public function execute() { $OSCOM_Session = Registry::get('Session'); // initialize a session token if (!isset($_SESSION['sessiontoken'])) { $_SESSION['sessiontoken'] = md5(Hash::getRandomInt() . Hash::getRandomInt() . Hash::getRandomInt() . Hash::getRandomInt()); } // verify the ssl_session_id if the feature is enabled if (HTTP::getRequestType() === 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && $OSCOM_Session->hasStarted()) { if (!isset($_SESSION['SSL_SESSION_ID'])) { $_SESSION['SESSION_SSL_ID'] = $_SERVER['SSL_SESSION_ID']; } if ($_SESSION['SESSION_SSL_ID'] != $_SERVER['SSL_SESSION_ID']) { $OSCOM_Session->kill(); OSCOM::redirect('ssl_check.php'); } } // verify the browser user agent if the feature is enabled if (SESSION_CHECK_USER_AGENT == 'True') { if (!isset($_SESSION['SESSION_USER_AGENT'])) { $_SESSION['SESSION_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT']; } if ($_SESSION['SESSION_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) { $OSCOM_Session->kill(); OSCOM::redirect('login.php'); } } // verify the IP address if the feature is enabled if (SESSION_CHECK_IP_ADDRESS == 'True') { if (!isset($_SESSION['SESSION_IP_ADDRESS'])) { $_SESSION['SESSION_IP_ADDRESS'] = HTTP::getIpAddress(); } if ($_SESSION['SESSION_IP_ADDRESS'] != HTTP::getIpAddress()) { $OSCOM_Session->kill(); OSCOM::redirect('login.php'); } } }
public static function link($page, $parameters = null, $add_session_id = true, $search_engine_safe = true) { $page = HTML::sanitize($page); $site = $req_site = static::$site; if (strpos($page, '/') !== false && preg_match('/^([A-Z][A-Za-z0-9-_]*)\\/(.*)$/', $page, $matches) === 1 && OSCOM::siteExists($matches[1], false)) { $req_site = $matches[1]; $page = $matches[2]; } if (!is_bool($add_session_id)) { $add_session_id = true; } if (!is_bool($search_engine_safe)) { $search_engine_safe = true; } if ($add_session_id === true && $site !== $req_site) { $add_session_id = false; } $link = static::getConfig('http_server', $req_site) . static::getConfig('http_path', $req_site) . $page; if (!empty($parameters)) { $p = HTML::sanitize($parameters); $p = str_replace(["\\", '{', '}'], ['%5C', '%7B', '%7D'], $p); $link .= '?' . $p; $separator = '&'; } else { $separator = '?'; } while (substr($link, -1) == '&' || substr($link, -1) == '?') { $link = substr($link, 0, -1); } // Add the session ID when moving from different HTTP and HTTPS servers, or when SID is defined if ($add_session_id == true && Registry::exists('Session')) { $OSCOM_Session = Registry::get('Session'); if ($OSCOM_Session->hasStarted() && $OSCOM_Session->isForceCookies() === false) { if (strlen(SID) > 0 || (HTTP::getRequestType() == 'NONSSL' && parse_url(static::getConfig('http_server', $req_site), PHP_URL_SCHEME) == 'https' || HTTP::getRequestType() == 'SSL' && parse_url(static::getConfig('http_server', $req_site), PHP_URL_SCHEME) == 'http')) { $link .= $separator . HTML::sanitize(session_name() . '=' . session_id()); } } } while (strpos($link, '&&') !== false) { $link = str_replace('&&', '&', $link); } if ($search_engine_safe == true && defined('SEARCH_ENGINE_FRIENDLY_URLS') && SEARCH_ENGINE_FRIENDLY_URLS == 'true') { $link = str_replace(['?', '&', '='], '/', $link); } return $link; }
if (PHP_VERSION_ID < 70000) { include OSCOM::getConfig('dir_root', 'Shop') . 'includes/third_party/random_compat/random.php'; } require 'includes/filenames.php'; require 'includes/functions/general.php'; require 'includes/classes/logger.php'; require 'includes/classes/shopping_cart.php'; require 'includes/classes/table_block.php'; require 'includes/classes/box.php'; require 'includes/classes/object_info.php'; require 'includes/classes/upload.php'; require 'includes/classes/action_recorder.php'; require 'includes/classes/cfg_modules.php'; require OSCOM::getConfig('dir_root', 'Shop') . 'includes/classes/osc_template.php'; OSCOM::loadSite('Admin'); if (HTTP::getRequestType() === 'NONSSL' && $_SERVER['REQUEST_METHOD'] === 'GET' && parse_url(OSCOM::getConfig('http_server'), PHP_URL_SCHEME) == 'https') { $url_req = 'https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; HTTP::redirect($url_req, 301); } $OSCOM_Db = Registry::get('Db'); $OSCOM_Hooks = Registry::get('Hooks'); $OSCOM_Language = Registry::get('Language'); $OSCOM_MessageStack = Registry::get('MessageStack'); // calculate category path if (isset($_GET['cPath'])) { $cPath = $_GET['cPath']; } else { $cPath = ''; } if (tep_not_null($cPath)) { $cPath_array = tep_parse_category_path($cPath);