/admin/includes/application_top.php - Annotieren - Modified 2.0.6.0: Testmodus für Entwickler - Redmine

1

root

<?php

2

/* --------------------------------------------------------------

3

   $Id: application_top.php 13484 2021-04-01 08:50:12Z GTB $

4

5

   modified eCommerce Shopsoftware

6

   http://www.modified-shop.org

7

8

   Copyright (c) 2009 - 2013 [www.modified-shop.org]

9

   --------------------------------------------------------------

10

   based on:

11

   (c) 2000-2001 The Exchange Project  (earlier name of osCommerce)

12

   (c) 2002-2003 osCommerce(application_top.php,v 1.158 2003/03/22); www.oscommerce.com

13

   (c) 2003 nextcommerce (application_top.php,v 1.46 2003/08/24); www.nextcommerce.org

14

   (c) 2006 XT-Commerce (application_top.php 1323 2005-10-27) ; www.xt-commerce.com

15

16

   Released under the GNU General Public License

17

   --------------------------------------------------------------

18

   Third Party contribution:

19

20

   Customers Status v3.x  (c) 2002-2003 Copyright Elari elari@free.fr | www.unlockgsm.com/dload-osc/ | CVS : http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/elari/?sortby=date#dirlist

21

22

   Credit Class/Gift Vouchers/Discount Coupons (Version 5.10)

23

   http://www.oscommerce.com/community/contributions,282

24

   Copyright (c) Strider | Strider@oscworks.com

25

   Copyright (c) Nick Stanko of UkiDev.com, nick@ukidev.com

26

   Copyright (c) Andre ambidex@gmx.net

27

   Copyright (c) 2001,2002 Ian C Wilson http://www.phesis.org

28

29

   Released under the GNU General Public License

30

   --------------------------------------------------------------*/

31

32

//Run Mode

33

define('RUN_MODE_ADMIN',true);

34

39

1

root

// Start the clock for the page parse time log

40

define('PAGE_PARSE_START_TIME', microtime(true));

41

42

// set the level of error reporting

43

@ini_set('display_errors', false);

44

error_reporting(0);

45

46

// security

47

define('_VALID_XTC',true);

48

49

// Disable use_trans_sid as xtc_href_link() does this manually

50

if (function_exists('ini_set')) {

51

  @ini_set('session.use_trans_sid', 0);

52

53

54

// configuration parameters

55

if (file_exists('../includes/local/configure.php')) {

56

  include_once('../includes/local/configure.php');

57

} else {

58

  include_once('../includes/configure.php');

59

60

61

// minimum requirement

62

if (version_compare(PHP_VERSION, '5.6', '<')) {

63

  die('<h1>Minimum requirement PHP Version 5.6</h1>');

64

65

66

// default time zone

67

date_default_timezone_set('Europe/Berlin');

68

69

// new error handling

70

if (is_file(DIR_FS_CATALOG.DIR_WS_INCLUDES.'error_reporting.php')) {

71

  require_once (DIR_FS_CATALOG.DIR_WS_INCLUDES.'error_reporting.php');

72

73

74

// security inputfilter for GET/POST/COOKIE

75

require (DIR_FS_CATALOG.DIR_WS_CLASSES.'inputfilter.php');

76

$inputfilter = new Inputfilter();

77

$_GET = $inputfilter->validate($_GET);

78

$_POST = $inputfilter->validate($_POST);

79

$_REQUEST = $inputfilter->validate($_REQUEST);

80

81

// auto include

82

require_once (DIR_FS_INC . 'auto_include.inc.php');

83

84

// project versison

85

require_once (DIR_WS_INCLUDES.'version.php');

86

87

// Base/PHP_SELF/SSL-PROXY

88

require_once(DIR_FS_INC . 'set_php_self.inc.php');

89

$PHP_SELF = set_php_self();

90

91

define('TAX_DECIMAL_PLACES', 0);

92

93

// include the list of project filenames

94

require (DIR_FS_ADMIN.DIR_WS_INCLUDES.'filenames.php');

95

96

// list of project database tables

97

require_once(DIR_FS_CATALOG.DIR_WS_INCLUDES.'database_tables.php');

98

99

// Database

100

require_once (DIR_FS_INC.'db_functions_'.DB_MYSQL_TYPE.'.inc.php');

101

require_once (DIR_FS_INC.'db_functions.inc.php');

102

103

// include needed functions

104

require_once(DIR_FS_INC . 'xtc_get_ip_address.inc.php');

105

require_once(DIR_FS_INC . 'xtc_setcookie.inc.php');

106

require_once(DIR_FS_INC . 'xtc_validate_email.inc.php');

107

require_once(DIR_FS_INC . 'xtc_not_null.inc.php');

108

require_once(DIR_FS_INC . 'xtc_add_tax.inc.php');

109

require_once(DIR_FS_INC . 'xtc_get_tax_rate.inc.php');

110

require_once(DIR_FS_INC . 'xtc_get_qty.inc.php');

111

require_once(DIR_FS_INC . 'xtc_product_link.inc.php');

112

require_once(DIR_FS_INC . 'xtc_cleanName.inc.php');

113

require_once(DIR_FS_INC . 'xtc_get_top_level_domain.inc.php');

114

require_once(DIR_FS_INC . 'html_encoding.php'); //new function for PHP5.4

115

require_once(DIR_FS_INC . 'xtc_backup_restore_configuration.php');

116

require_once(DIR_FS_INC . 'xtc_check_agent.inc.php');

117

require_once(DIR_FS_INC . 'xtc_parse_category_path.inc.php');

118

require_once(DIR_FS_INC . 'xtc_input_validation.inc.php');

119

require_once(DIR_FS_INC . 'xtc_get_category_path.inc.php');

120

121

foreach(auto_include(DIR_FS_ADMIN.'includes/extra/functions/','php') as $file) require ($file);

122

123

// design layout (wide of boxes in pixels) (default: 125)

124

define('BOX_WIDTH', 125);

125

126

// make a connection to the database... now

127

xtc_db_connect() or die('Unable to connect to database server!');

128

129

// set application wide parameters

130

define('DB_CACHE', 'false');

131

$duplicate_configuration = array();

132

$configuration_query = xtc_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION . '');

133

while ($configuration = xtc_db_fetch_array($configuration_query)) {

134

  if ($configuration['cfgKey'] != 'DB_CACHE' && $configuration['cfgKey'] != 'STORE_DB_TRANSACTIONS') {

135

    if (!defined($configuration['cfgKey'])) {

136

      define($configuration['cfgKey'], stripslashes($configuration['cfgValue']));

137

    } else {

138

      $duplicate_configuration[] = $configuration['cfgKey'];

foreach(auto_include(DIR_FS_ADMIN.'includes/extra/application_top/application_top_begin/','php') as $file) require ($file);

144

145

define('FILENAME_IMAGEMANIPULATOR',IMAGE_MANIPULATOR);

146

147

// initialize the logger class

148

require(DIR_WS_CLASSES . 'logger.php');

149

150

// shopping cart class

151

require(DIR_WS_CLASSES . 'shopping_cart.php');

152

153

// todo

154

require(DIR_WS_FUNCTIONS . 'general.php');

155

156

// define how the session functions will be used

157

require(DIR_WS_FUNCTIONS . 'sessions.php');

158

159

  // define our general functions used application-wide

160

require(DIR_WS_FUNCTIONS . 'html_output.php');

161

162

// set the type of request (secure or not)

163

if (file_exists(DIR_WS_INCLUDES . 'request_type.php')) {

164

  include (DIR_WS_INCLUDES . 'request_type.php');

165

} else {

166

  $request_type = 'NONSSL';

167

168

169

// set the top level domains

170

$http_domain_arr = xtc_get_top_level_domain(HTTP_SERVER);

171

$https_domain_arr = xtc_get_top_level_domain(HTTPS_SERVER);

172

$http_domain = $http_domain_arr['domain'];

173

$https_domain = $https_domain_arr['domain'];

174

$current_domain = (($request_type == 'NONSSL') ? $http_domain : $https_domain);

175

176

// set the top level domains to delete

177

$current_domain_delete = (($request_type == 'NONSSL') ? $http_domain_arr['delete'] : $https_domain_arr['delete']);

178

179

// set the session name and save path

180

// set the session cookie parameters

181

// set the session ID if it exists

182

// start the session

183

// Redirect search engines with session id to the same url without session id to prevent indexing session id urls

184

// check for Cookie usage

185

// check the Agent

186

include (DIR_FS_CATALOG.DIR_WS_MODULES.'set_session_and_cookie_parameters.php');

187

188

// verify the ssl_session_id if the feature is enabled

189

// verify the browser user agent if the feature is enabled

190

// verify the IP address if the feature is enabled

191

include (DIR_FS_CATALOG.DIR_WS_MODULES.'verify_session.php');

192

193

// set the language

194

include (DIR_FS_CATALOG.DIR_WS_MODULES.'set_language_sessions.php');

195

196

// include the language translations

197

require_once(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/'.$_SESSION['language'] . '.php');

198

require_once(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/buttons.php');

199

$current_page = basename($PHP_SELF);

200

if (is_file(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/' . $current_page)) {

201

  require_once(DIR_FS_LANGUAGES . $_SESSION['language'] . '/admin/' . $current_page);

202

203

204

// write customers status in session

205

require(DIR_FS_CATALOG.DIR_WS_INCLUDES.'write_customers_status.php');

206

207

// call from filemanager

208

if (defined('_IS_FILEMANAGER')) return;

209

210

// check permission

211

if (is_file(DIR_FS_ADMIN.$current_page) == false || $_SESSION['customers_status']['customers_status_id'] !== '0') {

212

  xtc_redirect(xtc_catalog_href_link(FILENAME_LOGIN));

213

214

215

// define our localization functions

216

require(DIR_WS_FUNCTIONS . 'localization.php');

217

218

// setup our boxes

219

require(DIR_WS_CLASSES . 'table_block.php');

220

require(DIR_WS_CLASSES . 'box.php');

221

222

// initialize the message stack for output messages

223

require(DIR_WS_CLASSES . 'message_stack.php');

224

$messageStack = new messageStack();

225

226

// verfiy CSRF Token

227

if (CSRF_TOKEN_SYSTEM == 'true') {

228

  require_once(DIR_FS_INC . 'csrf_token.inc.php');

229

230

231

// split-page-results

232

require(DIR_WS_CLASSES . 'split_page_results.php');

233

234

// entry/item info classes

235

require(DIR_WS_CLASSES . 'object_info.php');

236

237

// file uploading class

238

require(DIR_WS_CLASSES . 'upload.php');

239

240

// content, product, category - sql group_check/fsk_lock

241

require (DIR_FS_CATALOG.DIR_WS_INCLUDES.'define_conditions.php');

242

243

// add_select

244

require (DIR_FS_CATALOG.DIR_WS_INCLUDES.'define_add_select.php');

245

246

// calculate category path

247

$cPath = isset($_GET['cPath']) ? $_GET['cPath'] : '';

248

if (strlen($cPath) > 0) {

249

  $cPath_array = xtc_parse_category_path($cPath);

250

  $current_category_id = end($cPath_array);

251

} else {

252

  $current_category_id = 0;

253

254

255

// check if a default currency is set

256

if (!defined('DEFAULT_CURRENCY')) {

257

  $messageStack->add(ERROR_NO_DEFAULT_CURRENCY_DEFINED, 'error');

258

259

260

// check if a default language is set

261

if (!defined('DEFAULT_LANGUAGE')) {

262

  $messageStack->add(ERROR_NO_DEFAULT_LANGUAGE_DEFINED, 'error');

263

264

265

// for Customers Status

266

xtc_get_customers_statuses();

267

268

$pagename = strtok($current_page, '.');

269

if (!isset($_SESSION['customer_id'])) {

270

  xtc_redirect(xtc_catalog_href_link(FILENAME_LOGIN));

271

272

273

xtc_check_permission($pagename);

274

275

// set which precautions should be checked

276

defined('WARN_CONFIG_WRITEABLE') OR define('WARN_CONFIG_WRITEABLE', 'true');

277

defined('WARN_FILES_WRITEABLE') OR define('WARN_FILES_WRITEABLE', 'true');

278

defined('WARN_DIRS_WRITEABLE') OR define('WARN_DIRS_WRITEABLE', 'true');

279

280

foreach(auto_include(DIR_FS_ADMIN.'includes/extra/application_top/application_top_end/','php') as $file) require ($file);

281

282

//compatibility for modified eCommerce Shopsoftware 1.06 files

283

defined('DIR_WS_BASE') OR define('DIR_WS_BASE', '');

284

?>

Projekt

Allgemein

Profil

Modified 2.0.6.0: Testmodus für Entwickler

testmodus / admin / includes / application_top.php @ 3