public function execute() { global $login_customer_id; $OSCOM_Db = Registry::get('Db'); if (is_int($login_customer_id) && $login_customer_id > 0) { if (SESSION_RECREATE == 'True') { tep_session_recreate(); } $Qcustomer = $OSCOM_Db->prepare('select c.customers_firstname, c.customers_default_address_id, ab.entry_country_id, ab.entry_zone_id from :table_customers c left join :table_address_book ab on (c.customers_id = ab.customers_id and c.customers_default_address_id = ab.address_book_id) where c.customers_id = :customers_id'); $Qcustomer->bindInt(':customers_id', $login_customer_id); $Qcustomer->execute(); $_SESSION['customer_id'] = $login_customer_id; $_SESSION['customer_default_address_id'] = $Qcustomer->valueInt('customers_default_address_id'); $_SESSION['customer_first_name'] = $Qcustomer->value('customers_firstname'); $_SESSION['customer_country_id'] = $Qcustomer->valueInt('entry_country_id'); $_SESSION['customer_zone_id'] = $Qcustomer->valueInt('entry_zone_id'); $Qupdate = $OSCOM_Db->prepare('update :table_customers_info set customers_info_date_of_last_logon = now(), customers_info_number_of_logons = customers_info_number_of_logons+1, password_reset_key = null, password_reset_date = null where customers_info_id = :customers_info_id'); $Qupdate->bindInt(':customers_info_id', $_SESSION['customer_id']); $Qupdate->execute(); // reset session token $_SESSION['sessiontoken'] = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand()); // restore cart contents $_SESSION['cart']->restore_contents(); if (count($_SESSION['navigation']->snapshot) > 0) { $origin_href = OSCOM::link($_SESSION['navigation']->snapshot['page'], tep_array_to_string($_SESSION['navigation']->snapshot['get'], array(session_name())), $_SESSION['navigation']->snapshot['mode']); $_SESSION['navigation']->clear_snapshot(); HTTP::redirect($origin_href); } OSCOM::redirect('index.php'); } }
function tep_create_random_value($length, $type = 'mixed') { if ($type != 'mixed' && $type != 'chars' && $type != 'digits') { return false; } $rand_value = ''; while (strlen($rand_value) < $length) { if ($type == 'digits') { $char = tep_rand(0, 9); } else { $char = chr(tep_rand(0, 255)); } if ($type == 'mixed') { if (preg_match('/^[a-z0-9]$/i', $char)) { $rand_value .= $char; } } elseif ($type == 'chars') { if (preg_match('/^[a-z]$/i', $char)) { $rand_value .= $char; } } elseif ($type == 'digits') { if (preg_match('/^[0-9]$/i', $char)) { $rand_value .= $char; } } } return $rand_value; }
function tep_encrypt_password($plain) { $password = ''; for ($i = 0; $i < 10; $i++) { $password .= tep_rand(); } $salt = substr(md5($password), 0, 2); $password = md5($salt . $plain) . ':' . $salt; return $password; }
function tep_random_name() { $letters = 'abcdefghijklmnopqrstuvwxyz'; $dirname = '.'; $length = floor(tep_rand(16, 20)); for ($i = 1; $i <= $length; $i++) { $q = floor(tep_rand(1, 26)); $dirname .= $letters[$q]; } return $dirname; }
function tep_random_select($query) { $random_product = ''; $random_query = tep_db_query($query); $num_rows = tep_db_num_rows($random_query); if ($num_rows > 0) { $random_row = tep_rand(0, $num_rows - 1); tep_db_data_seek($random_query, $random_row); $random_product = tep_db_fetch_array($random_query); } return $random_product; }
function session_start() { global $session, $SID, $HTTP_COOKIE_VARS, $HTTP_GET_VARS, $HTTP_POST_VARS; // Define the global variable $SID? $define_sid = true; // Send the session cookie? $send_cookie = true; // Is track_vars enabled? $track_vars = isset($HTTP_COOKIE_VARS) || isset($HTTP_GET_VARS) || isset($HTTP_POST_VARS) ? true : false; // Check if session_start() has been called once already if ($session->nr_open_sessions != 0) { return false; } // If our only resource is the global symbol_table, then check it. // If track_vars are enabled, we prefer these, because they are more // reliable, and we always know whether the user has accepted the // cookie. if (isset($GLOBALS[$session->name]) && !empty($GLOBALS[$session->name]) && !$track_vars) { $session->id = $GLOBALS[$session->name]; $send_cookie = false; } // Now check the track_vars. Cookies are preferred, because initially // cookie and get variables will be available. if (empty($session->id) && $track_vars) { if (isset($HTTP_COOKIE_VARS[$session->name])) { $session->id = $HTTP_COOKIE_VARS[$session->name]; $define_sid = false; $send_cookie = false; } if (isset($HTTP_GET_VARS[$session->name])) { $session->id = $HTTP_GET_VARS[$session->name]; } if (isset($HTTP_POST_VARS[$session->name])) { $session->id = $HTTP_POST_VARS[$session->name]; } } /* // Check the REQUEST_URI symbol for a string of the form // '<session-name>=<session-id>' to allow URLs of the form // http://yoursite/<session-name>=<session-id>/script.php if (empty($session->id)) { eregi($session->name . '=([^/]+)', $GLOBALS['REQUEST_URI'], $regs); $regs[1] = trim($regs[1]); if (!empty($regs[1])) { $session->id = $regs[1]; } } */ // Check whether the current request was referred to by // an external site which invalidates the previously found ID if (!empty($session->id) && $session->referer_check) { $url = parse_url($GLOBALS['HTTP_REFERER']); if (trim($url['host']) != $GLOBALS['SERVER_NAME']) { unset($session->id); $send_cookie = true; $define_sid = true; } } // Do we have an existing session ID? if (empty($session->id)) { // Create new session ID $session->id = _session_create_id(); } // Is use_cookies set to false? if (!$session->use_cookies && $send_cookie) { $define_sid = true; $send_cookie = false; } // Should we send a cookie? if ($send_cookie) { setcookie($session->name, $session->id, $session->cookie_lifetime, $session->cookie_path, $session->cookie_domain); } // Should we define the SID? if ($define_sid) { $SID = $session->name . '=' . $session->id; } $session->nr_open_sessions++; // Send caching headers // Start session $mod = $GLOBALS[$session->mod_name]; if (!$mod->open($session->save_path, $session->name)) { die('Failed to initialize session module.'); } // Read session data if ($val = $mod->read($session->id)) { // Decode session data session_decode($val); } // Send HTTP cache headers _session_cache_limiter(); // Check if we should clean up (call the garbage collection routines) if ($session->gc_probability > 0) { $randmax = getrandmax(); $nrand = (int) (100 * tep_rand() / $randmax); if ($nrand < $session->gc_probability) { $mod->gc($session->gc_maxlifetime); } } if ($define_sid) { define('SID', $SID); } else { define('SID', ''); } return true; }
function db_random_select($query) { $random_info = ''; $random_query = db_query($query); $num_rows = db_num_rows($random_query); if ($num_rows > 0) { $random_row = tep_rand(0, $num_rows - 1); db_data_seek($random_query, $random_row); $random_info = db_fetch_array($random_query); } return $random_info; }
/** * encode() * * Encodes and returns the email. Also stores * it in the encoded member variable * * @return An associative array containing two elements, * body and headers. The headers element is itself * an indexed array. * @access public */ function encode() { $encoded = $this->_encoded; if (tep_not_null($this->_subparts)) { $boundary = '=_' . md5(uniqid(tep_rand()) . microtime()); $this->_headers['Content-Type'] .= ';' . $this->lf . chr(9) . 'boundary="' . $boundary . '"'; // Add body parts to $subparts for ($i = 0; $i < count($this->_subparts); $i++) { $headers = array(); $_subparts = $this->_subparts[$i]; $tmp = $_subparts->encode(); foreach ($tmp['headers'] as $key => $value) { $headers[] = $key . ': ' . $value; } $subparts[] = implode($this->lf, $headers) . $this->lf . $this->lf . $tmp['body']; } $encoded['body'] = '--' . $boundary . $this->lf . implode('--' . $boundary . $this->lf, $subparts) . '--' . $boundary . '--' . $this->lf; } else { $encoded['body'] = $this->_getEncodedData($this->_body, $this->_encoding) . $this->lf; } // Add headers to $encoded $encoded['headers'] = $this->_headers; return $encoded; }
function createRandomValue($length, $type = 'mixed') { if ($type != 'mixed' && $type != 'chars' && $type != 'digits') { $type = 'mixed'; } $chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'; $digits = '0123456789'; $base = ''; if ($type == 'mixed' || $type == 'chars') { $base .= $chars; } if ($type == 'mixed' || $type == 'digits') { $base .= $digits; } $value = ''; if (!class_exists('PasswordHash') && file_exists(DIR_FS_CATALOG . 'includes/classes/passwordhash.php')) { include DIR_FS_CATALOG . 'includes/classes/passwordhash.php'; $hasher = new PasswordHash(10, true); do { $random = base64_encode($hasher->get_random_bytes($length)); for ($i = 0, $n = strlen($random); $i < $n; $i++) { $char = substr($random, $i, 1); if (strpos($base, $char) !== false) { $value .= $char; } } } while (strlen($value) < $length); if (strlen($value) > $length) { $value = substr($value, 0, $length); } return $value; } // fallback for v2.3.1 while (strlen($value) < $length) { if ($type == 'digits') { $char = tep_rand(0, 9); } else { $char = chr(tep_rand(0, 255)); } if ($type == 'mixed') { if (preg_match('/^[a-z0-9]$/i', $char)) { $value .= $char; } } elseif ($type == 'chars') { if (preg_match('/^[a-z]$/i', $char)) { $value .= $char; } } elseif ($type == 'digits') { if (preg_match('/^[0-9]$/i', $char)) { $value .= $char; } } } return $value; }
function expire() { extract(tep_load('database')); $value = tep_rand(0, 19); if (!$value) { $db->query("delete from " . TABLE_SESSIONS_ADMIN . " where expiry < '" . time() . "'"); } }
function randomQueryMulti($query) { $resource = $this->simpleQuery($query); $num_rows = $this->numberOfRows($resource); if ($num_rows > 0) { $random_row = tep_rand(0, $num_rows - 1); $this->dataSeek($random_row, $resource); return $resource; } else { return false; } }
function tep_random_buttons_css(&$selection, $selector, $count = 10) { $entries_array = array(); $chars = 'abcdefghijklmnopqrstuvwxyz'; $hidden = 'none;' . "\n"; $visible = 'inline;' . "\n"; $k = tep_rand(0, $count); $css = array(); for ($i = 0; $i < $count; $i++) { for ($entry = '', $i2 = 0; $i2 < 6; $i2++) { $entry .= $chars[tep_rand(0, strlen($chars) - 1)]; } $precount = tep_rand(0, 3); //$comment_start = tep_rand(0, 5); //$comment_end = tep_rand($comment_start, 5); if (isset($entries_array[$entry])) { continue; } $css[$entry] = $selector . ' .' . $entry . ' {' . "\n"; $entries_array[$entry] = ''; for ($i2 = 0; $i2 < $precount; $i2++) { $pre_random = tep_rand(0, 1) == 1 ? $visible : $hidden; $css[$entry] .= 'display: ' . $pre_random; } if ($i == $k) { $selection = $entry; $css[$entry] .= 'display: ' . $visible; } else { $css[$entry] .= 'display: ' . $hidden; } $css[$entry] .= '}' . "\n"; } return $css; }
function get_banners() { extract(tep_load('defs', 'database')); $result_array = array(); $content_type = 0; switch ($cDefs->script) { case FILENAME_GENERIC_PAGES: $content_type = 1; break; case FILENAME_COLLECTIONS: $content_type = 2; break; default: $content_type = 0; break; } $result_array = $db->query_to_array("select auto_id, group_id, filename, content_id, content_name, content_type, content_link from " . TABLE_BANNERS . " where (content_type = '" . (int) $content_type . "' or content_type = '0') and status_id = 1 order by sort_id"); if (empty($result_array)) { return $result_array; } $tmp_array = tep_array_invert_flat($result_array, 'group_id', 'group_id'); $groups_array = $db->query_to_array("select group_id, group_pos, group_type, group_width, group_height from " . TABLE_BANNERS_GROUP . " where group_id in (" . implode(',', array_keys($tmp_array)) . ")", 'group_id'); $tmp_array = array(); for ($i = 0, $j = count($result_array); $i < $j; $i++) { $group_id = $result_array[$i]['group_id']; $tmp_array[$group_id] = isset($tmp_array[$group_id]) ? count($tmp_array[$group_id]) : 0; $result_array[$i]['group_pos'] = $groups_array[$group_id]['group_pos']; } foreach ($tmp_array as $group_id => $count) { if ($groups_array[$group_id]['group_type'] == 1 && $count) { $index = 0; $keep = tep_rand(0, $count); for ($i = 0, $j = count($result_array); $i < $j; $i++) { if ($result_array[$i]['group_id'] == $group_id) { if ($keep != $index) { unset($result_array[$i]); } $index++; } } $result_array = array_values($result_array); } } return $result_array; }
} } if ($spider_flag == false) { tep_session_start(); $session_started = true; } } else { tep_session_start(); $session_started = true; } if ($session_started == true && PHP_VERSION >= 4.3 && function_exists('ini_get') && ini_get('register_globals') == false) { extract($_SESSION, EXTR_OVERWRITE + EXTR_REFS); } // initialize a session token if (!tep_session_is_registered('sessiontoken')) { $sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand()); tep_session_register('sessiontoken'); } // set SID once, even if empty $SID = defined('SID') ? SID : ''; // verify the ssl_session_id if the feature is enabled if ($request_type == 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && ENABLE_SSL == true && $session_started == true) { $ssl_session_id = getenv('SSL_SESSION_ID'); if (!tep_session_is_registered('SSL_SESSION_ID')) { $SESSION_SSL_ID = $ssl_session_id; tep_session_register('SESSION_SSL_ID'); } if ($SESSION_SSL_ID != $ssl_session_id) { tep_session_destroy(); tep_redirect(tep_href_link(FILENAME_SSL_CHECK)); }
protected function init() { global $request_type, $cookie_domain, $cookie_path, $PHP_SELF, $SID, $currencies, $messageStack, $oscTemplate, $breadcrumb; Registry::set('Cache', new Cache()); $OSCOM_Db = Db::initialize(); Registry::set('Db', $OSCOM_Db); // set the application parameters $Qcfg = $OSCOM_Db->get('configuration', ['configuration_key as k', 'configuration_value as v']); //, null, null, null, 'configuration'); // TODO add cache when supported by admin while ($Qcfg->fetch()) { define($Qcfg->value('k'), $Qcfg->value('v')); } // set the type of request (secure or not) if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' || isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) { $request_type = 'SSL'; define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG); $cookie_domain = HTTPS_COOKIE_DOMAIN; $cookie_path = HTTPS_COOKIE_PATH; } else { $request_type = 'NONSSL'; define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG); $cookie_domain = HTTP_COOKIE_DOMAIN; $cookie_path = HTTP_COOKIE_PATH; } // set php_self in the global scope $req = parse_url($_SERVER['SCRIPT_NAME']); $PHP_SELF = substr($req['path'], $request_type == 'NONSSL' ? strlen(DIR_WS_HTTP_CATALOG) : strlen(DIR_WS_HTTPS_CATALOG)); // set the session name and save path session_name('oscomid'); session_save_path(SESSION_WRITE_DIRECTORY); // set the session cookie parameters session_set_cookie_params(0, $cookie_path, $cookie_domain); if (function_exists('ini_set')) { ini_set('session.use_only_cookies', SESSION_FORCE_COOKIE_USE == 'True' ? 1 : 0); } // set the session ID if it exists if (SESSION_FORCE_COOKIE_USE == 'False') { if (isset($_GET[session_name()]) && (!isset($_COOKIE[session_name()]) || $_COOKIE[session_name()] != $_GET[session_name()])) { session_id($_GET[session_name()]); } elseif (isset($_POST[session_name()]) && (!isset($_COOKIE[session_name()]) || $_COOKIE[session_name()] != $_POST[session_name()])) { session_id($_POST[session_name()]); } } // start the session if (SESSION_FORCE_COOKIE_USE == 'True') { tep_setcookie('cookie_test', 'please_accept_for_session', time() + 60 * 60 * 24 * 30); if (isset($_COOKIE['cookie_test'])) { tep_session_start(); } } elseif (SESSION_BLOCK_SPIDERS == 'True') { $user_agent = ''; if (isset($_SERVER['HTTP_USER_AGENT'])) { $user_agent = strtolower($_SERVER['HTTP_USER_AGENT']); } $spider_flag = false; if (!empty($user_agent)) { foreach (file(OSCOM::BASE_DIR . 'spiders.txt') as $spider) { if (!empty($spider)) { if (strpos($user_agent, $spider) !== false) { $spider_flag = true; break; } } } } if ($spider_flag === false) { tep_session_start(); } } else { tep_session_start(); } $this->ignored_actions[] = session_name(); // initialize a session token if (!isset($_SESSION['sessiontoken'])) { $_SESSION['sessiontoken'] = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand()); } // set SID once, even if empty $SID = defined('SID') ? SID : ''; // verify the ssl_session_id if the feature is enabled if ($request_type == 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && ENABLE_SSL == true && session_status() === PHP_SESSION_ACTIVE) { if (!isset($_SESSION['SSL_SESSION_ID'])) { $_SESSION['SESSION_SSL_ID'] = $_SERVER['SSL_SESSION_ID']; } if ($_SESSION['SESSION_SSL_ID'] != $_SERVER['SSL_SESSION_ID']) { tep_session_destroy(); OSCOM::redirect('ssl_check.php'); } } // verify the browser user agent if the feature is enabled if (SESSION_CHECK_USER_AGENT == 'True') { if (!isset($_SESSION['SESSION_USER_AGENT'])) { $_SESSION['SESSION_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; } if ($_SESSION['SESSION_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) { tep_session_destroy(); OSCOM::redirect('index.php', 'Account&LogIn'); } } // verify the IP address if the feature is enabled if (SESSION_CHECK_IP_ADDRESS == 'True') { if (!isset($_SESSION['SESSION_IP_ADDRESS'])) { $_SESSION['SESSION_IP_ADDRESS'] = tep_get_ip_address(); } if ($_SESSION['SESSION_IP_ADDRESS'] != tep_get_ip_address()) { tep_session_destroy(); OSCOM::redirect('index.php', 'Account&LogIn'); } } // create the shopping cart if (!isset($_SESSION['cart']) || !is_object($_SESSION['cart']) || get_class($_SESSION['cart']) != 'shoppingCart') { $_SESSION['cart'] = new \shoppingCart(); } // include currencies class and create an instance $currencies = new \currencies(); // set the language if (!isset($_SESSION['language']) || isset($_GET['language'])) { $lng = new \language(); if (isset($_GET['language']) && !empty($_GET['language'])) { $lng->set_language($_GET['language']); } else { $lng->get_browser_language(); } $_SESSION['language'] = $lng->language['directory']; $_SESSION['languages_id'] = $lng->language['id']; } // include the language translations $system_locale_numeric = setlocale(LC_NUMERIC, 0); include OSCOM::BASE_DIR . 'languages/' . $_SESSION['language'] . '.php'; setlocale(LC_NUMERIC, $system_locale_numeric); // Prevent LC_ALL from setting LC_NUMERIC to a locale with 1,0 float/decimal values instead of 1.0 (see bug #634) // currency if (!isset($_SESSION['currency']) || isset($_GET['currency']) || USE_DEFAULT_LANGUAGE_CURRENCY == 'true' && LANGUAGE_CURRENCY != $_SESSION['currency']) { if (isset($_GET['currency']) && $currencies->is_set($_GET['currency'])) { $_SESSION['currency'] = $_GET['currency']; } else { $_SESSION['currency'] = USE_DEFAULT_LANGUAGE_CURRENCY == 'true' && $currencies->is_set(LANGUAGE_CURRENCY) ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY; } } // navigation history if (!isset($_SESSION['navigation']) || !is_object($_SESSION['navigation']) || get_class($_SESSION['navigation']) != 'navigationHistory') { $_SESSION['navigation'] = new \navigationHistory(); } $_SESSION['navigation']->add_current_page(); $messageStack = new \messageStack(); tep_update_whos_online(); tep_activate_banners(); tep_expire_banners(); tep_expire_specials(); $oscTemplate = new \oscTemplate(); $breadcrumb = new \breadcrumb(); $breadcrumb->add(HEADER_TITLE_TOP, HTTP_SERVER); $breadcrumb->add(HEADER_TITLE_CATALOG, OSCOM::link('index.php')); Registry::set('Hooks', new Hooks()); }
break; } } } } if ($spider_flag === false) { tep_session_start(); $session_started = true; } } else { tep_session_start(); $session_started = true; } // initialize a session token if (!isset($_SESSION['sessiontoken'])) { $_SESSION['sessiontoken'] = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand()); } // set SID once, even if empty $SID = defined('SID') ? SID : ''; // verify the ssl_session_id if the feature is enabled if ($request_type == 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && ENABLE_SSL == true && $session_started === true) { if (!isset($_SESSION['SSL_SESSION_ID'])) { $_SESSION['SESSION_SSL_ID'] = $_SERVER['SSL_SESSION_ID']; } if ($_SESSION['SESSION_SSL_ID'] != $_SERVER['SSL_SESSION_ID']) { tep_session_destroy(); OSCOM::redirect('ssl_check.php'); } } // verify the browser user agent if the feature is enabled if (SESSION_CHECK_USER_AGENT == 'True') {
function tep_create_random_value($length, $type = 'mixed', $unique = false) { $digits = '1234567890'; $chars = 'abcdefghijklmnopqrstuvwxyz'; $result = $pattern = ''; switch ($type) { case 'digits': $pattern = $digits; break; case 'chars': $pattern = $chars . strtoupper($chars); break; case 'chars_lower': $pattern = $chars; break; case 'mixed_upper': $pattern = $digits . strtoupper($chars); break; case 'mixed_lower': $pattern = $digits . $chars; break; default: if ($unique) { $pattern = $digits . $chars . strtoupper($chars); } else { $pattern = $digits . $chars . strrev($digits) . strtoupper($chars); } break; } for ($i = 0; $i < $length && strlen($pattern); $i++) { $index = tep_rand(0, strlen($pattern) - 1); $result .= substr($pattern, $index, 1); if ($unique) { if ($index >= strlen($pattern)) { $pattern = substr($pattern, 0, -1); } elseif (!$index) { $pattern = substr($pattern, 1); } else { $pattern = substr($pattern, 0, $index) . substr($pattern, $index + 1); } } } return $result; }