '&payment_error=' . $this->code, 'NONSSL', false, false));
}
}
}
function process_button()
{
global $HTTP_SERVER_VARS, $order, $customer_id;
$sequence = rand(1, 1000);
$process_button_string = smn_draw_hidden_field('x_Login', MODULE_PAYMENT_AUTHORIZENET_LOGIN) . smn_draw_hidden_field('x_Card_Num', $this->cc_card_number) . smn_draw_hidden_field('x_Exp_Date', $this->cc_expiry_month . substr($this->cc_expiry_year, -2)) . smn_draw_hidden_field('x_Amount', number_format($order->info['total'], 2)) . smn_draw_hidden_field('x_Relay_URL', smn_href_link(FILENAME_CHECKOUT_PROCESS, '', 'NONSSL', false)) . smn_draw_hidden_field('x_Method', MODULE_PAYMENT_AUTHORIZENET_METHOD == 'Credit Card' ? 'CC' : 'ECHECK') . smn_draw_hidden_field('x_Version', '3.0') . smn_draw_hidden_field('x_Cust_ID', $customer_id) . smn_draw_hidden_field('x_Email_Customer', MODULE_PAYMENT_AUTHORIZENET_EMAIL_CUSTOMER == 'True' ? 'TRUE' : 'FALSE') . smn_draw_hidden_field('x_first_name', $order->billing['firstname']) . smn_draw_hidden_field('x_last_name', $order->billing['lastname']) . smn_draw_hidden_field('x_address', $order->billing['street_address']) . smn_draw_hidden_field('x_city', $order->billing['city']) . smn_draw_hidden_field('x_state', $order->billing['state']) . smn_draw_hidden_field('x_zip', $order->billing['postcode']) . smn_draw_hidden_field('x_country', $order->billing['country']['title']) . smn_draw_hidden_field('x_phone', $order->customer['telephone']) . smn_draw_hidden_field('x_email', $order->customer['email_address']) . smn_draw_hidden_field('x_ship_to_first_name', $order->delivery['firstname']) . smn_draw_hidden_field('x_ship_to_last_name', $order->delivery['lastname']) . smn_draw_hidden_field('x_ship_to_address', $order->delivery['street_address']) . smn_draw_hidden_field('x_ship_to_city', $order->delivery['city']) . smn_draw_hidden_field('x_ship_to_state', $order->delivery['state']) . smn_draw_hidden_field('x_ship_to_zip', $order->delivery['postcode']) . smn_draw_hidden_field('x_ship_to_country', $order->delivery['country']['title']) . smn_draw_hidden_field('x_Customer_IP', $HTTP_SERVER_VARS['REMOTE_ADDR']) . $this->InsertFP(MODULE_PAYMENT_AUTHORIZENET_LOGIN, MODULE_PAYMENT_AUTHORIZENET_TXNKEY, number_format($order->info['total'], 2), $sequence);
if (MODULE_PAYMENT_AUTHORIZENET_TESTMODE == 'Test') {
$process_button_string .= smn_draw_hidden_field('x_Test_Request', 'TRUE');
}
$process_button_string .= smn_draw_hidden_field(smn_session_name(), smn_session_id());
return $process_button_string;
}
function debug()
{
for ($i = 0, $n = sizeof($this->path); $i < $n; $i++) {
echo $this->path[$i]['page'] . '?';
while (list($key, $value) = each($this->path[$i]['get'])) {
echo $key . '=' . $value . '&';
}
if (sizeof($this->path[$i]['post']) > 0) {
echo '<br>';
while (list($key, $value) = each($this->path[$i]['post'])) {
echo ' <b>' . $key . '=' . $value . '</b><br>';
}
}
echo '<br>';
}
if (sizeof($this->snapshot) > 0) {
echo '<br><br>';
echo $this->snapshot['mode'] . ' ' . $this->snapshot['page'] . '?' . smn_array_to_string($this->snapshot['get'], array(smn_session_name())) . '<br>';
}
}
function post_url()
{
$URL = FILENAME_DEFAULT . "?ID=" . $this->store_id . "&" . smn_session_name() . "=" . smn_session_id();
if ($this->store_path != "") {
$URL .= "&sp_url=" . urlencode($this->store_path);
}
return $URL;
}
