testmodus / admin / includes / application_top.php
Historie | Anzeigen | Annotieren | Download (9,88 KB)
1 | 1 | root | <?php
|
---|---|---|---|
2 | /* --------------------------------------------------------------
|
||
3 | $Id: application_top.php 13484 2021-04-01 08:50:12Z GTB $
|
||
4 | |||
5 | modified eCommerce Shopsoftware
|
||
6 | http://www.modified-shop.org
|
||
7 | |||
8 | Copyright (c) 2009 - 2013 [www.modified-shop.org]
|
||
9 | --------------------------------------------------------------
|
||
10 | based on:
|
||
11 | (c) 2000-2001 The Exchange Project (earlier name of osCommerce)
|
||
12 | (c) 2002-2003 osCommerce(application_top.php,v 1.158 2003/03/22); www.oscommerce.com
|
||
13 | (c) 2003 nextcommerce (application_top.php,v 1.46 2003/08/24); www.nextcommerce.org
|
||
14 | (c) 2006 XT-Commerce (application_top.php 1323 2005-10-27) ; www.xt-commerce.com
|
||
15 | |||
16 | Released under the GNU General Public License
|
||
17 | --------------------------------------------------------------
|
||
18 | Third Party contribution:
|
||
19 | |||
20 | Customers Status v3.x (c) 2002-2003 Copyright Elari elari@free.fr | www.unlockgsm.com/dload-osc/ | CVS : http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/elari/?sortby=date#dirlist
|
||
21 | |||
22 | Credit Class/Gift Vouchers/Discount Coupons (Version 5.10)
|
||
23 | http://www.oscommerce.com/community/contributions,282
|
||
24 | Copyright (c) Strider | Strider@oscworks.com
|
||
25 | Copyright (c) Nick Stanko of UkiDev.com, nick@ukidev.com
|
||
26 | Copyright (c) Andre ambidex@gmx.net
|
||
27 | Copyright (c) 2001,2002 Ian C Wilson http://www.phesis.org
|
||
28 | |||
29 | Released under the GNU General Public License
|
||
30 | --------------------------------------------------------------*/
|
||
31 | |||
32 | //Run Mode
|
||
33 | define('RUN_MODE_ADMIN',true); |
||
34 | |||
35 | 2 | root | # TESTMODUS
|
36 | if (file_exists('../includes/extra/testmodus/testmodus.php')) |
||
37 | require_once('../includes/extra/testmodus/testmodus.php'); |
||
38 | |||
39 | 1 | root | // Start the clock for the page parse time log
|
40 | define('PAGE_PARSE_START_TIME', microtime(true)); |
||
41 | |||
42 | // set the level of error reporting
|
||
43 | @ini_set('display_errors', false); |
||
44 | error_reporting(0); |
||
45 | |||
46 | // security
|
||
47 | define('_VALID_XTC',true); |
||
48 | |||
49 | // Disable use_trans_sid as xtc_href_link() does this manually
|
||
50 | if (function_exists('ini_set')) { |
||
51 | @ini_set('session.use_trans_sid', 0); |
||
52 | } |
||
53 | |||
54 | // configuration parameters
|
||
55 | if (file_exists('../includes/local/configure.php')) { |
||
56 | include_once('../includes/local/configure.php'); |
||
57 | } else {
|
||
58 | include_once('../includes/configure.php'); |
||
59 | } |
||
60 | |||
61 | // minimum requirement
|
||
62 | if (version_compare(PHP_VERSION, '5.6', '<')) { |
||
63 | die('<h1>Minimum requirement PHP Version 5.6</h1>'); |
||
64 | } |
||
65 | |||
66 | // default time zone
|
||
67 | date_default_timezone_set('Europe/Berlin');
|
||
68 | |||
69 | // new error handling
|
||
70 | if (is_file(DIR_FS_CATALOG.DIR_WS_INCLUDES.'error_reporting.php')) { |
||
71 | require_once (DIR_FS_CATALOG.DIR_WS_INCLUDES.'error_reporting.php'); |
||
72 | } |
||
73 | |||
74 | // security inputfilter for GET/POST/COOKIE
|
||
75 | require (DIR_FS_CATALOG.DIR_WS_CLASSES.'inputfilter.php'); |
||
76 | $inputfilter = new Inputfilter(); |
||
77 | $_GET = $inputfilter->validate($_GET); |
||
78 | $_POST = $inputfilter->validate($_POST); |
||
79 | $_REQUEST = $inputfilter->validate($_REQUEST); |
||
80 | |||
81 | // auto include
|
||
82 | require_once (DIR_FS_INC . 'auto_include.inc.php'); |
||
83 | |||
84 | // project versison
|
||
85 | require_once (DIR_WS_INCLUDES.'version.php'); |
||
86 | |||
87 | // Base/PHP_SELF/SSL-PROXY
|
||
88 | require_once(DIR_FS_INC . 'set_php_self.inc.php'); |
||
89 | $PHP_SELF = set_php_self();
|
||
90 | |||
91 | define('TAX_DECIMAL_PLACES', 0); |
||
92 | |||
93 | // include the list of project filenames
|
||
94 | require (DIR_FS_ADMIN.DIR_WS_INCLUDES.'filenames.php'); |
||
95 | |||
96 | // list of project database tables
|
||
97 | require_once(DIR_FS_CATALOG.DIR_WS_INCLUDES.'database_tables.php'); |
||
98 | |||
99 | // Database
|
||
100 | require_once (DIR_FS_INC.'db_functions_'.DB_MYSQL_TYPE.'.inc.php'); |
||
101 | require_once (DIR_FS_INC.'db_functions.inc.php'); |
||
102 | |||
103 | // include needed functions
|
||
104 | require_once(DIR_FS_INC . 'xtc_get_ip_address.inc.php'); |
||
105 | require_once(DIR_FS_INC . 'xtc_setcookie.inc.php'); |
||
106 | require_once(DIR_FS_INC . 'xtc_validate_email.inc.php'); |
||
107 | require_once(DIR_FS_INC . 'xtc_not_null.inc.php'); |
||
108 | require_once(DIR_FS_INC . 'xtc_add_tax.inc.php'); |
||
109 | require_once(DIR_FS_INC . 'xtc_get_tax_rate.inc.php'); |
||
110 | require_once(DIR_FS_INC . 'xtc_get_qty.inc.php'); |
||
111 | require_once(DIR_FS_INC . 'xtc_product_link.inc.php'); |
||
112 | require_once(DIR_FS_INC . 'xtc_cleanName.inc.php'); |
||
113 | require_once(DIR_FS_INC . 'xtc_get_top_level_domain.inc.php'); |
||
114 | require_once(DIR_FS_INC . 'html_encoding.php'); //new function for PHP5.4 |
||
115 | require_once(DIR_FS_INC . 'xtc_backup_restore_configuration.php'); |
||
116 | require_once(DIR_FS_INC . 'xtc_check_agent.inc.php'); |
||
117 | require_once(DIR_FS_INC . 'xtc_parse_category_path.inc.php'); |
||
118 | require_once(DIR_FS_INC . 'xtc_input_validation.inc.php'); |
||
119 | require_once(DIR_FS_INC . 'xtc_get_category_path.inc.php'); |
||
120 | |||
121 | foreach(auto_include(DIR_FS_ADMIN.'includes/extra/functions/','php') as $file) require ($file); |
||
122 | |||
123 | // design layout (wide of boxes in pixels) (default: 125)
|
||
124 | define('BOX_WIDTH', 125); |
||
125 | |||
126 | // make a connection to the database... now
|
||
127 | xtc_db_connect() or die('Unable to connect to database server!'); |
||
128 | |||
129 | // set application wide parameters
|
||
130 | define('DB_CACHE', 'false'); |
||
131 | $duplicate_configuration = array(); |
||
132 | $configuration_query = xtc_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION . ''); |
||
133 | while ($configuration = xtc_db_fetch_array($configuration_query)) { |
||
134 | if ($configuration['cfgKey'] != 'DB_CACHE' && $configuration['cfgKey'] != 'STORE_DB_TRANSACTIONS') { |
||
135 | if (!defined($configuration['cfgKey'])) { |
||
136 | define($configuration['cfgKey'], stripslashes($configuration['cfgValue'])); |
||
137 | } else {
|
||
138 | $duplicate_configuration[] = $configuration['cfgKey']; |
||
139 | } |
||
140 | } |
||
141 | } |
||
142 | |||
143 | foreach(auto_include(DIR_FS_ADMIN.'includes/extra/application_top/application_top_begin/','php') as $file) require ($file); |
||
144 | |||
145 | define('FILENAME_IMAGEMANIPULATOR',IMAGE_MANIPULATOR); |
||
146 | |||
147 | // initialize the logger class
|
||
148 | require(DIR_WS_CLASSES . 'logger.php'); |
||
149 | |||
150 | // shopping cart class
|
||
151 | require(DIR_WS_CLASSES . 'shopping_cart.php'); |
||
152 | |||
153 | // todo
|
||
154 | require(DIR_WS_FUNCTIONS . 'general.php'); |
||
155 | |||
156 | // define how the session functions will be used
|
||
157 | require(DIR_WS_FUNCTIONS . 'sessions.php'); |
||
158 | |||
159 | // define our general functions used application-wide
|
||
160 | require(DIR_WS_FUNCTIONS . 'html_output.php'); |
||
161 | |||
162 | // set the type of request (secure or not)
|
||
163 | if (file_exists(DIR_WS_INCLUDES . 'request_type.php')) { |
||
164 | include (DIR_WS_INCLUDES . 'request_type.php'); |
||
165 | } else {
|
||
166 | $request_type = 'NONSSL'; |
||
167 | } |
||
168 | |||
169 | // set the top level domains
|
||
170 | $http_domain_arr = xtc_get_top_level_domain(HTTP_SERVER); |
||
171 | $https_domain_arr = xtc_get_top_level_domain(HTTPS_SERVER); |
||
172 | $http_domain = $http_domain_arr['domain']; |
||
173 | $https_domain = $https_domain_arr['domain']; |
||
174 | $current_domain = (($request_type == 'NONSSL') ? $http_domain : $https_domain); |
||
175 | |||
176 | // set the top level domains to delete
|
||
177 | $current_domain_delete = (($request_type == 'NONSSL') ? $http_domain_arr['delete'] : $https_domain_arr['delete']); |
||
178 | |||
179 | // set the session name and save path
|
||
180 | // set the session cookie parameters
|
||
181 | // set the session ID if it exists
|
||
182 | // start the session
|
||
183 | // Redirect search engines with session id to the same url without session id to prevent indexing session id urls
|
||
184 | // check for Cookie usage
|
||
185 | // check the Agent
|
||
186 | include (DIR_FS_CATALOG.DIR_WS_MODULES.'set_session_and_cookie_parameters.php'); |
||
187 | |||
188 | // verify the ssl_session_id if the feature is enabled
|
||
189 | // verify the browser user agent if the feature is enabled
|
||
190 | // verify the IP address if the feature is enabled
|
||
191 | include (DIR_FS_CATALOG.DIR_WS_MODULES.'verify_session.php'); |
||
192 | |||
193 | // set the language
|
||
194 | include (DIR_FS_CATALOG.DIR_WS_MODULES.'set_language_sessions.php'); |
||
195 | |||
196 | // include the language translations
|
||
197 | require_once(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/'.$_SESSION['language'] . '.php'); |
||
198 | require_once(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/buttons.php'); |
||
199 | $current_page = basename($PHP_SELF); |
||
200 | if (is_file(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/' . $current_page)) { |
||
201 | require_once(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/' . $current_page); |
||
202 | } |
||
203 | |||
204 | // write customers status in session
|
||
205 | require(DIR_FS_CATALOG.DIR_WS_INCLUDES.'write_customers_status.php'); |
||
206 | |||
207 | // call from filemanager
|
||
208 | if (defined('_IS_FILEMANAGER')) return; |
||
209 | |||
210 | // check permission
|
||
211 | if (is_file(DIR_FS_ADMIN.$current_page) == false || $_SESSION['customers_status']['customers_status_id'] !== '0') { |
||
212 | xtc_redirect(xtc_catalog_href_link(FILENAME_LOGIN));
|
||
213 | } |
||
214 | |||
215 | // define our localization functions
|
||
216 | require(DIR_WS_FUNCTIONS . 'localization.php'); |
||
217 | |||
218 | // setup our boxes
|
||
219 | require(DIR_WS_CLASSES . 'table_block.php'); |
||
220 | require(DIR_WS_CLASSES . 'box.php'); |
||
221 | |||
222 | // initialize the message stack for output messages
|
||
223 | require(DIR_WS_CLASSES . 'message_stack.php'); |
||
224 | $messageStack = new messageStack(); |
||
225 | |||
226 | // verfiy CSRF Token
|
||
227 | if (CSRF_TOKEN_SYSTEM == 'true') { |
||
228 | require_once(DIR_FS_INC . 'csrf_token.inc.php'); |
||
229 | } |
||
230 | |||
231 | // split-page-results
|
||
232 | require(DIR_WS_CLASSES . 'split_page_results.php'); |
||
233 | |||
234 | // entry/item info classes
|
||
235 | require(DIR_WS_CLASSES . 'object_info.php'); |
||
236 | |||
237 | // file uploading class
|
||
238 | require(DIR_WS_CLASSES . 'upload.php'); |
||
239 | |||
240 | // content, product, category - sql group_check/fsk_lock
|
||
241 | require (DIR_FS_CATALOG.DIR_WS_INCLUDES.'define_conditions.php'); |
||
242 | |||
243 | // add_select
|
||
244 | require (DIR_FS_CATALOG.DIR_WS_INCLUDES.'define_add_select.php'); |
||
245 | |||
246 | // calculate category path
|
||
247 | $cPath = isset($_GET['cPath']) ? $_GET['cPath'] : ''; |
||
248 | if (strlen($cPath) > 0) { |
||
249 | $cPath_array = xtc_parse_category_path($cPath); |
||
250 | $current_category_id = end($cPath_array); |
||
251 | } else {
|
||
252 | $current_category_id = 0; |
||
253 | } |
||
254 | |||
255 | // check if a default currency is set
|
||
256 | if (!defined('DEFAULT_CURRENCY')) { |
||
257 | $messageStack->add(ERROR_NO_DEFAULT_CURRENCY_DEFINED, 'error'); |
||
258 | } |
||
259 | |||
260 | // check if a default language is set
|
||
261 | if (!defined('DEFAULT_LANGUAGE')) { |
||
262 | $messageStack->add(ERROR_NO_DEFAULT_LANGUAGE_DEFINED, 'error'); |
||
263 | } |
||
264 | |||
265 | // for Customers Status
|
||
266 | xtc_get_customers_statuses(); |
||
267 | |||
268 | $pagename = strtok($current_page, '.'); |
||
269 | if (!isset($_SESSION['customer_id'])) { |
||
270 | xtc_redirect(xtc_catalog_href_link(FILENAME_LOGIN));
|
||
271 | } |
||
272 | |||
273 | xtc_check_permission($pagename);
|
||
274 | |||
275 | // set which precautions should be checked
|
||
276 | defined('WARN_CONFIG_WRITEABLE') OR define('WARN_CONFIG_WRITEABLE', 'true'); |
||
277 | defined('WARN_FILES_WRITEABLE') OR define('WARN_FILES_WRITEABLE', 'true'); |
||
278 | defined('WARN_DIRS_WRITEABLE') OR define('WARN_DIRS_WRITEABLE', 'true'); |
||
279 | |||
280 | foreach(auto_include(DIR_FS_ADMIN.'includes/extra/application_top/application_top_end/','php') as $file) require ($file); |
||
281 | |||
282 | //compatibility for modified eCommerce Shopsoftware 1.06 files
|
||
283 | defined('DIR_WS_BASE') OR define('DIR_WS_BASE', ''); |
||
284 | ?> |