/**
* Checks the session var
* @static checkAuthorisation()
* @access public
* @author Sam West aka Nimmit - osc@kangaroopartners.com
* @param $sessionVar string session variable name
* @return void
*/
function checkAuthorisation($sessionVar)
{
if (!amSessionIsRegistered($sessionVar)) {
exit("Session not registered - You cant access this page directly");
}
if ($GLOBALS[$sessionVar] != stopDirectAccess::makeSessionId()) {
exit("Session ids don't match - You cant access this page directly");
}
}
/**
* Sets the global session variable
* @static authorise()
* @access public
* @author Sam West aka Nimmit - osc@kangaroopartners.com
* @param $sessionVar string session variable name
* @return void
*/
function authorise($sessionVar)
{
amSessionRegister($sessionVar);
$GLOBALS[$sessionVar] = stopDirectAccess::makeSessionId();
}
<?php
/*
$Id$
osCmax e-Commerce
http://www.oscmax.com
Copyright 2000 - 2011 osCmax
Released under the GNU General Public License
*/
/*
Copyright © 2006 Kangaroo Partners
http://kangaroopartners.com
osc@kangaroopartners.com
*/
require_once 'attributeManager/classes/attributeManagerConfig.class.php';
if (isset($_GET['pID'])) {
require_once 'attributeManager/classes/stopDirectAccess.class.php';
stopDirectAccess::authorise(AM_SESSION_VALID_INCLUDE);
echo '<div id="attributeManager">';
echo '</div>';
} else {
echo '<div id="topBar">';
echo '<table width="100%"><tr><td class="messageStackAlert">' . tep_image(DIR_WS_ICONS . 'information.png', IMAGE_ICON_INFO) . ' ' . AM_AJAX_FIRST_SAVE . '</td></tr></table>';
echo '</div>';
}
// session functions
require_once 'attributeManager/includes/attributeManagerSessionFunctions.inc.php';
// config
require_once 'attributeManager/classes/attributeManagerConfig.class.php';
// misc functions
require_once 'attributeManager/includes/attributeManagerGeneralFunctions.inc.php';
// parent class
require_once 'attributeManager/classes/attributeManager.class.php';
// instant class
require_once 'attributeManager/classes/attributeManagerInstant.class.php';
// atomic class
require_once 'attributeManager/classes/attributeManagerAtomic.class.php';
// security class
require_once 'attributeManager/classes/stopDirectAccess.class.php';
// check that the file is allowed to be accessed
stopDirectAccess::checkAuthorisation(AM_SESSION_VALID_INCLUDE);
// get an instance of one of the attribute manager classes
$attributeManager =& amGetAttributeManagerInstance($_GET);
// do any actions that should be done
$globalVars = $attributeManager->executePageAction($_GET);
// set any global variables from the page action execution
if (0 !== count($globalVars) && is_array($globalVars)) {
foreach ($globalVars as $varName => $varValue) {
${$varName} = $varValue;
}
}
// get the current products options and values
$allProductOptionsAndValues = $attributeManager->getAllProductOptionsAndValues(true);
//$SortedProductAttributes = $attributeManager->sortArrSessionVar();
// count the options
$numOptions = count($allProductOptionsAndValues);