if (!empty($user_agent)) {
foreach (file('includes/spiders.txt') as $spider) {
if (!empty($spider)) {
if (strpos($user_agent, $spider) !== false) {
$spider_flag = true;
break;
}
}
}
}
if ($spider_flag === false) {
tep_session_start();
$session_started = true;
}
} else {
tep_session_start();
$session_started = true;
}
// initialize a session token
if (!isset($_SESSION['sessiontoken'])) {
$_SESSION['sessiontoken'] = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());
}
// set SID once, even if empty
$SID = defined('SID') ? SID : '';
// verify the ssl_session_id if the feature is enabled
if ($request_type == 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && ENABLE_SSL == true && $session_started === true) {
if (!isset($_SESSION['SSL_SESSION_ID'])) {
$_SESSION['SESSION_SSL_ID'] = $_SERVER['SSL_SESSION_ID'];
}
if ($_SESSION['SESSION_SSL_ID'] != $_SERVER['SSL_SESSION_ID']) {
tep_session_destroy();
protected function init()
{
global $request_type, $cookie_domain, $cookie_path, $PHP_SELF, $SID, $currencies, $messageStack, $oscTemplate, $breadcrumb;
Registry::set('Cache', new Cache());
$OSCOM_Db = Db::initialize();
Registry::set('Db', $OSCOM_Db);
// set the application parameters
$Qcfg = $OSCOM_Db->get('configuration', ['configuration_key as k', 'configuration_value as v']);
//, null, null, null, 'configuration'); // TODO add cache when supported by admin
while ($Qcfg->fetch()) {
define($Qcfg->value('k'), $Qcfg->value('v'));
}
// set the type of request (secure or not)
if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' || isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) {
$request_type = 'SSL';
define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG);
$cookie_domain = HTTPS_COOKIE_DOMAIN;
$cookie_path = HTTPS_COOKIE_PATH;
} else {
$request_type = 'NONSSL';
define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG);
$cookie_domain = HTTP_COOKIE_DOMAIN;
$cookie_path = HTTP_COOKIE_PATH;
}
// set php_self in the global scope
$req = parse_url($_SERVER['SCRIPT_NAME']);
$PHP_SELF = substr($req['path'], $request_type == 'NONSSL' ? strlen(DIR_WS_HTTP_CATALOG) : strlen(DIR_WS_HTTPS_CATALOG));
// set the session name and save path
session_name('oscomid');
session_save_path(SESSION_WRITE_DIRECTORY);
// set the session cookie parameters
session_set_cookie_params(0, $cookie_path, $cookie_domain);
if (function_exists('ini_set')) {
ini_set('session.use_only_cookies', SESSION_FORCE_COOKIE_USE == 'True' ? 1 : 0);
}
// set the session ID if it exists
if (SESSION_FORCE_COOKIE_USE == 'False') {
if (isset($_GET[session_name()]) && (!isset($_COOKIE[session_name()]) || $_COOKIE[session_name()] != $_GET[session_name()])) {
session_id($_GET[session_name()]);
} elseif (isset($_POST[session_name()]) && (!isset($_COOKIE[session_name()]) || $_COOKIE[session_name()] != $_POST[session_name()])) {
session_id($_POST[session_name()]);
}
}
// start the session
if (SESSION_FORCE_COOKIE_USE == 'True') {
tep_setcookie('cookie_test', 'please_accept_for_session', time() + 60 * 60 * 24 * 30);
if (isset($_COOKIE['cookie_test'])) {
tep_session_start();
}
} elseif (SESSION_BLOCK_SPIDERS == 'True') {
$user_agent = '';
if (isset($_SERVER['HTTP_USER_AGENT'])) {
$user_agent = strtolower($_SERVER['HTTP_USER_AGENT']);
}
$spider_flag = false;
if (!empty($user_agent)) {
foreach (file(OSCOM::BASE_DIR . 'spiders.txt') as $spider) {
if (!empty($spider)) {
if (strpos($user_agent, $spider) !== false) {
$spider_flag = true;
break;
}
}
}
}
if ($spider_flag === false) {
tep_session_start();
}
} else {
tep_session_start();
}
$this->ignored_actions[] = session_name();
// initialize a session token
if (!isset($_SESSION['sessiontoken'])) {
$_SESSION['sessiontoken'] = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());
}
// set SID once, even if empty
$SID = defined('SID') ? SID : '';
// verify the ssl_session_id if the feature is enabled
if ($request_type == 'SSL' && SESSION_CHECK_SSL_SESSION_ID == 'True' && ENABLE_SSL == true && session_status() === PHP_SESSION_ACTIVE) {
if (!isset($_SESSION['SSL_SESSION_ID'])) {
$_SESSION['SESSION_SSL_ID'] = $_SERVER['SSL_SESSION_ID'];
}
if ($_SESSION['SESSION_SSL_ID'] != $_SERVER['SSL_SESSION_ID']) {
tep_session_destroy();
OSCOM::redirect('ssl_check.php');
}
}
// verify the browser user agent if the feature is enabled
if (SESSION_CHECK_USER_AGENT == 'True') {
if (!isset($_SESSION['SESSION_USER_AGENT'])) {
$_SESSION['SESSION_USER_AGENT'] = $_SERVER['HTTP_USER_AGENT'];
}
if ($_SESSION['SESSION_USER_AGENT'] != $_SERVER['HTTP_USER_AGENT']) {
tep_session_destroy();
OSCOM::redirect('index.php', 'Account&LogIn');
}
}
// verify the IP address if the feature is enabled
if (SESSION_CHECK_IP_ADDRESS == 'True') {
if (!isset($_SESSION['SESSION_IP_ADDRESS'])) {
$_SESSION['SESSION_IP_ADDRESS'] = tep_get_ip_address();
}
if ($_SESSION['SESSION_IP_ADDRESS'] != tep_get_ip_address()) {
tep_session_destroy();
OSCOM::redirect('index.php', 'Account&LogIn');
}
}
// create the shopping cart
if (!isset($_SESSION['cart']) || !is_object($_SESSION['cart']) || get_class($_SESSION['cart']) != 'shoppingCart') {
$_SESSION['cart'] = new \shoppingCart();
}
// include currencies class and create an instance
$currencies = new \currencies();
// set the language
if (!isset($_SESSION['language']) || isset($_GET['language'])) {
$lng = new \language();
if (isset($_GET['language']) && !empty($_GET['language'])) {
$lng->set_language($_GET['language']);
} else {
$lng->get_browser_language();
}
$_SESSION['language'] = $lng->language['directory'];
$_SESSION['languages_id'] = $lng->language['id'];
}
// include the language translations
$system_locale_numeric = setlocale(LC_NUMERIC, 0);
include OSCOM::BASE_DIR . 'languages/' . $_SESSION['language'] . '.php';
setlocale(LC_NUMERIC, $system_locale_numeric);
// Prevent LC_ALL from setting LC_NUMERIC to a locale with 1,0 float/decimal values instead of 1.0 (see bug #634)
// currency
if (!isset($_SESSION['currency']) || isset($_GET['currency']) || USE_DEFAULT_LANGUAGE_CURRENCY == 'true' && LANGUAGE_CURRENCY != $_SESSION['currency']) {
if (isset($_GET['currency']) && $currencies->is_set($_GET['currency'])) {
$_SESSION['currency'] = $_GET['currency'];
} else {
$_SESSION['currency'] = USE_DEFAULT_LANGUAGE_CURRENCY == 'true' && $currencies->is_set(LANGUAGE_CURRENCY) ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY;
}
}
// navigation history
if (!isset($_SESSION['navigation']) || !is_object($_SESSION['navigation']) || get_class($_SESSION['navigation']) != 'navigationHistory') {
$_SESSION['navigation'] = new \navigationHistory();
}
$_SESSION['navigation']->add_current_page();
$messageStack = new \messageStack();
tep_update_whos_online();
tep_activate_banners();
tep_expire_banners();
tep_expire_specials();
$oscTemplate = new \oscTemplate();
$breadcrumb = new \breadcrumb();
$breadcrumb->add(HEADER_TITLE_TOP, HTTP_SERVER);
$breadcrumb->add(HEADER_TITLE_CATALOG, OSCOM::link('index.php'));
Registry::set('Hooks', new Hooks());
}
function tep_session_recreate() {
if (PHP_VERSION >= 4.1) {
$session_backup = $_SESSION;
unset($_COOKIE[tep_session_name()]);
tep_session_destroy();
if (STORE_SESSIONS == 'mysql') {
session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
}
tep_session_start();
$_SESSION = $session_backup;
unset($session_backup);
}
}
protected function init()
{
global $request_type, $cookie_domain, $cookie_path, $PHP_SELF, $login_request, $messageStack, $cfgModules;
Registry::set('Cache', new Cache());
$OSCOM_Db = Db::initialize();
Registry::set('Db', $OSCOM_Db);
// TODO legacy
tep_db_connect() or die('Unable to connect to database server!');
// set the application parameters
$Qcfg = $OSCOM_Db->get('configuration', ['configuration_key as k', 'configuration_value as v']);
//, null, null, null, 'configuration'); // TODO add cache when supported by admin
while ($Qcfg->fetch()) {
define($Qcfg->value('k'), $Qcfg->value('v'));
}
// Used in the "Backup Manager" to compress backups
define('LOCAL_EXE_GZIP', 'gzip');
define('LOCAL_EXE_GUNZIP', 'gunzip');
define('LOCAL_EXE_ZIP', 'zip');
define('LOCAL_EXE_UNZIP', 'unzip');
// Define how do we update currency exchange rates
// Possible values are 'oanda' 'xe' or ''
define('CURRENCY_SERVER_PRIMARY', 'oanda');
define('CURRENCY_SERVER_BACKUP', 'xe');
// set the type of request (secure or not)
if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' || isset($_SERVER['SERVER_PORT']) && $_SERVER['SERVER_PORT'] == 443) {
$request_type = 'SSL';
$cookie_domain = HTTPS_COOKIE_DOMAIN;
$cookie_path = HTTPS_COOKIE_PATH;
} else {
$request_type = 'NONSSL';
$cookie_domain = HTTP_COOKIE_DOMAIN;
$cookie_path = HTTP_COOKIE_PATH;
}
// set php_self in the global scope
$req = parse_url($_SERVER['SCRIPT_NAME']);
$PHP_SELF = substr($req['path'], $request_type == 'SSL' ? strlen(DIR_WS_HTTPS_ADMIN) : strlen(DIR_WS_ADMIN));
// set the session name and save path
tep_session_name('oscomadminid');
tep_session_save_path(SESSION_WRITE_DIRECTORY);
// set the session cookie parameters
// set the session cookie parameters
session_set_cookie_params(0, $cookie_path, $cookie_domain);
if (function_exists('ini_set')) {
ini_set('session.use_only_cookies', SESSION_FORCE_COOKIE_USE == 'True' ? 1 : 0);
}
// lets start our session
tep_session_start();
// TODO remove when no more global sessions exist
foreach ($_SESSION as $k => $v) {
$GLOBALS[$k] =& $_SESSION[$k];
}
// set the language
if (!isset($_SESSION['language']) || isset($_GET['language'])) {
$lng = new \language();
if (isset($_GET['language']) && !empty($_GET['language'])) {
$lng->set_language($_GET['language']);
} else {
$lng->get_browser_language();
}
$_SESSION['language'] = $lng->language['directory'];
$_SESSION['languages_id'] = $lng->language['id'];
}
// redirect to login page if administrator is not yet logged in
if (!isset($_SESSION['admin'])) {
$redirect = false;
$current_page = $PHP_SELF;
// if the first page request is to the login page, set the current page to the index page
// so the redirection on a successful login is not made to the login page again
if ($current_page == FILENAME_LOGIN && !isset($_SESSION['redirect_origin'])) {
$current_page = FILENAME_DEFAULT;
}
if ($current_page != FILENAME_LOGIN) {
if (!isset($_SESSION['redirect_origin'])) {
$_SESSION['redirect_origin'] = ['page' => $current_page, 'get' => []];
}
// try to automatically login with the HTTP Authentication values if it exists
if (!isset($_SESSION['auth_ignore'])) {
if (isset($_SERVER['PHP_AUTH_USER']) && !empty($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && !empty($_SERVER['PHP_AUTH_PW'])) {
$_SESSION['redirect_origin']['auth_user'] = $_SERVER['PHP_AUTH_USER'];
$_SESSION['redirect_origin']['auth_pw'] = $_SERVER['PHP_AUTH_PW'];
}
}
$redirect = true;
}
if (!isset($login_request) || isset($_GET['login_request']) || isset($_POST['login_request']) || isset($_COOKIE['login_request']) || isset($_SESSION['login_request']) || isset($_FILES['login_request']) || isset($_SERVER['login_request'])) {
$redirect = true;
}
if ($redirect == true) {
tep_redirect(tep_href_link(FILENAME_LOGIN, isset($_SESSION['redirect_origin']['auth_user']) ? 'action=process' : ''));
}
}
// include the language translations
$_system_locale_numeric = setlocale(LC_NUMERIC, 0);
require DIR_FS_ADMIN . 'includes/languages/' . $_SESSION['language'] . '.php';
setlocale(LC_NUMERIC, $_system_locale_numeric);
// Prevent LC_ALL from setting LC_NUMERIC to a locale with 1,0 float/decimal values instead of 1.0 (see bug #634)
$current_page = basename($PHP_SELF);
if (file_exists(DIR_FS_ADMIN . 'includes/languages/' . $_SESSION['language'] . '/' . $current_page)) {
include DIR_FS_ADMIN . 'includes/languages/' . $_SESSION['language'] . '/' . $current_page;
}
$messageStack = new \messageStack();
$cfgModules = new \cfg_modules();
Registry::set('Hooks', new Hooks());
}
