CHANGELOG 3.0.12 - 3.0.13
Produced: 17/10/2006 12:06:48

Mode: Differences with Context
Left: CubeCart 3.0.12
Right: CubeCart 3.0.13

File: admin\customers\index.php

71	$record["town"] = $db->mySQLSafe($_POST['town']);	=	71	$record["town"] = $db->mySQLSafe($_POST['town']);
72	$record["postcode"] = $db->mySQLSafe($_POST['postcode']);		72	$record["postcode"] = $db->mySQLSafe($_POST['postcode']);
73	$record["county"] = $db->mySQLSafe($_POST['county']);		73	$record["county"] = $db->mySQLSafe($_POST['county']);
74	$record["country"] = $db->mySQLSafe($_POST['country']);		74	$record["country"] = $db->mySQLSafe($_POST['country']);
75	$record["phone"] = $db->mySQLSafe($_POST['phone']);		75	$record["phone"] = $db->mySQLSafe($_POST['phone']);
76			76
77	$zoneId = $db->select("SELECT * FROM ".$glob['dbprefix']."CubeCart_iso_counties WHERE (abbrev LIKE '".addslashes_gpc($_POST['county'])."' OR name LIKE '".addslashes_gpc($_POST['county'])."')");	<>	77	$zoneId = $db->select("SELECT * FROM ".$glob['dbprefix']."CubeCart_iso_counties WHERE (abbrev LIKE ".$db->mySQLSafe($_POST['county'])." OR name LIKE ".$db->mySQLSafe($_POST['county']).")");
78		=	78
79	if($zoneId[0]['id']>0){		79	if($zoneId[0]['id']>0){
80			80
81	$record["zoneId"] = $zoneId[0]['id'];		81	$record["zoneId"] = $zoneId[0]['id'];
82			82
83	} else {		83	} else {

File: admin\docs\home.php

56	if(isset($_POST['copy']) && !empty($_POST['copy'])){	=	56	if(isset($_POST['copy']) && !empty($_POST['copy'])){
57	include("../../language/".$_GET['homeLang']."/home.inc.php");		57	include("../../language/".$_GET['homeLang']."/home.inc.php");
58			58
59	$postVars['enabled'] = $_POST['enabled'];		59	$postVars['enabled'] = $_POST['enabled'];
60	$postVars['title'] = $_POST['title'];		60	$postVars['title'] = $_POST['title'];
61	$postVars['copy'] = $_POST['copy'];		61	$postVars['copy'] = $_POST['copy'];
62	$msg = writeConf($postVars,$GLOBALS['rootDir']."/language/".$_GET['homeLang']."/home.inc.php", $home, "home");	<>	62	$msg = writeConf($postVars,$GLOBALS['rootDir']."/language/".preg_replace('/[^a-zA-Z0-9_\-\+]/', '',$_GET['homeLang'])."/home.inc.php", $home, "home");
63		=	63
64	} // end if copy is set and not empty		64	} // end if copy is set and not empty
65	// read file		65	// read file
66	include("../../language/".$_GET['homeLang']."/home.inc.php");		66	include("../../language/".$_GET['homeLang']."/home.inc.php");
67	?>		67	?>
68	<p class="pageTitle"><?php echo $lang['admin']['docs']['homepage']; ?></p>		68	<p class="pageTitle"><?php echo $lang['admin']['docs']['homepage']; ?></p>

File: admin\filemanager\index.php

43	}	=	43	}
44	include("../includes/header.inc.php");		44	include("../includes/header.inc.php");
45			45
46	if(isset($_GET['unlink']) && !empty($_GET['unlink'])){		46	if(isset($_GET['unlink']) && !empty($_GET['unlink'])){
47			47
48	// check for dependancies		48	// check for dependancies
49	$file = urldecode($_GET['unlink']);	<>	49	$file = treatGet(urldecode($_GET['unlink']));
50	$imageName = str_replace(array($GLOBALS['rootRel']."images/uploads/thumbs/thumb_",$GLOBALS['rootRel']."images/uploads/"),"",$file);	=	50	$imageName = str_replace(array($GLOBALS['rootRel']."images/uploads/thumbs/thumb_",$GLOBALS['rootRel']."images/uploads/"),"",$file);
51			51
52	$query = "SELECT ".$glob['dbprefix']."CubeCart_inventory.image, ".$glob['dbprefix']."CubeCart_category.cat_image FROM ".$glob['dbprefix']."CubeCart_inventory, ".$glob['dbprefix']."CubeCart_category WHERE image = '".$imageName."' OR cat_image = '".$imageName."'";		52	$query = "SELECT ".$glob['dbprefix']."CubeCart_inventory.image, ".$glob['dbprefix']."CubeCart_category.cat_image FROM ".$glob['dbprefix']."CubeCart_inventory, ".$glob['dbprefix']."CubeCart_category WHERE image = '".$imageName."' OR cat_image = '".$imageName."'";
53	$results = $db->select($query);		53	$results = $db->select($query);
54			54
55	$query = "SELECT doc_id FROM ".$glob['dbprefix']."CubeCart_docs WHERE doc_content LIKE '%".$imageName."%'";		55	$query = "SELECT doc_id FROM ".$glob['dbprefix']."CubeCart_docs WHERE doc_content LIKE '%".$imageName."%'";

File: admin\includes\auth.inc.php

25	\| auth.inc.php	=	25	\| auth.inc.php
26	\| ========================================		26	\| ========================================
27	\| Admin Authentication and Permissions		27	\| Admin Authentication and Permissions
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$sessionDomain = substr($GLOBALS['rootRel'],0, strlen($GLOBALS['rootRel'])-1);		36	$sessionDomain = substr($GLOBALS['rootRel'],0, strlen($GLOBALS['rootRel'])-1);
37	@ini_set("session.cookie_path",$sessionDomain);		37	@ini_set("session.cookie_path",$sessionDomain);
38	if($glob['rootRel']=="/"){		38	if($glob['rootRel']=="/"){
39	$sessionName = "ccSID";		39	$sessionName = "ccSID";
40	} else {		40	} else {
41	$sessionName = "ccSID-".md5($glob['rootRel']);	<>	41	$sessionName = "ccSID".md5($glob['rootRel']);
42	}	=	42	}
43			43
44	session_name($sessionName);		44	session_name($sessionName);
45	session_start();		45	session_start();
46			46
47	if(!isset($_SESSION['ccAdmin'])){		47	if(!isset($_SESSION['ccAdmin'])){

File: admin\includes\currencyVars.inc.php

24	+--------------------------------------------------------------------------	=	24	+--------------------------------------------------------------------------
25	\| currencyVars.inc.php		25	\| currencyVars.inc.php
26	\| ========================================		26	\| ========================================
27	\| Currency Vars		27	\| Currency Vars
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	30	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
32	exit;		32	exit;
33	}		33	}
34			34
35	$query = "SELECT value, symbolLeft, symbolRight, decimalPlaces, name FROM ".$glob['dbprefix']."CubeCart_currencies WHERE code=".$db->mySQLSafe($config['defaultCurrency']);		35	$query = "SELECT value, symbolLeft, symbolRight, decimalPlaces, name FROM ".$glob['dbprefix']."CubeCart_currencies WHERE code=".$db->mySQLSafe($config['defaultCurrency']);
36	$currencyVars = $db->select($query);		36	$currencyVars = $db->select($query);
37	?>		37	?>

File: admin\includes\footer.inc.php

24	+--------------------------------------------------------------------------	=	24	+--------------------------------------------------------------------------
25	\| footer.inc.php		25	\| footer.inc.php
26	\| ========================================		26	\| ========================================
27	\| Admin Footer		27	\| Admin Footer
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	30	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
32	exit;		32	exit;
33	}		33	}
34			34
35	if(isset($_SESSION['ccAdmin'])){ ?>		35	if(isset($_SESSION['ccAdmin'])){ ?>
36	</div>		36	</div>

File: admin\includes\header.inc.php

24	+--------------------------------------------------------------------------	=	24	+--------------------------------------------------------------------------
25	\| header.inc.php		25	\| header.inc.php
26	\| ========================================		26	\| ========================================
27	\| Admin Header		27	\| Admin Header
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	30	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
32	exit;		32	exit;
33	}		33	}
34	?>		34	?>
35	<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">		35	<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
36	<html xmlns="http://www.w3.org/1999/xhtml">		36	<html xmlns="http://www.w3.org/1999/xhtml">

File: admin\includes\navigation.inc.php

24	+--------------------------------------------------------------------------	=	24	+--------------------------------------------------------------------------
25	\| navigation.inc.php		25	\| navigation.inc.php
26	\| ========================================		26	\| ========================================
27	\| Admin Navigation links		27	\| Admin Navigation links
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	30	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
32	exit;		32	exit;
33	}		33	}
34	$link401 = "href=\"javascript:alert('".$lang['admin']['nav']['permission_error']."');\" class=\"txtNullLink\"";		34	$link401 = "href=\"javascript:alert('".$lang['admin']['nav']['permission_error']."');\" class=\"txtNullLink\"";
35	?>		35	?>
36	<table width="180" border="0" cellspacing="0" cellpadding="0">		36	<table width="180" border="0" cellspacing="0" cellpadding="0">

File: admin\misc\info.php

2	include("../../includes/global.inc.php");	=	2	include("../../includes/global.inc.php");
3	$sessionDomain = substr($GLOBALS['rootRel'],0, strlen($GLOBALS['rootRel'])-1);		3	$sessionDomain = substr($GLOBALS['rootRel'],0, strlen($GLOBALS['rootRel'])-1);
4			4
5	if($glob['rootRel']=="/"){		5	if($glob['rootRel']=="/"){
6	$sessionName = "ccSID";		6	$sessionName = "ccSID";
7	} else {		7	} else {
8	$sessionName = "ccSID-".md5($glob['rootRel']);	<>	8	$sessionName = "ccSID".md5($glob['rootRel']);
9	}	=	9	}
10			10
11	session_name($sessionName);		11	session_name($sessionName);
12	@ini_set("session.cookie_path",$sessionDomain);		12	@ini_set("session.cookie_path",$sessionDomain);
13	session_start();		13	session_start();
14			14
15	if(isset($_SESSION['ccAdmin'])){		15	if(isset($_SESSION['ccAdmin'])){
16	echo phpinfo();		16	echo phpinfo();
17	}		17	}
18	?>		18	?>

File: admin\modules\gateway\HSBC\index.php

         $msg = writeDbConf($_POST['module'], $_GET['folder'], $module);
 }
 $module = fetchDbConfig($_GET['folder']);
 ?>
-<p><a href="https://secure-epayments.hsbc.com/"><img src="logo.gif" alt="" border="0" /></a></p>
+<p><a href="https://secure-epayments.hsbc.com/" target="_blank"><img src="logo.gif" alt="" border="0" /></a></p>
 <?php
 if(isset($msg)){
         echo $msg;
 }
 ?>
 <form action="<?php echo $GLOBALS['rootRel'];?>admin/modules/<?php echo $_GET['module']; ?>/<?php echo $_GET['folder']; ?>/index.php?module=<?php echo $_GET['module']; ?>&amp;folder=<?php echo $_GET['folder']; ?>" method="post" enctype="multipart/form-data">
 <table border="0" cellspacing="0" cellpadding="3" class="mainTable">
   <tr>
-    <td colspan="2" class="tdTitle">Configuration Settings </td>
+    <td colspan="3" class="tdTitle">Configuration Settings </td>
   </tr>
   <tr>
     <td align="left" class="tdText"><strong>Status:</strong></td>
     <td class="tdText">
         <select name="module[status]">
                 <option value="1" <?php if($module['status']==1) echo "selected='selected'"; ?>>Enabled</option>
                 <option value="0" <?php if($module['status']==0) echo "selected='selected'"; ?>>Disabled</option>
     </select>
         </td>
-  </tr>
+        <td></td>
-  <tr>
-  <td align="left" class="tdText"><strong>Description:</strong></td>
-    <td class="tdText"><input type="text" name="module[desc]" value="<?php echo $module['desc']; ?>" class="textbox" size="30" /></td>
   </tr>
-  <tr>
-  <td align="left" class="tdText"><strong>Client ID:</strong></td>
-    <td class="tdText"><input type="text" name="module[acNo]" value="<?php echo $module['acNo']; ?>" class="textbox" size="30" /></td>
-  </tr>
-  <tr>
-  <td align="left" class="tdText"><strong>User ID:</strong></td>
-    <td class="tdText"><input type="text" name="module[userID]" value="<?php echo $module['userID']; ?>" class="textbox" size="30" /></td>
-  </tr>
-    <tr>
-  <td align="left" class="tdText"><strong>Password:</strong></td>
-    <td class="tdText"><input type="text" name="module[passPhrase]" value="<?php echo $module['passPhrase']; ?>" class="textbox" size="30" /></td>
-  </tr>
-    <tr>
-      <td align="left" class="tdText"><strong>Gateway URL: </strong></td>
-      <td class="tdText"><input type="text" name="module[url]" value="<?php echo $module['url']; ?>" class="textbox" size="30" /></td>
-    </tr>
     <tr>
   <td align="left" class="tdText"><strong>Default:</strong></td>
       <td class="tdText">
         <select name="module[default]">
                 <option value="1" <?php if($module['default'] == 1) echo "selected='selected'"; ?>>Yes</option>
                 <option value="0" <?php if($module['default'] == 0) echo "selected='selected'"; ?>>No</option>
         </select>
         </td>
   </tr>
-    <tr>
+  <tr>
   <td align="left" class="tdText"><strong>Test Mode:</strong></td>
       <td class="tdText">
         <select name="module[test]">
                 <option value="1" <?php if($module['test'] == 1) echo "selected='selected'"; ?>>On (Approved)</option>
                 <option value="2" <?php if($module['test'] == 2) echo "selected='selected'"; ?>>On (Declined)</option>
                 <option value="0" <?php if($module['test'] == 0) echo "selected='selected'"; ?>>Off</option>
         </select>
         </td>
   </tr>
+  <tr><td colspan="3"><hr /></td></tr>
   <tr>
+  <td align="left" class="tdText"><strong>Description:</strong></td>
+    <td class="tdText"><input type="text" name="module[desc]" value="<?php echo $module['desc']; ?>" class="textbox" size="30" /></td>
+    <td class="tdText">This is the description for the payment option offered to the client</td>
+  </tr>
+  <tr>
+  <td align="left" class="tdText"><strong>Client ID:</strong></td>
+    <td class="tdText"><input type="text" name="module[acNo]" value="<?php echo $module['acNo']; ?>" class="textbox" size="30" /></td>
+    <td class="tdText">This is your HSBC Client ID found in the header of Secure ePayments after logging in</td>
+  </tr>
+  <tr>
+  <td align="left" class="tdText"><strong>User ID:</strong></td>
+    <td class="tdText"><input type="text" name="module[userID]" value="<?php echo $module['userID']; ?>" class="textbox" size="30" /></td>
+    <td class="tdText">This is your HSBC User ID as used to login to Secure ePayments</td>
+  </tr>
+    <tr>
+  <td align="left" class="tdText"><strong>Password:</strong></td>
+    <td class="tdText"><input type="text" name="module[passPhrase]" value="<?php echo $module['passPhrase']; ?>" class="textbox" size="30" /></td>
+    <td class="tdText">This is your HSBC Password as used to login to Secure ePayments</td>
+  </tr>
+    <tr>
+      <td align="left" class="tdText"><strong>Gateway Path: </strong></td>
+      <td class="tdText"><input type="text" name="module[url]" value="<?php echo $module['url']; ?>" class="textbox" size="30" /></td>
+      <td class="tdText">This should be set to: www.secure-epayments.apixml.hsbc.com</td>
+    </tr>
+    <tr><td colspan="3"><hr /></td></tr>
+    <tr>
+      <td align="left" class="tdText"><strong>PAS Path: </strong></td>
+      <td class="tdText"><input type="text" name="module[pas]" value="<?php echo $module['pas']; ?>" class="textbox" size="30" /></td>
+      <td class="tdText">This should be set to: www.ccpa.hsbc.com/ccpa</td>
+    </tr>
+    <tr>
+      <td align="left" class="tdText"><strong>AVS Check: </strong></td>
+      <td class="tdText">
+        <select name="module[avs]">
+                <option value="1" <?php if($module['avs'] == 1) echo "selected='selected'"; ?>>On</option>
+                <option value="0" <?php if($module['avs'] == 0) echo "selected='selected'"; ?>>Off</option>
+        </select>
+      </td>
+      <td class="tdText">It is advised to only ship goods to the cardholder's address. Enabling this function increases security by checking the card against the supplied address and postcode.</td>
+    </tr>
+    <tr>
+      <td align="left" class="tdText"><strong>AVS Message: </strong></td>
+      <td class="tdText"><textarea name="module[avstext]"><?php echo $module['avstext']; ?></textarea></td>
+      <td class="tdText">Example:<br /><br />Please Note: We can only ship your order to the Card Holder's Registered Address. Should you wish to ship to another location (e.g. your office), you will need to call us on 0845-123-4567 to complete your order.</td>
+    </tr>
+  <tr>
     <td align="right" class="tdText">&nbsp;</td>
     <td class="tdText"><input type="submit" class="submit" value="Edit Config" /></td>
   </tr>
 </table>
 </form>
 <?php include("../../../includes/footer.inc.php"); ?>

File: admin\products\extraCats.php

101	<head>	=	101	<head>
102	<title><?php echo $lang['admin']['products']['title_extraCats'];?></title>		102	<title><?php echo $lang['admin']['products']['title_extraCats'];?></title>
103	<link rel="stylesheet" type="text/css" href="../styles/style.css">		103	<link rel="stylesheet" type="text/css" href="../styles/style.css">
104	</head>		104	</head>
105	<body>		105	<body>
106	<p class="pageTitle"><?php echo $lang['admin']['products']['manage_cats'];?> - <?php echo $_GET['name']; ?></p>		106	<p class="pageTitle"><?php echo $lang['admin']['products']['manage_cats'];?> - <?php echo $_GET['name']; ?></p>
107	<p class="copyText"><strong><?php echo $lang['admin']['products']['master_cat'];?></strong> <span class="txtDir"><?php echo getCatDir(urldecode($_GET['cat_name']),$_GET['cat_father_id'], $_GET['cat_id']);?></span></p>	<>	107	<p class="copyText"><strong><?php echo $lang['admin']['products']['master_cat'];?></strong> <span class="txtDir"><?php echo getCatDir(treatGet(urldecode($_GET['cat_name'])),treatGet($_GET['cat_father_id']), treatGet($_GET['cat_id']));?></span></p>
108	<?php if(isset($msg)){ echo stripslashes($msg); }?>	=	108	<?php if(isset($msg)){ echo stripslashes($msg); }?>
109	<p align="right" class="copyText"><?php echo $pagination; ?></p>		109	<p align="right" class="copyText"><?php echo $pagination; ?></p>
110	<table border="0" width="100%" cellspacing="0" cellpadding="3" class="mainTable">		110	<table border="0" width="100%" cellspacing="0" cellpadding="3" class="mainTable">
111	<tr>		111	<tr>
112	<td class="tdTitle">Category</td>		112	<td class="tdTitle">Category</td>
113	<td align="center" class="tdTitle">Action</td>		113	<td align="center" class="tdTitle">Action</td>

File: admin\products\index.php

100	$filename .= date("dMy").".txt";	=	100	$filename .= date("dMy").".txt";
101	header('Pragma: private');		101	header('Pragma: private');
102	header('Cache-control: private, must-revalidate');		102	header('Cache-control: private, must-revalidate');
103	header("Content-Disposition: attachment; filename=".$filename);		103	header("Content-Disposition: attachment; filename=".$filename);
104	header("Content-type: text/plain");		104	header("Content-type: text/plain");
105	header("Content-type: application/octet-stream");		105	header("Content-type: application/octet-stream");
106	header("Content-length: ".strlen($contentLength));	<>	106	header("Content-length: ".$contentLength);
107	header("Content-Transfer-Encoding: binary");	=	107	header("Content-Transfer-Encoding: binary");
108	echo $content;		108	echo $content;
109	exit;		109	exit;
110	}		110	}
111			111
112	} elseif(isset($_GET['delete']) && $_GET["delete"]>0){		112	} elseif(isset($_GET['delete']) && $_GET["delete"]>0){

File: admin\login.php

35	$config = fetchDbConfig("config");	=	35	$config = fetchDbConfig("config");
36			36
37	include_once("../language/".$config['defaultLang']."/lang.inc.php");		37	include_once("../language/".$config['defaultLang']."/lang.inc.php");
38	$enableSSl = 1;		38	$enableSSl = 1;
39	include_once("../includes/sslSwitch.inc.php");		39	include_once("../includes/sslSwitch.inc.php");
40			40
41	$sessionDomain = substr($GLOBALS['rootRel'],0, strlen($GLOBALS['rootRel'])-1);	+-
42	@ini_set("session.cookie_path",$sessionDomain);
43	if($glob['rootRel']=="/"){	=	41	if($glob['rootRel']=="/"){
44	$sessionName = "ccSID";		42	$sessionName = "ccSID";
45	} else {		43	} else {
46	$sessionName = "ccSID-".md5($glob['rootRel']);	<>	44	$sessionName = "ccSID".md5($glob['rootRel']);
47	}	=	45	}
48			46
49	session_name($sessionName);		47	session_name($sessionName);
		-+	48	$sessionDomain = substr($GLOBALS['rootRel'],0, strlen($GLOBALS['rootRel'])-1);
			49	@ini_set("session.cookie_path",$sessionDomain);
50	session_start();	=	50	session_start();
51	$_SESSION['ccAdminPath'] = $GLOBALS['rootRel'];		51	$_SESSION['ccAdminPath'] = $GLOBALS['rootRel'];
52			52
53	if (isset($_POST['username']) && isset($_POST['password'])){		53	if (isset($_POST['username']) && isset($_POST['password'])){
54			54
55	$query = sprintf("SELECT adminId FROM ".$glob['dbprefix']."CubeCart_admin_users WHERE username = %s AND password = %s", $db->mySQLSafe($_POST['username']), $db->mySQLSafe(md5($_POST['password'])));	<>	55	$query = sprintf("SELECT adminId FROM ".$glob['dbprefix']."CubeCart_admin_users WHERE username = %s AND password = %s AND failLevel < %s AND blockTime < %s", $db->mySQLSafe($_POST['username']), $db->mySQLSafe(md5($_POST['password'])),$ini['bfattempts'],time());
56		=	56
57	$result = $db->select($query);		57	$result = $db->select($query);
58			58
59	// insert admin session log	<>	59	// data for admin session log
60	$data["username"] = $db->mySQLSafe($_POST['username']);	=	60	$data["username"] = $db->mySQLSafe($_POST['username']);
61	$data["time"] = time();		61	$data["time"] = time();
62	$data["ipAddress"] = $db->mySQLSafe($_SERVER['REMOTE_ADDR']);		62	$data["ipAddress"] = $db->mySQLSafe($_SERVER['REMOTE_ADDR']);
		<>	63
63	if($result == TRUE) {		64	if($result == TRUE)
			65	{
			66	// First level of brute force attack prevention
			67	if($db->blocker($_POST['username'],$ini['bfattempts'],$ini['bftime'],TRUE,"b")==TRUE)
			68	{
			69	$blocked = TRUE;
			70	}
			71	else
			72	{
			73
64	$data["success"] = 1;	=	74	$data["success"] = 1;
		<>	75	// Reset fail level
			76	$newdata['failLevel'] = 0;
			77	$newdata['blockTime'] = 0;
			78	$newdata['noLogins'] = "noLogins+1";
			79
			80	$db->update($glob['dbprefix']."CubeCart_admin_users", $newdata, "adminId=".$result[0]['adminId'],$stripQuotes="");
			81
			82	}
			83
			84	}
65	} else {		85	else
			86	{
			87	// First level of brute force attack prevention
			88	$blocked = $db->blocker($_POST['username'],$ini['bfattempts'],$ini['bftime'],FALSE,"b");
			89
			90	if($blocked==FALSE)
			91	{
			92
66	$data["success"] = 0;	=	93	$data["success"] = 0;
67	}	<>	94
68	$insert = $db->insert($glob['dbprefix']."CubeCart_admin_sessions", $data);		95	// check user exists
			96	$query = sprintf("SELECT adminId, failLevel, blockTime, username, lastTime FROM ".$glob['dbprefix']."CubeCart_admin_users WHERE username = %s",
			97	$db->mySQLSafe($_POST['username']));
			98
			99	$user = $db->select($query);
			100
			101	// Second level of brute force attack prevention
			102	if($user==TRUE)
			103	{
			104
			105	if($user[0]['blockTime']>0 && $user[0]['blockTime']<time())
			106	{
			107	// reset fail level and time
			108	$newdata['failLevel'] = 1;
			109	$newdata['blockTime'] = 0;
			110	}
			111	elseif($user[0]['failLevel']==($ini['bfattempts']-1))
			112	{
			113
			114	$timeAgo = time() - $ini['bftime'];
			115
			116	if($user[0]['lastTime']<$timeAgo)
			117	{
			118	$newdata['failLevel'] = 1;
			119	$newdata['blockTime'] = 0;
			120	}
			121	else
			122	{
			123
			124	// block the account
			125	$newdata['failLevel'] = $ini['bfattempts'];
			126	$newdata['blockTime'] = time()+$ini['bftime'];
			127
			128	}
			129
			130	}
			131	elseif($user[0]['blockTime']<time())
			132	{
			133
			134	$timeAgo = time() - $ini['bftime'];
			135	if($user[0]['lastTime']<$timeAgo)
			136	{
			137	$newdata['failLevel'] = 1;
			138	}
			139	else
			140	{
			141	// set fail level + 1
			142	$newdata['failLevel'] = $user[0]['failLevel']+1;
			143	}
			144
			145	$newdata['blockTime'] = 0;
			146	}
			147	else
			148	{
			149	$msg = "<p class='warnText'>".sprintf($lang['admin']['other']['blocked'],($ini['bftime']/60))."</p>";
			150	$blocked = TRUE;
			151	}
			152
			153	if(is_array($newdata))
			154	{
			155	$newdata['lastTime'] = time();
			156	$db->update($glob['dbprefix']."CubeCart_admin_users", $newdata, "adminId=".$user[0]['adminId'],$stripQuotes="");
			157	}
			158
			159	}
			160
			161	}
			162	else
			163	{
			164	// login failed message
			165	$msg = "<p class='warnText'>".$lang['admin']['other']['login_failed']."</p>";
			166
			167	}
			168
			169	}
69		=	170
		<>	171	if($blocked==TRUE)
			172	{
			173	$msg = "<p class='warnText'>".sprintf($lang['admin']['other']['blocked'],sprintf("%.0f",($ini['bftime']/60)))."</p>";
			174	}
			175	else
			176	{
			177
			178	$insert = $db->insert($glob['dbprefix']."CubeCart_admin_sessions", $data);
			179
70	// if there is over max amount of login records delete last one		180	// if there is over max amount of login records delete last one
71	// this prevents database attacks of bloating		181	// this prevents database attacks of bloating
72	if($db->numrows("SELECT loginId FROM ".$glob['dbprefix']."CubeCart_admin_sessions")>250){		182	if($db->numrows("SELECT loginId FROM ".$glob['dbprefix']."CubeCart_admin_sessions")>250)
			183	{
73	$loginId = $db->select("SELECT min(loginId) as id FROM ".$glob['dbprefix']."CubeCart_admin_sessions");		184	$loginId = $db->select("SELECT min(loginId) as id FROM ".$glob['dbprefix']."CubeCart_admin_sessions");
74	$db->delete($glob['dbprefix']."CubeCart_admin_sessions","loginId='".$loginId[0]['id']."'");		185	$db->delete($glob['dbprefix']."CubeCart_admin_sessions","loginId='".$loginId[0]['id']."'");
			186	}
			187
75	}	=	188	}
76			189
		<>	190
77	if($result == TRUE) {		191	if($result == TRUE && $blocked==FALSE) {
78		=	192
79	$_SESSION['ccAdmin'] = $result[0]['adminId'];		193	$_SESSION['ccAdmin'] = $result[0]['adminId'];
80			194
81	// update no logins	+-
82	$increment['noLogins'] = "noLogins+1";
83	$result = $db->update($glob['dbprefix']."CubeCart_admin_users", $increment, "adminId=".$result[0]['adminId'],$stripQuotes="");
84
85	if(isset($_GET['goto']) && !empty($_GET['goto'])){	=	195	if(isset($_GET['goto']) && !empty($_GET['goto'])){
86	header("Location: ".urldecode(treatGet($_GET['goto'])));	<>	196	header("Location: ".treatGet(urldecode($_GET['goto'])));
87	exit;	=	197	exit;
88	} else {		198	} else {
89	header("Location: ".$GLOBALS['rootRel']."admin/index.php");		199	header("Location: ".$GLOBALS['rootRel']."admin/index.php");
90	exit;		200	exit;
91	}		201	}
92			202
93	} else {	+-
94
95	$msg = "<p class='warnText'>".$lang['admin']['other']['login_failed']."</p>";
96
97	}	=	203	}
		<>	204
98	}	=	205	}
99	if(isset($_GET['email'])){		206	if(isset($_GET['email'])){
100	$msg = "<p class='infoText'>".$lang['admin']['other']['new_pass_sent']." ".urldecode(treatGet($_GET['email']))."</p>";	<>	207	$msg = "<p class='infoText'>".$lang['admin']['other']['new_pass_sent']." ".treatGet(urldecode($_GET['email']))."</p>";
101	}	=	208	}
102	?>		209	?>
103	<?php include("includes/header.inc.php"); ?>		210	<?php include("includes/header.inc.php"); ?>
104	<?php if(isset($msg)){ ?>		211	<?php if(isset($msg)){ ?>
105	<?php echo stripslashes($msg); ?>		212	<?php echo stripslashes($msg); ?>
106	<?php		213	<?php
107	} elseif(!isset($_SESSION['ccAdmin']) && !isset($_POST['username']) && !isset($_POST['password'])){ ?>		214	} elseif(!isset($_SESSION['ccAdmin']) && !isset($_POST['username']) && !isset($_POST['password'])){ ?>
108	<p class="infoText"><?php echo $lang['admin']['other']['no_admin_sess'];?></p>		215	<p class="infoText"><?php echo $lang['admin']['other']['no_admin_sess'];?></p>
109	<?php } elseif (isset($_POST['username']) && isset($_POST['password'])){ ?>		216	<?php } elseif (isset($_POST['username']) && isset($_POST['password'])){ ?>
110	<p class="warnText"><?php echo $lang['admin']['other']['login_fail_2'];?></p>		217	<p class="warnText"><?php echo $lang['admin']['other']['login_fail_2'];?></p>
111	<?php } ?>		218	<?php } ?>
		<>	219	<!--<p class="warnText"><?php echo $lang['admin']['other']['login_failed'];?></p>-->
112	<form action="<?php echo $GLOBALS['rootRel'];?>admin/login.php?goto=<?php echo $_GET['goto']; ?>" method="post" enctype="multipart/form-data" name="ccAdminLogin" target="_self">		220	<form action="<?php echo $GLOBALS['rootRel'];?>admin/login.php?goto=<?php echo treatGet($_GET['goto']); ?>" method="post" enctype="multipart/form-data" name="ccAdminLogin" target="_self">
113	<div style="margin: auto; width: 250px; padding-bottom: 10px;"><a href="index.php"><img src="<?php echo $GLOBALS['rootRel']; ?>admin/images/ccAdminLogo.gif" alt="" width="177" height="96" border="0" title="" /></a></div>	=	221	<div style="margin: auto; width: 250px; padding-bottom: 10px;"><a href="index.php"><img src="<?php echo $GLOBALS['rootRel']; ?>admin/images/ccAdminLogo.gif" alt="" width="177" height="96" border="0" title="" /></a></div>
114	<table border="0" align="center" width="224" cellpadding="4" cellspacing="0" class="mainTable">		222	<table border="0" align="center" width="224" cellpadding="4" cellspacing="0" class="mainTable">
115	<tr>		223	<tr>
116	<td colspan="2" class="tdTitle"><?php echo $lang['admin']['other']['login_below'];?></td>		224	<td colspan="2" class="tdTitle"><?php echo $lang['admin']['other']['login_below'];?></td>
117	</tr>		225	</tr>
118	<tr>		226	<tr>

121	</tr>	=	229	</tr>
122	<tr>		230	<tr>
123	<td class="tdText"><?php echo $lang['admin']['other']['password'];?></td>		231	<td class="tdText"><?php echo $lang['admin']['other']['password'];?></td>
124	<td><input name="password" type="password" id="password" class="textbox" /></td>		232	<td><input name="password" type="password" id="password" class="textbox" /></td>
125	</tr>		233	</tr>
126	<tr>		234	<tr>
		-+	235	<td class="tdText"><?php echo $lang['admin']['other']['ip'];?></td>
			236	<td class="tdText"><?php echo $_SERVER['REMOTE_ADDR']; ?></td>
			237	</tr>
			238	<tr>
127	<td> </td>	=	239	<td> </td>
128	<td><a href="requestPass.php" class="txtLink"><?php echo $lang['admin']['other']['request_pass'];?></a> </td>		240	<td><a href="requestPass.php" class="txtLink"><?php echo $lang['admin']['other']['request_pass'];?></a> </td>
129	</tr>		241	</tr>
130	<tr>		242	<tr>
131	<td> </td>		243	<td> </td>
132	<td>		244	<td>
133	<input name="login" type="submit" id="login" value="<?php echo $lang['admin']['other']['login'];?>" class="submit" />	<>	245	<input name="login" type="submit" id="login" value="<?php echo $lang['admin']['other']['login'];?>" class="submit" /> </td>
134	</td>
135	</tr>	=	246	</tr>
136	</table>		247	</table>
137	</form>		248	</form>
138	<div style="margin: auto; width: 224px; padding-top: 10px; text-align: right;" class="copyText">Copyright <a href="http://www.devellion.com" target="_blank" class="txtLink">Devellion Limited</a> 2005.<br />All rights reserved.</div>		249	<div style="margin: auto; width: 224px; padding-top: 10px; text-align: right;" class="copyText">Copyright <a href="http://www.devellion.com" target="_blank" class="txtLink">Devellion Limited</a> 2005.<br />All rights reserved.</div>
139	<?php include("includes/footer.inc.php"); ?>		250	<?php include("includes/footer.inc.php"); ?>

File: admin\logout.php

40		=	40
41	$sessionDomain = substr($GLOBALS['rootRel'],0, strlen($GLOBALS['rootRel'])-1);		41	$sessionDomain = substr($GLOBALS['rootRel'],0, strlen($GLOBALS['rootRel'])-1);
42	@ini_set("session.cookie_path",$sessionDomain);		42	@ini_set("session.cookie_path",$sessionDomain);
43	if($glob['rootRel']=="/"){		43	if($glob['rootRel']=="/"){
44	$sessionName = "ccSID";		44	$sessionName = "ccSID";
45	} else {		45	} else {
46	$sessionName = "ccSID-".md5($glob['rootRel']);	<>	46	$sessionName = "ccSID".md5($glob['rootRel']);
47	}	=	47	}
48			48
49	session_name($sessionName);		49	session_name($sessionName);
50	session_start();		50	session_start();
51			51
52	unset($_SESSION['ccAdmin']);		52	unset($_SESSION['ccAdmin']);

File: classes\db.inc.php

287	}	=	287	}
288	$value = $quote . $value . $quote;		288	$value = $quote . $value . $quote;
289			289
290	return $value;		290	return $value;
291	}		291	}
292			292
		-+	293	// This function has been built to prevent brute force attacks
			294	function blocker($user, $level, $time, $login, $loc)
			295	{
			296
			297	global $glob;
			298
			299	$expireTime = time()-($time*5);
			300
			301	$this->delete($glob['dbprefix']."CubeCart_blocker","lastTime<".$expireTime);
			302
			303	$query = "SELECT * FROM ".$glob['dbprefix']."CubeCart_blocker WHERE `browser` = ".$this->mySQLSafe($_SERVER['HTTP_USER_AGENT'])." AND `ip` = ".$this->mySQLSafe($_SERVER['REMOTE_ADDR'])." AND `loc`= '".$loc."'";
			304
			305	$blackList = $this->select($query);
			306
			307	if($blackList==TRUE && $blackList[0]['blockTime']>time())
			308	{
			309	// do nothing the user is still banned
			310	return TRUE;
			311	}
			312	elseif($blackList==TRUE && $blackList[0]['blockTime']>0 && $blackList[0]['blockTime']<time() && $blackList[0]['blockLevel']==$level)
			313	{
			314	// delete the db row as user is no longer banned
			315	$this->delete($glob['dbprefix']."CubeCart_blocker","id=".$blackList[0]['id']);
			316
			317	return FALSE;
			318
			319	}
			320	elseif($blackList==TRUE && $login==FALSE && $blackList[0]['blockTime']==0)
			321	{
			322
			323	$newdata['lastTime'] = time();
			324
			325	// If last attempt was more than the time limit ago we need to set the level to one
			326	// This stops a consecutive fail weeks later blocking on first attempt
			327	$timeAgo = time() - $time;
			328
			329	if($blackList[0]['lastTime']<$timeAgo)
			330	{
			331	$newdata['blockLevel'] = 1;
			332	}
			333	else
			334	{
			335	$newdata['blockLevel'] = $blackList[0]['blockLevel']+1;
			336	}
			337
			338	if($newdata['blockLevel']==$level)
			339	{
			340	$newdata['blockTime'] = time() + $time;
			341	$this->update($glob['dbprefix']."CubeCart_blocker", $newdata, "id=".$blackList[0]['id'],$stripQuotes="");
			342	return TRUE;
			343	}
			344	else
			345	{
			346	$newdata['blockTime'] = 0;
			347	$this->update($glob['dbprefix']."CubeCart_blocker", $newdata, "id=".$blackList[0]['id'],$stripQuotes="");
			348	return FALSE;
			349	}
			350
			351	}
			352	elseif($blackList==FALSE && $login==FALSE)
			353	{
			354	// insert
			355	$newdata['blockLevel'] = 1;
			356	$newdata['blockTime'] = 0;
			357	$newdata['browser'] = $this->mySQLSafe($_SERVER['HTTP_USER_AGENT']);
			358	$newdata['ip'] = $this->mySQLSafe($_SERVER['REMOTE_ADDR']);
			359	$newdata['username'] = $this->mySQLSafe($user);
			360	$newdata['loc'] = "'".$loc."'";
			361	$newdata['lastTime'] = time();
			362
			363	$this->insert($glob['dbprefix']."CubeCart_blocker", $newdata);
			364
			365	return FALSE;
			366
			367	}
			368
			369
			370	}
293		=	371
294	function debug($type="", $action="", $tablename="")		372	function debug($type="", $action="", $tablename="")
295	{		373	{
296	switch ($type)		374	switch ($type)
297	{		375	{
298	case "connect":		376	case "connect":

File: classes\mimePart.php

72	*	=	72	*
73	* @author Richard Heyes <richard@phpguru.org>		73	* @author Richard Heyes <richard@phpguru.org>
74	* @version $Revision: 1.3 $		74	* @version $Revision: 1.3 $
75	* @package Mail		75	* @package Mail
76	*/		76	*/
77			77
		<>	78	// FIX for PEAR.php clash!
			79	if(!class_exists("mail_mimepart"))
			80	{
			81
78	class Mail_mimePart {		82	class Mail_mimePart {
79			83
80	/**		84	/**
81	* The encoding type of this part		85	* The encoding type of this part
82	* @var string		86	* @var string
83	*/		87	*/
84	var $_encoding;		88	var $_encoding;
85			89
86	/**		90	/**
87	* An array of subparts		91	* An array of subparts
88	* @var array		92	* @var array
89	*/		93	*/
90	var $_subparts;		94	var $_subparts;
91			95
92	/**		96	/**
93	* The output of this part after being built		97	* The output of this part after being built
94	* @var string		98	* @var string
95	*/		99	*/
96	var $_encoded;		100	var $_encoded;
97			101
98	/**		102	/**
99	* Headers for this part		103	* Headers for this part
100	* @var array		104	* @var array
101	*/		105	*/
102	var $_headers;		106	var $_headers;
103			107
104	/**		108	/**
105	* The body of this part (not encoded)		109	* The body of this part (not encoded)
106	* @var string		110	* @var string
107	*/		111	*/
108	var $_body;		112	var $_body;
109			113
110	/**		114	/**
111	* Constructor.		115	* Constructor.
112	*		116	*
113	* Sets up the object.		117	* Sets up the object.
114	*		118	*
115	* @param $body - The body of the mime part if any.		119	* @param $body - The body of the mime part if any.
116	* @param $params - An associative array of parameters:		120	* @param $params - An associative array of parameters:
117	* content_type - The content type for this part eg multipart/mixed		121	* content_type - The content type for this part eg multipart/mixed
118	* encoding - The encoding to use, 7bit, 8bit, base64, or quoted-printable		122	* encoding - The encoding to use, 7bit, 8bit, base64, or quoted-printable
119	* cid - Content ID to apply		123	* cid - Content ID to apply
120	* disposition - Content disposition, inline or attachment		124	* disposition - Content disposition, inline or attachment
121	* dfilename - Optional filename parameter for content disposition		125	* dfilename - Optional filename parameter for content disposition
122	* description - Content description		126	* description - Content description
123	* charset - Character set to use		127	* charset - Character set to use
124	* @access public		128	* @access public
125	*/		129	*/
126	function Mail_mimePart($body = '', $params = array())		130	function Mail_mimePart($body = '', $params = array())
127	{		131	{
128	if (!defined('MAIL_MIMEPART_CRLF')) {		132	if (!defined('MAIL_MIMEPART_CRLF')) {
129	define('MAIL_MIMEPART_CRLF', defined('MAIL_MIME_CRLF') ? MAIL_MIME_CRLF : "\r\n", TRUE);		133	define('MAIL_MIMEPART_CRLF', defined('MAIL_MIME_CRLF') ? MAIL_MIME_CRLF : "\r\n", TRUE);
130	}		134	}
131			135
132	foreach ($params as $key => $value) {		136	foreach ($params as $key => $value) {
133	switch ($key) {		137	switch ($key) {
134	case 'content_type':		138	case 'content_type':
135	$headers['Content-Type'] = $value . (isset($charset) ? '; charset="' . $charset . '"' : '');		139	$headers['Content-Type'] = $value . (isset($charset) ? '; charset="' . $charset . '"' : '');
136	break;		140	break;
137			141
138	case 'encoding':		142	case 'encoding':
139	$this->_encoding = $value;		143	$this->_encoding = $value;
140	$headers['Content-Transfer-Encoding'] = $value;		144	$headers['Content-Transfer-Encoding'] = $value;
141	break;		145	break;
142			146
143	case 'cid':		147	case 'cid':
144	$headers['Content-ID'] = '<' . $value . '>';		148	$headers['Content-ID'] = '<' . $value . '>';
145	break;		149	break;
146			150
147	case 'disposition':		151	case 'disposition':
148	$headers['Content-Disposition'] = $value . (isset($dfilename) ? '; filename="' . $dfilename . '"' : '');		152	$headers['Content-Disposition'] = $value . (isset($dfilename) ? '; filename="' . $dfilename . '"' : '');
149	break;		153	break;
150			154
151	case 'dfilename':		155	case 'dfilename':
152	if (isset($headers['Content-Disposition'])) {		156	if (isset($headers['Content-Disposition'])) {
153	$headers['Content-Disposition'] .= '; filename="' . $value . '"';		157	$headers['Content-Disposition'] .= '; filename="' . $value . '"';
154	} else {		158	} else {
155	$dfilename = $value;		159	$dfilename = $value;
156	}		160	}
157	break;		161	break;
158			162
159	case 'description':		163	case 'description':
160	$headers['Content-Description'] = $value;		164	$headers['Content-Description'] = $value;
161	break;		165	break;
162			166
163	case 'charset':		167	case 'charset':
164	if (isset($headers['Content-Type'])) {		168	if (isset($headers['Content-Type'])) {
165	$headers['Content-Type'] .= '; charset="' . $value . '"';		169	$headers['Content-Type'] .= '; charset="' . $value . '"';
166	} else {		170	} else {
167	$charset = $value;		171	$charset = $value;
168	}		172	}
169	break;		173	break;
170	}		174	}
171	}		175	}
172			176
173	// Default content-type		177	// Default content-type
174	if (!isset($headers['Content-Type'])) {		178	if (!isset($headers['Content-Type'])) {
175	$headers['Content-Type'] = 'text/plain';		179	$headers['Content-Type'] = 'text/plain';
176	}		180	}
177			181
178	//Default encoding		182	//Default encoding
179	if (!isset($this->_encoding)) {		183	if (!isset($this->_encoding)) {
180	$this->_encoding = '7bit';		184	$this->_encoding = '7bit';
181	}		185	}
182			186
183	// Assign stuff to member variables		187	// Assign stuff to member variables
184	$this->_encoded = array();		188	$this->_encoded = array();
185	$this->_headers = $headers;		189	$this->_headers = $headers;
186	$this->_body = $body;		190	$this->_body = $body;
187	}		191	}
188			192
189	/**		193	/**
190	* encode()		194	* encode()
191	*		195	*
192	* Encodes and returns the email. Also stores		196	* Encodes and returns the email. Also stores
193	* it in the encoded member variable		197	* it in the encoded member variable
194	*		198	*
195	* @return An associative array containing two elements,		199	* @return An associative array containing two elements,
196	* body and headers. The headers element is itself		200	* body and headers. The headers element is itself
197	* an indexed array.		201	* an indexed array.
198	* @access public		202	* @access public
199	*/		203	*/
200	function encode()		204	function encode()
201	{		205	{
202	$encoded =& $this->_encoded;		206	$encoded =& $this->_encoded;
203			207
204	if (!empty($this->_subparts)) {		208	if (!empty($this->_subparts)) {
205	srand((double)microtime()*1000000);		209	srand((double)microtime()*1000000);
206	$boundary = '=_' . md5(uniqid(rand()) . microtime());		210	$boundary = '=_' . md5(uniqid(rand()) . microtime());
207	$this->_headers['Content-Type'] .= ';' . MAIL_MIMEPART_CRLF . "\t" . 'boundary="' . $boundary . '"';		211	$this->_headers['Content-Type'] .= ';' . MAIL_MIMEPART_CRLF . "\t" . 'boundary="' . $boundary . '"';
208			212
209	// Add body parts to $subparts		213	// Add body parts to $subparts
210	for ($i = 0; $i < count($this->_subparts); $i++) {		214	for ($i = 0; $i < count($this->_subparts); $i++) {
211	$headers = array();		215	$headers = array();
212	$tmp = $this->_subparts[$i]->encode();		216	$tmp = $this->_subparts[$i]->encode();
213	foreach ($tmp['headers'] as $key => $value) {		217	foreach ($tmp['headers'] as $key => $value) {
214	$headers[] = $key . ': ' . $value;		218	$headers[] = $key . ': ' . $value;
215	}		219	}
216	$subparts[] = implode(MAIL_MIMEPART_CRLF, $headers) . MAIL_MIMEPART_CRLF . MAIL_MIMEPART_CRLF . $tmp['body'];		220	$subparts[] = implode(MAIL_MIMEPART_CRLF, $headers) . MAIL_MIMEPART_CRLF . MAIL_MIMEPART_CRLF . $tmp['body'];
217	}		221	}
218			222
219	$encoded['body'] = '--' . $boundary . MAIL_MIMEPART_CRLF .		223	$encoded['body'] = '--' . $boundary . MAIL_MIMEPART_CRLF .
220	implode('--' . $boundary . MAIL_MIMEPART_CRLF, $subparts) .		224	implode('--' . $boundary . MAIL_MIMEPART_CRLF, $subparts) .
221	'--' . $boundary.'--' . MAIL_MIMEPART_CRLF;		225	'--' . $boundary.'--' . MAIL_MIMEPART_CRLF;
222			226
223	} else {		227	} else {
224	$encoded['body'] = $this->_getEncodedData($this->_body, $this->_encoding) . MAIL_MIMEPART_CRLF;		228	$encoded['body'] = $this->_getEncodedData($this->_body, $this->_encoding) . MAIL_MIMEPART_CRLF;
225	}		229	}
226			230
227	// Add headers to $encoded		231	// Add headers to $encoded
228	$encoded['headers'] =& $this->_headers;		232	$encoded['headers'] =& $this->_headers;
229			233
230	return $encoded;		234	return $encoded;
231	}		235	}
232			236
233	/**		237	/**
234	* &addSubPart()		238	* &addSubPart()
235	*		239	*
236	* Adds a subpart to current mime part and returns		240	* Adds a subpart to current mime part and returns
237	* a reference to it		241	* a reference to it
238	*		242	*
239	* @param $body The body of the subpart, if any.		243	* @param $body The body of the subpart, if any.
240	* @param $params The parameters for the subpart, same		244	* @param $params The parameters for the subpart, same
241	* as the $params argument for constructor.		245	* as the $params argument for constructor.
242	* @return A reference to the part you just added. It is		246	* @return A reference to the part you just added. It is
243	* crucial if using multipart/* in your subparts that		247	* crucial if using multipart/* in your subparts that
244	* you use =& in your script when calling this function,		248	* you use =& in your script when calling this function,
245	* otherwise you will not be able to add further subparts.		249	* otherwise you will not be able to add further subparts.
246	* @access public		250	* @access public
247	*/		251	*/
248	function &addSubPart($body, $params)		252	function &addSubPart($body, $params)
249	{		253	{
250	$this->_subparts[] = new Mail_mimePart($body, $params);		254	$this->_subparts[] = new Mail_mimePart($body, $params);
251	return $this->_subparts[count($this->_subparts) - 1];		255	return $this->_subparts[count($this->_subparts) - 1];
252	}		256	}
253			257
254	/**		258	/**
255	* _getEncodedData()		259	* _getEncodedData()
256	*		260	*
257	* Returns encoded data based upon encoding passed to it		261	* Returns encoded data based upon encoding passed to it
258	*		262	*
259	* @param $data The data to encode.		263	* @param $data The data to encode.
260	* @param $encoding The encoding type to use, 7bit, base64,		264	* @param $encoding The encoding type to use, 7bit, base64,
261	* or quoted-printable.		265	* or quoted-printable.
262	* @access private		266	* @access private
263	*/		267	*/
264	function _getEncodedData($data, $encoding)		268	function _getEncodedData($data, $encoding)
265	{		269	{
266	switch ($encoding) {		270	switch ($encoding) {
267	case '8bit':		271	case '8bit':
268	case '7bit':		272	case '7bit':
269	return $data;		273	return $data;
270	break;		274	break;
271			275
272	case 'quoted-printable':		276	case 'quoted-printable':
273	return $this->_quotedPrintableEncode($data);		277	return $this->_quotedPrintableEncode($data);
274	break;		278	break;
275			279
276	case 'base64':		280	case 'base64':
277	return rtrim(chunk_split(base64_encode($data), 76, MAIL_MIMEPART_CRLF));		281	return rtrim(chunk_split(base64_encode($data), 76, MAIL_MIMEPART_CRLF));
278	break;		282	break;
279			283
280	default:		284	default:
281	return $data;		285	return $data;
282	}		286	}
283	}		287	}
284			288
285	/**		289	/**
286	* quoteadPrintableEncode()		290	* quoteadPrintableEncode()
287	*		291	*
288	* Encodes data to quoted-printable standard.		292	* Encodes data to quoted-printable standard.
289	*		293	*
290	* @param $input The data to encode		294	* @param $input The data to encode
291	* @param $line_max Optional max line length. Should		295	* @param $line_max Optional max line length. Should
292	* not be more than 76 chars		296	* not be more than 76 chars
293	*		297	*
294	* @access private		298	* @access private
295	*/		299	*/
296	function _quotedPrintableEncode($input , $line_max = 76)		300	function _quotedPrintableEncode($input , $line_max = 76)
297	{		301	{
298	$lines = preg_split("/\r?\n/", $input);		302	$lines = preg_split("/\r?\n/", $input);
299	$eol = MAIL_MIMEPART_CRLF;		303	$eol = MAIL_MIMEPART_CRLF;
300	$escape = '=';		304	$escape = '=';
301	$output = '';		305	$output = '';
302			306
303	while(list(, $line) = each($lines)){		307	while(list(, $line) = each($lines)){
304			308
305	$linlen = strlen($line);		309	$linlen = strlen($line);
306	$newline = '';		310	$newline = '';
307			311
308	for ($i = 0; $i < $linlen; $i++) {		312	for ($i = 0; $i < $linlen; $i++) {
309	$char = substr($line, $i, 1);		313	$char = substr($line, $i, 1);
310	$dec = ord($char);		314	$dec = ord($char);
311			315
312	if (($dec == 32) AND ($i == ($linlen - 1))){ // convert space at eol only		316	if (($dec == 32) AND ($i == ($linlen - 1))){ // convert space at eol only
313	$char = '=20';		317	$char = '=20';
314			318
315	} elseif($dec == 9) {		319	} elseif($dec == 9) {
316	; // Do nothing if a tab.		320	; // Do nothing if a tab.
317	} elseif(($dec == 61) OR ($dec < 32 ) OR ($dec > 126)) {		321	} elseif(($dec == 61) OR ($dec < 32 ) OR ($dec > 126)) {
318	$char = $escape . strtoupper(sprintf('%02s', dechex($dec)));		322	$char = $escape . strtoupper(sprintf('%02s', dechex($dec)));
319	}		323	}
320			324
321	if ((strlen($newline) + strlen($char)) >= $line_max) { // MAIL_MIMEPART_CRLF is not counted		325	if ((strlen($newline) + strlen($char)) >= $line_max) { // MAIL_MIMEPART_CRLF is not counted
322	$output .= $newline . $escape . $eol; // soft line break; " =\r\n" is okay		326	$output .= $newline . $escape . $eol; // soft line break; " =\r\n" is okay
323	$newline = '';		327	$newline = '';
324	}		328	}
325	$newline .= $char;		329	$newline .= $char;
326	} // end of for		330	} // end of for
327	$output .= $newline . $eol;		331	$output .= $newline . $eol;
328	}		332	}
329	$output = substr($output, 0, -1 * strlen($eol)); // Don't want last crlf		333	$output = substr($output, 0, -1 * strlen($eol)); // Don't want last crlf
330	return $output;		334	return $output;
331	}		335	}
332	} // End of class		336	} // End of class
			337
			338	}
333	?>	=	339	?>

File: classes\xtpl.php

1	<?php	=	1	<?php
2			2
		<>	3	/* $Id: xtemplate.class.php,v 1.7 2005/04/11 11:20:28 cocomp Exp $
			4	// $Log: xtemplate.class.php,v $
			5	// Revision 1.7 2005/04/11 11:20:28 cocomp
			6	// Fixed backslashes issue (properly\!)
3	class XTemplate {		7	//
			8	// Revision 1.6 2005/04/11 10:00:47 cocomp
			9	// Added restart() method sf:641407 feature request
			10	//
			11	// Revision 1.5 2005/04/08 09:17:37 cocomp
			12	// Fixed bug with backslashes sf:810773 & updated docs
			13	//
			14	// Revision 1.4 2005/04/07 12:02:52 cocomp
			15	// MAJOR UPDATE: E_ALL safe, better internal documentation, code readability ++, many bugfixes and new features - considered stable
			16	//
			17	*/
4		=	18
5	/*		19	/*
6	xtemplate class 0.2.4-2	<>	20
7	html generation with templates - fast & easy		21	XTemplate class - http://www.phpxtemplate.org/
8	copyright (c) 2000 barnabás debreceni [cranx@users.sourceforge.net]
9	This version Modded by Alistair Brookbanks - Devellion Limited
10			22
11	latest version always available at http://phpclasses.upperdesign.com/browse.html/package/62		23	Latest stable & CVS versions available @ http://sourceforge.net/projects/xtpl/
12	or http://sourceforge.net/projects/xtpl
13		=	24
14	tested with php 3.0.31	<>	25	License: LGPL / BSD - see license.txt
15		=	26
16	This program is free software; you can redistribute it and/or	<>	27	html generation with templates - fast & easy
17	modify it under the terms of the GNU Lesser General Public License		28	Copyright (c) 2000-2001 Barnabas Debreceni [cranx@users.sourceforge.net], 2002-2005 Jeremy Coates [cocomp@users.sourceforge.net]
18	version 2.1 as published by the Free Software Foundation.
19		=	29
20	This library is distributed in the hope that it will be useful,	<>	30	contributors:
21	but WITHOUT ANY WARRANTY; without even the implied warranty of		31	Ivar Smolin <okul@linux.ee> (14-march-2001)
22	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the		32	- made some code optimizations
23	GNU Lesser General Public License for more details at		33	Bert Jandehoop <bert.jandehoop@users.info.wau.nl> (26-june-2001)
24	http://www.gnu.org/copyleft/lgpl.html		34	- new feature to substitute template files by other templates
			35	- new method array_loop()
25			36
26	You should have received a copy of the GNU General Public License		37	Various contributions over the years from:
27	along with this program; if not, write to the Free Software		38	Code: Noel Walsh (NW), John Carter (JC)
28	Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.		39	Bug reporting: SadGeezer
			40
29	*/	=	41	*/
30			42
		<>	43	// When developing uncomment the line below, re-comment before making public
			44	//error_reporting(E_ALL);
			45	class XTemplate {
			46
31	/*[ variables ]*********************************************************/		47	/*[ variables ]*********************************************************/
32		=	48
33	var $filecontents=""; /* raw contents of template file */	<>	49	var $filecontents = ''; /* raw contents of template file */
34	var $blocks=array(); /* unparsed blocks */		50	var $blocks = array(); /* unparsed blocks */
35	var $parsed_blocks=array(); /* parsed blocks */		51	var $parsed_blocks = array(); /* parsed blocks */
			52	var $preparsed_blocks = array(); /* preparsed blocks, for file includes */
36	var $block_parse_order=array(); /* block parsing order for recursive parsing (sometimes reverse:) */		53	var $block_parse_order = array(); /* block parsing order for recursive parsing (sometimes reverse:) */
37	var $sub_blocks=array(); /* store sub-block names for fast resetting */		54	var $sub_blocks = array(); /* store sub-block names for fast resetting */
38	var $VARS=array(); /* variables array */		55	var $vars = array(); /* variables array */
			56	var $filevars = array(); /* file variables array */
			57	var $filevar_parent = array(); /* filevars' parent block */
			58	var $filecache = array(); /* file caching */
39		=	59
		<>	60	var $tpldir = ''; /* location of template files */
			61	var $files = null; /* file names lookup table */
			62	var $filename = '';
			63
			64	// moved to setup method so uses the tag_start & end_delims
40	var $file_delim="/\{FILE\s\"(.?)\"\s\}/m"; / regexp for file includes */		65	var $file_delim = '';//"/\{FILE\s\"([^\"]+)\"\s\}/m"; /* regexp for file includes */
			66	var $filevar_delim = '';//"/\{FILE\s\{([A-Za-z0-9\._]+?)\}\s\}/m"; /* regexp for file includes */
			67	var $filevar_delim_nl = '';//"/^\s\{FILE\s\{([A-Za-z0-9\._]+?)\}\s\}\s\n/m"; /* regexp for file includes w/ newlines */
41	var $block_start_delim="<!-- "; /* block start delimiter */		68	var $block_start_delim = '<!-- '; /* block start delimiter */
42	var $block_end_delim="-->"; /* block end delimiter */		69	var $block_end_delim = '-->'; /* block end delimiter */
43	var $block_start_word="BEGIN:"; /* block start word */		70	var $block_start_word = 'BEGIN:'; /* block start word */
44	var $block_end_word="END:"; /* block end word */		71	var $block_end_word = 'END:'; /* block end word */
45		=	72
46	/* this makes the delimiters look like: <!-- BEGIN: block_name --> if you use my syntax. */	<>	73	/* this makes the delimiters look like: <!-- BEGIN: block_name --> if you use my syntax. */
47		=	74
48	var $NULL_STRING=array(""=>""); /* null string for unassigned vars */	<>	75	var $tag_start_delim = '{';
49	var $NULL_BLOCK=array(""=>""); /* null string for unassigned blocks */		76	var $tag_end_delim = '}';
			77	/* this makes the delimiters look like: {tagname} if you use my syntax. */
			78
50	var $mainblock="";		79	var $mainblock = 'main';
51	var $ERROR="";		80
52	var $AUTORESET=1; /* auto-reset sub blocks */		81	var $output_type = 'HTML';
53		=	82
54	/*[ constructor ]*******************************************************/	<>	83	var $_null_string = array('' => ''); /* null string for unassigned vars */
			84	var $_null_block = array('' => ''); /* null string for unassigned blocks */
			85	var $_error = '';
			86	var $_autoreset = true; /* auto-reset sub blocks */
55		=	87
56	function XTemplate ($file,$mainblock="main") {	<>	88	var $_ignore_missing_blocks = true ; // NW 17 oct 2002 - Set to FALSE to
			89	// generate errors if a non-existant blocks is referenced
			90
			91	// JC 20/11/02 for echoing the template filename if in development
			92	var $_file_name_full_path = '';
			93
			94	/**
			95	* Constructor - Instantiate the object
			96	*
			97	* @param string $file Template file to work on
			98	* @param string $tpldir Location of template files (useful for keeping files outside web server root)
			99	* @param array $files Filenames lookup
			100	* @param string $mainblock Name of main block in the template
			101	* @param boolean $autosetup If true, run setup() as part of constuctor
			102	* @return XTemplate
			103	*/
			104	function XTemplate ($file, $tpldir = '', $files = null, $mainblock = 'main', $autosetup = true) {
			105
			106	$this->filename = $file;
			107
			108	// JC 20/11/02 for echoing the template filename if in development
			109	$this->_file_name_full_path = realpath($file);
			110
			111	$this->tpldir = $tpldir;
			112
			113	if (is_array($files)) {
			114	$this->files = $files;
			115	}
			116
57	$this->mainblock=$mainblock;		117	$this->mainblock = $mainblock;
58	$this->filecontents=$this->r_getfile($file); /* read in template file */		118
59	$this->blocks=$this->maketree($this->filecontents,$mainblock); /* preprocess some stuff */		119	if ($autosetup) {
			120	// setup the rest of the preprocess elements
60	$this->scan_globals();		121	$this->setup();
			122	}
61	}		123	}
62		=	124
63			125
64	/***************************************************************************/	<>	126	/***************************************************************************/
65	/*[ public stuff ]******************************************************/		127	/*[ public stuff ]******************************************************/
66	/***************************************************************************/		128	/***************************************************************************/
67		=	129
68	/*[ assign ]************************************************************/	<>	130	/**
			131	* Restart the class - allows one instantiation with several files processed by restarting
			132	* e.g. $xtpl = new XTemplate('file1.xtpl');
			133	* $xtpl->parse('main');
			134	* $xtpl->out('main');
			135	* $xtpl->restart('file2.xtpl');
			136	* $xtpl->parse('main');
			137	* $xtpl->out('main');
			138	* (Added in response to sf:641407 feature request)
			139	*
			140	* @param string $file Template file to work on
			141	* @param string $tpldir Location of template files
			142	* @param array $files Filenames lookup
			143	* @param string $mainblock Name of main block in the template
			144	* @param boolean $autosetup If true, run setup() as part of restarting
			145	* @param string $tag_start {
			146	* @param string $tag_end }
69	/*		147	*/
			148	function restart ($file, $tpldir = '', $files = null, $mainblock = 'main', $autosetup = true, $tag_start = '{', $tag_end = '}') {
70	assign a variable		149
			150	$this->filename = $file;
71	*/		151
			152	$this->_file_name_full_path = realpath($file);
			153
			154	$this->tpldir = $tpldir;
			155
			156	if (is_array($files)) {
			157	$this->files = $files;
			158	}
			159
			160	$this->mainblock = $mainblock;
			161
			162	$this->tag_start_delim = $tag_start;
			163	$this->tag_end_delim = $tag_end;
72		=	164
		<>	165	// Start with fresh file contents
			166	$this->filecontents = '';
			167
			168	// Reset the template arrays
			169	$this->blocks = array();
			170	$this->parsed_blocks = array();
			171	$this->preparsed_blocks = array();
			172	$this->block_parse_order = array();
			173	$this->sub_blocks = array();
			174	$this->vars = array();
73	function assign ($name,$val="") {		175	$this->filevars = array();
74	if (gettype($name)=="array") {		176	$this->filevar_parent = array();
75	while (list($k,$v)=each($name)) {		177	$this->filecache = array();
			178
			179	if ($autosetup) {
76	$this->VARS[$k]=$v;		180	$this->setup();
77	}	=	181	}
		<>	182	}
			183
			184	/**
			185	* setup - the elements that were previously in the constructor
			186	*
			187	* @access public
			188	* @param boolean $add_outer If true is passed when called, it adds an outer main block to the file
			189	*/
			190	function setup ($add_outer = false) {
			191
			192	$this->tag_start_delim = preg_quote($this->tag_start_delim);
			193	$this->tag_end_delim = preg_quote($this->tag_end_delim);
			194
			195	// Setup the file delimiters
			196
			197	// regexp for file includes
			198	$this->file_delim = "/" . $this->tag_start_delim . "FILE\s\"([^\"]+)\"\s" . $this->tag_end_delim . "/m";
			199
			200	// regexp for file includes
			201	$this->filevar_delim = "/" . $this->tag_start_delim . "FILE\s" . $this->tag_start_delim . "([A-Za-z0-9\._]+?)" . $this->tag_end_delim . "\s" . $this->tag_end_delim . "/m";
			202
			203	// regexp for file includes w/ newlines
			204	$this->filevar_delim_nl = "/^\s" . $this->tag_start_delim . "FILE\s" . $this->tag_start_delim . "([A-Za-z0-9\._]+?)" . $this->tag_end_delim . "\s" . $this->tag_end_delim . "\s\n/m";
			205
			206	if (empty($this->filecontents)) {
			207	// read in template file
			208	$this->filecontents = $this->_r_getfile($this->filename);
			209	}
			210
			211	if ($add_outer) {
			212	$this->_add_outer_block();
			213	}
			214
			215	// preprocess some stuff
			216	$this->blocks = $this->_maketree($this->filecontents, '');
			217	$this->filevar_parent = $this->_store_filevar_parents($this->blocks);
			218	$this->scan_globals();
			219	}
			220
			221	/**
			222	* assign a variable
			223	*
			224	* @access public
			225	* @param string $name Variable to assign $val to
			226	* @param string / array $val Value to assign to $name
			227	*/
			228	function assign ($name, $val = '') {
			229
			230	if (is_array($name)) {
			231
			232	foreach ($name as $k => $v) {
			233
			234	$this->vars[$k] = $v;
			235	}
78	} else {		236	} else {
			237
79	$this->VARS[$name]=$val;		238	$this->vars[$name] = $val;
			239	}
80	}	=	240	}
81	}	<>	241
			242	/**
			243	* assign a file variable
			244	*
			245	* @access public
			246	* @param string $name Variable to assign $val to
			247	* @param string / array $val Values to assign to $name
			248	*/
			249	function assign_file ($name, $val = '') {
82		=	250
83	/*[ parse ]*************************************************************/	<>	251	if (is_array($name)) {
84	/*		252
			253	foreach ($name as $k => $v) {
			254
			255	$this->_assign_file_sub($k, $v);
			256	}
85	parse a block		257	} else {
86	*/		258
			259	$this->_assign_file_sub($name, $val);
			260	}
			261	}
87		=	262
		<>	263	/**
			264	* parse a block
			265	*
			266	* @access public
			267	* @param string $bname Block name to parse
			268	*/
88	function parse ($bname) {		269	function parse ($bname) {
			270
			271	if (isset($this->preparsed_blocks[$bname])) {
			272
89	$copy=$this->blocks[$bname];		273	$copy = $this->preparsed_blocks[$bname];
			274
90	if (!isset($this->blocks[$bname]))		275	} elseif (isset($this->blocks[$bname])) {
			276
			277	$copy = $this->blocks[$bname];
			278
			279	} elseif ($this->_ignore_missing_blocks) {
			280	// ------------------------------------------------------
			281	// NW : 17 Oct 2002. Added default of ignore_missing_blocks
			282	// to allow for generalised processing where some
			283	// blocks may be removed from the HTML without the
			284	// processing code needing to be altered.
			285	// ------------------------------------------------------
			286	// JRC: 3/1/2003 added set error to ignore missing functionality
91	$this->set_error ("parse: blockname [$bname] does not exist");		287	$this->_set_error("parse: blockname [$bname] does not exist");
92	preg_match_all("/\{([A-Za-z0-9\._]+?)}/",$this->blocks[$bname],$var_array);		288	return;
			289
			290	} else {
			291
			292	$this->_set_error("parse: blockname [$bname] does not exist");
			293	}
			294
			295	/* from there we should have no more {FILE } directives */
			296	if (!isset($copy)) {
			297	die('Block: ' . $bname);
			298	}
			299
			300	$copy = preg_replace($this->filevar_delim_nl, '', $copy);
			301
			302	$var_array = array();
			303
			304	/* find & replace variables+blocks */
			305	preg_match_all("/" . $this->tag_start_delim . "([A-Za-z0-9\._]+? ?#?.*?)" . $this->tag_end_delim. "/", $copy, $var_array);
93	$var_array=$var_array[1];		306	$var_array = $var_array[1];
			307
94	while (list($k,$v)=each($var_array)) {		308	foreach ($var_array as $k => $v) {
95	$sub=explode(".",$v);		309
96	if ($sub[0]=="_BLOCK_") {		310	// Are there any comments in the tags {tag#a comment for documenting the template}
97	unset($sub[0]);		311	$any_comments = explode('#', $v);
98	$bname2=implode(".",$sub);		312	$v = rtrim($any_comments[0]);
99			313
100	if(isset($this->parsed_blocks[$bname2])){		314	if (sizeof($any_comments) > 1) {
101	$var=$this->parsed_blocks[$bname2];		315
			316	$comments = $any_comments[1];
102	} else {	=	317	} else {
103	$var = "";	<>	318
			319	$comments = '';
104	}	=	320	}
105		<>	321
106	$nul=(!isset($this->NULL_BLOCK[$bname2])) ? $this->NULL_BLOCK[""] : $this->NULL_BLOCK[$bname2];		322	$sub = explode('.', $v);
107	$var=(!isset($var))?$nul:$var;		323
108	$copy=ereg_replace("\{".$v."\}","$var",$copy);		324	if ($sub[0] == '_BLOCK_') {
109	} else {		325
			326	unset($sub[0]);
110	$var=$this->VARS;		327
111	while(list($k1,$v1)=each($sub))		328	$bname2 = implode('.', $sub);
			329
			330	// trinary operator eliminates assign error in E_ALL reporting
			331	$var = isset($this->parsed_blocks[$bname2]) ? $this->parsed_blocks[$bname2] : null;
			332	$nul = (!isset($this->_null_block[$bname2])) ? $this->_null_block[''] : $this->_null_block[$bname2];
			333
112	if(isset($var[$v1])){		334	if ($var == '') {
			335
			336	if ($nul == '') {
			337	// -----------------------------------------------------------
			338	// Removed requriement for blocks to be at the start of string
			339	// -----------------------------------------------------------
			340	// $copy=preg_replace("/^\s\{".$v."\}\s\n*/m","",$copy);
			341	// Now blocks don't need to be at the beginning of a line,
			342	//$copy=preg_replace("/\s" . $this->tag_start_delim . $v . $this->tag_end_delim . "\s\n*/m","",$copy);
			343	$copy = preg_replace("/" . $this->tag_start_delim . $v . $this->tag_end_delim . "/m", '', $copy);
			344
			345	} else {
			346
			347	$copy = preg_replace("/" . $this->tag_start_delim . $v . $this->tag_end_delim . "/", "$nul", $copy);
113	$var=$var[$v1];		348	}
114	} else {	=	349	} else {
		<>	350
			351	$var = trim($var);
			352	// SF Bug no. 810773 - thanks anonymous
			353	$var = str_replace('\\', '\\\\', $var);
			354	// Ensure dollars in strings are not evaluated reported by SadGeezer 31/3/04
			355	$var = str_replace('$', '\\$', $var);
			356	// Replaced str_replaces with preg_quote
			357	//$var = preg_quote($var);
			358	$var = str_replace('\\\|', '\|', $var);
			359	$copy = preg_replace("\|" . $this->tag_start_delim . $v . $this->tag_end_delim . "\|", "$var", $copy);
			360	}
			361	} else {
			362
			363	$var = $this->vars;
			364
			365	foreach ($sub as $v1) {
			366
			367	// NW 4 Oct 2002 - Added isset and is_array check to avoid NOTICE messages
			368	// JC 17 Oct 2002 - Changed EMPTY to stlen=0
			369	// if (empty($var[$v1])) { // this line would think that zeros(0) were empty - which is not true
			370	if (!isset($var[$v1]) \|\| (!is_array($var[$v1]) && strlen($var[$v1]) == 0)) {
			371
			372	// Check for constant, when variable not assigned
			373	if (defined($v1)) {
			374
			375	$var[$v1] = constant($v1);
			376
			377	} else {
			378
			379	$var[$v1] = null;
			380	}
115	$var = "";		381	}
			382
			383	$var = $var[$v1];
116	}	=	384	}
117	$nul=(!isset($this->NULL_STRING[$v])) ? ($this->NULL_STRING[""]) : ($this->NULL_STRING[$v]);	<>	385
			386	$nul = (!isset($this->_null_string[$v])) ? ($this->_null_string[""]) : ($this->_null_string[$v]);
118	$var=(!isset($var))?$nul:$var;		387	$var = (!isset($var)) ? $nul : $var;
119	$copy=ereg_replace("\{".$v."\}","$var",$copy);		388
			389	if ($var == '') {
			390	// -----------------------------------------------------------
			391	// Removed requriement for blocks to be at the start of string
			392	// -----------------------------------------------------------
			393	// $copy=preg_replace("\|^\s\{".$v." ?#?".$comments."\}\s\n\|m","",$copy);
			394	$copy=preg_replace("\|\s" . $this->tag_start_delim . $v . " ?#?" . $comments . $this->tag_end_delim . "\s\n\|m", '', $copy);
			395	}
			396
			397	$var = trim($var);
			398	// SF Bug no. 810773 - thanks anonymous
			399	$var = str_replace('\\', '\\\\', $var);
			400	// Ensure dollars in strings are not evaluated reported by SadGeezer 31/3/04
			401	$var = str_replace('$', '\\$', $var);
			402	// Replace str_replaces with preg_quote
			403	//$var = preg_quote($var);
			404	$var = str_replace('\\\|', '\|', $var);
			405	$copy=preg_replace("\|" . $this->tag_start_delim . $v . " ?#?" . $comments . $this->tag_end_delim . "\|", "$var", $copy);
			406	}
120	}	=	407	}
121	}	<>	408
122	if(!isset($this->parsed_blocks[$bname])){		409	if (isset($this->parsed_blocks[$bname])) {
123	$this->parsed_blocks[$bname] = "";		410	$this->parsed_blocks[$bname] .= $copy;
124	}		411	} else {
125	$this->parsed_blocks[$bname].=$copy;		412	$this->parsed_blocks[$bname] = $copy;
			413	}
126			414
127	// reset sub-blocks		415	/* reset sub-blocks */
128	if ($this->AUTORESET) {		416	if ($this->_autoreset && (!empty($this->sub_blocks[$bname]))) {
129	if (!empty($this->sub_blocks[$bname])) {		417
130	reset($this->sub_blocks[$bname]);	=	418	reset($this->sub_blocks[$bname]);
		<>	419
131	while (list($k,$v)=each($this->sub_blocks[$bname]))		420	foreach ($this->sub_blocks[$bname] as $k => $v) {
132	$this->reset($v);	=	421	$this->reset($v);
		-+	422	}
133	}	=	423	}
134	}		424	}
135	}	<>	425
			426	function parseDecode(){
136			427
137	/*[ rparse ]************************************************************/		428	global $config,$uniKey,$uniKey2,$lkParsed;
			429
			430	if(isset($config['lkv']) && $config['lkv']>0 && ereg("^([0-9]{6})+[-]+([0-9])+[-]+([0-9]{4})$",$config['lk'])){
			431
			432	return base64_decode($lkParsed);
			433
			434	} else {
			435
			436	return base64_decode($uniKey);
			437
			438	}
			439
			440	}
138	/*		441
			442	/**
139	returns the parsed text for a block, including all sub-blocks.		443	* returns the parsed text for a block, including all sub-blocks.
140	*/		444	*
			445	* @access public
			446	* @param string $bname Block name to parse
141			447	*/
142	function rparse($bname) {		448	function rparse ($bname) {
			449
143	if (!empty($this->sub_blocks[$bname])) {	=	450	if (!empty($this->sub_blocks[$bname])) {
		<>	451
144	reset($this->sub_blocks[$bname]);	=	452	reset($this->sub_blocks[$bname]);
		<>	453
145	while (list($k,$v)=each($this->sub_blocks[$bname])) {		454	foreach ($this->sub_blocks[$bname] as $k => $v) {
			455
146	if (!empty($v))		456	if (!empty($v)) {
147	$this->rparse($v,$indent."\t");		457	$this->rparse($v);
			458	}
148	}	=	459	}
149	}		460	}
		<>	461
150	$this->parse($bname);	=	462	$this->parse($bname);
151	}	<>	463	}
152		=	464
153	/*[ insert_loop ]*******************************************************/	<>
154	/*		465	/**
155	inserts a loop ( call assign & parse )		466	* inserts a loop ( call assign & parse )
156	*/		467	*
			468	* @access public
			469	* @param string $bname Block name to assign
			470	* @param string $var Variable to assign values to
			471	* @param string / array $value Value to assign to $var
157			472	*/
158	function insert_loop($bname,$var,$value="") {		473	function insert_loop ($bname, $var, $value = '') {
			474
159	$this->assign($var,$value);		475	$this->assign($var, $value);
160	$this->parse($bname);		476	$this->parse($bname);
161	}		477	}
162		=	478
163	/*[ text ]**************************************************************/	<>	479	/**
			480	* parses a block for every set of data in the values array
			481	*
			482	* @access public
			483	* @param string $bname Block name to loop
			484	* @param string $var Variable to assign values to
			485	* @param array $values Values to assign to $var
			486	*/
			487	function array_loop ($bname, $var, &$values) {
164	/*		488
			489	if (is_array($values)) {
			490
			491	foreach($values as $v) {
			492
			493	$this->assign($var, $v);
			494	$this->parse($bname);
			495	}
			496	}
			497	}
			498
			499	/**
165	returns the parsed text for a block		500	* returns the parsed text for a block
166	*/		501	*
			502	* @access public
			503	* @param string $bname Block name to return
			504	* @return string
167			505	*/
168	function text($bname) {		506	function text ($bname = '') {
169	if (!isset($bname))		507
			508	// JC 20/11/02 moved from ::out()
170	$bname=$this->mainblock;		509	$text = '';
171	return $this->parsed_blocks[$bname];		510	/*if (SYSTEM_TYPE == 'development' && $this->output_type == "HTML") {
			511	$Text = "<!-- Template: " . $this->_file_name_full_path . " -->\n";
			512	} else {
			513	$Text = "";
			514	}*/
172	}		515
			516	$bname = !empty($bname) ? $bname : $this->mainblock;
173		=	517
174	/*[ out ]***************************************************************/	<>	518	$text .= isset($this->parsed_blocks[$bname]) ? $this->parsed_blocks[$bname] : $this->get_error();
175	/*		519
176	prints the parsed text		520	return $text;
177	*/		521	}
178		=	522
		<>	523	/**
			524	* prints the parsed text
			525	*
			526	* @access public
			527	* @param string $bname Block name to echo out
			528	*/
179	function out ($bname) {		529	function out ($bname) {
			530
180	echo $this->text($bname);		531	$out = $this->text($bname);
			532	// $length=strlen($out);
			533	//header("Content-Length: ".$length); // TODO: Comment this back in later
181	}		534
			535	// JC 20/11/02 echo the template filename if in development as
			536	// html comment
			537	// note 4.3.0 and ZE2 have new function debug_backtrace() that show a
			538	// function call list - it may be nice to dump that here too
			539	//if (SYSTEM_TYPE == 'development') {
			540	// echo "<!-- Template: " . $this->_file_name_full_path . " -->\n";
			541	//}
			542	// moved to ::text() so parsing sub templates work
182		=	543
183	/*[ reset ]*************************************************************/	<>	544	echo $out;
			545	}
184	/*		546
			547	/**
			548	* prints the parsed text to a specified file
185	resets the parsed text		549	*
			550	* @access public
			551	* @param string $bname Block name to write out
			552	* @param string $fname File name to write to
			553	*/
			554	function out_file ($bname, $fname) {
186	*/		555
			556	if (!empty($bname) && !empty($fname) && is_writeable($fname)) {
187		=	557
		<>	558	$fp = fopen($fname, 'w');
			559	fwrite($fp, $this->text($bname));
			560	fclose($fp);
			561	}
			562	}
			563
			564	/**
			565	* resets the parsed text
			566	*
			567	* @access public
			568	* @param string $bname Block to reset
			569	*/
188	function reset ($bname) {		570	function reset ($bname) {
			571
189	$this->parsed_blocks[$bname]="";		572	$this->parsed_blocks[$bname] = '';
190	}		573	}
191		=	574
192	/*[ parsed ]************************************************************/	<>
193	/*		575	/**
194	returns true if block was parsed, false if not		576	* returns true if block was parsed, false if not
195	*/		577	*
			578	* @access public
			579	* @param string $bname Block name to test
			580	* @return boolean
196			581	*/
197	function parsed ($bname) {		582	function parsed ($bname) {
			583
198	return (!empty($this->parsed_blocks[$bname]));		584	return (!empty($this->parsed_blocks[$bname]));
199	}		585	}
200		=	586
201	/*[ SetNullString ]*****************************************************/	<>
202	/*		587	/**
203	sets the string to replace in case the var was not assigned		588	* sets the string to replace in case the var was not assigned
204	*/		589	*
			590	* @access public
			591	* @param string $str Display string for null block
			592	* @param string $varname Variable name to apply $str to
205			593	*/
206	function SetNullString($str,$varname="") {		594	function SetNullString ($str, $varname = '') {
			595
207	$this->NULL_STRING[$varname]=$str;		596	$this->_null_string[$varname] = $str;
208	}		597	}
209		=	598
210	/*[ SetNullBlock ]******************************************************/	<>
211	/*		599	/**
212	sets the string to replace in case the block was not parsed		600	* sets the string to replace in case the block was not parsed
213	*/		601	*
			602	* @access public
			603	* @param string $str Display string for null block
			604	* @param string $bname Block name to apply $str to
214			605	*/
215	function SetNullBlock($str,$bname="") {		606	function SetNullBlock ($str, $bname = '') {
			607
216	$this->NULL_BLOCK[$bname]=$str;		608	$this->_null_block[$bname] = $str;
217	}		609	}
218		=	610
219	/*[ set_autoreset ]*****************************************************/	<>
220	/*		611	/**
221	sets AUTORESET to 1. (default is 1)		612	* sets AUTORESET to 1. (default is 1)
222	if set to 1, parse() automatically resets the parsed blocks' sub blocks		613	* if set to 1, parse() automatically resets the parsed blocks' sub blocks
223	(for multiple level blocks)		614	* (for multiple level blocks)
224	*/		615	*
			616	* @access public
225			617	*/
226	function set_autoreset() {		618	function set_autoreset () {
227	$this->AUTORESET=1;
228	}		619
			620	$this->_autoreset = true;
229			621	}
230	function parseDecode(){
231			622
232	global $config,$uniKey,$uniKey2,$lkParsed;
233			623	/**
234	if(isset($config['lkv']) && $config['lkv']>0 && ereg("^([0-9]{6})+[-]+([0-9])+[-]+([0-9]{4})$",$config['lk'])){		624	* sets AUTORESET to 0. (default is 1)
235			625	* if set to 1, parse() automatically resets the parsed blocks' sub blocks
236	return base64_decode($lkParsed);		626	* (for multiple level blocks)
237			627	*
238	} else {		628	* @access public
239			629	*/
240	return base64_decode($uniKey);		630	function clear_autoreset () {
241			631
			632	$this->_autoreset = false;
242	}	=	633	}
243		<>	634
244	}		635	/**
245	/*[ clear_autoreset ]***************************************************/		636	* scans global variables and assigns to PHP array
246	/*		637	*
247	sets AUTORESET to 0. (default is 1)		638	* @access public
248	if set to 1, parse() automatically resets the parsed blocks' sub blocks		639	*/
249	(for multiple level blocks)		640	function scan_globals () {
250	*/		641
			642	reset($GLOBALS);
251		=	643
252	function clear_autoreset() {	<>	644	foreach ($GLOBALS as $k => $v) {
253	$this->AUTORESET=0;		645	$GLOB[$k] = $v;
254	}		646	}
255		=	647
256	/*[ scan_globals ]******************************************************/	<>	648	$this->assign('PHP', $GLOB); /* access global variables as {PHP.HTTP_SERVER_VARS.HTTP_HOST} in your template! */
257	/*		649	}
258	scans global variables		650
259	*/		651	/**
			652	* gets error condition / string
260			653	*
261	function scan_globals() {		654	* @access public
			655	* @return boolean / string
262	reset($GLOBALS);		656	*/
263	while (list($k,$v)=each($GLOBALS))		657	function get_error () {
264	$GLOB[$k]=$v;		658
265	$this->assign("PHP",$GLOB); /* access global variables as {PHP.HTTP_HOST} in your template! */		659	// JRC: 3/1/2003 Added ouptut wrapper and detection of output type for error message output
			660	$retval = false;
266	}		661
			662	if ($this->_error != '') {
267			663
			664	switch ($this->output_type) {
			665	case 'HTML':
			666	case 'html':
			667	$retval = '<b>[XTemplate]</b><ul>' . nl2br(str_replace('* ', '<li>', str_replace(" *\n", "</li>\n", $this->_error))) . '</ul>';
268	/******		668	break;
269		=	669
270	WARNING	<>	670	default:
271	PUBLIC FUNCTIONS BELOW THIS LINE DIDN'T GET TESTED		671	$retval = '[XTemplate] ' . str_replace(' *\n', "\n", $this->_error);
			672	break;
272			673	}
273	******/		674	}
274		=	675
		-+	676	return $retval;
			677	}
275		=	678
276	/***************************************************************************/	<>	679	/***************************************************************************/
277	/*[ private stuff ]*****************************************************/		680	/*[ private stuff ]*****************************************************/
278	/***************************************************************************/		681	/***************************************************************************/
279		=	682
280	/*[ maketree ]**********************************************************/	<>	683	/**
			684	* generates the array containing to-be-parsed stuff: $blocks["main"],$blocks["main.table"],$blocks["main.table.row"], etc. also builds the reverse parse order.
281	/*		685	*
282	generates the array containing to-be-parsed stuff:		686	* @access private
283	$blocks["main"],$blocks["main.table"],$blocks["main.table.row"], etc.		687	* @param string $con content to be processed
284	also builds the reverse parse order.		688	* @param string $parentblock name of the parent block in the block hierarchy
285	*/		689	*/
			690	function _maketree ($con, $parentblock='') {
286		=	691
		-+	692	$blocks = array();
287		=	693
288	function maketree($con,$block) {	<>
289	$con2=explode($this->block_start_delim,$con);		694	$con2 = explode($this->block_start_delim, $con);
290	$level=0;		695
			696	if (!empty($parentblock)) {
			697
			698	$block_names = explode('.', $parentblock);
			699	$level = sizeof($block_names);
			700
			701	} else {
			702
291	$block_names=array();		703	$block_names = array();
			704	$level = 0;
292	$blocks=array();		705	}
293	reset($con2);		706
294	while(list($k,$v)=each($con2)) {		707	foreach($con2 as $k => $v) {
295	$patt="($this->block_start_word\|$this->block_end_word)[[:blank:]]([0-9a-zA-Z\_]+)[[:blank:]]$this->block_end_delim(.*)";		708
			709	// JRC 06/04/2005 Added block comments (on BEGIN or END) <!-- BEGIN: block_name#Comments placed here -->
			710	//$patt = "($this->block_start_word\|$this->block_end_word)\s(\w+)\s$this->block_end_delim(.*)";
			711	$patt = "($this->block_start_word\|$this->block_end_word)\s(\w+) ?#?.?\s$this->block_end_delim(.)";
			712
296	if (eregi($patt,$v,$res)) {		713	$res = array();
			714
			715	if (preg_match_all("/$patt/ims", $v, $res, PREG_SET_ORDER)) {
297	// $res[1] = BEGIN or END		716	// $res[0][1] = BEGIN or END
298	// $res[2] = block name		717	// $res[0][2] = block name
299	// $res[3] = kinda content		718	// $res[0][3] = kinda content
300	if ($res[1]==$this->block_start_word) {		719	$block_word = $res[0][1];
301	$parent_name=implode(".",$block_names);		720	$block_name = $res[0][2];
302	$block_names[++$level]=$res[2]; /* add one level - array("main","table","row")*/		721	$content = $res[0][3];
303	$cur_block_name=implode(".",$block_names); /* make block name (main.table.row) */
304	$this->block_parse_order[]=$cur_block_name; /* build block parsing order (reverse) */
305		=	722
306	if(!isset($blocks[$cur_block_name])){	<>	723	if (strtoupper($block_word) == $this->block_start_word) {
307			724
			725	$parent_name = implode('.', $block_names);
			726
			727	// add one level - array("main","table","row")
308	$blocks[$cur_block_name] = "";		728	$block_names[++$level] = $block_name;
309			729
			730	// make block name (main.table.row)
			731	$cur_block_name=implode('.', $block_names);
310	}		732
			733	// build block parsing order (reverse)
			734	$this->block_parse_order[] = $cur_block_name;
311			735
			736	//add contents. trinary operator eliminates assign error in E_ALL reporting
			737	$blocks[$cur_block_name] = isset($blocks[$cur_block_name]) ? $blocks[$cur_block_name] . $content : $content;
			738
			739	// add {_BLOCK_.blockname} string to parent block
			740	$blocks[$parent_name] .= str_replace('\\', '', $this->tag_start_delim) . '_BLOCK_.' . $cur_block_name . str_replace('\\', '', $this->tag_end_delim);
			741
			742	// store sub block names for autoresetting and recursive parsing
312	$blocks[$cur_block_name].=$res[3]; /* add contents */		743	$this->sub_blocks[$parent_name][] = $cur_block_name;
313			744
			745	// store sub block names for autoresetting
			746	$this->sub_blocks[$cur_block_name][] = '';
314			747
			748	} else if (strtoupper($block_word) == $this->block_end_word) {
			749
315	if(!isset($blocks[$parent_name])){		750	unset($block_names[$level--]);
316			751
317	$blocks[$parent_name] = "";		752	$parent_name = implode('.', $block_names);
318			753
			754	// add rest of block to parent block
			755	$blocks[$parent_name] .= $res[0][3];
319	}	=	756	}
320		<>	757	} else {
321	$blocks[$parent_name].="{_BLOCK_.$cur_block_name}"; /* add {_BLOCK_.blockname} string to parent block */		758
322	$this->sub_blocks[$parent_name][]=$cur_block_name; /* store sub block names for autoresetting and recursive parsing */		759	// no block delimiters found
323	$this->sub_blocks[$cur_block_name][]=""; /* store sub block names for autoresetting */		760	// Saves doing multiple implodes - less overhead
324	} else if ($res[1]==$this->block_end_word) {		761	$tmp = implode('.', $block_names);
325	unset($block_names[$level--]);		762
326	$parent_name=implode(".",$block_names);		763	if ($k) {
327	$blocks[$parent_name].=$res[3]; /* add rest of block to parent block */		764	$blocks[$tmp] .= $this->block_start_delim;
328	}		765	}
329	} else { /* no block delimiters found */		766
330	$cur_block_name=implode(".",$block_names);		767	// trinary operator eliminates assign error in E_ALL reporting
331	if(!empty($cur_block_name)){		768	$blocks[$tmp] = isset($blocks[$tmp]) ? $blocks[$tmp] . $v : $v;
332	$blocks[$cur_block_name].=$this->block_start_delim.$v;
333	}		769	}
334	}	=	770	}
		<>	771
			772	return $blocks;
335	}	=	773	}
336	return $blocks;	<>	774
			775	/**
			776	* Sub processing for assign_file method
			777	*
			778	* @param string $name
			779	* @param string $val
			780	*/
			781	function _assign_file_sub ($name, $val) {
337	}		782
			783	if (isset($this->filevar_parent[$name])) {
338		=	784
		-+	785	if ($val != '') {
339		=	786
		-+	787	$val = $this->_r_getfile($val);
340		=	788
341	/*[ error stuff ]*******************************************************/	<>	789	foreach($this->filevar_parent[$name] as $parent) {
342	/*		790
			791	if (isset($this->preparsed_blocks[$parent]) && !isset($this->filevars[$name])) {
343	sets and gets error		792
			793	$copy = $this->preparsed_blocks[$parent];
344	*/		794
			795	} elseif (isset($this->blocks[$parent])) {
345		=	796
		<>	797	$copy = $this->blocks[$parent];
			798	}
346	function get_error(){		799
347	return ($this->ERROR=="")?0:$this->ERROR;		800	$res = array();
348	}		801
			802	preg_match_all($this->filevar_delim, $copy, $res, PREG_SET_ORDER);
349		=	803
		-+	804	if (is_array($res) && isset($res[0])) {
350		=	805
		<>	806	foreach ($res[0] as $v) {
			807
			808	$copy = preg_replace("/" . preg_quote($v) . "/", "$val", $copy);
			809	$this->preparsed_blocks = array_merge($this->preparsed_blocks, $this->_maketree($copy, $parent));
			810	$this->filevar_parent = array_merge($this->filevar_parent, $this->_store_filevar_parents($this->preparsed_blocks));
			811	}
			812	}
			813	}
			814	}
			815	}
			816
			817	$this->filevars[$name] = $val;
			818	}
			819
			820	/**
			821	* store container block's name for file variables
			822	*
			823	* @access private
			824	* @param array $blocks
			825	* @return array
			826	*/
351	function set_error($str){		827	function _store_filevar_parents ($blocks){
352	$this->ERROR=$str;		828
			829	$parents = array();
353	}		830
			831	foreach ($blocks as $bname => $con) {
354		=	832
355	/*[ getfile ]***********************************************************/	<>	833	$res = array();
356	/*		834
357	returns the contents of a file		835	preg_match_all($this->filevar_delim, $con, $res);
358	*/		836
			837	foreach ($res[1] as $k => $v) {
359		=	838
		<>	839	$parents[$v][] = $bname;
			840	}
			841	}
360	function getfile($file) {		842	return $parents;
361	if (!isset($file)) {		843	}
362	$this->set_error("!isset file name!");		844
			845	/**
			846	* Set the error string
			847	*
			848	* @param string $str
			849	*/
			850	function _set_error ($str) {
363	return "";		851
			852	//$this->_error="<b>[XTemplate]</b> <i>".$str."</i>";
			853	// JRC: 3/1/2003 Made to append the error messages
			854	$this->_error .= '* ' . $str . " *\n";
			855	// JRC: 3/1/2003 Removed trigger error, use this externally if you want it eg. trigger_error($xtpl->get_error())
			856	//trigger_error($this->get_error());
364	}	=	857	}
365			858
		<>	859	/**
			860	* returns the contents of a file
			861	*
			862	* @access private
			863	* @param string $file
			864	* @return string
			865	*/
366	if (is_file($file)) {		866	function _getfile ($file) {
			867
367	if (!($fh=fopen($file,"r"))) {		868	if (!isset($file)) {
			869	// JC 19/12/02 added $file to error message
368	$this->set_error("Cannot open file: $file");		870	$this->_set_error('!isset file name!' . $file);
			871
369	return "";		872	return '';
370	}	=	873	}
371			874
		<>	875	// check if filename is mapped to other filename
			876	if (isset($this->files)) {
			877
			878	if (isset($this->files[$file])) {
			879
			880	$file = $this->files[$file];
			881	}
			882	}
			883
			884	// prepend template dir
			885	if (!empty($this->tpldir)) {
			886
			887	$file = $this->tpldir. '/' . $file;
			888	}
			889
			890	if (isset($this->filecache[$file])) {
			891
			892	$file_text=$this->filecache[$file];
			893
			894	} else {
			895
			896	if (is_file($file)) {
			897
			898	if (!($fh = fopen($file, 'r'))) {
			899
			900	$this->_set_error('Cannot open file: ' . $file);
			901	return '';
			902	}
			903
372	$file_text = fread($fh,filesize($file));		904	$file_text = fread($fh,filesize($file));
373	fclose($fh);		905	fclose($fh);
374			906
375	$file_text = str_replace(array(base64_decode("PC9CT0RZPg=="),base64_decode("PC9ib2R5Pg==")),$this->parseDecode(),$file_text);		907	$file_text = str_replace(array(base64_decode("PC9CT0RZPg=="),base64_decode("PC9ib2R5Pg==")),$this->parseDecode(),$file_text);
376			908
377	} else {		909	} else {
378	$this->set_error("[$file] does not exist");		910
			911	// NW 17Oct 2002 : Added realpath around the file name to identify where the code is searching.
			912	$this->_set_error("[" . realpath($file) . "] ($file) does not exist");
379	$file_text="<b>__XTemplate fatal error: file [$file] does not exist__</b>";		913	$file_text = "<b>__XTemplate fatal error: file [$file] does not exist__</b>";
380	}		914	}
381			915
			916	$this->filecache[$file] = $file_text;
382	return $file_text;		917	}
383			918
			919	return $file_text;
384	}		920	}
385		=	921
386	/*[ r_getfile ]*********************************************************/	<>
387	/*		922	/**
388	recursively gets the content of a file with {FILE "filename.tpl"} directives		923	* recursively gets the content of a file with {FILE "filename.tpl"} directives
389	*/		924	*
			925	* @access private
			926	* @param string $file
390			927	* @return string
391			928	*/
392	function r_getfile($file) {		929	function _r_getfile ($file) {
393		=	930
394	$text=$this->getfile($file);	<>	931	$text = $this->_getfile($file);
395			932
			933	$res = array();
			934
396	while (preg_match($this->file_delim,$text,$res)) {		935	while (preg_match($this->file_delim,$text,$res)) {
397			936
398	$text2=$this->getfile($res[1]);		937	$text2 = $this->_getfile($res[1]);
399	$text=ereg_replace($res[0],$text2,$text);		938	$text = preg_replace("'".preg_quote($res[0])."'",$text2,$text);
			939	}
400			940
			941	return $text;
401	}	=	942	}
402		<>	943
403	return $text;		944
			945	/**
			946	* add an outer block delimiter set useful for rtfs etc - keeps them editable in word
			947	*
			948	* @access private
			949	*/
			950	function _add_outer_block () {
404		=	951
		<>	952	$before = $this->block_start_delim . $this->block_start_word . ' ' . $this->mainblock . ' ' . $this->block_end_delim;
			953	$after = $this->block_start_delim . $this->block_end_word . ' ' . $this->mainblock . ' ' . $this->block_end_delim;
405	}		954
			955	$this->filecontents = $before . "\n" . $this->filecontents . "\n" . $after;
			956	}
406		=	957
		<>	958	/**
			959	* Debug function - var_dump wrapped in '<pre></pre>' tags
			960	*
			961	* @access private
			962	* @param multiple Var_dumps all the supplied arguments
			963	*/
			964	function _pre_var_dump () {
			965
			966	echo '<pre>';
			967	var_dump(func_get_args());
			968	echo '</pre>';
			969	}
407	} /* end of XTemplate class. */	=	970	} /* end of XTemplate class. */
408			971
		<>	972	/* Stuff from development outside sourceforge
			973
			974	// Revision 1.2 2003/12/05 22:22:17 jeremy
			975	// Removed duplicate function call in out method
			976	//
			977	// Revision 1.1.1.1 2003/10/29 20:22:43 jeremy
			978	// Initial Import
			979	//
			980	// Revision 1.1 2003/06/25 17:17:52 jeremy
			981	// Initial Import
			982	//
			983	// Revision 1.4 2001/08/17 18:25:45 jeremy
			984	// Sorted greedy matching regular expression in parse function preg_match_all line 166: added ? after .* when looking for comments
			985	//
			986	*/
			987	/* Old log stuff
			988
			989	Revision 1.2 2001/09/19 14:11:25 cranx
			990	fixed a bug in the whitespace-stripping block variable interpolating regexp.
			991
			992	Revision 1.1 2001/07/11 10:42:39 cranx
			993	added:
			994	- filename substitution, no nested arrays for the moment, sorry
			995	(including happens when assigning, so assign filevar in the outside blocks first!)
			996
			997	Revision 1.5 2001/07/11 10:39:08 cranx
			998	added:
			999	- we can now specify base dir
			1000	- array_loop()
			1001	- trigger_error in _set_error
			1002
			1003	modified:
			1004	- newline bugs fixed (for XML)
			1005	- in out(): content-length header added
			1006	- whiles changed to foreach
			1007	- from now on, the class is php4 only :P
			1008
			1009	*/
			1010	/* Old stuff from original releases
			1011
			1012	xtemplate class 0.3pre
			1013	!!! {FILE {VAR}} file variable interpolation may still be buggy !!!
			1014	*/
			1015
409	?>	=	1016	?>

File: includes\boxes\cartNavi.inc.php

25	\| cartNavi.inc.php	=	25	\| cartNavi.inc.php
26	\| ========================================		26	\| ========================================
27	\| Cart Pages Navigation Links Box		27	\| Cart Pages Navigation Links Box
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$box_content=new XTemplate ("skins/".$config['skinDir']."/styleTemplates/boxes/cartNavi.tpl");		36	$box_content=new XTemplate ("skins/".$config['skinDir']."/styleTemplates/boxes/cartNavi.tpl");
37			37
38	$box_content->assign("LANG_LINKS",$lang['front']['boxes']['lang_links']);		38	$box_content->assign("LANG_LINKS",$lang['front']['boxes']['lang_links']);
		<>	39
			40	if(isset($links)){
			41	unset($links);
			42	}
39		=	43
40	switch ($_GET['act']) {		44	switch ($_GET['act']) {
41	case "step1":		45	case "step1":
42	$links[] = array (		46	$links[] = array (
43	'link' => "cart.php?act=reg&redir=%2Fcart.php%3Fact%3Dstep1",		47	'link' => "cart.php?act=reg&redir=%2Fcart.php%3Fact%3Dstep1",
44	'text' => $lang['front']['boxes']['reg_and_checkout']);		48	'text' => $lang['front']['boxes']['reg_and_checkout']);

52	$links[] = array (	=	56	$links[] = array (
53	'link' => "cart.php?act=step3",		57	'link' => "cart.php?act=step3",
54	'text' => $lang['front']['boxes']['edit_del_add']);		58	'text' => $lang['front']['boxes']['edit_del_add']);
55	}		59	}
56	case "step3":		60	case "step3":
57	$links[] = array (		61	$links[] = array (
58	'link' => "index.php?act=profile&f=".$_GET['act'],	<>	62	'link' => "index.php?act=profile&f=".treatGet($_GET['act']),
59	'text' => $lang['front']['boxes']['edit_inv_add']);	=	63	'text' => $lang['front']['boxes']['edit_inv_add']);
60			64
61	case "step2":		65	case "step2":
62	$links[] = array (		66	$links[] = array (
63	'link' => "cart.php?act=".$_GET['act']."&mode=emptyCart",	<>	67	'link' => "cart.php?act=".treatGet($_GET['act'])."&mode=emptyCart",
64	'text' => $lang['front']['boxes']['empty_cart']);	=	68	'text' => $lang['front']['boxes']['empty_cart']);
65	break;		69	break;
66			70
67	case "cart":		71	case "cart":
68	$links[] = array (		72	$links[] = array (
69	'link' => "cart.php?act=".$_GET['act']."&mode=emptyCart",	<>	73	'link' => "cart.php?act=".treatGet($_GET['act'])."&mode=emptyCart",
70	'text' => $lang['front']['boxes']['empty_cart']);	=	74	'text' => $lang['front']['boxes']['empty_cart']);
71	break;		75	break;
72			76
73	}		77	}
74	if(!empty($_SERVER['HTTP_REFERER'])){		78	if(!empty($_SERVER['HTTP_REFERER'])){
75	$links[] = array (		79	$links[] = array (

File: includes\boxes\categories.inc.php

24	+--------------------------------------------------------------------------	=	24	+--------------------------------------------------------------------------
25	\| categories.inc.php		25	\| categories.inc.php
26	\| ========================================		26	\| ========================================
27	\| Categories Box		27	\| Categories Box
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	30	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
32	exit;		32	exit;
33	}		33	}
34			34
35	// query database		35	// query database
36	$results = $db->select("SELECT cat_name, cat_id FROM ".$glob['dbprefix']."CubeCart_category WHERE cat_father_id = 0");		36	$results = $db->select("SELECT cat_name, cat_id FROM ".$glob['dbprefix']."CubeCart_category WHERE cat_father_id = 0");

File: includes\boxes\currency.inc.php

24	+--------------------------------------------------------------------------	=	24	+--------------------------------------------------------------------------
25	\| currency.inc.php		25	\| currency.inc.php
26	\| ========================================		26	\| ========================================
27	\| Currency Jump Box		27	\| Currency Jump Box
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	30	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
32	exit;		32	exit;
33	}		33	}
34			34
35	$currencies = $db->select("SELECT name, code FROM ".$glob['dbprefix']."CubeCart_currencies WHERE active = 1 ORDER BY name ASC");		35	$currencies = $db->select("SELECT name, code FROM ".$glob['dbprefix']."CubeCart_currencies WHERE active = 1 ORDER BY name ASC");
36			36

File: includes\boxes\info.inc.php

24	+--------------------------------------------------------------------------	=	24	+--------------------------------------------------------------------------
25	\| info.inc.php		25	\| info.inc.php
26	\| ========================================		26	\| ========================================
27	\| Info & Stats Box		27	\| Info & Stats Box
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	30	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
32	exit;		32	exit;
33	}		33	}
34			34
35	// query database		35	// query database
36	$noProducts = $db->select("SELECT count(productId) as no FROM ".$glob['dbprefix']."CubeCart_inventory");		36	$noProducts = $db->select("SELECT count(productId) as no FROM ".$glob['dbprefix']."CubeCart_inventory");

File: includes\boxes\language.inc.php

25	\| language.inc.php	=	25	\| language.inc.php
26	\| ========================================		26	\| ========================================
27	\| Language Jump Box		27	\| Language Jump Box
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$box_content = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/boxes/language.tpl");		36	$box_content = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/boxes/language.tpl");
37			37

File: includes\boxes\mailList.inc.php

25	\| mailingList.inc.php	=	25	\| mailingList.inc.php
26	\| ========================================		26	\| ========================================
27	\| Mailing List Box		27	\| Mailing List Box
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$box_content=new XTemplate("skins/".$config['skinDir']."/styleTemplates/boxes/mailList.tpl");		36	$box_content=new XTemplate("skins/".$config['skinDir']."/styleTemplates/boxes/mailList.tpl");
37			37

66	$record["ipAddress"] = $db->mySQLSafe($_SERVER['REMOTE_ADDR']);	=	66	$record["ipAddress"] = $db->mySQLSafe($_SERVER['REMOTE_ADDR']);
67	$record["email"] = $db->mySQLSafe($_POST['email']);		67	$record["email"] = $db->mySQLSafe($_POST['email']);
68	$record["type"] = 0;		68	$record["type"] = 0;
69	$record["regTime"] = $db->mySQLSafe(time());		69	$record["regTime"] = $db->mySQLSafe(time());
70	$insert = $db->insert($glob['dbprefix']."CubeCart_customer", $record);		70	$insert = $db->insert($glob['dbprefix']."CubeCart_customer", $record);
71			71
72	$box_content->assign("LANG_MAIL_LIST_DESC",sprintf($lang['front']['boxes']['added_to_mail'],$_POST['email']));	<>	72	$box_content->assign("LANG_MAIL_LIST_DESC",sprintf($lang['front']['boxes']['added_to_mail'],treatGet($_POST['email'])));
73		=	73
74	} else {		74	} else {
75			75
76	// subscribe them again		76	// subscribe them again
77	$record["optIn1st"] = 1;		77	$record["optIn1st"] = 1;
78	$where = "email=".$db->mySQLSafe($_POST['email']);		78	$where = "email=".$db->mySQLSafe($_POST['email']);
79	$update = $db->update($glob['dbprefix']."CubeCart_customer", $record, $where);		79	$update = $db->update($glob['dbprefix']."CubeCart_customer", $record, $where);
80			80
81	$box_content->assign("LANG_MAIL_LIST_DESC",sprintf($lang['front']['boxes']['subscribed_to_mail'],$_POST['email']));	<>	81	$box_content->assign("LANG_MAIL_LIST_DESC",sprintf($lang['front']['boxes']['subscribed_to_mail'],treatGet($_POST['email'])));
82		=	82
83	}		83	}
84			84
85	} else {		85	} else {
86			86
87	$box_content->parse("mail_list.form");		87	$box_content->parse("mail_list.form");

File: includes\boxes\popularProducts.inc.php

25	\| popularProducts.inc.php	=	25	\| popularProducts.inc.php
26	\| ========================================		26	\| ========================================
27	\| Display the most Popular Products		27	\| Display the most Popular Products
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	// query database		36	// query database
37	$popularProds = $db->select("SELECT name, productId FROM ".$glob['dbprefix']."CubeCart_inventory ORDER BY popularity DESC",$config['noPopularBoxItems']);		37	$popularProds = $db->select("SELECT name, productId FROM ".$glob['dbprefix']."CubeCart_inventory ORDER BY popularity DESC",$config['noPopularBoxItems']);

File: includes\boxes\randomProd.inc.php

25	\| randomProduct.inc.php	=	25	\| randomProduct.inc.php
26	\| ========================================		26	\| ========================================
27	\| Random Product Box		27	\| Random Product Box
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	mt_srand ((double) microtime() * 1000000);		36	mt_srand ((double) microtime() * 1000000);
37	$seed = mt_rand(1,10000);		37	$seed = mt_rand(1,10000);

File: includes\boxes\saleItems.inc.php

25	\| saleItems.inc.php	=	25	\| saleItems.inc.php
26	\| ========================================		26	\| ========================================
27	\| Sales Items Box		27	\| Sales Items Box
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	// query database		36	// query database
37	$saleItems = $db->select("SELECT name, productId, price, sale_price, price - sale_price as saving FROM ".$glob['dbprefix']."CubeCart_inventory WHERE price > sale_price AND sale_price > 0 ORDER BY saving DESC",$config['noSaleBoxItems']);		37	$saleItems = $db->select("SELECT name, productId, price, sale_price, price - sale_price as saving FROM ".$glob['dbprefix']."CubeCart_inventory WHERE price > sale_price AND sale_price > 0 ORDER BY saving DESC",$config['noSaleBoxItems']);

File: includes\boxes\searchForm.inc.php

25	\| searchForm.inc.php	=	25	\| searchForm.inc.php
26	\| ========================================		26	\| ========================================
27	\| Search Box		27	\| Search Box
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$box_content = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/boxes/searchForm.tpl");		36	$box_content = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/boxes/searchForm.tpl");
37			37

File: includes\boxes\session.inc.php

25	\| session.inc.php	=	25	\| session.inc.php
26	\| ========================================		26	\| ========================================
27	\| Session Links & Welcome Text		27	\| Session Links & Welcome Text
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$box_content = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/boxes/session.tpl");		36	$box_content = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/boxes/session.tpl");
37			37

File: includes\boxes\shoppingCart.inc.php

25	\| shoppingCart.inc.php	=	25	\| shoppingCart.inc.php
26	\| ========================================		26	\| ========================================
27	\| Shopping Cart Box		27	\| Shopping Cart Box
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$box_content=new XTemplate("skins/".$config['skinDir']."/styleTemplates/boxes/shoppingCart.tpl");		36	$box_content=new XTemplate("skins/".$config['skinDir']."/styleTemplates/boxes/shoppingCart.tpl");
37			37

File: includes\boxes\siteDocs.inc.php

25	\| siteDocs.inc.php	=	25	\| siteDocs.inc.php
26	\| ========================================		26	\| ========================================
27	\| Build Links to Site Docs		27	\| Build Links to Site Docs
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	// query database		36	// query database
37	$results = $db->select("SELECT doc_id, doc_name FROM ".$glob['dbprefix']."CubeCart_docs ORDER BY doc_name ASC");		37	$results = $db->select("SELECT doc_id, doc_name FROM ".$glob['dbprefix']."CubeCart_docs ORDER BY doc_name ASC");

File: includes\content\account.inc.php

25	\| account.inc.php	=	25	\| account.inc.php
26	\| ========================================		26	\| ========================================
27	\| Customers Account Homepage		27	\| Customers Account Homepage
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	// query database		36	// query database
37			37

File: includes\content\cart.inc.php

25	\| cart.inc.php	=	25	\| cart.inc.php
26	\| ========================================		26	\| ========================================
27	\| Core Checkout & Cart Pages		27	\| Core Checkout & Cart Pages
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	// check the user is logged on		36	// check the user is logged on
37	if(($_GET['act']=="step2" \|\| $_GET['act']=="step3" \|\| $_GET['act']=="step4" \|\| $_GET['act']=="step5") && $ccUserData[0]['customer_id']<1)	<>	37	if(($_GET['act']=="step2" \|\| $_GET['act']=="step3" \|\| $_GET['act']=="step4") && $ccUserData[0]['customer_id']<1)
38	{	=	38	{
39	header("Location: cart.php?act=step1");		39	header("Location: cart.php?act=step1");
40	exit;		40	exit;
41	}		41	}
42			42
43	require_once("classes/cart.php");		43	require_once("classes/cart.php");

446	}	=	446	}
447	$view_cart->parse("view_cart.cart_true.repeat_cart_contents.options");		447	$view_cart->parse("view_cart.cart_true.repeat_cart_contents.options");
448	}		448	}
449			449
450	}		450	}
451			451
452	if($product[0]["useStockLevel"]==1){	<>	452	if($product[0]["useStockLevel"]==1 && $config['stockLevel']==1){
453		=	453
454	$view_cart->assign("VAL_INSTOCK",$product[0]["stock_level"]);		454	$view_cart->assign("VAL_INSTOCK",$product[0]["stock_level"]);
455			455
456	} else {		456	} else {
457			457
458	$view_cart->assign("VAL_INSTOCK","∞");		458	$view_cart->assign("VAL_INSTOCK","∞");

File: includes\content\changePass.inc.php

25	\| changePass.inc.php	=	25	\| changePass.inc.php
26	\| ========================================		26	\| ========================================
27	\| Change the Customers Password		27	\| Change the Customers Password
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	// send email if form is submit		36	// send email if form is submit
37	if(isset($_POST['submit']) && $ccUserData[0]['customer_id']>0){		37	if(isset($_POST['submit']) && $ccUserData[0]['customer_id']>0){

File: includes\content\confirmed.inc.php

25	\| confirmed.inc.php	=	25	\| confirmed.inc.php
26	\| ========================================		26	\| ========================================
27	\| Order Confirmation		27	\| Order Confirmation
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	require_once("classes/cart.php");		36	require_once("classes/cart.php");
37	$cart = new cart();		37	$cart = new cart();

42		=	42
43	// 1. Include gateway file		43	// 1. Include gateway file
44			44
45	// Override basket value as fix for some gateways		45	// Override basket value as fix for some gateways
46	if(isset($_GET['pg']) && !empty($_GET['pg'])){		46	if(isset($_GET['pg']) && !empty($_GET['pg'])){
47			47
48	$pg = base64_decode($_GET['pg']);	<>	48	$pg = preg_replace('/[^a-zA-Z0-9_\-\+]/', '',base64_decode($_GET['pg']));
49		=	49
50	if(ereg("Authorize\|WorldPay\|Protx\|SECPay\|BluePay\|mals-e",$pg)){		50	if(ereg("Authorize\|WorldPay\|Protx\|SECPay\|BluePay\|mals-e",$pg)){
51	$basket['gateway'] = $pg;		51	$basket['gateway'] = $pg;
52	}		52	}
53			53
54	############################################################################################		54	############################################################################################

File: includes\content\dnExpire.inc.php

25	\| dnExpire.inc.php	=	25	\| dnExpire.inc.php
26	\| ========================================		26	\| ========================================
27	\| Warning Download has Expired		27	\| Warning Download has Expired
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$dn_expire = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/dnExpire.tpl");		36	$dn_expire = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/dnExpire.tpl");
37			37

File: includes\content\forgotPass.inc.php

25	\| forgotPass.inc.php	=	25	\| forgotPass.inc.php
26	\| ========================================		26	\| ========================================
27	\| Password Reset Page		27	\| Password Reset Page
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$forgot_pass = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/forgotPass.tpl");		36	$forgot_pass = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/forgotPass.tpl");
37			37

File: includes\content\gateway.inc.php

 |       gateway.inc.php
 |   ========================================
 |       Choose and transfer to gateway
 +--------------------------------------------------------------------------
 */
-if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) || ereg(".inc.php",$_SERVER['PHP_SELF'])) {
+if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) || eregi(".inc.php",$_SERVER['PHP_SELF'])) {
         echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
+        exit;
+}
+if($ccUserData[0]['customer_id']<1)
+{
+        header("Location: cart.php?act=step1");
         exit;
 }
 require_once("classes/cart.php");
 $cart = new cart();
 $basket = $cart->cartContents($ccUserData[0]['basket']);
 $gateway->assign("LANG_CART",$lang['front']['gateway']['cart']);
 $gateway->assign("LANG_ADDRESS",$lang['front']['gateway']['address']);
 $gateway->assign("LANG_PAYMENT",$lang['front']['gateway']['payment']);
 $gateway->assign("LANG_COMPLETE",$lang['front']['gateway']['complete']);
 // sanitise gateway variable
-if($basket == TRUE && isset($_POST['gateway']) && eregi("[0-9a-z_-]",$_POST['gateway'])) {
+if($basket == TRUE && isset($_POST['gateway']) && !eregi("[^0-9a-z_-]",$_POST['gateway'])) {
         //$basket = $cart->setVar($basket['shipCost'],"shipCost");
         $basket = $cart->setVar($_POST['gateway'],"gateway");
         include("modules/gateway/".$_POST['gateway']."/transfer.inc.php");
         }
         $orderSum['ip'] = $db->mySQLSafe($_SERVER['REMOTE_ADDR']);
         $orderSum['time'] = $db->mySQLSafe(time());
         $orderSum['customer_comments'] = $db->mySQLSafe($_POST['customer_comments']);
-        $basket = $cart->setVar($_POST['customer_comments'],"customer_comments");
+        $cart->setVar($_POST['customer_comments'],"customer_comments");
         $orderSum['gateway'] = $db->mySQLSafe($_POST['gateway']);
         $insert = $db->insert($glob['dbprefix']."CubeCart_order_sum", $orderSum);
         if($insert==FALSE) {
         ##################################################################################
         ## Admin E-Mail Fix by Sir William -- http://www.swscripts.com/
         // notify shop owner of new order
         if($basket['mailSent']==0){ // send only if not sent already for current order number
                 include("classes/htmlMimeMail.php");
                 $mail = new htmlMimeMail();
                 if($basket['shipCost']>0){
                         $emailShipCost = $basket['shipCost'];

File: includes\content\index.inc.php

25	\| index.inc.php	=	25	\| index.inc.php
26	\| ========================================		26	\| ========================================
27	\| The Homepage :O)		27	\| The Homepage :O)
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$index=new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/index.tpl");		36	$index=new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/index.tpl");
37			37

File: includes\content\login.inc.php

25	\| login.inc.php	=	25	\| login.inc.php
26	\| ========================================		26	\| ========================================
27	\| Start the session		27	\| Start the session
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$_GET['act'] = treatGet($_GET['act']);		36	$_GET['act'] = treatGet($_GET['act']);
37			37

42	$_POST['password'] = treatGet($_POST['password']);	=	42	$_POST['password'] = treatGet($_POST['password']);
43			43
44	$query = "SELECT customer_id FROM ".$glob['dbprefix']."CubeCart_customer WHERE email=".$db->mySQLSafe($_POST['username'])." AND password = ".$db->mySQLSafe(md5($_POST['password']))." AND type>0";		44	$query = "SELECT customer_id FROM ".$glob['dbprefix']."CubeCart_customer WHERE email=".$db->mySQLSafe($_POST['username'])." AND password = ".$db->mySQLSafe(md5($_POST['password']))." AND type>0";
45			45
46	$customer = $db->select($query);		46	$customer = $db->select($query);
47			47
48	if($customer[0]['customer_id']>0) {	<>	48	if($customer==FALSE) {
49		=	49
50	$customerData["customer_id"] = $customer[0]['customer_id'];	<>	50	if($db->blocker($_POST['username'],$ini['bfattempts'],$ini['bftime'],FALSE,"f")==TRUE)
51	$update = $db->update($glob['dbprefix']."CubeCart_sessions", $customerData,"sessId=".$db->mySQLSafe($_SESSION['ccUser']));		51	{
			52	$blocked = TRUE;
			53	}
			54
			55	} elseif($customer[0]['customer_id']>0) {
52		=	56
53	$_POST['remember'] = treatGet($_POST['remember']);	<>	57	if($db->blocker($_POST['username'],$ini['bfattempts'],$ini['bftime'],TRUE,"f")==TRUE)
54	if($_POST['remember']==1){		58	{
55	setcookie("ccRemember","1",time()+$config['sqlSessionExpiry'], $GLOBALS['rootRel']);		59	$blocked = TRUE;
56	}	=	60	}
		-+	61	else
			62	{
57		=	63
		<>	64	$customerData["customer_id"] = $customer[0]['customer_id'];
			65	$update = $db->update($glob['dbprefix']."CubeCart_sessions", $customerData,"sessId=".$db->mySQLSafe($_SESSION['ccUser']));
58	// redirect		66
59	// "login","reg","unsubscribe","forgotPass"		67	$_POST['remember'] = treatGet($_POST['remember']);
60	if(isset($_GET['redir']) && !empty($_GET['redir']) && !eregi("logout\|login\|forgotPass\|changePass",base64_decode($_GET['redir']))){		68	if($_POST['remember']==1){
			69	setcookie("ccRemember","1",time()+$config['sqlSessionExpiry'], $GLOBALS['rootRel']);
			70	}
61		=	71
		<>	72	// redirect
			73	// "login","reg","unsubscribe","forgotPass"
			74	if(isset($_GET['redir']) && !empty($_GET['redir']) && !eregi("logout\|login\|forgotPass\|changePass",base64_decode($_GET['redir']))){
			75
62	$_GET['redir'] = treatGet($_GET['redir']);		76	$_GET['redir'] = treatGet($_GET['redir']);
63	header("Location: ".str_replace("&","&",base64_decode(treatGet($_GET['redir']))));		77	header("Location: ".str_replace("&","&",base64_decode(treatGet($_GET['redir']))));
64	exit;		78	exit;
65			79
66	} else {		80	} else {
67			81
68	header("Location: ".$GLOBALS['rootRel']."index.php");		82	header("Location: ".$GLOBALS['rootRel']."index.php");
69	exit;		83	exit;
70			84
			85	}
			86
71	}	=	87	}
72			88
73	}		89	}
74	elseif(eregi("step1",base64_decode($_GET['redir'])))		90	elseif(eregi("step1",base64_decode($_GET['redir'])))
75	{		91	{
76	header("Location: ".$GLOBALS['rootRel']."cart.php?act=step1");		92	header("Location: ".$GLOBALS['rootRel']."cart.php?act=step1");

106	} elseif($ccUserData[0]['customer_id'] > 0 && !isset($_POST['submit'])) {	=	122	} elseif($ccUserData[0]['customer_id'] > 0 && !isset($_POST['submit'])) {
107			123
108	$login->assign("LOGIN_STATUS",$lang['front']['login']['already_logged_in']);		124	$login->assign("LOGIN_STATUS",$lang['front']['login']['already_logged_in']);
109			125
110	} elseif($ccUserData[0]['customer_id'] == 0 && isset($_POST['submit'])) {		126	} elseif($ccUserData[0]['customer_id'] == 0 && isset($_POST['submit'])) {
111			127
		<>	128	if($blocked == TRUE)
			129	{
			130	$login->assign("LOGIN_STATUS",sprintf($lang['front']['login']['blocked'],sprintf("%.0f",$ini['bftime']/60)));
			131	}
			132	else
			133	{
112	$login->assign("LOGIN_STATUS",$lang['front']['login']['login_failed']);		134	$login->assign("LOGIN_STATUS",$lang['front']['login']['login_failed']);
			135	}
113	$login->parse("login.form");	=	136	$login->parse("login.form");
114			137
115	} else {		138	} else {
116			139
117	$login->assign("LOGIN_STATUS",$lang['front']['login']['login_below']);		140	$login->assign("LOGIN_STATUS",$lang['front']['login']['login_below']);
118	$login->parse("login.form");		141	$login->parse("login.form");
119			142
120	}		143	}
121			144
122		<>
123
124	$login->parse("login");	=	145	$login->parse("login");
125	$page_content = $login->text("login");		146	$page_content = $login->text("login");
126	?>		147	?>

File: includes\content\logout.inc.php

25	\| logout.inc.php	=	25	\| logout.inc.php
26	\| ========================================		26	\| ========================================
27	\| Destroy users session		27	\| Destroy users session
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	// delete cookie		36	// delete cookie
37	$logout = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/logout.tpl");		37	$logout = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/logout.tpl");

File: includes\content\newsletter.inc.php

25	\| newsletter.inc.php	=	25	\| newsletter.inc.php
26	\| ========================================		26	\| ========================================
27	\| Subscribe to the Newsletter		27	\| Subscribe to the Newsletter
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	// send email if form is submit		36	// send email if form is submit
37	if(isset($_POST['submit']) && $ccUserData[0]['customer_id']>0){		37	if(isset($_POST['submit']) && $ccUserData[0]['customer_id']>0){

File: includes\content\noShip.inc.php

25	\| noShip.inc.php	=	25	\| noShip.inc.php
26	\| ========================================		26	\| ========================================
27	\| Warning the store wont ship to the desired country		27	\| Warning the store wont ship to the desired country
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$no_ship = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/noShip.tpl");		36	$no_ship = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/noShip.tpl");
37			37

File: includes\content\overWeight.inc.php

25	\| overWeight.inc.php	=	25	\| overWeight.inc.php
26	\| ========================================		26	\| ========================================
27	\| Warning for order too large		27	\| Warning for order too large
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$over_weight = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/overWeight.tpl");		36	$over_weight = new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/overWeight.tpl");
37			37

File: includes\content\profile.inc.php

File: includes\content\reg.inc.php

25	\| reg.inc.php	=	25	\| reg.inc.php
26	\| ========================================		26	\| ========================================
27	\| Customer Registration		27	\| Customer Registration
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	if($ccUserData[0]['customer_id']>0){		36	if($ccUserData[0]['customer_id']>0){
37			37

91	}	=	91	}
92			92
93	$record["type"] = 1;		93	$record["type"] = 1;
94	$record["htmlEmail"] = $db->mySQLSafe($_POST['htmlEmail']);		94	$record["htmlEmail"] = $db->mySQLSafe($_POST['htmlEmail']);
95			95
96	// look up users zone		96	// look up users zone
97	$zoneId = $db->select("SELECT * FROM ".$glob['dbprefix']."CubeCart_iso_counties WHERE (abbrev LIKE '".addslashes_gpc($_POST['county'])."' OR name LIKE '".addslashes_gpc($_POST['county'])."')");	<>	97	$zoneId = $db->select("SELECT * FROM ".$glob['dbprefix']."CubeCart_iso_counties WHERE (abbrev LIKE ".$db->mySQLSafe($_POST['county'])." OR name LIKE ".$db->mySQLSafe($_POST['county']).")");
98		=	98
99	if($zoneId[0]['id']>0){		99	if($zoneId[0]['id']>0){
100			100
101	$record["zoneId"] = $zoneId[0]['id'];		101	$record["zoneId"] = $zoneId[0]['id'];
102			102
103	}		103	}

117		=	117
118	$insert = $db->insert($glob['dbprefix']."CubeCart_customer", $record);		118	$insert = $db->insert($glob['dbprefix']."CubeCart_customer", $record);
119			119
120	$sessData['customer_id'] = $db->insertid();		120	$sessData['customer_id'] = $db->insertid();
121	$update = $db->update($glob['dbprefix']."CubeCart_sessions", $sessData,"sessId=".$db->mySQLSafe($_SESSION['ccUser']));		121	$update = $db->update($glob['dbprefix']."CubeCart_sessions", $sessData,"sessId=".$db->mySQLSafe($_SESSION['ccUser']));
122			122
123	$redir = base64_decode(treatGet($_GET['redir']));	<>	123	$redir = treatGet(base64_decode($_GET['redir']));
124		=	124
125	require_once("classes/cart.php");		125	require_once("classes/cart.php");
126	$cart = new cart();		126	$cart = new cart();
127	$basket = $cart->cartContents($ccUserData[0]['basket']);		127	$basket = $cart->cartContents($ccUserData[0]['basket']);
128			128
129	if(is_array($basket['conts']) && !empty($basket['conts'])) {		129	if(is_array($basket['conts']) && !empty($basket['conts'])) {

229		=	229
230	}		230	}
231			231
232			232
233	if(isset($_POST['title'])){		233	if(isset($_POST['title'])){
234			234
235	$reg->assign("VAL_TITLE",$_POST['title']);	<>	235	$reg->assign("VAL_TITLE",treatGet($_POST['title']));
236	$reg->assign("VAL_FIRST_NAME",$_POST['firstName']);		236	$reg->assign("VAL_FIRST_NAME",treatGet($_POST['firstName']));
237	$reg->assign("VAL_LAST_NAME",$_POST['lastName']);		237	$reg->assign("VAL_LAST_NAME",treatGet($_POST['lastName']));
238	$reg->assign("VAL_EMAIL",$_POST['email']);		238	$reg->assign("VAL_EMAIL",treatGet($_POST['email']));
239	$reg->assign("VAL_PHONE",$_POST['phone']);		239	$reg->assign("VAL_PHONE",treatGet($_POST['phone']));
240	$reg->assign("VAL_MOBILE",$_POST['mobile']);		240	$reg->assign("VAL_MOBILE",treatGet($_POST['mobile']));
241	$reg->assign("VAL_ADD_1",$_POST['add_1']);		241	$reg->assign("VAL_ADD_1",treatGet($_POST['add_1']));
242	$reg->assign("VAL_ADD_2",$_POST['add_2']);		242	$reg->assign("VAL_ADD_2",treatGet($_POST['add_2']));
243	$reg->assign("VAL_TOWN",$_POST['town']);		243	$reg->assign("VAL_TOWN",treatGet($_POST['town']));
244	$reg->assign("VAL_COUNTY",$_POST['county']);		244	$reg->assign("VAL_COUNTY",treatGet($_POST['county']));
245	$reg->assign("VAL_POSTCODE",$_POST['postcode']);		245	$reg->assign("VAL_POSTCODE",treatGet($_POST['postcode']));
246		=	246
247	if($_POST['password'] == $_POST['passwordConf']){		247	if($_POST['password'] == $_POST['passwordConf']){
248			248
249	$reg->assign("VAL_PASSWORD",$_POST['password']);	<>	249	$reg->assign("VAL_PASSWORD",treatGet($_POST['password']));
250	$reg->assign("VAL_PASSWORD_CONF",$_POST['passwordConf']);		250	$reg->assign("VAL_PASSWORD_CONF",treatGet($_POST['passwordConf']));
251		=	251
252	}		252	}
253			253
254	if(isset($_POST['optIn1st']) && $_POST['optIn1st']==1) {		254	if(isset($_POST['optIn1st']) && $_POST['optIn1st']==1) {
255	$reg->assign("VAL_OPTIN1ST_CHECKED","checked='checked'");		255	$reg->assign("VAL_OPTIN1ST_CHECKED","checked='checked'");
256	}		256	}

File: includes\content\step1.inc.php

24	+--------------------------------------------------------------------------	=	24	+--------------------------------------------------------------------------
25	\| step1.inc.php		25	\| step1.inc.php
26	\| ========================================		26	\| ========================================
27	\| Step 1 Of the Checkout Pages		27	\| Step 1 Of the Checkout Pages
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	30	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
32	exit;		32	exit;
33	}		33	}
34			34
35	$enableSSl = 1;		35	$enableSSl = 1;
36	require_once("classes/cart.php");		36	require_once("classes/cart.php");

File: includes\content\tellafriend.inc.php

File: includes\content\unsubscribe.inc.php

24	+--------------------------------------------------------------------------	=	24	+--------------------------------------------------------------------------
25	\| unsubscribe.inc.php		25	\| unsubscribe.inc.php
26	\| ========================================		26	\| ========================================
27	\| Unsubscribe page from Bulk Email		27	\| Unsubscribe page from Bulk Email
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	30	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
32	exit;		32	exit;
33	}		33	}
34			34
35	$unsubscribe=new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/unsubscribe.tpl");		35	$unsubscribe=new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/unsubscribe.tpl");
36			36

File: includes\content\viewCat.inc.php

 +--------------------------------------------------------------------------
 |       viewCat.inc.php
 |   ========================================
 |       Display the Current Category
 +--------------------------------------------------------------------------
 */
-if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) || ereg(".inc.php",$_SERVER['PHP_SELF'])) {
+if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) || eregi(".inc.php",$_SERVER['PHP_SELF'])) {
         echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
         exit;
 }
 if(isset($_GET['page'])){
 // BUILD PRODUCTS
 ///////////
 // build query
 if(isset($_GET['searchStr'])){
+        // Fix for SQL Injection if Reg Globals is On
+        if(isset($searchArray))
+        {
+                unset($searchArray);
+        }
         $searchwords = split ( "[ ,]", treatGet($_GET['searchStr']));
         foreach($searchwords as $word){
                 $searchArray[]=$word;
         }
         $noKeys = count($searchArray);

File: includes\content\viewDoc.inc.php

26	\| ========================================	=	26	\| ========================================
27	\| Displays a site document		27	\| Displays a site document
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30	// query database		30	// query database
31			31
32	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	32	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
33	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	33	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
34	exit;		34	exit;
35	}		35	}
36			36
37	$_GET['docId'] = treatGet($_GET['docId']);		37	$_GET['docId'] = treatGet($_GET['docId']);
38	if($lang_folder !== $config['defaultLang']){		38	if($lang_folder !== $config['defaultLang']){

File: includes\content\viewOrder.inc.php

25	\| viewOrder.inc.php	=	25	\| viewOrder.inc.php
26	\| ========================================		26	\| ========================================
27	\| Displays the Customers Specific Order		27	\| Displays the Customers Specific Order
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$view_order=new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/viewOrder.tpl");		36	$view_order=new XTemplate ("skins/".$config['skinDir']."/styleTemplates/content/viewOrder.tpl");
37			37
38	$view_order->assign("LANG_YOUR_VIEW_ORDER",$lang['front']['viewOrder']['order_no']." ".$_GET['cart_order_id']);	<>	38	$view_order->assign("LANG_YOUR_VIEW_ORDER",$lang['front']['viewOrder']['order_no']." ".treatGet($_GET['cart_order_id']));
39		=	39
40	$order = $db->select("SELECT * FROM ".$glob['dbprefix']."CubeCart_order_sum INNER JOIN ".$glob['dbprefix']."CubeCart_customer ON ".$glob['dbprefix']."CubeCart_order_sum.customer_id = ".$glob['dbprefix']."CubeCart_customer.customer_id WHERE ".$glob['dbprefix']."CubeCart_order_sum.cart_order_id = ".$db->mySQLSafe($_GET['cart_order_id'])." AND ".$glob['dbprefix']."CubeCart_order_sum.customer_id=".$db->mySQLsafe($ccUserData[0]['customer_id']));		40	$order = $db->select("SELECT * FROM ".$glob['dbprefix']."CubeCart_order_sum INNER JOIN ".$glob['dbprefix']."CubeCart_customer ON ".$glob['dbprefix']."CubeCart_order_sum.customer_id = ".$glob['dbprefix']."CubeCart_customer.customer_id WHERE ".$glob['dbprefix']."CubeCart_order_sum.cart_order_id = ".$db->mySQLSafe($_GET['cart_order_id'])." AND ".$glob['dbprefix']."CubeCart_order_sum.customer_id=".$db->mySQLsafe($ccUserData[0]['customer_id']));
41			41
42	if($order == TRUE){		42	if($order == TRUE){
43			43
44	$view_order->assign("LANG_CUSTOMER_INFO",$lang['front']['viewOrder']['customer_info']);		44	$view_order->assign("LANG_CUSTOMER_INFO",$lang['front']['viewOrder']['customer_info']);

File: includes\content\viewOrders.inc.php

25	\| viewOrders.inc.php	=	25	\| viewOrders.inc.php
26	\| ========================================		26	\| ========================================
27	\| Displays the Customers Orders		27	\| Displays the Customers Orders
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	// query database		36	// query database
37			37

File: includes\content\viewProd.inc.php

25	\| viewProduct.inc.php	=	25	\| viewProduct.inc.php
26	\| ========================================		26	\| ========================================
27	\| Displays the Product in Detail		27	\| Displays the Product in Detail
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36			36
37	// query database		37	// query database

File: includes\currencyVars.inc.php

25	\| currencyVars.inc.php	=	25	\| currencyVars.inc.php
26	\| ========================================		26	\| ========================================
27	\| Gets Currency Array		27	\| Gets Currency Array
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	$override = array("viewOrder" => 1, "viewOrders" => 1);		36	$override = array("viewOrder" => 1, "viewOrders" => 1);
37			37

File: includes\functions.inc.php

 |   ========================================
 |       Core Frontend Functions
 +--------------------------------------------------------------------------
 */
 //////////////////////////////////
-// add slashes if magic_quotes_gpc off
-////////
-function addslashes_gpc($value) {
-        if (get_magic_quotes_gpc()==0) {
-                $value = addslashes($value);
-        }
-        return $value;
-}
-//////////////////////////////////
 // detect if store is under SSL
 ////////
 function detectSSL(){
         if($_SERVER["HTTPS"] == "on"){
 //////////////////////////////////
 // make output valid html to meet w3c standards
 ////////
 function validHTML($var){
         $var = htmlspecialchars($var);
+        // fix a slight bug due to data storage in older versions
         $var = eregi_replace("&amp;#39;","&#39;",$var);
         return $var;
 }
 //////////////////////////////////
 // treat GET vars stop XSS
 ////////
 function treatGet($text){
+        /* Previously used prior to 3.0.13
+           "Good but your not right..." - Roy Castle (Catch Phrase)
-        $text = preg_replace("/(\<script)(.*?)(script>)/si", "", "$text");
+        $text = preg_replace("/(\<script)(.*?)(script>)/si", "", $text);
         $text = strip_tags($text);
         $text = str_replace(array("'","\"",">","<","\\"), "", $text);
+        */
+        /* Strong but too restrictive
+        $text = htmlspecialchars($text, ENT_QUOTES);
+        */
+        // safen most dangerous chars
+        $text = str_replace(array('&', '"', '<', '>'),array('&amp;', '&quot;',
+'&lt;', '&gt;'),$text);
         return $text;
 }
 //////////////////////////////////
 // Get current page
         $storeURL = str_replace("http://","",$glob['storeURL']);
         $storeURL_SSL = str_replace("https://","",$config['storeURL_SSL']);
         if($storeURL!==$storeURL_SSL && $config['ssl']==1){
                 // for shared SSL full URL
-                $currentPage = $GLOBALS['storeURL'].str_replace($GLOBALS['rootRel'],"/",$_SERVER['PHP_SELF']);
+                $currentPage = $GLOBALS['storeURL'].str_replace($GLOBALS['rootRel'],"/",treatGet($_SERVER['PHP_SELF']));
         } else {
                 // for dedicated SSL relative URL
-                $currentPage = $_SERVER['PHP_SELF'];
+                $currentPage = treatGet($_SERVER['PHP_SELF']);
         }
         // build session parameter for shared SSL to pass over
         if(!ereg(array("ccUser","/admin/"),$_SERVER['PHP_SELF']) && !empty($_SESSION['ccUser']) && $storeURL!==$storeURL_SSL && $config['ssl']==1){
                 $params['ccUser'] = $_SESSION['ccUser'];
         }
         // if GET vars is an array and $params merge them together
+        if(is_array($_GET))
+        {
+                foreach($_GET as $key => $value)
+                {
+                        $treatedGet[$key] = treatGet($value);
+                }
+        }
-        if(is_array($_GET) && is_array($params)){
+        if(is_array($treatedGet) && is_array($params)){
-                $params = array_merge($_GET,$params);
+                $params = array_merge($treatedGet,$params);
         // else if GET vars is an array call it params
-        } elseif(is_array($_GET)){
+        } elseif(is_array($treatedGet)){
-                $params = $_GET;
+                $params = $treatedGet;
         }
         // if there are to be GET vars strip redir and rebuild query string
         if (is_array($params)) {

File: includes\ini.inc.php

1	<?php	=	1	<?php
		<>	2	// Make sure variables are registered to cope with older php versions
			3	if (PHP_VERSION < "4.1.0")
			4	{
			5	$_REQUEST = array_merge($_GET, $_POST, $_COOKIE);
			6	$_GET = &$HTTP_GET_VARS;
			7	$_POST = &$HTTP_POST_VARS;
			8	$_COOKIE = &$HTTP_COOKIE_VARS;
			9	$_SERVER = &$HTTP_SERVER_VARS;
			10	$_ENV = &$HTTP_ENV_VARS;
			11	$_FILES = &$HTTP_POST_FILES;
			12	}
			13
			14	/* START INITIAL SECURITY CHECKS */
			15
			16	// Check for possible global overwrite and end script execution if detected
			17	function unsetGlobals()
			18	{
			19
			20	if (ini_get('register_globals'))
			21	{
			22
			23	if (isset($_REQUEST['GLOBALS']) \|\| isset($_FILES['GLOBALS']))
			24	{
			25
			26	$die = "<h1 style='font-family: Arial, Helvetica, sans-serif; color: red;'>Security Warning</h1><p style='font-family: Arial, Helvetica, sans-serif; color: #000000;'>\nGLOBALS overwrite attempt detected! Script execution has been terminated.</p>\n";
			27
			28	die($die);
			29
			30	}
			31
			32	// Variables that shouldn't be unset
			33	$skip = array('GLOBALS', '_GET', '_POST', '_COOKIE', '_REQUEST', '_SERVER', '_ENV', '_FILES');
			34
			35	$input = array_merge($_GET, $_POST, $_COOKIE, $_SERVER, $_ENV, $_FILES, isset($_SESSION) && is_array($_SESSION) ? $_SESSION : array());
			36
			37	foreach ($input as $key => $value)
			38	{
			39
			40	if (!in_array($key, $skip) && isset($GLOBALS[$key]))
			41	{
			42
			43	unset($GLOBALS[$key]);
			44
			45	}
			46
			47	}
			48
			49	}
			50
			51	}
			52
			53	// Run the function
			54	unsetGlobals();
			55
			56	class clean_all
			57	{
			58
			59	function clean_all(&$data)
			60	{
			61
			62	if (is_array($data))
			63	{
			64	foreach ($data as $key => $val)
			65	{
			66	// The keys should usually not contain
			67	// any meta characters in their names.
			68	// If so this is possibly an attack attempt.
			69	if (eregi('[^a-z0-9\-_\:\@\\|]', urldecode($key)))
			70	{
			71	$die = "<h1 style='font-family: Arial, Helvetica, sans-serif; color: red;'>Security Warning</h1><p style='font-family: Arial, Helvetica, sans-serif; color: #000000;'>\nParsed array keys can not contain illegal characters! Script execution has been halted.</p><p style='font-family: Arial, Helvetica, sans-serif; color: #000000;'>It may be possible to fix this error by deleting your browsers cookies and refresh this page.</p>\n";
			72	die($die);
			73	}
			74
			75	// Multi dimentional arrays.. dig deeper.
			76	if (is_array($val))
			77	{
			78	$this->clean_all($data[$key]);
			79	}
			80	elseif(!empty($val))
			81	{
			82	$data[$key] = $this->saftey($val);
			83	}
			84
			85	}
			86
			87	}
			88	else
			89	{
			90	$data = $this->saftey($val);
			91	}
			92
			93	return $data;
			94
			95	}
			96
			97	function saftey($val)
			98	{
			99
			100	// strip null bytes
			101	$val = str_replace("\0", '', $val);
			102
			103	// add slashes if magic quotes is off
			104	$val = (!get_magic_quotes_gpc ()) ? addslashes ($val) : $val;
			105
			106	return $val;
			107
			108	}
			109
			110	}
			111
			112	$clean = new clean_all($data);
			113
			114	$_GET = $clean->clean_all($_GET);
			115	$_POST = $clean->clean_all($_POST);
			116	$_COOKIE = $clean->clean_all($_COOKIE);
			117	$_REQUEST = $clean->clean_all($_REQUEST);
			118
			119	/* END INITIAL SECURITY CHECKS */
			120
			121	// Set error reporting to all but notices
2	error_reporting(E_ALL ^ E_NOTICE);	=	122	error_reporting(E_ALL ^ E_NOTICE);
		-+	123	// display errors
3	@ini_set("display_errors", "1");	=	124	@ini_set("display_errors", "1");
		-+	125	// ste argument separator to & from & for XHTML validity
4	@ini_set("arg_separator.output","&");	=	126	@ini_set("arg_separator.output","&");
		<>	127	// version info
5	$ini['ver'] = '3.0.12';		128	$ini['ver'] = '3.0.13';
6	$ini['CCver'] = '30017';		129	$ini['CCver'] = '30018';
			130	// Brute Force Protection
			131	$ini['bftime'] = 600; // seconds
			132	$ini['bfattempts'] = 5; // login attempts
			133
			134	// Pages that should be server under SSL (if enabled)
7	$sslPages = array("unsubscribe" => 1,"login" => 1,"logout" => 1,"forgotPass" => 1,"account" => 1,"profile" => 1,"changePass" => 1,"newsletter" => 1,"cart" => 1,"step1" => 1,"step2" => 1,"step3" => 1,"step4" => 1,"step5" => 1,"reg" => 1,"viewOrders" => 1,"viewOrder" => 1,"confirmed" => 1);	=	135	$sslPages = array("unsubscribe" => 1,"login" => 1,"logout" => 1,"forgotPass" => 1,"account" => 1,"profile" => 1,"changePass" => 1,"newsletter" => 1,"cart" => 1,"step1" => 1,"step2" => 1,"step3" => 1,"step4" => 1,"step5" => 1,"reg" => 1,"viewOrders" => 1,"viewOrder" => 1,"confirmed" => 1);
8	?>		136	?>

File: includes\orderSuccess.inc.php

25	\| orderSuccess.inc.php	=	25	\| orderSuccess.inc.php
26	\| ========================================		26	\| ========================================
27	\| Fulfill the order		27	\| Fulfill the order
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
		<>	35
			36	$cart_order_id = treatGet($cart_order_id);
35		=	37
36	// get exchange rates etc		38	// get exchange rates etc
37	if(isset($cart_order_id) && !empty($cart_order_id)){		39	if(isset($cart_order_id) && !empty($cart_order_id)){
38	// build thank you and confirmation email		40	// build thank you and confirmation email
39	include($glob['rootDir']."/classes/htmlMimeMail.php");		41	include($glob['rootDir']."/classes/htmlMimeMail.php");
40	$mail = new htmlMimeMail();		42	$mail = new htmlMimeMail();

File: includes\session.inc.php

 |       session.php
 |   ========================================
 |       Core Session Management
 +--------------------------------------------------------------------------
 */
-if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) || ereg(".inc.php",$_SERVER['PHP_SELF'])) {
+if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) || eregi(".inc.php",$_SERVER['PHP_SELF'])) {
         echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
         exit;
 }
 if(($config['offLine']==1 && isset($_SESSION['ccAdmin']) && $config['offLineAllowAdmin']==0) || ($config['offLine']==1 && !isset($_SESSION['ccAdmin']))) {
         header("Location: offLine.php");
         // see if session is still in db
         $query = "SELECT sessId FROM ".$glob['dbprefix']."CubeCart_sessions WHERE sessId=".$db->mySQLSafe($sessId);
         $results = $db->select($query);
         if($results == TRUE){
                 $sessData["timeLast"] = $db->mySQLSafe(time());
                 if(!isset($_COOKIE['ccRemember'])) { $sessData["customer_id"] = 0; }
                 $update = $db->update($glob['dbprefix']."CubeCart_sessions", $sessData,"sessId=".$db->mySQLSafe($results[0]['sessId']));
                 setcookie("ccUser", base64_encode($sessId),time()+$config['sqlSessionExpiry'], $sessionDomain);
         }
 }
-if(!isset($_SESSION['ccUser']) && $results == FALSE){
+if(!isset($_SESSION['ccUser']) && $results == FALSE) {
         $sessId = makeSessId();
         $_SESSION['ccUser'] = $sessId;
         // insert sessionId into db
         // set cookie
         setcookie("ccUser", base64_encode($sessId),time()+$config['sqlSessionExpiry'], $sessionDomain);
         // delete sessions older than time set in config file
         $expiredSessTime = time() - $config['sqlSessionExpiry'];
         $delete = $db->delete($glob['dbprefix']."CubeCart_sessions", "timeLast<".$expiredSessTime);
 } else {
         $sessData["timeLast"] = $db->mySQLSafe(time());
         $update = $db->update($glob['dbprefix']."CubeCart_sessions", $sessData,"sessId=".$db->mySQLSafe($_SESSION['ccUser']));
 }
-$uniKey = "PGRpdiBjbGFzcz0ndHh0Q29weXJpZ2h0Jz5Qb3dlcmVkIGJ5IDxhIGhyZWY9J2h0dHA6Ly93d3cuY3ViZWNhcnQuY29tJyBjbGFzcz0ndHh0Q29weXJpZ2h0JyB0YXJnZXQ9J19ibGFuayc+Q3ViZUNhcnQ8L2E+JnRyYWRlOzxiciAvPkNvcHlyaWdodCA8YSBocmVmPSdodHRwOi8vd3d3LmRldmVsbGlvbi5jb20nIGNsYXNzPSd0eHRDb3B5cmlnaHQnIHRhcmdldD0nX2JsYW5rJz5EZXZlbGxpb24gTGltaXRlZDwvYT4gMjAwNS4gQWxsIHJpZ2h0cyByZXNlcnZlZC48L2Rpdj48L2JvZHk+";
+$uniKey = "PGRpdiBjbGFzcz0ndHh0Q29weXJpZ2h0Jz5Qb3dlcmVkIGJ5IDxhIGhyZWY9J2h0dHA6Ly93d3cuY3ViZWNhcnQuY29tJyBjbGFzcz0ndHh0Q29weXJpZ2h0JyB0YXJnZXQ9J19ibGFuayc+Q3ViZUNhcnQ8L2E+JnRyYWRlOzxiciAvPkNvcHlyaWdodCA8YSBocmVmPSdodHRwOi8vd3d3LmRldmVsbGlvbi5jb20nIGNsYXNzPSd0eHRDb3B5cmlnaHQnIHRhcmdldD0nX2JsYW5rJz5EZXZlbGxpb24gTGltaXRlZDwvYT4gMjAwNi4gQWxsIHJpZ2h0cyByZXNlcnZlZC48L2Rpdj48L2JvZHk+";
 $uniKey2 = "TG9jYXRpb246IGh0dHA6Ly93d3cuY3ViZWNhcnQuY29tL3NpdGUvcHVyY2hhc2Uv";
 // get userdata
 $query = "SELECT * FROM ".$glob['dbprefix']."CubeCart_sessions LEFT JOIN ".$glob['dbprefix']."CubeCart_customer ON ".$glob['dbprefix']."CubeCart_sessions.customer_id = ".$glob['dbprefix']."CubeCart_customer.customer_id WHERE sessId = ".$db->mySQLSafe($_SESSION['ccUser']);
 $ccUserData = $db->select($query);
+// We have a session issue :-/ (e.g. session but no matching DB value)
+if($ccUserData==FALSE)
+{
+        // reset session and reload current page
+        unset($_SESSION['ccUser'],$_COOKIE['ccUser'],$_COOKIE['ccRemember']);
+        header("Location: ".str_replace("&amp;","&",currentPage()));
+        exit;
+}
 ?>

File: includes\sessionStart.inc.php

29	*/	=	29	*/
30	$sessionDomain = substr($GLOBALS['rootRel'],0, strlen($GLOBALS['rootRel'])-1);		30	$sessionDomain = substr($GLOBALS['rootRel'],0, strlen($GLOBALS['rootRel'])-1);
31			31
32	if($glob['rootRel']=="/"){		32	if($glob['rootRel']=="/"){
33	$sessionName = "ccSID";		33	$sessionName = "ccSID";
34	} else {		34	} else {
35	$sessionName = "ccSID-".md5($glob['rootRel']);	<>	35	$sessionName = "ccSID".md5($glob['rootRel']);
36	}	=	36	}
37			37
38	session_name($sessionName);		38	session_name($sessionName);
39	@ini_set("session.cookie_path",$sessionDomain);		39	@ini_set("session.cookie_path",$sessionDomain);
40	session_start();		40	session_start();
41	?>		41	?>

File: includes\sslSwitch.inc.php

25	\| switch.php	=	25	\| switch.php
26	\| ========================================		26	\| ========================================
27	\| Switch between secure and insecure pages		27	\| Switch between secure and insecure pages
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	if(isset($_GET['act'])){		36	if(isset($_GET['act'])){
37			37

File: language\cn\lang.inc.php

 );
 $lang['admin']['other'] = array(
+'ip' => "IP:",
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'global_risk' => "Äµ§i: ¥Dn³]©wÀÉ 'includes/global.inc.php' ¬O¥i¼g¤Jªº¡A±zªº°Ó©±¥¿³B©ó·ÀI. ½Ð¥ß§Y±NÅv³]©w¦¨ 0644.",
 '401' => "¿ù»~ 401: ±z¨S¦³µn¤J¦¹¶±ªºÅv. ½Ð¸ß°Ý«ÈªA¤Hû¨Ó±ÂÅvµ¹±z.",
 'welcome_note' => "Åwªï¨Ó¨ì CubeCart «áºÝºÞ²z±±¨î¤¶±",
 );
 $lang['front']['login'] = array(
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'login' => "µn¤J",
 'username' => "Email:",
 'password' => "±K½X:",

File: language\de\lang.inc.php

 );
 $lang['admin']['other'] = array(
+'ip' => "IP:",
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'global_risk' => "WARUNG: Die Hauptkonfigurationsdatei 'includes/global.inc.php' ist nicht schreibgeschütz. Dies ist ein Risiko für Ihren Shop. Bitte ändern Sie die Einstellungen so bald wie möglich auf 0644 .",
 '401' => "Error 401: Sie haben keine Rechte für Zugriff auf diese Seite. Bitte wenden Sie sich an einen der Super-User.",
 'welcome_note' => "Willkommen im CubeCart Administrationsbereich",
 );
 $lang['front']['login'] = array(
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'login' => "Login",
 'username' => "Benutzername:",
 'password' => "Passwort:",

File: language\dk\lang.inc.php

 );
 $lang['admin']['other'] = array(
+'ip' => "IP:",
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'global_risk' => "ADVARSEL: Der er skrivetilladelse på den vigtigste konfigurationsfil 'includes/global.inc.php' og dette udgør en risiko for din forretning. Sørg venligst for at ændre denne tilladelse til 0644 så snart som muligt.",
 '401' => "Fejl 401: Du har ikke tilladelse til at åbne siden. Bed venligst en af superbrugerne om at give dig tilladelse.",
 'welcome_note' => "Velkommen til kontrolpanelet for CubeCart administration",
 );
 $lang['front']['login'] = array(
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'login' => "Log ind",
 'username' => "Email:",
 'password' => "Adgangskode:",

File: language\en\lang.inc.php

 );
 $lang['admin']['other'] = array(
+'ip' => "IP:",
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'global_risk' => "WARNING: The main configuration file 'includes/global.inc.php' is writable and your store is at risk. Please change these permissions to 0644 as soon as possible.",
 '401' => "Error 401: You do not have permission to access that page. Please ask one of the super users to grant this for you.",
 'welcome_note' => "Welcome to the CubeCart&trade; Administration Control Panel",
 );
 $lang['front']['login'] = array(
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'login' => "Login",
 'username' => "Email:",
 'password' => "Password:",
 $lang['front']['logout'] = array(
 'logout' => "Logout",
-'session_destroyed' => "Your session has been destroyed.",
+'session_destroyed' => "Your session has ended.",
 'no_session' => "No session was found to destroy. You appear to have arrived here by accident.",
 );

File: language\es\lang.inc.php

 );
 $lang['admin']['other'] = array(
+'ip' => "IP:",
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'global_risk' => "Advertencia: El archivo de configuracion principal 'includes/global.inc.php' posee permisos de escritura, lo cual pone en riesgo su tienda. Porfavor cambiar los permisos a CHMOD 0644 lo antes posible .",
 '401' => "Error 401: Usted no posee autorizacion para visitar esta pagina, contacte al administrador.",
 'welcome_note' => "Bienvenido al Panel de Administracion de CubeCart",
 );
 $lang['front']['login'] = array(
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'login' => "Ingresar",
 'username' => "Usuario:",
 'password' => "Clave:",

File: language\fi\lang.inc.php

 );
 $lang['admin']['other'] = array(
+'ip' => "IP:",
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'global_risk' => "VAROITUS: Pääasetustiedosto 'includes/global.inc.php' on kirjoitettavissa ja se on riskitekijä. Muuta CHMOD oikeudet 0644 niin pian kuin mahdollista.",
 '401' => "Virhe 401: Käyttöoikeutesi eivät riitä sivun tarkasteluun. Kysy pääkäyttäjältä voiko hän antaa sinulle oikeudet tälle sivulle.",
 'welcome_note' => "Tervetuloa CubeCart Ylläpitäjän hallintapaneeliin",
 );
 $lang['front']['login'] = array(
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'login' => "Kirjaudu",
 'username' => "Käyttäjänimi (Sähköpostiosoite):",
 'password' => "Salasana:",

File: language\fr\lang.inc.php

 );
 $lang['admin']['other'] = array(
+'ip' => "IP:",
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'global_risk' => "ATTENTION : Le fichier principal de configuration 'includes/global.inc.php' n'est pas protégé en écriture. Changez les permissions de ce fichier à 0644 dès que possible.",
 '401' => "Erreur 401 : Vous n'avez pas la permission d'acceder à cette page.",
 'welcome_note' => "Bienvenue sur le Panneau de Configuration pour l'administration de votre boutique.",
 );
 $lang['front']['login'] = array(
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'login' => "Connexion à votre compte",
 'username' => "Email:",
 'password' => "Mot de Passe:",

File: language\nl\lang.inc.php

 );
 $lang['admin']['other'] = array(
+'ip' => "IP:",
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'global_risk' => " Fout bij openen includes/global.inc.php om hem aan te passen. Probeer de bestandsrechten te wijzigen CHMOD value naar 0777. Vergeet hem niet terug te zetten naar 0644.",
 '401' => "Fout 401: Je hebt geen rechten om deze pagina te bezoeken. Vraag het aan een van de super gebruikers om dit te veranderen.",
 'welcome_note' => "Welkom bij het administratie gedeelte van Cube Cart",
 );
 $lang['front']['login'] = array(
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'login' => "Inloggen",
 'username' => "E-mail:",
 'password' => "Wachtwoord:",

File: language\no\lang.inc.php

 'sess_length' => "Økt Lengde",
 'geust' => "Gjest",
 'signed_in' => "Logget inn",
 );
 $lang['admin']['other'] = array(
+'ip' => "IP:",
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'global_risk' => "ADVARSEL: Konfigurasjonsfilen: 'includes/global.inc.php' er skrivbar og utsatt for sikkerhetsrisiko. Vennligst endre rettighetene til 0644 snarest.",
 '401' => "Error 401: Du har ikke tilatelse til å nå denne siden. Vennligst be superbrukerene om assistanse.",
 'welcome_note' => "Velkommen til CubeCart Administrasjons Panel",
 'last_login' => "Sist logged inn ",
 'by' => "er",
 'failed' => "feilet.",
 'choose_method' => "Vennligst velg ønsket Betalingsmåte:",
 'your_comments' => "Dine kommentarer:",
 'none_configured' => "Beklager, ingen Betalingsmetoder er konfigurert.",
 );
 $lang['front']['login'] = array(
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'login' => "Pålogging",
 'username' => "Brukernavn:",
 'password' => "Passord:",
 'remember_me' => "Husk meg?",
 'forgot_pass' => "Glemt passord?",
 'login_success' => "Påloggingen var godkjent.",

File: language\pl\lang.inc.php

 );
 $lang['admin']['other'] = array(
+'ip' => "IP:",
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'global_risk' => "OSTRZE¯ENIE: Plik konfiguracyjny 'includes/global.inc.php' is jest otwarty na zmiany a to jest ryzykowne dla sklepu. Ustaw jego warto¶æ CHMOD na 0644 tak szybko jak to mo¿liwe.",
 '401' => "B³±d 401: Nie masz pozwolenia na dostêp do tej strony. Zapytaj administratora czy Ci go udzieli.",
 'welcome_note' => "Witamy w panelu Administratora CubeCart",
 );
 $lang['front']['login'] = array(
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'login' => "Login",
 'username' => "Email:",
 'password' => "Has³o:",

File: language\pt\lang.inc.php

 );
 $lang['admin']['other'] = array(
+'ip' => "IP:",
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'global_risk' => "Aviso: O arquivo de configuração principal 'includes/global.inc.php' tem permissões de escrita, que pode por em risco a segurança da sua Loja. Por favor modifique as permissões para CHMOD 0644 o mais rápido possivel.",
 '401' => "Erro 401: Não possui autorização para visitar esta página, contacte o administrador.",
 'welcome_note' => "Bem vindo ao painel de Administrador do CubeCart",
 );
 $lang['front']['login'] = array(
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'login' => "Login",
 'username' => "Utilizador:",
 'password' => "Password:",

File: language\se\lang.inc.php

 );
 $lang['admin']['other'] = array(
+'ip' => "IP:",
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'global_risk' => "VARNING: Den huvudsakliga konfigurationsfilen
 'includes/global.inc.php' är skrivbar vilket innebär att din butik är i en
 riskzon. Var vänlig och ändra filtillåtelsen (CHMOD) till 0644 så snart som
 möjligt.",
 '401' => "Felmeddelande 401: Du har inte tillåtelse att utnyttja denna
 );
 $lang['front']['login'] = array(
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'login' => "Logga in",
 'username' => "Användarnamn:",
 'password' => "Lösenord:",

File: language\sk\lang.inc.php

 );
 $lang['admin']['other'] = array(
+'ip' => "IP:",
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'global_risk' => "UPOZORNENIE: Do hlavného konfiguraèného súboru 'includes/global.inc.php' je možné zapisova a tým je Váš obchod vystavený riziku. Zmeòte mu èo najskôr práva zápisu na 0644.",
 '401' => "Chyba 401: Nemáte prístupové práva na túto stránku. Požiadajte superužívate¾a, aby Vám umožnil prístup.",
 'welcome_note' => "Vitajte v ovládacom paneli CubeCart-u",
 );
 $lang['front']['login'] = array(
+'blocked' => "Authentication blocked for %s minutes for security reasons.",
 'login' => "Prihlási sa",
 'username' => "E-mail:",
 'password' => "Heslo:",

File: modules\gateway\Authorize\confirmed.php

         include_once("../../../classes/db.inc.php");
         $db = new db();
         include_once("../../../includes/functions.inc.php");
         $config = fetchDbConfig("config");
+        include_once("../../../includes/sessionStart.inc.php");
         include_once("../../../includes/sslSwitch.inc.php");
         include_once("../../../includes/session.inc.php");
         // get exchange rates etc
         include_once("../../../includes/currencyVars.inc.php");

File: modules\gateway\Authorize_AIM\transfer.inc.php

118	// Other Vars	=	118	// Other Vars
119	////////		119	////////
120	$formAction = "cart.php?act=step5&process=1";		120	$formAction = "cart.php?act=step5&process=1";
121	$formMethod = "post";		121	$formMethod = "post";
122	$formTarget = "_self";		122	$formTarget = "_self";
123	$transfer = "manual";		123	$transfer = "manual";
124	$stateUpdate = FALSE;	<>	124	$stateUpdate = TRUE;
125	?>	=	125	?>

File: modules\gateway\ccNow\transfer.inc.php

128	<input type='hidden' name='x_ship_to_state' value='".$basket['delInf']['county']."' />	=	128	<input type='hidden' name='x_ship_to_state' value='".$basket['delInf']['county']."' />
129	<input type='hidden' name='x_ship_to_zip' value='".$basket['delInf']['postcode']."' />		129	<input type='hidden' name='x_ship_to_zip' value='".$basket['delInf']['postcode']."' />
130	<input type='hidden' name='x_ship_to_country' value='".countryIso($basket['delInf']['country'])."' />		130	<input type='hidden' name='x_ship_to_country' value='".countryIso($basket['delInf']['country'])."' />
131	<input type='hidden' name='x_invoice_num' value='".$cart_order_id."' />		131	<input type='hidden' name='x_invoice_num' value='".$cart_order_id."' />
132	<input type='hidden' name='x_instructions' value='".$basket['customer_comments']."' />		132	<input type='hidden' name='x_instructions' value='".$basket['customer_comments']."' />
133	<input type='hidden' name='x_amount' value='".$basket['grandTotal']."' />		133	<input type='hidden' name='x_amount' value='".$basket['grandTotal']."' />
134	<input type='hidden' name='x_shipping_amount' value='".($basket['shipCostAmount']+$basket['tax'])."' />";	<>	134	<input type='hidden' name='x_shipping_amount' value='".($basket['shipCost']+$basket['tax'])."' />";
135		=	135
136	return $hiddenVars;		136	return $hiddenVars;
137			137
138	}		138	}
139			139
140	function success(){		140	function success(){

File: modules\gateway\DirectPayment\form.inc.php

1	<?php	=	1	<?php
2		<>
3	/*	=	2	/*
		<>	3	+--------------------------------------------------------------------------
			4	\| CubeCart v3.0.12
			5	\| ========================================
			6	\| by Alistair Brookbanks
			7	\| CubeCart is a Trade Mark of Devellion Limited
			8	\| Copyright Devellion Limited 2005 - 2006. All rights reserved.
			9	\| Devellion Limited,
			10	\| 22 Thomas Heskin Court,
			11	\| Station Road,
			12	\| Bishops Stortford,
			13	\| HERTFORDSHIRE.
			14	\| CM23 3EE
			15	\| UNITED KINGDOM
			16	\| http://www.devellion.com
			17	\| UK Private Limited Company No. 5323904
			18	\| ========================================
			19	\| Web: http://www.cubecart.com
			20	\| Date: Thursday, 17th August 2006
			21	\| Email: sales (at) cubecart (dot) com
			22	\| License Type: CubeCart is NOT Open Source Software and Limitations Apply
			23	\| Licence Info: http://www.cubecart.com/site/faq/license.php
			24	+--------------------------------------------------------------------------
			25	\| form.inc.php
			26	\| ========================================
4	* PayPal Direct Payment Gateway for CubeCart		27	\| PayPal Direct Payment Gateway
			28	+--------------------------------------------------------------------------
5	*/		29	*/
6		=	30
7	if($_GET['process']==1){	<>	31	if($_GET['process']==1)
8	// set include path for paypal sdk
9	$includePath = ini_get('include_path');
10	$pearPath = $glob['rootDir'] . "/pear";
11	if(!stristr($includePath, $pearPath)) ini_set('include_path',$pearPath . PATH_SEPARATOR . $includePath);
12			32	{
13	// set PayPal log level and directory
14	require_once('Log.php');
15		=	33
16	if($module['debug'])	<>	34	// Get Direct Payment module vars
			35	$module = fetchDbConfig("DirectPayment");
17		=	36
18	define('PAYPAL_LOG_LEVEL', PEAR_LOG_DEBUG);	<>	37	// set include path for PayPal SDK
19	define('PAYPAL_LOG_DIR', $glob['rootDir'] . "/pear/tmp");		38	set_include_path($glob['rootDir'] . "/pear" . PATH_SEPARATOR . get_include_path());
20		=	39
21	$firstName = $_POST["firstName"];	<>	40	require_once 'PayPal.php';
22	$lastName = $_POST["lastName"];		41
23	$orderAmount = $_POST["order_total"];		42	require_once 'PayPal/Profile/Handler.php';
24	$itemAmount = $_POST["item_total"];		43	require_once 'PayPal/Profile/Handler/Array.php';
25	$taxAmount = $_POST["tax_total"];		44	require_once 'PayPal/Profile/API.php';
26	$shippingAmount = $_POST["shipping_total"];
27	$currencyID = $_POST["currency_id"];
28	$cardType = $_POST["cardType"];
29	$cardNumber = $_POST["cardNumber"];
30	$expirationMonth = $_POST["expirationMonth"];
31	$expirationYear = $_POST["expirationYear"];
32	$cvc2 = $_POST["cvc2"];		45
33	$emailAddress = $_POST["emailAddress"];		46	require_once 'PayPal/Type/DoDirectPaymentRequestType.php';
34	$addr1 = $_POST["addr1"];		47	require_once 'PayPal/Type/DoDirectPaymentRequestDetailsType.php';
35	$addr2 = $_POST["addr2"];		48	require_once 'PayPal/Type/DoDirectPaymentResponseType.php';
36	$city = $_POST["city"];		49	// Add all of the types
37	$st = $_POST["state"];		50	require_once 'PayPal/Type/BasicAmountType.php';
38	$country = $_POST["country"];		51	require_once 'PayPal/Type/PaymentDetailsType.php';
39	$postalCode = $_POST["postalCode"];		52	require_once 'PayPal/Type/AddressType.php';
40	$orderID = $_POST["cart_order_id"];		53	require_once 'PayPal/Type/CreditCardDetailsType.php';
41	//$billingOption = $CONFIG["CUBECART_BILLING_OPTION"];		54	require_once 'PayPal/Type/PayerInfoType.php';
42	//$productName = $CONFIG["CUBECART_PRODUCT_NAME"];		55	require_once 'PayPal/Type/PersonNameType.php';
43		=	56
44	require_once ('Services/PayPal.php');	<>	57	/*
45	require_once ('Services/PayPal/Profile/Handler/Array.php');		58	$currency = $db->select("SELECT currency FROM ".$glob['dbprefix']."CubeCart_sessions WHERE sessId = ".$db->mySQLSafe($_SESSION['ccUser']));
46	require_once ('Services/PayPal/Profile/API.php');		59
			60	if($currency == TRUE && $currency[0]['currency'] != '')
47			61	{
48	//$certFile = $glob['rootDir']. $module['certificate'];		62	$currencyCodeType = $currency[0]['currency'];
			63	}
			64	else
			65	{
			66	$currencyCodeType = $config['defaultCurrency'];
			67	}
			68	*/
			69	// Override as only USD is supported at time of writing
			70	$currencyCodeType = "USD";
49	$certFile = $glob['rootDir']. "/pear/cert_key_pem.txt";	=	71	$certFile = $glob['rootDir']. "/pear/cert_key_pem.txt";
50	$certPass = '';	<>	72
51	$apiUsername = $module['username'];		73	// Set environment Sandox/Live
52	$apiPassword = $module['password'];
53	$subject = '';
54	$environment = $module['gateway'] ? "Live" : "Sandbox";	=	74	$environment = $module['gateway'] ? "Live" : "Sandbox";
55			75
56	$handler =& ProfileHandler_Array::getInstance(array(	<>	76	$handler = & ProfileHandler_Array::getInstance(array(
57	'username' => $apiUsername,		77	'username' => $module['username'],
58	'certificateFile' => $certFile,		78	'certificateFile' => $certFile,
59	'subject' => $subject,		79	'subject' => '',
60	'environment' => $environment));		80	'environment' => $environment));
61			81
			82	$pid = ProfileHandler::generateID();
			83
62	$profile =& APIProfile::getInstance($apiUsername, $handler);		84	$profile = & new APIProfile($pid, $handler);
			85	$profile->setAPIUsername($module['username']);
63	$profile->setAPIPassword($apiPassword);		86	$profile->setAPIPassword($module['password']);
64			87	$profile->setSignature(null);
65	$caller =& Services_PayPal::getCallerServices($profile);		88	$profile->setCertificateFile($certFile);
			89	$profile->setEnvironment($environment);
66			90
67	if(Services_PayPal::isError($caller))		91	// Build our request from $_POST
68	{		92	// $dp_request = new TransactionSearchRequestType();
69	//print $caller->getMessage();		93	$dp_request =& PayPal::getType('DoDirectPaymentRequestType');
			94	if (PayPal::isError($dp_request)) {
70	header("Location: confirmed.php?f=1");		95	header("Location: confirmed.php?f=1");
71	exit;	=	96	exit;
72	}		97	}
73		<>	98
74	$name =& Services_PayPal::getType('PersonNameType');		99	$paymentType = "Sale";
75	$name->setFirstName($firstName);		100	$firstName = $_POST['firstName'];
76	$name->setLastName($lastName);		101	$lastName = $_POST['lastName'];
77			102	$creditCardType = $_POST["cardType"];
78	$address =& Services_PayPal::getType('AddressType');		103	$creditCardNumber = $_POST["cardNumber"];
79	$address->setStreet1($addr1);		104	$expDateMonth = $_POST["expirationMonth"];
80	$address->setStreet2($addr2);		105	// Month must be padded with leading zero
81	$address->setCityName($city);		106	$padDateMonth = str_pad($expDateMonth, 2, '0', STR_PAD_LEFT);
82	$address->setStateOrProvince($st);		107	$expDateYear = $_POST["expirationYear"];
83	$address->setCountry($country);		108	$cvv2Number = $_POST["cvc2"];
84	$address->setPostalCode($postalCode);		109	$address1 = $_POST["addr1"];
85			110	$address2 = $_POST["addr2"];
86	$payer =& Services_PayPal::getType('PayerInfoType');
87	$payer->setPayer($emailAddress);
88	//$payer->setPayerID($order->customer['email_address']);
89	//$payer->setPayerStatus('verified');
90	$payer->setPayerName($name);
91	$payer->setPayerCountry($country);
92	$payer->setAddress($address);
93			111	$city = $_POST["city"];
94	$cc =& Services_PayPal::getType('CreditCardDetailsType');		112	$state = $_POST['state'];
95	$cc->setCreditCardType($cardType);		113	$zip = $_POST["postalCode"];
96	$cc->setCreditCardNumber($cardNumber);		114	$amount = $basket['grandTotal'];
97	$cc->setExpMonth($expirationMonth);		115	$countryISO = $_POST["country"];
98	$cc->setExpYear($expirationYear);
99	$cc->setCVV2($cvc2);
100	$cc->setCardOwner($payer);
101		=	116
102	$pdt =& Services_PayPal::getType('PaymentDetailsType');	<>	117	// Populate SOAP request information
103	$orderTotal =& Services_PayPal::getType('BasicAmountType');
104	$orderTotal->setval(number_format($orderAmount, 2));
105	$orderTotal->setattr('currencyID', $currencyID); // USD
106	$pdt->setOrderTotal($orderTotal);
107			118	// Payment details
108	if(($itemAmount + $taxAmount + $shippingAmount) == $orderAmount) {
109	$itemTotal =& Services_PayPal::getType('BasicAmountType');		119	$OrderTotal =& PayPal::getType('BasicAmountType');
110	$itemTotal->setval(number_format($itemAmount, 2));		120	if (PayPal::isError($OrderTotal)) {
111	$itemTotal->setattr('currencyID', $currencyID); // USD
112	$pdt->setItemTotal($itemTotal);
113			121	//var_dump($OrderTotal);
114	$taxTotal =& Services_PayPal::getType('BasicAmountType');		122	header("Location: confirmed.php?f=1");
115	$taxTotal->setval(number_format($taxAmount, 2));
116	$taxTotal->setattr('currencyID', $currencyID); // USD
117	$pdt->setTaxTotal($taxTotal);
118			123	exit;
119	$shippingTotal =& Services_PayPal::getType('BasicAmountType');
120	$shippingTotal->setval(number_format($shippingAmount, 2));
121	$shippingTotal->setattr('currencyID', $currencyID); // USD
122	$pdt->setShippingTotal($shippingTotal);
123	}	=	124	}
		-+	125	$OrderTotal->setattr('currencyID', $currencyCodeType);
			126	$OrderTotal->setval($amount, 'iso-8859-1');
			127	$PaymentDetails =& PayPal::getType('PaymentDetailsType');
			128	$PaymentDetails->setOrderTotal($OrderTotal);
			129	$PaymentDetails->setInvoiceID($orderID);
124		=	130
125	// START - adding info for shipping address	<>
126	$shipAddress =& Services_PayPal::getType('AddressType');		131	$shipTo =& PayPal::getType('AddressType');
127	$shipAddress->setName($basket['delInf']['firstName']."		132	$shipTo->setName($basket['delInf']['firstName']."
128	".$basket['delInf']['lastName']);	=	133	".$basket['delInf']['lastName']);
129	$shipAddress->setStreet1($basket['delInf']['add_1']);	<>	134	$shipTo->setStreet1($basket['delInf']['add_1']);
130	$shipAddress->setStreet2($basket['delInf']['add_2']);		135	$shipTo->setStreet2($basket['delInf']['add_2']);
131	$shipAddress->setCityName($basket['delInf']['town']);		136	$shipTo->setCityName($basket['delInf']['town']);
132	$shipAddress->setStateOrProvince($basket['delInf']['county']);		137	$shipTo->setStateOrProvince($basket['delInf']['county']);
133	$shipAddress->setCountry(countryIso($basket['delInf']['country']));		138	$shipTo->setCountry(countryIso($basket['delInf']['country']));
134	$shipAddress->setPostalCode($basket['delInf']['postcode']);		139	$shipTo->setPostalCode($basket['delInf']['postcode']);
135	$pdt->setShipToAddress($shipAddress);		140	$PaymentDetails->setShipToAddress($shipTo);
136	// END - adding info for shipping address		141
			142	$dp_details =& PayPal::getType('DoDirectPaymentRequestDetailsType');
			143	$dp_details->setPaymentDetails($PaymentDetails);
137			144
			145	// Credit Card info
			146	$card_details =& PayPal::getType('CreditCardDetailsType');
			147	$card_details->setCreditCardType($creditCardType);
			148	$card_details->setCreditCardNumber($creditCardNumber);
138	//$pdt->setOrderDescription($productName);		149	$card_details->setExpMonth($padDateMonth);
			150	$card_details->setExpYear($expDateYear);
139	$pdt->setInvoiceID($orderID);		151	$card_details->setCVV2($cvv2Number);
140		=	152
141	$details =& Services_PayPal::getType('DoDirectPaymentRequestDetailsType');	<>	153	$payer =& PayPal::getType('PayerInfoType');
			154	$person_name =& PayPal::getType('PersonNameType');
142	$details->setPaymentAction("Sale");		155	$person_name->setFirstName($firstName);
			156	$person_name->setLastName($lastName);
			157	$payer->setPayerName($person_name);
143	$details->setPaymentDetails($pdt);		158	$payer->setPayer($emailAddress);
			159	$payer->setPayerCountry($countryISO);
144	$details->setCreditCard($cc);		160	$payer->setAddress($shipTo);
145	$details->setIPAddress(getenv('REMOTE_ADDR'));		161
146	$details->setMerchantSessionId(session_id());		162	$card_details->setCardOwner($payer);
147			163
148	$ddp =& Services_PayPal::getType('DoDirectPaymentRequestType');		164	$dp_details->setCreditCard($card_details);
			165	$dp_details->setIPAddress($_SERVER['SERVER_ADDR']);
			166	$dp_details->setPaymentAction($paymentType);
			167
149	$ddp->setDoDirectPaymentRequestDetails($details);		168	$dp_request->setDoDirectPaymentRequestDetails($dp_details);
150			169
			170	$caller =& PayPal::getCallerServices($profile);
			171
			172	// Execute SOAP request
151	$response = $caller->DoDirectPayment($ddp);		173	$response = $caller->DoDirectPayment($dp_request);
152			174
153	if(Services_PayPal::isError($response) \|\| ($response->getAck() != 'Success' && $response->getAck() != 'SuccessWithWarning')) {		175	$ack = $response->getAck();
154	//if(Services_PayPal::isError($response))		176
155	// echo $response->getMessage();		177	switch($ack)
156			178	{
			179	case "Success":
			180	case "SuccessWithWarning":
157	header("Location: confirmed.php?f=1");		181	header("Location: confirmed.php");
158	exit;		182	exit;
			183	break;
159	} else {		184
160	// check amount and currency?		185	default:
161	header("Location: confirmed.php");		186	header("Location: confirmed.php?f=1");
162	exit;		187	exit;
163	}	=	188	}
		-+	189
164	}	=	190	}
165			191
166			192
167	$formTemplate = new XTemplate ("modules/gateway/DirectPayment/form.tpl");		193	$formTemplate = new XTemplate ("modules/gateway/DirectPayment/form.tpl");
168			194
169	$formTemplate->assign("VAL_FIRST_NAME",$ccUserData[0]['firstName']);		195	$formTemplate->assign("VAL_FIRST_NAME",$ccUserData[0]['firstName']);

File: modules\gateway\ExpressCheckout\return.php

1	<?php	=	1	<?php
2		<>
3	/*	=	2	/*
4	* PayPal Express Gateway for CubeCart	<>	3	+--------------------------------------------------------------------------
			4	\| CubeCart v3.0.12
			5	\| ========================================
			6	\| by Alistair Brookbanks
			7	\| CubeCart is a Trade Mark of Devellion Limited
			8	\| Copyright Devellion Limited 2005 - 2006. All rights reserved.
			9	\| Devellion Limited,
			10	\| 22 Thomas Heskin Court,
			11	\| Station Road,
			12	\| Bishops Stortford,
			13	\| HERTFORDSHIRE.
5	*/		14	\| CM23 3EE
			15	\| UNITED KINGDOM
			16	\| http://www.devellion.com
			17	\| UK Private Limited Company No. 5323904
			18	\| ========================================
			19	\| Web: http://www.cubecart.com
			20	\| Date: Thursday, 17th August 2006
			21	\| Email: sales (at) cubecart (dot) com
			22	\| License Type: CubeCart is NOT Open Source Software and Limitations Apply
			23	\| Licence Info: http://www.cubecart.com/site/faq/license.php
			24	+--------------------------------------------------------------------------
			25	\| form.inc.php
			26	\| ========================================
			27	\| PayPal Express Checkout Gateway
			28	+--------------------------------------------------------------------------
6			29	*/
7	include("../../../includes/ini.inc.php");	=	30	include("../../../includes/ini.inc.php");
8	include("../../../includes/global.inc.php");		31	include("../../../includes/global.inc.php");
9	require_once("../../../classes/db.inc.php");		32	require_once("../../../classes/db.inc.php");
10	$db = new db();		33	$db = new db();
11	include_once("../../../includes/functions.inc.php");		34	include_once("../../../includes/functions.inc.php");
12	$config = fetchDbConfig("config");		35	$config = fetchDbConfig("config");
		-+	36	include_once("../../../includes/sessionStart.inc.php");
13	include_once("../../../includes/sslSwitch.inc.php");	=	37	include_once("../../../includes/sslSwitch.inc.php");
14	include_once("../../../includes/session.inc.php");		38	include_once("../../../includes/session.inc.php");
15	include_once("../../../language/".$config['defaultLang']."/lang.inc.php");		39	include_once("../../../language/".$config['defaultLang']."/lang.inc.php");
16	include("../../../includes/currencyVars.inc.php");		40	include("../../../includes/currencyVars.inc.php");
17	require_once("../../../classes/cart.php");		41	require_once("../../../classes/cart.php");
		<>	42
18	$cart = new cart();	=	43	$cart = new cart();
19	$basket = $cart->cartContents($ccUserData[0]['basket']);		44	$basket = $cart->cartContents($ccUserData[0]['basket']);
20			45
		<>	46	if(isset($_REQUEST['token']))
			47	{
			48
			49	$module = fetchDbConfig("ExpressCheckout");
			50
21	// set include path for paypal sdk		51	// set include path for PayPal SDK
22	$includePath = ini_get('include_path');		52	set_include_path($glob['rootDir'] . "/pear" . PATH_SEPARATOR . get_include_path());
23	$pearPath = $glob['rootDir'] . "/pear";		53
24	if(!stristr($includePath, $pearPath)) ini_set('include_path',$pearPath . PATH_SEPARATOR . $includePath);		54	// Required files
			55	require_once 'PayPal.php';
25			56
26	require_once ('Services/PayPal.php');		57	require_once 'PayPal/Profile/Handler.php';
27	require_once ('Services/PayPal/Profile/Handler/Array.php');		58	require_once 'PayPal/Profile/Handler/Array.php';
28	require_once ('Services/PayPal/Profile/API.php');		59	require_once 'PayPal/Profile/API.php';
29			60
30	// set PayPal log level and directory		61	require_once 'PayPal/Type/BasicAmountType.php';
31	require_once('Log.php');		62
			63	require_once 'PayPal/Type/SetExpressCheckoutRequestType.php';
			64	require_once 'PayPal/Type/SetExpressCheckoutRequestDetailsType.php';
			65	require_once 'PayPal/Type/SetExpressCheckoutResponseType.php';
32			66
33	$module = fetchDbConfig("ExpressCheckout");		67	require_once 'PayPal/Type/GetExpressCheckoutDetailsRequestType.php';
			68	require_once 'PayPal/Type/GetExpressCheckoutDetailsResponseDetailsType.php';
			69	require_once 'PayPal/Type/GetExpressCheckoutDetailsResponseType.php';
34			70
			71	require_once 'PayPal/Type/DoExpressCheckoutPaymentRequestType.php';
			72	require_once 'PayPal/Type/DoExpressCheckoutPaymentRequestDetailsType.php';
			73	require_once 'PayPal/Type/DoExpressCheckoutPaymentResponseType.php';
35	if($module['debug'])		74
36	define('PAYPAL_LOG_LEVEL', PEAR_LOG_DEBUG);		75	// comment our when other currencies available
37	define('PAYPAL_LOG_DIR', $glob['rootDir'] . "/pear/tmp");		76	/*
			77	$currency = $db->select("SELECT currency FROM ".$glob['dbprefix']."CubeCart_sessions WHERE sessId = ".$db->mySQLSafe($_SESSION['ccUser']));
38			78
			79	if($currency == TRUE && $currency[0]['currency'] != '')
39	if($_GET['token']){		80	{
40	//$certFile = $glob['rootDir']. $module['certificate'];		81	$currencyCodeType = $currency[0]['currency'];
			82	}
			83	else
			84	{
			85	$currencyCodeType = $config['defaultCurrency'];
			86	}
			87	*/
			88
			89	// comment our when other currencies available
			90	$currencyCodeType = "USD"; // Only USD Supported 13-Oct-06
			91
41	$certFile = $glob['rootDir']. "/pear/cert_key_pem.txt";	=	92	$certFile = $glob['rootDir']. "/pear/cert_key_pem.txt";
42	$certPass = '';	<>	93
43	$apiUsername = $module['username'];		94	// Set environment Sandox/Live
44	$apiPassword = $module['password'];
45	$subject = '';
46	$environment = $module['gateway'] ? "Live" : "Sandbox";	=	95	$environment = $module['gateway'] ? "Live" : "Sandbox";
		-+	96
			97	define('PAYPAL_URL', 'https://www.' . $environment . '.paypal.com/cgi-bin/webscr?cmd=_express-checkout&token=');
47		=	98
		<>	99
48	$handler =& ProfileHandler_Array::getInstance(array(		100	$handler = & ProfileHandler_Array::getInstance(array(
49	'username' => $apiUsername,		101	'username' => $module['username'],
50	'certificateFile' => $certFile,		102	'certificateFile' => $certFile,
51	'subject' => $subject,		103	'subject' => '',
52	'environment' => $environment));		104	'environment' => $environment));
53			105
54	$profile =& APIProfile::getInstance($apiUsername, $handler);		106	$pid = ProfileHandler::generateID();
55	$profile->setAPIPassword($apiPassword);
56			107
57	$caller =& Services_PayPal::getCallerServices($profile);		108	$profile = & new APIProfile($pid, $handler);
58			109	$profile->setAPIUsername($module['username']);
59	if(Services_PayPal::isError($caller))		110	$profile->setAPIPassword($module['password']);
60	{
61	//print $caller->getMessage();		111	$profile->setSignature(null);
62	header("Location: ../../../confirmed.php?f=1");		112	$profile->setCertificateFile($certFile);
63	exit;		113	$profile->setEnvironment($environment);
64	}		114
			115	$caller =& PayPal::getCallerServices($profile);
65		=	116
		<>	117	// We have a TOKEN from paypal
			118	// GetExpressCheckoutDetails handling here
			119
66	$ecd =& Services_PayPal::getType('GetExpressCheckoutDetailsRequestType');		120	$ecd =& PayPal::getType('GetExpressCheckoutDetailsRequestType');
67	$ecd->setToken($_GET['token']);	=	121	$ecd->setToken($_GET['token']);
68	$response = $caller->GetExpressCheckoutDetails($ecd);		122	$response = $caller->GetExpressCheckoutDetails($ecd);
69			123
70	if(Services_PayPal::isError($response) \|\| ($response->getAck() != 'Success' && $response->getAck() != 'SuccessWithWarning')) {	<>	124	if(PayPal::isError($response) \|\| ($response->getAck() != 'Success' && $response->getAck() != 'SuccessWithWarning'))
			125	{
71	//if(Services_PayPal::isError($response)) {		126	//if(PayPal::isError($response)) {
72	// print $response->getMessage();	=	127	// print $response->getMessage();
73	//}		128	//}
74	header("Location: ../../../confirmed.php?f=1");		129	header("Location: ../../../confirmed.php?f=1");
75	exit;		130	exit;
		<>	131	}
76	} else {		132	else
			133	{
77	$details = $response->getGetExpressCheckoutDetailsResponseDetails();	=	134	$details = $response->getGetExpressCheckoutDetailsResponseDetails();
78	$payerInfo = $details->getPayerInfo();		135	$payerInfo = $details->getPayerInfo();
79	$pdt =& Services_PayPal::getType('PaymentDetailsType');	<>	136	$pdt =& PayPal::getType('PaymentDetailsType');
80		=	137
81	$currency = $db->select("SELECT currency FROM ".$glob['dbprefix']."CubeCart_sessions WHERE sessId = ".$db->mySQLSafe($_SESSION['ccUser']));	<>
82
83	if($currency == TRUE && $currency[0]['currency'] != ''){
84	$currencyID = $db->mySQLSafe($currency[0]['currency']);
85	} else {
86	$currencyID = $config['defaultCurrency'];
87	}
88
89	$orderTotal =& Services_PayPal::getType('BasicAmountType');		138	$orderTotal =& PayPal::getType('BasicAmountType');
90	$orderTotal->setval(number_format($basket['grandTotal'], 2));	=	139	$orderTotal->setval(number_format($basket['grandTotal'], 2));
91	$orderTotal->setattr('currencyID', $currencyID);	<>	140	$orderTotal->setattr('currencyID', $currencyCodeType);
92	$pdt->setOrderTotal($orderTotal);	=	141	$pdt->setOrderTotal($orderTotal);
93			142
94	if(($basket['subTotal'] + $basket['tax'] + $basket['shipCost']) == $basket['grandTotal']) {	<>	143	if(($basket['subTotal'] + $basket['tax'] + $basket['shipCost']) == $basket['grandTotal'])
			144	{
95	$itemTotal =& Services_PayPal::getType('BasicAmountType');		145	$itemTotal =& PayPal::getType('BasicAmountType');
96	$itemTotal->setval(number_format($basket['subTotal'], 2));	=	146	$itemTotal->setval(number_format($basket['subTotal'], 2));
97	$itemTotal->setattr('currencyID', $currencyID); // USD	<>	147	$itemTotal->setattr('currencyID', $currencyCodeType); // USD
98	$pdt->setItemTotal($itemTotal);	=	148	$pdt->setItemTotal($itemTotal);
99			149
100	$taxTotal =& Services_PayPal::getType('BasicAmountType');	<>	150	$taxTotal =& PayPal::getType('BasicAmountType');
101	$taxTotal->setval(number_format($basket['tax'], 2));	=	151	$taxTotal->setval(number_format($basket['tax'], 2));
102	$taxTotal->setattr('currencyID', $currencyID); // USD	<>	152	$taxTotal->setattr('currencyID', $currencyCodeType); // USD
103	$pdt->setTaxTotal($taxTotal);	=	153	$pdt->setTaxTotal($taxTotal);
104			154
105	$shippingTotal =& Services_PayPal::getType('BasicAmountType');	<>	155	$shippingTotal =& PayPal::getType('BasicAmountType');
106	$shippingTotal->setval(number_format($basket['shipCost'], 2));	=	156	$shippingTotal->setval(number_format($basket['shipCost'], 2));
107	$shippingTotal->setattr('currencyID', $currencyID); // USD	<>	157	$shippingTotal->setattr('currencyID', $currencyCodeType); // USD
108	$pdt->setShippingTotal($shippingTotal);	=	158	$pdt->setShippingTotal($shippingTotal);
109	}		159	}
110			160
111	$pdt->setInvoiceID($basket['cart_order_id']);		161	$pdt->setInvoiceID($basket['cart_order_id']);
112			162
113	$details =& Services_PayPal::getType('DoExpressCheckoutPaymentRequestDetailsType');	<>	163	$details =& PayPal::getType('DoExpressCheckoutPaymentRequestDetailsType');
114	$details->setPaymentAction('Sale');	=	164	$details->setPaymentAction('Sale');
115	$details->setToken($_GET['token']);		165	$details->setToken($_GET['token']);
116	$details->setPayerID($payerInfo->getPayerID());		166	$details->setPayerID($payerInfo->getPayerID());
117	$details->setPaymentDetails($pdt);		167	$details->setPaymentDetails($pdt);
118			168
119	$ecprt =& Services_PayPal::getType('DoExpressCheckoutPaymentRequestType');	<>	169	$ecprt =& PayPal::getType('DoExpressCheckoutPaymentRequestType');
120	$ecprt->setDoExpressCheckoutPaymentRequestDetails($details);	=	170	$ecprt->setDoExpressCheckoutPaymentRequestDetails($details);
121			171
122	$response = $caller->DoExpressCheckoutPayment($ecprt);		172	$response = $caller->DoExpressCheckoutPayment($ecprt);
123			173
124	if(Services_PayPal::isError($response) \|\| ($response->getAck() != 'Success' && $response->getAck() != 'SuccessWithWarning')) {	<>	174	if(PayPal::isError($response) \|\| ($response->getAck() != 'Success' && $response->getAck() != 'SuccessWithWarning'))
			175	{
125	//if(Services_PayPal::isError($response)) {		176	//if(PayPal::isError($response)) {
126	// print $response->getMessage();	=	177	// print $response->getMessage();
127	//}		178	//}
128	header("Location: ../../../confirmed.php?f=1");		179	header("Location: ../../../confirmed.php?f=1");
129	exit;		180	exit;
		<>	181	}
130	} else {		182	else
			183	{
131	$details = $response->getDoExpressCheckoutPaymentResponseDetails();	=	184	$details = $response->getDoExpressCheckoutPaymentResponseDetails();
132	$paymentInfo = $details->getPaymentInfo();		185	$paymentInfo = $details->getPaymentInfo();
133	$paymentStatus = $paymentInfo->getPaymentStatus();		186	$paymentStatus = $paymentInfo->getPaymentStatus();
134		<>	187
135	switch ($paymentStatus) {		188	switch ($paymentStatus)
			189	{
136	case 'Completed':	=	190	case 'Completed':
137	case 'Pending':		191	case 'Pending':
138	header("Location: ../../../confirmed.php");		192	header("Location: ../../../confirmed.php");
139	exit;		193	exit;
140	default:		194	default:
141	header("Location: ../../../confirmed.php?f=1");		195	header("Location: ../../../confirmed.php?f=1");
142	exit;		196	exit;
143	}		197	}
		-+	198
144	}	=	199	}
		-+	200
145	}	=	201	}
		<>	202
146	}	=	203	}
		-+	204	else
			205	{
			206	header("location: ../../../index.php");
			207	exit;
			208	}
147	?>	=	209	?>

File: modules\gateway\ExpressCheckout\transfer.inc.php

1	<?php	=	1	<?php
2	/*		2	/*
3	+--------------------------------------------------------------------------		3	+--------------------------------------------------------------------------
4	\| CubeCart v3.0.2	<>	4	\| CubeCart v3.0.12
5	\| ========================================	=	5	\| ========================================
6	\| by Alistair Brookbanks		6	\| by Alistair Brookbanks
7	\| CubeCart is a Trade Mark of Devellion Limited		7	\| CubeCart is a Trade Mark of Devellion Limited
8	\| Copyright Devellion Limited 2005 - 2006. All rights reserved.		8	\| Copyright Devellion Limited 2005 - 2006. All rights reserved.
9	\| Devellion Limited,		9	\| Devellion Limited,
10	\| 22 Thomas Heskin Court,		10	\| 22 Thomas Heskin Court,

19	\| Web: http://www.cubecart.com	=	19	\| Web: http://www.cubecart.com
20	\| Date: Thursday, 17th August 2006		20	\| Date: Thursday, 17th August 2006
21	\| Email: sales (at) cubecart (dot) com		21	\| Email: sales (at) cubecart (dot) com
22	\| License Type: CubeCart is NOT Open Source Software and Limitations Apply		22	\| License Type: CubeCart is NOT Open Source Software and Limitations Apply
23	\| Licence Info: http://www.cubecart.com/site/faq/license.php		23	\| Licence Info: http://www.cubecart.com/site/faq/license.php
24	+--------------------------------------------------------------------------		24	+--------------------------------------------------------------------------
25	\| transfer.php	<>	25	\| transfer.inc.php
26	\| ========================================	=	26	\| ========================================
27	\| Core functions for the PayPal Express Checkout Gateway		27	\| Core functions for the PayPal Express Checkout Gateway
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30	/*	<>	30	if(isset($_POST['gateway']))
31	//////////////////////////
32	// PAYPAL DIRECT PAYMENT GATEWAY
33	//////////////////////////
34	// L@@K AT ALL THE LOVELY
35	// VARIABLES WE HAVE TO
36	// PLAY WITH!!
37	//////
38			31	{
39	//////////////////////////
40	// IN THE REPEATED REGION
41	//////
42	$orderInv['productId'] - product id as an integer
43	$orderInv['name'] - product name as a varchar
44	$orderInv['price'] - price of each product (inc options)
45	$orderInv['quantity'] - quantity of products as an integer
46	$orderInv['product_options'] - products attributes as test
47	$orderInv['productCode'] - product code as a varchar
48	$i - This is the current incremented integer starting at 0
49			32
50	/////////////////////////		33	// Get Express Checkout module vars
51	// FIXED VARS		34	$module = fetchDbConfig("ExpressCheckout");
52	///////
53	$cart_order_id - cart order id as a varchar
54	$ccUserData[0]['email'] - Customers email address
55	$ccUserData[0]['title'] - Customers title (Mr Miss etc...)
56	$ccUserData[0]['firstName'] - Customers first name
57	$ccUserData[0]['lastName'] - Customers last name
58	$ccUserData[0]['add_1'] - Invoice Address line 1
59	$ccUserData[0]['add_2'] - Invoice Address line 1
60	$ccUserData[0]['town'] - Invoice Town or city
61	$ccUserData[0]['county'] - Invoice County or state
62	$ccUserData[0]['postcode'] - Invoice Post/Zip Code
63	$ccUserData[0]['country'] - Invoice country Id we can look up the country name like this
64	countryName($ccUserData[0]['country']);
65	$ccUserData[0]['phone'] - Contact phone no
66	$ccUserData[0]['mobile'] - Mobile/Cell phone number
67			35
68	$basket['delInf']['title'] - Delivery title (Mr Miss etc...)		36	// set include path for PayPal SDK
69	$basket['delInf']['firstName'] - Delivery customers first name		37	set_include_path($glob['rootDir'] . "/pear" . PATH_SEPARATOR . get_include_path());
70	$basket['delInf']['lastName'] - Delivery customers last name
71	$basket['delInf']['add_1'] - Delivery Address line 1
72	$basket['delInf']['add_2'] - Delivery Address line 1
73	$basket['delInf']['town'] - Delivery Town or city
74	$basket['delInf']['county'] - Delivery County or state
75	$basket['delInf']['postcode'] - Delivery Post/Zip Code
76	$basket['delInf']['country'] - Delivery country Id we can look up the country name like this
77	countryName($basket['delInf']['country']);
78			38
79			39	// Required files
80	$basket['subTotal'] - Order Subtotal (exTax and Shipping)
81	$basket['grandTotal'] - Basket total which has to be paid (inc Tax and Shipping).
82	$basket['tax'] - Total tax to pay
83	$basket['shipCost'] - Shipping price
84	////////////////////////////////////////////////////////
85	*/
86			40	require_once 'PayPal.php';
87
88	if(isset($_POST['gateway'])){
89		=	41
90	// set include path for paypal sdk	<>	42	require_once 'PayPal/Profile/Handler.php';
91	$includePath = ini_get('include_path');		43	require_once 'PayPal/Profile/Handler/Array.php';
92	$pearPath = $glob['rootDir'] . "/pear";		44	require_once 'PayPal/Profile/API.php';
93	if(!stristr($includePath, $pearPath)) ini_set('include_path',$pearPath . PATH_SEPARATOR . $includePath);
94		=	45
95	require_once ('Services/PayPal.php');	<>	46	require_once 'PayPal/Type/BasicAmountType.php';
96	require_once ('Services/PayPal/Profile/Handler/Array.php');
97	require_once ('Services/PayPal/Profile/API.php');
98		=	47
99	// set PayPal log level and directory	<>	48	require_once 'PayPal/Type/SetExpressCheckoutRequestType.php';
100	require_once('Log.php');		49	require_once 'PayPal/Type/SetExpressCheckoutRequestDetailsType.php';
			50	require_once 'PayPal/Type/SetExpressCheckoutResponseType.php';
101		=	51
102	$module = fetchDbConfig("ExpressCheckout");	<>	52	require_once 'PayPal/Type/GetExpressCheckoutDetailsRequestType.php';
			53	require_once 'PayPal/Type/GetExpressCheckoutDetailsResponseDetailsType.php';
			54	require_once 'PayPal/Type/GetExpressCheckoutDetailsResponseType.php';
103		=	55
		<>	56	/*
			57	$currency = $db->select("SELECT currency FROM ".$glob['dbprefix']."CubeCart_sessions WHERE sessId = ".$db->mySQLSafe($_SESSION['ccUser']));
			58
			59	if($currency == TRUE && $currency[0]['currency'] != '')
			60	{
			61	$currencyCodeType = $currency[0]['currency'];
			62	}
104	if($module['debug'])		63	else
105	define('PAYPAL_LOG_LEVEL', PEAR_LOG_DEBUG);		64	{
106	define('PAYPAL_LOG_DIR', $glob['rootDir'] . "/pear/tmp");		65	$currencyCodeType = $config['defaultCurrency'];
			66	}
			67	*/
107		=	68
		-+	69	// Override as only USD is supported at time of writing this module
			70	$currencyCodeType = "USD";
108	$certFile = $glob['rootDir']. "/pear/cert_key_pem.txt";	=	71	$certFile = $glob['rootDir']. "/pear/cert_key_pem.txt";
109	$certPass = '';	<>	72
110	$apiUsername = $module['username'];		73	// Set environment Sandox/Live
111	$apiPassword = $module['password'];
112	$subject = '';
113	$environment = $module['gateway'] ? "Live" : "Sandbox";	=	74	$environment = $module['gateway'] ? "Live" : "Sandbox";
114			75
115	$handler =& ProfileHandler_Array::getInstance(array(	<>	76	$handler = & ProfileHandler_Array::getInstance(array(
116	'username' => $apiUsername,		77	'username' => $module['username'],
117	'certificateFile' => $certFile,		78	'certificateFile' => $certFile,
118	'subject' => $subject,		79	'subject' => '',
119	'environment' => $environment));		80	'environment' => $environment));
120		=	81
121	$profile =& APIProfile::getInstance($apiUsername, $handler);	<>	82	$pid = ProfileHandler::generateID();
122	$profile->setAPIPassword($apiPassword);
123		=	83
124	$caller =& Services_PayPal::getCallerServices($profile);	<>	84	$profile = & new APIProfile($pid, $handler);
125			85	$profile->setAPIUsername($module['username']);
126	if(Services_PayPal::isError($caller))		86	$profile->setAPIPassword($module['password']);
127	{
128	//print $caller->getMessage();		87	$profile->setSignature(null);
129	header("Location: confirmed.php?f=1");		88	$profile->setCertificateFile($certFile);
			89	$profile->setEnvironment($environment);
130	exit;		90
			91	$returnURL = $glob['storeURL']."/modules/gateway/ExpressCheckout/return.php";
			92	$cancelURL = $glob['storeURL']."/cart.php?act=step5";
131	}		93
			94	$ec_request =& PayPal::getType('SetExpressCheckoutRequestType');
132			95
133	$currency = $db->select("SELECT currency FROM ".$glob['dbprefix']."CubeCart_sessions WHERE sessId = ".$db->mySQLSafe($_SESSION['ccUser']));		96	$ec_details =& PayPal::getType('SetExpressCheckoutRequestDetailsType');
			97	$ec_details->setReturnURL($returnURL);
			98	$ec_details->setCancelURL($cancelURL);
			99	$ec_details->setPaymentAction($paymentType);
134		=	100
135	if($currency == TRUE && $currency[0]['currency'] != ''){	<>	101	$amt_type =& PayPal::getType('BasicAmountType');
136	$currencyID = $db->mySQLSafe($currency[0]['currency']);		102	$amt_type->setattr('currencyID', $currencyCodeType);
137	} else {		103	$amt_type->setval($basket['grandTotal'], 'iso-8859-1');
138	$currencyID = $config['defaultCurrency'];		104	$ec_details->setOrderTotal($amt_type);
139	}
140		=	105
141	$amount =& Services_PayPal::getType('BasicAmountType');	<>	106	$ec_request->setSetExpressCheckoutRequestDetails($ec_details);
142	$amount->setval(number_format($basket['grandTotal'], 2));
143	$amount->setattr('currencyID', $currencyID); // only USD supported
144		=	107
145	$ecd =& Services_PayPal::getType('SetExpressCheckoutRequestDetailsType');	+-
146	$ecd->setOrderTotal($amount);
147	$ecd->setReturnURL($glob['storeURL']."/modules/gateway/ExpressCheckout/return.php");
148	$ecd->setCancelURL($glob['storeURL']."/cart.php?act=step5");
149	$ecd->setNoShipping(0); // do display shipping address at paypal site so user can't change it
150	$ecd->setBuyerEmail($ccUserData[0]['email']);
151	$ecd->setPaymentAction('Sale');
152		=	108
153	$ec =& Services_PayPal::getType('SetExpressCheckoutRequestType');	<>	109	$caller =& PayPal::getCallerServices($profile);
154	$ec->setSetExpressCheckoutRequestDetails($ecd);
155		=	110
		<>	111	// Execute SOAP request
156	$response = $caller->SetExpressCheckout($ec);		112	$response = $caller->SetExpressCheckout($ec_request);
157		=	113
158	if(Services_PayPal::isError($response) \|\| ($response->getAck() != 'Success' && $response->getAck() != 'SuccessWithWarning')) {	<>	114	$ack = $response->getAck();
159	//if(Services_PayPal::isError($response)) {		115
			116	switch($ack)
			117	{
			118	case "Success":
			119	case "SuccessWithWarning":
160	// print $response->getMessage();		120	$token = $response->getToken();
			121	break;
161	//}		122
			123	// we don't want this to happen :O(
			124	default:
162	header("Location: confirmed.php?f=1");		125	header("Location: confirmed.php?f=1");
163	exit;		126	exit;
164	}	=	127	}
165		+-
166	$paypal_token = $response->getToken();
167		=	128
168	}		129	}
169			130
		<>	131
170	function repeatVars(){		132	function repeatVars()
			133	{
171		=	134
172	return FALSE;		135	return FALSE;
173			136
174	}		137	}
175			138
176	function fixedVars(){	<>	139	function fixedVars()
			140	{
177	global $paypal_token;		141	global $token;
178		=	142
179	$hiddenVars = "<input type='hidden' name='cmd' value='_express-checkout' />		143	$hiddenVars = "<input type='hidden' name='cmd' value='_express-checkout' />
180	<input type='hidden' name='token' value='".$paypal_token."' />";	<>	144	<input type='hidden' name='token' value='".$token."' />";
181		=	145
182	return $hiddenVars;		146	return $hiddenVars;
183	}		147	}
184			148
185	function success(){	<>	149	function success()
			150	{
186	global $basket;	=	151	global $basket;
187			152
188	if($_GET['f']==1) {	<>	153	if($_GET['f']==1)
			154	{
189		=	155
190	return FALSE;		156	return FALSE;
191			157
		<>	158	}
192	} else {		159	else
			160	{
193		=	161
194	return TRUE;		162	return TRUE;
195			163
196	}		164	}
197			165
198	}		166	}
199			167
200	///////////////////////////		168	///////////////////////////
201	// Other Vars		169	// Other Vars
202	////////		170	////////
203	if($module['gateway']==1){	<>	171	if($module['gateway']==1)
			172	{
204	$formAction = "https://www.paypal.com/cgi-bin/webscr";	=	173	$formAction = "https://www.paypal.com/cgi-bin/webscr";
		<>	174	}
205	} else {		175	else
			176	{
206	$formAction = "https://www.sandbox.paypal.com/cgi-bin/webscr";	=	177	$formAction = "https://www.sandbox.paypal.com/cgi-bin/webscr";
207	}		178	}
208			179
209	$formMethod = "get";		180	$formMethod = "get";
210	$formTarget = "_self";		181	$formTarget = "_self";
211	$transfer = "auto";		182	$transfer = "auto";
212	$stateUpdate = TRUE;		183	$stateUpdate = TRUE;
213	?>		184	?>

File: modules\gateway\HSBC\form.inc.php

18	************************************************/	=	18	************************************************/
19			19
20	$module = fetchDbConfig("HSBC");		20	$module = fetchDbConfig("HSBC");
21	include ("modules/gateway/HSBC/func_https_libcurl.php");		21	include ("modules/gateway/HSBC/func_https_libcurl.php");
22			22
23	if($_GET['process']==1){		23	if($_GET['process']==1){
24		<>	24	$ccPassthru = "";
25	switch($module['test']) {		25	$ccPassthru[] = $_POST["emailAddress"]."\|";
26	case "0": $pp_mode="P"; break;		26	$ccPassthru[] = $_POST["phone"]."\|";
27	case "1": $pp_mode="Y"; break;		27	$ccPassthru[] = $_POST["firstName"]."\|";
28	default: $pp_mode="N"; break;		28	$ccPassthru[] = $_POST["lastName"]."\|";
29	}		29	$ccPassthru[] = $_POST["city"]."\|";
30	$domen = ($module["test"]=="2" ? $module["url"] : $module["url"]);		30	$ccPassthru[] = $_POST["addr1"]."\|";
31	$port = ($module["test"]=="2" ? 443 : 443);		31	$ccPassthru[] = $_POST["addr2"]."\|";
32	$pp_login = $module["userID"];		32	$ccPassthru[] = $_POST["state"]."\|";
33	$pp_pass = $module["passPhrase"];		33	$ccPassthru[] = $_POST["postalCode"]."\|";
34	$pp_client = $module["acNo"];
35	$curr = "826";		34	$ccPassthru[] = $_POST["cvc2"]."\|";
36			35	$ccPassthru[] = $_POST["expirationMonth"]."/".$_POST["expirationYear"]."\|";
37	$XPost = "";		36	$ccPassthru[] = $_POST["issueNumber"]."\|";
38	$XPost[] = "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>";		37	$ccPassthru[] = $_POST["cardNumber"]."\|";
39	$XPost[] = "<EngineDocList>";		38	$ccPassthru[] = $_POST["startMonth"]."/".$_POST["startYear"]."\|";
40	$XPost[] = "<DocVersion>1.0</DocVersion>";		39	$ccPassthru[] = $_POST["cardType"]."\|";
41	$XPost[] = "<EngineDoc>";		40	$ccPassthru[] = $_POST["amount"]."\|";
42	$XPost[] = "<ContentType>OrderFormDoc</ContentType>";
43			41	?>
44	$XPost[] = "<User>";		42	<html>
45	$XPost[] = "<Name>$pp_login</Name>";		43	<head></head>
46	$XPost[] = "<Password>$pp_pass</Password>";		44	<body onLoad="document.getElementById('ccVerifyCC').submit();">
47	$XPost[] = "<ClientId DataType=\"S32\">$pp_client</ClientId>";		45	<div style="text-align: center; border: 1px solid darkred; font-family: arial;">
48	$XPost[] = "</User>";
49			46	<br />
50	$XPost[] = "<Instructions>";		47	<img src="<?=$config['storeURL_SSL'];?>/admin/modules/gateway/HSBC/logo.gif" /><br /><br />
51	$XPost[] = "<Pipeline>Payment</Pipeline>";		48	Cardholder Authentication in Progress<br /><br />
52	$XPost[] = "</Instructions>";		49	<img src="<?=$config['storeURL_SSL'];?>/modules/gateway/HSBC/ajax.gif" /><br /><br />
			50	<img src="<?=$config['storeURL_SSL'];?>/modules/gateway/HSBC/vbv.png" /><img src="<?=$config['storeURL_SSL'];?>/modules/gateway/HSBC/mcs.png" /><br /><br />
53			51	</div>
54	$XPost[] = "<OrderFormDoc>";		52	<form method="POST" action="https://<?=$module['pas'];?>" id="ccVerifyCC">
55	$XPost[] = "<Mode>$pp_mode</Mode>";		53	<input type="hidden" name="CardExpiration" value="<?php echo $_POST["expirationYear"].$_POST["expirationMonth"];?>" />
56	$XPost[] = "<Consumer>";		54	<input type="hidden" name="CardholderPan" value="<?php echo $_POST["cardNumber"];?>" />
57	$XPost[] = "<Email>".$_POST["emailAddress"]."</Email>";		55	<input type="hidden" name="CcpaClientId" value="UK03162651GBP01" />
58	$XPost[] = "<BillTo>";		56	<input type="hidden" name="CurrencyExponent" value="2" />
59	$XPost[] = "<Location>";		57	<input type="hidden" name="PurchaseAmount" value="£<?=$_POST["amount"];?>" />
60	$XPost[] = "<TelVoice>".$_POST["phone"]."</TelVoice>";		58	<input type="hidden" name="PurchaseAmountRaw" value="<?=(100*$_POST["amount"]);?>" />
61	$XPost[] = "<Address><Name>".$_POST["firstName"]." ".$_POST["lastName"]."</Name>";		59	<input type="hidden" name="PurchaseCurrency" value="826" />
62	$XPost[] = "<City>".$_POST["city"]."</City>";		60	<input type="hidden" name="MD" value="<?=base64_encode(join("",$ccPassthru));?>" />
63	$XPost[] = "<Street1>".$_POST["addr1"]."</Street1>";		61	<input type="hidden" name="ResultUrl" value="<?=$config['storeURL_SSL'];?>/modules/gateway/HSBC/verify.php" />
64	$XPost[] = "<Street2>".$_POST["addr2"]."</Street2>";
65	$XPost[] = "<StateProv>".$_POST["state"]."</StateProv>";
66	$XPost[] = "<PostalCode>".$_POST["postalCode"]."</PostalCode>";
67	$XPost[] = "</Address>";		62	</form>
68	$XPost[] = "</Location>";		63	</body>
69	$XPost[] = "</BillTo>";		64	</html>
70			65	<?php
71	$XPost[] = "<PaymentMech>";
72	$XPost[] = "<CreditCard>";
73	$XPost[] = "<Cvv2Indicator>".(!empty($_POST["cvc2"])?1:2)."</Cvv2Indicator>";
74	$XPost[] = "<Cvv2Val>".$_POST["cvc2"]."</Cvv2Val>";
75	$XPost[] = "<Expires DataType=\"ExpirationDate\" Locale=\"840\">".$_POST["expirationMonth"]."/".$_POST["expirationYear"]."</Expires>";
76	if ((($_POST['cardType'] == 9)\|\|($_POST['cardType'] == 10))&&($_POST['issueNumber'])){
77	$XPost[] = "<IssueNum>".$_POST["issueNumber"]."</IssueNum>";
78	}		66	exit;
79	$XPost[] = "<Number>".$_POST["cardNumber"]."</Number>";
80	if ((($_POST['cardType'] == 9)\|\|($_POST['cardType'] == 10))&&($_POST['startMonth'])){
81	$XPost[] = "<StartDate DataType=\"StartDate\" Locale=\"840\">".substr($_POST["startMonth"],0,2)."/".substr($_POST["startYear"],2,2)."</StartDate>";
82	}	=	67	}
83	$XPost[] = "<Type>".$_POST['cardType']."</Type>";	+-
84	$XPost[] = "</CreditCard>";
85	$XPost[] = "</PaymentMech>";
86	$XPost[] = "</Consumer>";
87	$XPost[] = "<Transaction>";
88	$XPost[] = "<Type>Auth</Type>";
89	$XPost[] = "<ChargeDesc1></ChargeDesc1>";
90	$XPost[] = "<CurrentTotals>";
91	$XPost[] = "<Totals>";
92	$XPost[] = "<Total DataType=\"Money\" Currency=\"".$curr."\">".(100*$_POST["amount"])."</Total>";
93	$XPost[] = "</Totals>";
94	$XPost[] = "</CurrentTotals>";
95	$XPost[] = "</Transaction>";
96	$XPost[] = "</OrderFormDoc>";
97	$XPost[] = "</EngineDoc>";
98	$XPost[] = "</EngineDocList>";
99		=	68
100	$pst = array("CLRCMRC_XML=".join("",$XPost));	<>
101	list($a,$return)=func_https_request("POST","https://".$domen.":$port/",$pst);
102	$return=preg_replace("/\n/","",$return);
103
104	//debug
105	//print_r($return);
106	//exit;
107	preg_match("/<AuthCode(.)>(.)<\/AuthCode>/",$return,$out);
108	$authCode = $out[2];
109
110	if($authCode) {		69	if ($module['avs'] == 1) {
111	header("Location: confirmed.php");		70	$formTemplate = new XTemplate ("modules/gateway/HSBC/formAVS.tpl");
112	exit;
113	} else {		71	} else {
114	header("Location: confirmed.php?f=1");		72	$formTemplate = new XTemplate ("modules/gateway/HSBC/form.tpl");
115	exit;
116	}
117
118
119
120	}	=	73	}
121		<>
122
123	$formTemplate = new XTemplate ("modules/gateway/HSBC/form.tpl");
124		=	74
125	$formTemplate->assign("VAL_FIRST_NAME",$ccUserData[0]['firstName']);		75	$formTemplate->assign("VAL_FIRST_NAME",$ccUserData[0]['firstName']);
126	$formTemplate->assign("VAL_LAST_NAME",$ccUserData[0]['lastName']);		76	$formTemplate->assign("VAL_LAST_NAME",$ccUserData[0]['lastName']);
127	$formTemplate->assign("VAL_EMAIL_ADDRESS",$ccUserData[0]['email']);		77	$formTemplate->assign("VAL_EMAIL_ADDRESS",$ccUserData[0]['email']);
128	$formTemplate->assign("VAL_ADD_1",$ccUserData[0]['add_1']);		78	$formTemplate->assign("VAL_ADD_1",$ccUserData[0]['add_1']);
129	$formTemplate->assign("VAL_ADD_2",$ccUserData[0]['add_2']);		79	$formTemplate->assign("VAL_ADD_2",$ccUserData[0]['add_2']);
130	$formTemplate->assign("VAL_CITY",$ccUserData[0]['town']);		80	$formTemplate->assign("VAL_CITY",$ccUserData[0]['town']);
131	$formTemplate->assign("VAL_COUNTY",$ccUserData[0]['county']);		81	$formTemplate->assign("VAL_COUNTY",$ccUserData[0]['county']);
132	$formTemplate->assign("VAL_POST_CODE",$ccUserData[0]['postcode']);		82	$formTemplate->assign("VAL_POST_CODE",$ccUserData[0]['postcode']);
		-+	83	$formTemplate->assign("VAL_PHONE",$ccUserData[0]['phone']);
133	$formTemplate->assign("VAL_CART_ORDER_ID",$basket['cart_order_id']);	=	84	$formTemplate->assign("VAL_CART_ORDER_ID",$basket['cart_order_id']);
134	$formTemplate->assign("VAL_GRAND_TOTAL",$basket['grandTotal']);		85	$formTemplate->assign("VAL_GRAND_TOTAL",$basket['grandTotal']);
135	$formTemplate->assign("VAL_MERCH_ID",$module['acNo']);		86	$formTemplate->assign("VAL_MERCH_ID",$module['acNo']);
		-+	87	$formTemplate->assign("VAL_AVSMSG",$module['avstext']);
136		=	88
137			89
138	$countries = $db->select("SELECT id, iso, printable_name FROM ".$glob['dbprefix']."CubeCart_iso_countries ORDER BY printable_name");		90	$countries = $db->select("SELECT id, iso, printable_name FROM ".$glob['dbprefix']."CubeCart_iso_countries ORDER BY printable_name");
139			91
140	for($i=0; $i<count($countries); $i++){		92	for($i=0; $i<count($countries); $i++){
141			93

File: modules\gateway\HSBC\form.tpl

2	<table width="100%" cellpadding="3" cellspacing="0" border="0">	=	2	<table width="100%" cellpadding="3" cellspacing="0" border="0">
3	<tr align="left">		3	<tr align="left">
4	<td colspan="4" class="tdcartTitle"><strong>Credit Card Information</strong></td>		4	<td colspan="4" class="tdcartTitle"><strong>Credit Card Information</strong></td>
5	</tr>		5	</tr>
6	<tr align="left">		6	<tr align="left">
7	<td><strong>First Name:</strong></td>		7	<td><strong>First Name:</strong></td>
8	<td><input type="text" name="firstName" value="{VAL_FIRST_NAME}" class="textbox" /></td>	<>	8	<td>{VAL_FIRST_NAME}<input type="hidden" name="firstName" value="{VAL_FIRST_NAME}" class="textbox" /></td>
9	</tr>	=	9	</tr>
10	<tr align="left">		10	<tr align="left">
11	<td><strong>Last Name:</strong></td>		11	<td><strong>Last Name:</strong></td>
12	<td><input type="text" name="lastName" value="{VAL_LAST_NAME}" class="textbox" /></td>	<>	12	<td>{VAL_LAST_NAME}<input type="hidden" name="lastName" value="{VAL_LAST_NAME}" class="textbox" /></td>
13	</tr>	=	13	</tr>
14	<tr align="left">		14	<tr align="left">
15	<td><strong>Card Type:</strong>	<>	15	<td><strong>Card Type<font color=red>*</font>:</strong>
16	<td colspan="3">	=	16	<td colspan="3">
17	<select name="cardType">		17	<select name="cardType">
18	<option value="1">Visa</option>		18	<option value="1">Visa</option>
19	<option value="2">MasterCard</option>		19	<option value="2">MasterCard</option>
20	<option value="10">Maestro (UK Issued)</option>		20	<option value="10">Maestro (UK Issued)</option>
21	<option value="10">Maestro (Other)</option>		21	<option value="10">Maestro (Other)</option>

24	<option value="11">Visa Electron (UK Issued)</option>	=	24	<option value="11">Visa Electron (UK Issued)</option>
25	<option value="11">Visa Electron (Other)</option>		25	<option value="11">Visa Electron (Other)</option>
26	</select>		26	</select>
27	</td>		27	</td>
28	</tr>		28	</tr>
29	<tr align="left">		29	<tr align="left">
30	<td><strong>Card Number:</strong>	<>	30	<td><strong>Card Number<font color=red>*</font>:</strong>
31	<td colspan="3"><input type="text" name="cardNumber" value="" size="19" maxlength="19" class="textbox" /></td>	=	31	<td colspan="3"><input type="text" name="cardNumber" value="" size="19" maxlength="19" class="textbox" /></td>
32	</tr>		32	</tr>
33	<tr align="left">		33	<tr align="left">
34	<td><strong>Start Date (where applicable):</strong></td>	<>	34	<td><strong>Start Date [mm/yy]:</strong></td>
35	<td colspan="3"><input type="text" name="startMonth" value="" size="2" maxlength="2" class="textbox" /> / <input type="text" name="startYear" value="" size="2" maxlength="2" class="textbox" />	=	35	<td colspan="3"><input type="text" name="startMonth" value="" size="2" maxlength="2" class="textbox" /> / <input type="text" name="startYear" value="" size="2" maxlength="2" class="textbox" />
36	</tr>		36	</tr>
37	<tr align="left">		37	<tr align="left">
38	<td><strong>Expire Date:</strong></td>	<>	38	<td><strong>Expire Date [mm/yy]<font color=red>*</font>:</strong></td>
39	<td colspan="3"><input type="text" name="expirationMonth" value="" size="2" maxlength="2" class="textbox" /> / <input type="text" name="expirationYear" value="" size="2" maxlength="2" class="textbox" />	=	39	<td colspan="3"><input type="text" name="expirationMonth" value="" size="2" maxlength="2" class="textbox" /> / <input type="text" name="expirationYear" value="" size="2" maxlength="2" class="textbox" />
40	</tr>		40	</tr>
41	<tr align="left">		41	<tr align="left">
42	<td><strong>Issue Number(where applicable):</strong></td>	<>	42	<td><strong>Issue Number:</strong></td>
43	<td colspan="3"><input type="text" name="issueNumber" value="" size="3" maxlength="3" class="textbox" />	=	43	<td colspan="3"><input type="text" name="issueNumber" value="" size="3" maxlength="3" class="textbox" />
44	</tr>		44	</tr>
45	<tr align="left">		45	<tr align="left">
46	<td><strong>Verification Code:</strong>		46	<td><strong>Verification Code:</strong>
47	<td colspan="3"><input type="text" name="cvc2" value="" size="3" maxlength="3" class="textbox" /></td>		47	<td colspan="3"><input type="text" name="cvc2" value="" size="3" maxlength="3" class="textbox" /></td>
48	</tr>		48	</tr>
49	<tr>		49	<tr>
50	<td colspan="4"> </td>		50	<td colspan="4"> </td>
51	</tr>		51	</tr>
52	<tr align="left">		52	<tr align="left">
53	<td colspan="4" class="tdcartTitle"><strong>Customer Information</strong></td>		53	<td colspan="4" class="tdcartTitle"><strong>Customer Information</strong></td>
54	</tr>	<>	54	</tr>
			55
55	<tr align="left">	=	56	<tr align="left">
56	<td><strong>E-Mail: </strong>		57	<td><strong>E-Mail: </strong>
57	<td colspan="3"><input type="text" name="emailAddress" value="{VAL_EMAIL_ADDRESS}" size="50" class="textbox" /></td>		58	<td colspan="3"><input type="text" name="emailAddress" value="{VAL_EMAIL_ADDRESS}" size="50" class="textbox" /></td>
58	</tr>		59	</tr>
59	<tr align="left">		60	<tr align="left">
60	<td><strong>Address: </strong>		61	<td><strong>Address: </strong>

96	<input type="text" name="phoneNumber" value="{VAL_PHONE}" size="10" maxlength="15" class="textbox" />	=	97	<input type="text" name="phoneNumber" value="{VAL_PHONE}" size="10" maxlength="15" class="textbox" />
97	</td>		98	</td>
98	</tr>		99	</tr>
99	<tr align="left">		100	<tr align="left">
100	<td><strong>Country: </strong>		101	<td><strong>Country: </strong>
101	<td colspan="3">		102	<td colspan="3">
		<>	103	<!--<input type="hidden" name="country" value="{VAL_COUNTRY_ISO}" size="10" maxlength="15" class="textbox" />-->
			104
102	<select name="country" class="textbox">	=	105	<select name="country" class="textbox">
103	<!-- BEGIN: repeat_countries -->	<>	106	BEGIN: repeat_countries
104	<option value="{VAL_COUNTRY_ISO}" {COUNTRY_SELECTED}>{VAL_COUNTRY_NAME}</option>		107	<option value="{VAL_COUNTRY_ISO}" {COUNTRY_SELECTED}>{VAL_COUNTRY_NAME}</option>
105	<!-- END: repeat_countries -->		108	END: repeat_countries
106	</select>		109	</select>
107	</td>	=	110	</td>
108	</tr>		111	</tr>
109	</table>		112	</table>
110	<input type="hidden" name="cart_order_id" value="{VAL_CART_ORDER_ID}" />		113	<input type="hidden" name="cart_order_id" value="{VAL_CART_ORDER_ID}" />
111	<input type="hidden" name="amount" value="{VAL_GRAND_TOTAL}" />		114	<input type="hidden" name="amount" value="{VAL_GRAND_TOTAL}" />
112	<input type="hidden" name="gateway" value="HSBC" />		115	<input type="hidden" name="gateway" value="HSBC" />
113	<!-- END: form -->		116	<!-- END: form -->

File: modules\gateway\HSBC\func_https_libcurl.php

File: modules\gateway\HSBC\transfer.inc.php

File: modules\gateway\PayJunction\form.inc.php

 <?php
 $module = fetchDbConfig("PayJunction");
 if($_GET['process']==1){
         ## Required variables
-        $curl_exec              = "/usr/bin/curl -m 64 -d";
+        //$curl_exec            = "/usr/bin/curl -m 64 -d";
         $server                 = "https://payjunction.com/live/vendor/quick_link/transact";
         $request                = "";
         $response               = array ();
         $is_approved            = false;
         $is_default_page        = true;
                 while (list ($key, $val) = each($post_array))
                 {
                         $request .= $key . "=" . urlencode($val) . "&";
                 }
                 ## Send the secure transaction request to PayJunction
-                $content = exec ("$curl_exec \"$request\" $server");
+                //$content = exec ("$curl_exec \"$request\" $server");
+                // Use more secure curl_setop instead of exec
+                $ch = curl_init($server);
+                curl_setopt($ch, CURLOPT_HEADER, 0); // set to 0 to eliminate header info from response
+                curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); // Returns response data instead of TRUE(1)
+                curl_setopt($ch, CURLOPT_POSTFIELDS, rtrim( $request, "& " )); // use HTTP POST to send form data
+                curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, FALSE); // uncomment this line if you get no gateway response. ###
+                $content = curl_exec($ch); //execute post and get results
+                curl_close ($ch);
                 ## Parse the response from PayJunction
                 $content = array_values (split (chr (28), $content));
                 while ($key_value = next ($content))
                 {
                         list ($key, $value) = split ("=", $key_value);
                 {
                         $is_approved = true;
                 }
                 $is_default_page = false;
         if ($is_approved){
-                        $cart_order_id = $basket['cart_order_id'];
+                        //$cart_order_id = $basket['cart_order_id'];
-                        include("../../../includes/orderSuccess.inc.php");
+                        //include("../../../includes/orderSuccess.inc.php");
                         header("Location: confirmed.php");
                         exit;
         } else {
                         header("Location: confirmed.php?f=1");

File: modules\gateway\PayJunction\transfer.inc.php

         return FALSE;
 }
 function success(){
-        global $basket;
         if($_GET['f']==1) {
                 return FALSE;
         } else {
 // Other Vars
 ////////
 $formAction = "cart.php?act=step5&amp;process=1";
 $formMethod = "post";
 $formTarget = "_self";
 $transfer = "manual";
-$stateUpdate = FALSE;
+$stateUpdate = TRUE;
 ?>

File: modules\gateway\Print_Order_Form\transfer.inc.php

17		=	17
18	}		18	}
19			19
20	///////////////////////////		20	///////////////////////////
21	// Other Vars		21	// Other Vars
22	////////		22	////////
23	$formAction = $GLOBALS['rootRel']."/modules/gateway/Print_Order_Form/orderForm.php";	<>	23	$formAction = "modules/gateway/Print_Order_Form/orderForm.php";
24	$formMethod = "post";	=	24	$formMethod = "post";
25	$formTarget = "_self";		25	$formTarget = "_self";
26	$transfer = "auto";		26	$transfer = "auto";
27	?>		27	?>

File: modules\gateway\Protx\confirmed.php

         include_once("../../../classes/db.inc.php");
         $db = new db();
         include_once("../../../includes/functions.inc.php");
         $config = fetchDbConfig("config");
+        include_once("../../../includes/sessionStart.inc.php");
         include_once("../../../includes/sslSwitch.inc.php");
         include_once("../../../includes/session.inc.php");
         // get exchange rates etc
         include_once("../../../includes/currencyVars.inc.php");

File: modules\gateway\SECPay\confirmed.php

         include_once("../../../classes/db.inc.php");
         $db = new db();
         include_once("../../../includes/functions.inc.php");
         $config = fetchDbConfig("config");
+        include_once("../../../includes/sessionStart.inc.php");
         include_once("../../../includes/sslSwitch.inc.php");
         include_once("../../../includes/session.inc.php");
         // get exchange rates etc
         include_once("../../../includes/currencyVars.inc.php");
         include_once("../../../language/".$config['defaultLang']."/lang.inc.php");
 // 2. Include function which returns ture or false
 $success = successFirst();
         if($success == TRUE){
-                $cart_order_id = $_POST['trans_id'];
+                //$cart_order_id = $_POST['trans_id'];
-                include_once("../../../includes/orderSuccess.inc.php");
+                //include_once("../../../includes/orderSuccess.inc.php");
                 $result = "?pg=".base64_encode("SECPay");
         } else {
                 $result = "?f=1&amp;pg=".base64_encode("SECPay");

File: modules\gateway\WorldPay\confirmed.php

         include_once("../../../classes/db.inc.php");
         $db = new db();
         include_once("../../../includes/functions.inc.php");
         $config = fetchDbConfig("config");
+        include_once("../../../includes/sessionStart.inc.php");
         include_once("../../../includes/sslSwitch.inc.php");
         include_once("../../../includes/session.inc.php");
         // get exchange rates etc
         include_once("../../../includes/currencyVars.inc.php");

File: modules\shipping\Royal_Mail\calc.php

59	}	=	59	}
60			60
61	// work out cost		61	// work out cost
62	$shipBands = explode(",",str_replace(" ","",$module['zone'.$shipZone.'Rates']));		62	$shipBands = explode(",",str_replace(" ","",$module['zone'.$shipZone.'Rates']));
63	$noBands = count($shipBands);		63	$noBands = count($shipBands);
64			64
65	for($i=0; $i<count($shipBands);$i++){	<>	65	for($j=0; $j<count($shipBands);$j++){
66		=	66
67	$wheightCost = explode(":",str_replace(" ","",$shipBands[$i]));	<>	67	$wheightCost = explode(":",str_replace(" ","",$shipBands[$j]));
68		=	68
69	if($totalWeight<=$wheightCost[0]){		69	if($totalWeight<=$wheightCost[0]){
70			70
71	$sum = $wheightCost[1]+$module['zone'.$shipZone.'Handling'];		71	$sum = $wheightCost[1]+$module['zone'.$shipZone.'Handling'];
72	break;		72	break;
73			73
74	} elseif($totalWeight>$wheightCost[0] && $i+1==$noBands){	<>	74	} elseif($totalWeight>$wheightCost[0] && $j+1==$noBands){
75		=	75
76	$overWeight = TRUE;		76	$overWeight = TRUE;
77			77
78	}		78	}
79			79
80	}		80	}

File: skins\Classic\styleTemplates\global\cart.tpl

1	<!-- BEGIN: body -->	=	1	<!-- BEGIN: body -->
2	<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">	<>	2	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3	<html xmlns="http://www.w3.org/1999/xhtml">	=	3	<html xmlns="http://www.w3.org/1999/xhtml">
4	<head>		4	<head>
5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />		5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />
6	<title>{META_TITLE}</title>		6	<title>{META_TITLE}</title>
7	<meta name="description" content="{META_DESC}" />		7	<meta name="description" content="{META_DESC}" />
8	<meta name="keywords" content="{META_KEYWORDS}" />		8	<meta name="keywords" content="{META_KEYWORDS}" />

File: skins\Classic\styleTemplates\global\index.tpl

1	<!-- BEGIN: body -->	=	1	<!-- BEGIN: body -->
2	<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">	<>	2	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3	<html xmlns="http://www.w3.org/1999/xhtml">	=	3	<html xmlns="http://www.w3.org/1999/xhtml">
4	<head>		4	<head>
5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />		5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />
6	<title>{META_TITLE}</title>		6	<title>{META_TITLE}</title>
7	<meta name="description" content="{META_DESC}" />		7	<meta name="description" content="{META_DESC}" />
8	<meta name="keywords" content="{META_KEYWORDS}" />		8	<meta name="keywords" content="{META_KEYWORDS}" />

File: skins\Classic\styleTemplates\popup\prodImages.tpl

1	<!-- BEGIN: prod_images -->	=	1	<!-- BEGIN: prod_images -->
2	<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">	<>	2	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3	<html xmlns="http://www.w3.org/1999/xhtml">	=	3	<html xmlns="http://www.w3.org/1999/xhtml">
4	<head>		4	<head>
5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />		5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />
6	<title>{META_TITLE}</title>		6	<title>{META_TITLE}</title>
7	<link href="../skins/{VAL_SKIN}/styleSheets/popup.css" rel="stylesheet" type="text/css" />		7	<link href="../skins/{VAL_SKIN}/styleSheets/popup.css" rel="stylesheet" type="text/css" />
8	<script language="javascript" src="../js/jslibrary.js"></script>		8	<script language="javascript" src="../js/jslibrary.js"></script>

File: skins\Killer\styleTemplates\global\cart.tpl

1	<!-- BEGIN: body -->	=	1	<!-- BEGIN: body -->
2	<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">	<>	2	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3	<html xmlns="http://www.w3.org/1999/xhtml">	=	3	<html xmlns="http://www.w3.org/1999/xhtml">
4	<head>		4	<head>
5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />		5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />
6	<title>{META_TITLE}</title>		6	<title>{META_TITLE}</title>
7	<meta name="description" content="{META_DESC}" />		7	<meta name="description" content="{META_DESC}" />
8	<meta name="keywords" content="{META_KEYWORDS}" />		8	<meta name="keywords" content="{META_KEYWORDS}" />

File: skins\Killer\styleTemplates\global\index.tpl

1	<!-- BEGIN: body -->	=	1	<!-- BEGIN: body -->
2	<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">	<>	2	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3	<html xmlns="http://www.w3.org/1999/xhtml">	=	3	<html xmlns="http://www.w3.org/1999/xhtml">
4	<head>		4	<head>
5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />		5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />
6	<title>{META_TITLE}</title>		6	<title>{META_TITLE}</title>
7	<meta name="description" content="{META_DESC}" />		7	<meta name="description" content="{META_DESC}" />
8	<meta name="keywords" content="{META_KEYWORDS}" />		8	<meta name="keywords" content="{META_KEYWORDS}" />

File: skins\Killer\styleTemplates\popup\prodImages.tpl

1	<!-- BEGIN: prod_images -->	=	1	<!-- BEGIN: prod_images -->
2	<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">	<>	2	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3	<html xmlns="http://www.w3.org/1999/xhtml">	=	3	<html xmlns="http://www.w3.org/1999/xhtml">
4	<head>		4	<head>
5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />		5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />
6	<title>{META_TITLE}</title>		6	<title>{META_TITLE}</title>
7	<link href="../skins/{VAL_SKIN}/styleSheets/popup.css" rel="stylesheet" type="text/css" />		7	<link href="../skins/{VAL_SKIN}/styleSheets/popup.css" rel="stylesheet" type="text/css" />
8	<script language="javascript" src="../js/jslibrary.js"></script>		8	<script language="javascript" src="../js/jslibrary.js"></script>

File: skins\Legend\styleTemplates\global\cart.tpl

1	<!-- BEGIN: body -->	=	1	<!-- BEGIN: body -->
2	<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">	<>	2	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3	<html xmlns="http://www.w3.org/1999/xhtml">	=	3	<html xmlns="http://www.w3.org/1999/xhtml">
4	<head>		4	<head>
5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />		5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />
6	<title>{META_TITLE}</title>		6	<title>{META_TITLE}</title>
7	<meta name="description" content="{META_DESC}" />		7	<meta name="description" content="{META_DESC}" />
8	<meta name="keywords" content="{META_KEYWORDS}" />		8	<meta name="keywords" content="{META_KEYWORDS}" />

File: skins\Legend\styleTemplates\global\index.tpl

1	<!-- BEGIN: body -->	=	1	<!-- BEGIN: body -->
2	<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">	<>	2	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3	<html xmlns="http://www.w3.org/1999/xhtml">	=	3	<html xmlns="http://www.w3.org/1999/xhtml">
4	<head>		4	<head>
5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />		5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />
6	<title>{META_TITLE}</title>		6	<title>{META_TITLE}</title>
7	<meta name="description" content="{META_DESC}" />		7	<meta name="description" content="{META_DESC}" />
8	<meta name="keywords" content="{META_KEYWORDS}" />		8	<meta name="keywords" content="{META_KEYWORDS}" />

File: skins\Legend\styleTemplates\popup\prodImages.tpl

1	<!-- BEGIN: prod_images -->	=	1	<!-- BEGIN: prod_images -->
2	<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">	<>	2	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
3	<html xmlns="http://www.w3.org/1999/xhtml">	=	3	<html xmlns="http://www.w3.org/1999/xhtml">
4	<head>		4	<head>
5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />		5	<meta http-equiv="Content-Type" content="text/html; charset={VAL_ISO}" />
6	<title>{META_TITLE}</title>		6	<title>{META_TITLE}</title>
7	<link href="../skins/{VAL_SKIN}/styleSheets/popup.css" rel="stylesheet" type="text/css" />		7	<link href="../skins/{VAL_SKIN}/styleSheets/popup.css" rel="stylesheet" type="text/css" />
8	<script language="javascript" src="../js/jslibrary.js"></script>		8	<script language="javascript" src="../js/jslibrary.js"></script>

File: download.php

62	header("Cache-Control: must-revalidate, post-check=0, pre-check=0");	=	62	header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
63	header("Content-Type: application/octet-stream");		63	header("Content-Type: application/octet-stream");
64	header("Content-Length: " . filesize($download[0]['digitalDir']));		64	header("Content-Length: " . filesize($download[0]['digitalDir']));
65	$filename = explode("/",$download[0]['digitalDir']);		65	$filename = explode("/",$download[0]['digitalDir']);
66	$parts = count($filename);		66	$parts = count($filename);
67	header("Content-Disposition: attachment; filename=".$filename[$parts-1]);		67	header("Content-Disposition: attachment; filename=".$filename[$parts-1]);
		<>	68
			69	function readfile_chunked ($filename) {
			70	$chunksize = 1(10241024); // how many bytes per chunk
			71	$buffer = '';
			72	$handle = fopen($filename, 'rb');
			73	if ($handle === false) {
			74	return false;
			75	}
			76	while (!feof($handle)) {
			77	$buffer = fread($handle, $chunksize);
			78	print $buffer;
			79	}
			80	return fclose($handle);
			81	}
			82
68	readfile($download[0]['digitalDir']);		83	readfile_chunked($download[0]['digitalDir']);
			84
69	exit;	=	85	exit;
70			86
71	}		87	}
72			88
73			89
74	} else {		90	} else {

File: switch.php

25	\| profile.inc.php	=	25	\| profile.inc.php
26	\| ========================================		26	\| ========================================
27	\| Customers Profile		27	\| Customers Profile
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30			30
31	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	31	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	32	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
33	exit;		33	exit;
34	}		34	}
35			35
36	// send email if form is submit		36	// send email if form is submit
37	if(isset($_POST['submit']) && $ccUserData[0]['customer_id']>0){		37	if(isset($_POST['submit']) && $ccUserData[0]['customer_id']>0){

74	$data['postcode'] = $db->mySQLSafe($_POST['postcode']);	=	74	$data['postcode'] = $db->mySQLSafe($_POST['postcode']);
75	$data['country'] = $db->mySQLSafe($_POST['country']);		75	$data['country'] = $db->mySQLSafe($_POST['country']);
76	$data['phone'] = $db->mySQLSafe($_POST['phone']);		76	$data['phone'] = $db->mySQLSafe($_POST['phone']);
77	$data['mobile'] = $db->mySQLSafe($_POST['mobile']);		77	$data['mobile'] = $db->mySQLSafe($_POST['mobile']);
78			78
79	// look up users zone		79	// look up users zone
80	$zoneId = $db->select("SELECT * FROM ".$glob['dbprefix']."CubeCart_iso_counties WHERE (abbrev LIKE '".addslashes_gpc($_POST['county'])."' OR name LIKE '".addslashes_gpc($_POST['county'])."')");	<>	80	$zoneId = $db->select("SELECT * FROM ".$glob['dbprefix']."CubeCart_iso_counties WHERE (abbrev LIKE ".$db->mySQLSafe($_POST['county'])." OR name LIKE ".$db->mySQLSafe($_POST['county']).")");
81		=	81
82	if($zoneId[0]['id']>0){		82	if($zoneId[0]['id']>0){
83			83
84	$data["zoneId"] = $zoneId[0]['id'];		84	$data["zoneId"] = $zoneId[0]['id'];
85			85
86	} else {		86	} else {

94		=	94
95	// make email		95	// make email
96	include("classes/htmlMimeMail.php");		96	include("classes/htmlMimeMail.php");
97			97
98	$mail = new htmlMimeMail();		98	$mail = new htmlMimeMail();
99			99
100	$text = sprintf($lang['front']['profile']['update_email'],$_POST['firstName'],$_POST['lastName'],$GLOBALS['storeURL'],$_SERVER['REMOTE_ADDR']);	<>	100	$text = sprintf($lang['front']['profile']['update_email'],treatGet($_POST['firstName']),treatGet($_POST['lastName']),$GLOBALS['storeURL'],$_SERVER['REMOTE_ADDR']);
101		=	101
102	$mail->setText($text);		102	$mail->setText($text);
103	$mail->setFrom($config['masterName'].' <'.$config['masterEmail'].'>');		103	$mail->setFrom($config['masterName'].' <'.$config['masterEmail'].'>');
104	$mail->setSubject($lang['front']['profile']['update_email_subj']);		104	$mail->setSubject($lang['front']['profile']['update_email_subj']);
105	$mail->setHeader('X-Mailer', 'CubeCart Mailer');		105	$mail->setHeader('X-Mailer', 'CubeCart Mailer');
106	$send = $mail->send(array($_POST['email']), $config['mailMethod']);	<>	106	$send = $mail->send(array(treatGet($_POST['email'])), $config['mailMethod']);
107		=	107
108	if(isset($_GET['f']) && !empty($_GET['f'])){		108	if(isset($_GET['f']) && !empty($_GET['f'])){
109	header("Location: cart.php?act=".$_GET['f']);		109	header("Location: cart.php?act=".$_GET['f']);
110	}		110	}
111			111
112	// rebuild customer array		112	// rebuild customer array

24	+--------------------------------------------------------------------------	=	24	+--------------------------------------------------------------------------
25	\| tellafriend.inc.php		25	\| tellafriend.inc.php
26	\| ========================================		26	\| ========================================
27	\| Tell a friend about a product		27	\| Tell a friend about a product
28	+--------------------------------------------------------------------------		28	+--------------------------------------------------------------------------
29	*/		29	*/
30	if (ereg(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| ereg(".inc.php",$_SERVER['PHP_SELF'])) {	<>	30	if (eregi(".inc.php",$HTTP_SERVER_VARS['PHP_SELF']) \|\| eregi(".inc.php",$_SERVER['PHP_SELF'])) {
31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";	=	31	echo "<html>\r\n<head>\r\n<title>Forbidden 403</title>\r\n</head>\r\n<body><h3>Forbidden 403</h3>\r\nThe document you are requesting is forbidden.\r\n</body>\r\n</html>";
32	exit;		32	exit;
33	}		33	}
34			34
35	// query database		35	// query database
36	$_GET['productId'] = treatGet($_GET['productId']) ;		36	$_GET['productId'] = treatGet($_GET['productId']) ;

51	// send email if form is submit	=	51	// send email if form is submit
52	if(isset($_POST['submit'])){		52	if(isset($_POST['submit'])){
53			53
54	$spamCode = fetchSpamCode($_POST['ESC'],TRUE);		54	$spamCode = fetchSpamCode($_POST['ESC'],TRUE);
55			55
56	// start validation		56	// start validation
57	if(!isset($_POST['spamcode']) \|\| ($spamCode['SpamCode']!==$_POST['spamcode']) \|\| ($_SERVER['REMOTE_ADDR']!==$spamCode['userIp']))	<>	57	if((!isset($_POST['spamcode']) \|\| ($spamCode['SpamCode']!==$_POST['spamcode']) \|\| ($_SERVER['REMOTE_ADDR']!==$spamCode['userIp'])) AND ($config['floodControl']==1))
58	{	=	58	{
59	$errorMsg = $lang['front']['tellafriend']['error_code'];		59	$errorMsg = $lang['front']['tellafriend']['error_code'];
60			60
61	}		61	}
62	elseif(empty($_POST['senderName']) \|\| empty($_POST['recipName']) )		62	elseif(empty($_POST['senderName']) \|\| empty($_POST['recipName']) )
63	{		63	{

73		=	73
74	// make email		74	// make email
75	include("classes/htmlMimeMail.php");		75	include("classes/htmlMimeMail.php");
76			76
77	$mail = new htmlMimeMail();		77	$mail = new htmlMimeMail();
78			78
79	$text = sprintf($lang['tellafriend']['email_body'],treatGet($_POST['recipName']),stripslashes(treatGet($_POST['message'])),$GLOBALS['storeURL'],treatGet($_GET['productId']),$GLOBALS['storeURL'],$_SERVER['REMOTE_ADDR']);	<>	79	$text = sprintf($lang['front']['tellafriend']['email_body'],treatGet($_POST['recipName']),stripslashes(treatGet($_POST['message'])),$GLOBALS['storeURL'],treatGet($_GET['productId']),$GLOBALS['storeURL'],$_SERVER['REMOTE_ADDR']);
80		=	80
81	$mail->setText($text);		81	$mail->setText($text);
82	$mail->setReturnPath($_POST['senderEmail']);		82	$mail->setReturnPath($_POST['senderEmail']);
83	$mail->setFrom($_POST['senderName'].' <'.$_POST['senderEmail'].'>');		83	$mail->setFrom($_POST['senderName'].' <'.$_POST['senderEmail'].'>');
84	$mail->setSubject(sprintf($lang['tellafriend']['email_subject'],$_POST['senderName']));	<>	84	$mail->setSubject(sprintf($lang['front']['tellafriend']['email_subject'],$_POST['senderName']));
85	$mail->setHeader('X-Mailer', 'CubeCart Mailer');	=	85	$mail->setHeader('X-Mailer', 'CubeCart Mailer');
86	$send = $mail->send(array($_POST['recipEmail']), $config['mailMethod']);		86	$send = $mail->send(array($_POST['recipEmail']), $config['mailMethod']);
87			87
88	}		88	}
89			89
90	}		90	}

95		=	95
96	$tellafriend->assign("TAF_TITLE",$lang['front']['tellafriend']['tellafriend']);		96	$tellafriend->assign("TAF_TITLE",$lang['front']['tellafriend']['tellafriend']);
97			97
98	if(isset($_POST['submit']) && !isset($errorMsg))		98	if(isset($_POST['submit']) && !isset($errorMsg))
99	{		99	{
100			100
101	$tellafriend->assign("TAF_DESC",sprintf($lang['tellafriend']['message_sent'],$_POST['recipName'],$result[0]['name']));	<>	101	$tellafriend->assign("TAF_DESC",sprintf($lang['front']['tellafriend']['message_sent'],$_POST['recipName'],$result[0]['name']));
102		=	102
103	}		103	}
104	else		104	else
105	{		105	{
106			106
107	$tellafriend->assign("TAF_DESC",sprintf($lang['front']['tellafriend']['fill_out_below'],$result[0]['name']));		107	$tellafriend->assign("TAF_DESC",sprintf($lang['front']['tellafriend']['fill_out_below'],$result[0]['name']));

37	include_once("classes/db.inc.php");	=	37	include_once("classes/db.inc.php");
38	$db = new db();		38	$db = new db();
39	include_once("includes/functions.inc.php");		39	include_once("includes/functions.inc.php");
40	$config = fetchDbConfig("config");		40	$config = fetchDbConfig("config");
41			41
42	// get session data		42	// get session data
		-+	43	include_once("includes/sessionStart.inc.php");
43	include_once("includes/session.inc.php");	=	44	include_once("includes/session.inc.php");
44			45
45	// change language if necessary making sure it is cleaned against cross site scripting!!! Or else there'd be truble!!		46	// change language if necessary making sure it is cleaned against cross site scripting!!! Or else there'd be truble!!
46	if( (isset($_GET['lang'])) && (!empty($_GET['lang'])) && (isset($_SESSION['ccUser'])) && eregi("^[a-z0-9_]",$_GET['lang'])){	<>	47	if( (isset($_GET['lang'])) && (!empty($_GET['lang'])) && (isset($_SESSION['ccUser'])) ){
47	$sessData['lang'] = $db->mySQLSafe($_GET['lang']);		48	$sessData['lang'] = "'".preg_replace('/[^a-zA-Z0-9_\-\+]/', '',$_GET['lang'])."'";
48	$update = $db->update($glob['dbprefix']."CubeCart_sessions", $sessData,"sessId=".$db->mySQLSafe($_SESSION['ccUser']));	=	49	$update = $db->update($glob['dbprefix']."CubeCart_sessions", $sessData,"sessId=".$db->mySQLSafe($_SESSION['ccUser']));
49			50
50	// detect possible spoofing URL's		51	// detect possible spoofing URL's
51	if(!eregi("http://",$_GET['r']) && !eregi("ftp://",$_GET['r']) && !eregi("https://",$_GET['r'])){		52	if(!eregi("http://",$_GET['r']) && !eregi("ftp://",$_GET['r']) && !eregi("https://",$_GET['r'])){
52	header("Location: ".str_replace("&","&",$_GET['r']));	<>	53	header("Location: ".str_replace("&","&",treatGet($_GET['r'])));
53	} else {	=	54	} else {
54	header("Location: index.php");		55	header("Location: index.php");
55	}		56	}
56	exit;		57	exit;
57			58
58	} elseif( (isset($_GET['currency'])) && !empty($_GET['currency']) && (isset($_SESSION['ccUser'])) && ereg("^[A-Z]",$_GET['currency'])){	<>	59	} elseif((isset($_GET['currency'])) && !empty($_GET['currency']) && (isset($_SESSION['ccUser']))){
59		=	60
60	$sessData['currency'] = $db->mySQLSafe($_GET['currency']);	<>	61	$sessData['currency'] = "'".preg_replace('/[^a-zA-Z0-9_\-\+]/', '',$_GET['currency'])."'";
61	$update = $db->update($glob['dbprefix']."CubeCart_sessions", $sessData,"sessId=".$db->mySQLSafe($_SESSION['ccUser']));	=	62	$update = $db->update($glob['dbprefix']."CubeCart_sessions", $sessData,"sessId=".$db->mySQLSafe($_SESSION['ccUser']));
62			63
63	// detect possible spoofing URL's		64	// detect possible spoofing URL's
64	if(!eregi("http://",$_GET['r']) && !eregi("ftp://",$_GET['r']) && !eregi("https://",$_GET['r'])){		65	if(!eregi("http://",$_GET['r']) && !eregi("ftp://",$_GET['r']) && !eregi("https://",$_GET['r'])){
65	header("Location: ".str_replace("&","&",$_GET['r']));	<>	66	header("Location: ".str_replace("&","&",treatGet($_GET['r'])));
66	} else {	=	67	} else {
67	header("Location: index.php");		68	header("Location: index.php");
68	}		69	}
69	exit;		70	exit;
70			71
71	} else {		72	} else {
72	header("Location: index.php");		73	header("Location: index.php");
73	exit;		74	exit;
74	}		75	}
75	?>		76	?>