function smn_session_start() { global $HTTP_GET_VARS, $HTTP_POST_VARS, $HTTP_COOKIE_VARS; $sane_session_id = true; if (isset($HTTP_GET_VARS[smn_session_name()])) { if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_GET_VARS[smn_session_name()]) == false) { unset($HTTP_GET_VARS[smn_session_name()]); $sane_session_id = false; } } elseif (isset($HTTP_POST_VARS[smn_session_name()])) { if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_POST_VARS[smn_session_name()]) == false) { unset($HTTP_POST_VARS[smn_session_name()]); $sane_session_id = false; } } elseif (isset($HTTP_COOKIE_VARS[smn_session_name()])) { if (preg_match('/^[a-zA-Z0-9]+$/', $HTTP_COOKIE_VARS[smn_session_name()]) == false) { $session_data = session_get_cookie_params(); setcookie(smn_session_name(), '', time() - 42000, $session_data['path'], $session_data['domain']); $sane_session_id = false; } } if ($sane_session_id == false) { smn_redirect(smn_href_link(FILENAME_DEFAULT, '', 'NONSSL', false)); } return session_start(); }
<?php /* Copyright (c) 2002 - 2006 SystemsManager.Net SystemsManager Technologies oscMall System Version 4 http://www.systemsmanager.net Portions Copyright (c) 2002 osCommerce This source file is subject to version 2.0 of the GPL license, that is bundled with this package in the file LICENSE. If you did not receive a copy of the oscMall System license and are unable to obtain it through the world-wide-web, please send a note to license@systemsmanager.net so we can mail you a copy immediately. */ global $page_name; $breadcrumb->add(NAVBAR_TITLE_1); $breadcrumb->add(NAVBAR_TITLE_2); if (sizeof($navigation->snapshot) > 0) { $origin_href = smn_href_link($navigation->snapshot['page'], smn_array_to_string($navigation->snapshot['get'], array(smn_session_name())), $navigation->snapshot['mode']); $navigation->clear_snapshot(); } else { $origin_href = smn_href_link(FILENAME_DEFAULT); }
require DIR_WS_FUNCTIONS . 'password_funcs.php'; // initialize the logger class require DIR_WS_CLASSES . 'logger.php'; // include shopping cart class require DIR_WS_CLASSES . 'shopping_cart.php'; // check to see if php implemented session management functions - if not, include php3/php4 compatible session class if (!function_exists('session_start')) { define('PHP_SESSION_NAME', 'osCMallAdmin'); define('PHP_SESSION_PATH', '/'); define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY); include DIR_WS_CLASSES . 'sessions.php'; } // define how the session functions will be used require DIR_WS_FUNCTIONS . 'sessions.php'; // set the session name and save path smn_session_name('osCMallAdmin'); smn_session_save_path(SESSION_WRITE_DIRECTORY); // set the session cookie parameters if (function_exists('session_set_cookie_params')) { session_set_cookie_params(0, DIR_WS_ADMIN); } elseif (function_exists('ini_set')) { ini_set('session.cookie_lifetime', '0'); ini_set('session.cookie_path', DIR_WS_ADMIN); } // lets start our session smn_session_start(); if (PHP_VERSION >= 4.3 && function_exists('ini_get') && ini_get('register_globals') == false) { extract($_SESSION, EXTR_OVERWRITE + EXTR_REFS); } if ($_GET['ID'] && !$store_id) { if (!smn_session_is_registered('store_id')) {
function smn_hide_session_id() { $string = ''; if (defined('SID') && smn_not_null(SID)) { $string = smn_draw_hidden_field(smn_session_name(), smn_session_id()); } return $string; }
function smn_hide_session_id() { global $session_started, $SID; if ($session_started == true && smn_not_null($SID)) { return smn_draw_hidden_field(smn_session_name(), smn_session_id()); } }
} $boxContent .= '<a href="' . smn_href_link(FILENAME_DEFAULT, 'ID=1&manufacturers_id=' . $manufacturers['manufacturers_id']) . '">' . $manufacturers_name . '</a><br>'; } $boxContent = substr($boxContent, 0, -4); } else { // Display a drop-down $manufacturers_array = array(); if (MAX_MANUFACTURERS_LIST < 2) { $manufacturers_array[] = array('id' => '', 'text' => PULL_DOWN_DEFAULT); } while ($manufacturers = smn_db_fetch_array($manufacturers_query)) { $manufacturers_name = strlen($manufacturers['manufacturers_name']) > MAX_DISPLAY_MANUFACTURER_NAME_LEN ? substr($manufacturers['manufacturers_name'], 0, MAX_DISPLAY_MANUFACTURER_NAME_LEN) . '..' : $manufacturers['manufacturers_name']; $manufacturers_array[] = array('id' => $manufacturers['manufacturers_id'], 'text' => $manufacturers_name); } if ($session_started == true && smn_not_null($SID)) { $link = 'ID=1&' . smn_session_name() . '=' . smn_session_id(); } else { $link = 'ID=1'; } $boxContent = smn_draw_form('manufacturers', smn_href_link(FILENAME_DEFAULT, $link, 'NONSSL', false), 'get'); $boxContent .= smn_draw_pull_down_menu('manufacturers_id', $manufacturers_array, isset($_GET['manufacturers_id']) ? $_GET['manufacturers_id'] : '', 'onChange="this.form.submit();" size="' . MAX_MANUFACTURERS_LIST . '" style="width: 100%"'); $boxContent .= '</form>'; } $boxContent .= smn_hide_session_id(); if (file_exists(DIR_WS_BOX_TEMPLATES . $box_base_name . '.php')) { require DIR_WS_BOX_TEMPLATES . $box_base_name . '.php'; } else { require DEFAULT_TEMPLATENAME_BOX; } $boxContent_attributes = ''; }
function smn_get_all_get_params($exclude_array = '') { global $_GET; if (!is_array($exclude_array)) { $exclude_array = array(); } $get_url = ''; if (is_array($_GET) && sizeof($_GET) > 0) { reset($_GET); while (list($key, $value) = each($_GET)) { /* Removed ($key != 'ID')&& from the condition to add store id in the url by Cimi on June 08,2007*/ if (strlen($value) > 0 && $key != smn_session_name() && $key != 'error' && $key != 'SmT' && !in_array($key, $exclude_array) && $key != 'x' && $key != 'y') { $get_url .= $key . '=' . rawurlencode(stripslashes($value)) . '&'; } } } return $get_url; }
function smn_get_all_post_params($exclude_array = '') { global $_POST; if ($exclude_array == '') { $exclude_array = array(); } $post_url = ''; reset($_POST); while (list($key, $value) = each($_POST)) { if ($key != smn_session_name() && $key != 'error' && !in_array($key, $exclude_array)) { $post_url .= $key . '=' . $value . '&'; } } return $post_url; }
// set the session name and save path smn_session_name('osCMall'); smn_session_save_path(SESSION_WRITE_DIRECTORY); // set the session cookie parameters if (function_exists('session_set_cookie_params')) { session_set_cookie_params(0, $cookie_path, $cookie_domain); } elseif (function_exists('ini_set')) { ini_set('session.cookie_lifetime', '0'); ini_set('session.cookie_path', $cookie_path); ini_set('session.cookie_domain', $cookie_domain); } // set the session ID if it exists if (isset($_POST[smn_session_name()])) { smn_session_id($_POST[smn_session_name()]); } elseif (isset($_GET[smn_session_name()])) { smn_session_id($_GET[smn_session_name()]); } // start the session $session_started = false; if (SESSION_FORCE_COOKIE_USE == 'True') { smn_setcookie('cookie_test', 'please_accept_for_session', time() + 60 * 60 * 24 * 30, $cookie_path, $cookie_domain); if (isset($HTTP_COOKIE_VARS['cookie_test'])) { smn_session_start(); $session_started = true; } } elseif (SESSION_BLOCK_SPIDERS == 'True') { $user_agent = strtolower(getenv('HTTP_USER_AGENT')); $spider_flag = false; if (smn_not_null($user_agent)) { $spiders = file(DIR_WS_INCLUDES . 'spiders.txt'); for ($i = 0, $n = sizeof($spiders); $i < $n; $i++) {
function smn_session_recreate() { if (PHP_VERSION >= 4.1) { $session_backup = $_SESSION; unset($_COOKIE[smn_session_name()]); smn_session_destroy(); if (STORE_SESSIONS == 'mysql') { session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc'); } smn_session_start(); $_SESSION = $session_backup; unset($session_backup); } }
?> </td> <td class="dataTableContent" align="center"><?php echo $whos_online['ip_address']; ?> </td> <td class="dataTableContent"><?php echo date('H:i:s', $whos_online['time_entry']); ?> </td> <td class="dataTableContent" align="center"><?php echo date('H:i:s', $whos_online['time_last_click']); ?> </td> <td class="dataTableContent"><?php if (eregi('^(.*)' . smn_session_name() . '=[a-f,0-9]+[&]*(.*)', $whos_online['last_page_url'], $array)) { echo $array[1] . $array[2]; } else { echo $whos_online['last_page_url']; } ?> </td> </tr> <?php } ?> <tr> <td class="smallText" colspan="7"><?php echo sprintf(TEXT_NUMBER_OF_CUSTOMERS, smn_db_num_rows($whos_online_query)); ?> </td>
to obtain it through the world-wide-web, please send a note to license@systemsmanager.net so we can mail you a copy immediately. */ if (isset($currencies) && is_object($currencies)) { $boxHeading = BOX_HEADING_CURRENCIES; $box_base_name = 'currencies'; $box_id = $box_base_name . 'Box'; reset($currencies->currencies); $currencies_array = array(); while (list($key, $value) = each($currencies->currencies)) { $currencies_array[] = array('id' => $key, 'text' => $value['title']); } $hidden_get_variables = ''; reset($_GET); while (list($key, $value) = each($_GET)) { if ($key != 'currency' && $key != smn_session_name() && $key != 'x' && $key != 'y') { $hidden_get_variables .= smn_draw_hidden_field($key, $value); } } $boxContent = smn_draw_form('currencies', smn_href_link(basename($PHP_SELF), '', $request_type, false), 'get'); $boxContent .= smn_draw_pull_down_menu('currency', $currencies_array, $currency, 'onChange="this.form.submit();" style="width: 100%"'); $boxContent .= $hidden_get_variables; $boxContent .= smn_hide_session_id(); $boxContent .= '</form>'; if (file_exists(DIR_WS_BOX_TEMPLATES . $box_base_name . '.php')) { require DIR_WS_BOX_TEMPLATES . $box_base_name . '.php'; } else { require DEFAULT_TEMPLATENAME_BOX; } $boxContent_attributes = ''; }
function before_process() { global $_POST; if ($_POST['valid'] == 'true') { if ($remote_host = getenv('REMOTE_HOST')) { if ($remote_host != 'secpay.com') { $remote_host = gethostbyaddr($remote_host); } if ($remote_host != 'secpay.com') { smn_redirect(smn_href_link(FILENAME_CHECKOUT_PAYMENT, smn_session_name() . '=' . $_POST[smn_session_name()] . '&payment_error=' . $this->code, 'NONSSL', false, false)); } } else { smn_redirect(smn_href_link(FILENAME_CHECKOUT_PAYMENT, smn_session_name() . '=' . $_POST[smn_session_name()] . '&payment_error=' . $this->code, 'NONSSL', false, false)); } } }
function process_button() { global $HTTP_SERVER_VARS, $order, $customer_id; $sequence = rand(1, 1000); $process_button_string = smn_draw_hidden_field('x_Login', MODULE_PAYMENT_AUTHORIZENET_LOGIN) . smn_draw_hidden_field('x_Card_Num', $this->cc_card_number) . smn_draw_hidden_field('x_Exp_Date', $this->cc_expiry_month . substr($this->cc_expiry_year, -2)) . smn_draw_hidden_field('x_Amount', number_format($order->info['total'], 2)) . smn_draw_hidden_field('x_Relay_URL', smn_href_link(FILENAME_CHECKOUT_PROCESS, '', 'NONSSL', false)) . smn_draw_hidden_field('x_Method', MODULE_PAYMENT_AUTHORIZENET_METHOD == 'Credit Card' ? 'CC' : 'ECHECK') . smn_draw_hidden_field('x_Version', '3.0') . smn_draw_hidden_field('x_Cust_ID', $customer_id) . smn_draw_hidden_field('x_Email_Customer', MODULE_PAYMENT_AUTHORIZENET_EMAIL_CUSTOMER == 'True' ? 'TRUE' : 'FALSE') . smn_draw_hidden_field('x_first_name', $order->billing['firstname']) . smn_draw_hidden_field('x_last_name', $order->billing['lastname']) . smn_draw_hidden_field('x_address', $order->billing['street_address']) . smn_draw_hidden_field('x_city', $order->billing['city']) . smn_draw_hidden_field('x_state', $order->billing['state']) . smn_draw_hidden_field('x_zip', $order->billing['postcode']) . smn_draw_hidden_field('x_country', $order->billing['country']['title']) . smn_draw_hidden_field('x_phone', $order->customer['telephone']) . smn_draw_hidden_field('x_email', $order->customer['email_address']) . smn_draw_hidden_field('x_ship_to_first_name', $order->delivery['firstname']) . smn_draw_hidden_field('x_ship_to_last_name', $order->delivery['lastname']) . smn_draw_hidden_field('x_ship_to_address', $order->delivery['street_address']) . smn_draw_hidden_field('x_ship_to_city', $order->delivery['city']) . smn_draw_hidden_field('x_ship_to_state', $order->delivery['state']) . smn_draw_hidden_field('x_ship_to_zip', $order->delivery['postcode']) . smn_draw_hidden_field('x_ship_to_country', $order->delivery['country']['title']) . smn_draw_hidden_field('x_Customer_IP', $HTTP_SERVER_VARS['REMOTE_ADDR']) . $this->InsertFP(MODULE_PAYMENT_AUTHORIZENET_LOGIN, MODULE_PAYMENT_AUTHORIZENET_TXNKEY, number_format($order->info['total'], 2), $sequence); if (MODULE_PAYMENT_AUTHORIZENET_TESTMODE == 'Test') { $process_button_string .= smn_draw_hidden_field('x_Test_Request', 'TRUE'); } $process_button_string .= smn_draw_hidden_field(smn_session_name(), smn_session_id()); return $process_button_string; }
function debug() { for ($i = 0, $n = sizeof($this->path); $i < $n; $i++) { echo $this->path[$i]['page'] . '?'; while (list($key, $value) = each($this->path[$i]['get'])) { echo $key . '=' . $value . '&'; } if (sizeof($this->path[$i]['post']) > 0) { echo '<br>'; while (list($key, $value) = each($this->path[$i]['post'])) { echo ' <b>' . $key . '=' . $value . '</b><br>'; } } echo '<br>'; } if (sizeof($this->snapshot) > 0) { echo '<br><br>'; echo $this->snapshot['mode'] . ' ' . $this->snapshot['page'] . '?' . smn_array_to_string($this->snapshot['get'], array(smn_session_name())) . '<br>'; } }
function post_url() { $URL = FILENAME_DEFAULT . "?ID=" . $this->store_id . "&" . smn_session_name() . "=" . smn_session_id(); if ($this->store_path != "") { $URL .= "&sp_url=" . urlencode($this->store_path); } return $URL; }