1<?php 2require($PathPrefix . 'config.php'); 3require_once('includes/DefineCartItemClass.php'); 4include('includes/Functions.php'); 5if (!isset($RootPath)){ 6 $RootPath = dirname(htmlspecialchars($_SERVER['PHP_SELF'])); 7 if ($RootPath == '/' OR $RootPath == "\\") { 8 $RootPath = ''; 9 } 10} 11 12if (isset($SessionSavePath)){ 13 session_save_path($SessionSavePath); 14} 15ini_set('session.gc_maxlifetime',$SessionLifeTime); 16 17if( !ini_get('safe_mode') ){ 18 set_time_limit($MaximumExecutionTime); 19 ini_set('max_execution_time',$MaximumExecutionTime); 20} 21session_write_close(); //in case a previous session is not closed 22session_name('webERPStoreSESSID'); 23session_start(); 24 25if (isset($_GET['LoggOff'])){ 26 ResetForNewOrder($LogOff=true); 27} 28 29if (!isset($_SESSION['SessionName'])){ 30 session_name(CreateRandomHash(15)); 31 $_SESSION['SessionName'] = session_name(); 32 $_SESSION['FormID'] = sha1(uniqid(mt_rand(), true)); 33} 34 35require('includes/DatabaseFunctions.php'); //had to go with a local copy due to error messages/logging in webERP file 36require($PathPrefix . 'includes/DateFunctions.inc'); 37include($PathPrefix . 'includes/LanguageSetup.php'); 38 39/*Sanitise $_POST and $_GET data */ 40foreach ($_POST as $PostVariableName => $PostVariableValue) { 41 if (gettype($PostVariableValue) != 'array') { 42 $_POST[$PostVariableName] = DB_escape_string($PostVariableValue); 43 } else { 44 foreach ($PostVariableValue as $PostArrayKey => $PostArrayValue) { 45 if(get_magic_quotes_gpc()) { 46 $PostVariableValue[$PostArrayKey] = stripslashes($value[$PostArrayKey]); 47 } 48 $PostVariableValue[$PostArrayKey] = DB_escape_string($PostArrayValue); 49 } 50 } 51} 52 53/* iterate through all elements of the $_GET array and DB_escape_string them 54to limit possibility for SQL injection attacks and cross scripting attacks 55*/ 56foreach ($_GET as $GetKey => $GetValue) { 57 if (gettype($GetValue) != 'array') { 58 $_GET[$GetKey] = DB_escape_string($GetValue); 59 } 60} 61 62if (!isset($_SESSION['CompanyDefaultsLoaded'])) { 63 64 //echo '<Br />LOADED NEW DEFAULTS'; 65 66 $sql = "SELECT confname, confvalue FROM config"; 67 $ErrMsg = _('Could not get the configuration parameters from the database because'); 68 $ConfigResult = DB_query($sql,$ErrMsg); 69 while( $myrow = DB_fetch_array($ConfigResult) ) { 70 if (is_numeric($myrow['confvalue']) AND $myrow['confname']!='DefaultPriceList' AND $myrow['confname']!='VersionNumber'){ 71 //the variable name is given by $myrow[0] 72 $_SESSION[$myrow['confname']] = (double) $myrow['confvalue']; 73 } else { 74 $_SESSION[$myrow['confname']] = $myrow['confvalue']; 75 } 76 } //end loop through all config variables 77 78 DB_free_result($ConfigResult); // no longer needed 79 80 $sql= "SELECT coyname, 81 gstno, 82 regoffice1, 83 regoffice2, 84 regoffice3, 85 regoffice4, 86 regoffice5, 87 regoffice6, 88 telephone, 89 fax, 90 email, 91 currencydefault, 92 debtorsact, 93 pytdiscountact, 94 creditorsact, 95 payrollact, 96 grnact, 97 exchangediffact, 98 purchasesexchangediffact, 99 retainedearnings, 100 freightact, 101 gllink_debtors, 102 gllink_creditors, 103 gllink_stock, 104 decimalplaces 105 FROM companies 106 INNER JOIN currencies ON companies.currencydefault=currencies.currabrev 107 WHERE coycode=1"; 108 109 $ErrMsg = _('An error occurred accessing the database to retrieve the company information'); 110 $ReadCoyResult = DB_query($sql,$ErrMsg); 111 112 if (DB_num_rows($ReadCoyResult)==0) { 113 echo '<br /><b>'; 114 prnMsg( _('The company record has not yet been set up') . '</b><br />' . _('From the system setup tab select company maintenance to enter the company information and system preferences'),'error',_('CRITICAL PROBLEM')); 115 exit; 116 } else { 117 $_SESSION['CompanyRecord'] = DB_fetch_array($ReadCoyResult); 118 } 119 if (isset($ShopDebtorNo) AND $ShopDebtorNo!='' AND isset($ShopBranchCode) AND $ShopBranchCode!='') { //$ShopDebtorNo set in includes/config.php is not empty 120 //then use $ShopDebtorNo for this shop - this allows multiple webSHOPs for a single webERP installation 121 $_SESSION['ShopDebtorNo']=$ShopDebtorNo; 122 $_SESSION['ShopBranchCode']=$ShopBranchCode; 123 } 124 include('includes/GetCustomerDetails.php'); // also used when a customer logs in 125 126 if (isset($ShopName) AND $ShopName!='') { //$ShopName set in includes/config.php is not empty 127 //then use $ShopName for this shop - this allows multiple webSHOPs for a single webERP installation 128 $_SESSION['ShopName'] = $ShopName; 129 } 130 if (isset($ShopAboutUs) AND $ShopAboutUs!='') { //$ShopAboutUs set in includes/config.php is not empty 131 //then use $ShopAboutUs for this shop - this allows multiple webSHOPs for a single webERP installation 132 $_SESSION['ShopAboutUs'] = $ShopAboutUs; 133 } 134 if (isset($ShopFreightPolicy) AND $ShopFreightPolicy!='') { //$ShopFreightPolicy set in includes/config.php is not empty 135 //then use $ShopName for this shop - this allows multiple webSHOPs for a single webERP installation 136 $_SESSION['ShopFreightPolicy'] = $ShopFreightPolicy; 137 } 138 if (isset($ShopContactUs) AND $ShopContactUs!='') { //$ShopContactUs set in includes/config.php is not empty 139 //then use $ShopContactUs for this shop - this allows multiple webSHOPs for a single webERP installation 140 $_SESSION['ShopContactUs'] = $ShopContactUs; 141 } 142 143 $_SESSION['CompanyDefaultsLoaded'] = true; //so we don't do this with every page 144} 145 146if (!isset($_SESSION['ShoppingCart'])){ 147 $_SESSION['ShoppingCart']=array(); //of CartItem objects from DefineCartItemClass.php above 148} 149 150//set up the PaymentMethods array based on shop config paramteres 151$PaymentMethods = array(); 152if ($_SESSION['ShopAllowPayPal'] == '1') { 153 $PaymentMethods['PayPal']=array('MethodName'=>_('Pay Pal'), 'Surcharge'=>$_SESSION['ShopPayPalSurcharge']); 154} 155if ($_SESSION['ShopAllowCreditCards']==1){ 156 $PaymentMethods[$_SESSION['ShopCreditCardGateway']]=array('MethodName'=>_('Credit Card'), 'Surcharge'=>$_SESSION['ShopCreditCardSurcharge']); 157} 158if ($_SESSION['ShopAllowBankTransfer'] == '1') { 159 $PaymentMethods['BankTransfer']=array('MethodName'=>_('Bank Transfer'), 'Surcharge'=>$_SESSION['ShopBankTransferSurcharge']); 160} 161 162if ($_SESSION['CustomerDetails']['creditcustomer']==true) { //set up additional system CreditAccount PaymentMethod 163 $PaymentMethods['CreditAccount']['MethodName'] = 'Credit Account'; 164 $PaymentMethods['CreditAccount']['Surcharge']= 0; 165} 166if (sizeof($_POST) > 0) { 167 /*Security check to ensure that the form submitted is originally sourced from webERP with the FormID = $_SESSION['FormID'] - which is set before the first login*/ 168 if (!isset($_POST['FormID']) OR ($_POST['FormID'] != $_SESSION['FormID'])) { 169 $Title = _('Error in form verification'); 170 include('includes/header.php'); 171 echo '<br /> 172 <br />'; 173 prnMsg(_('This form was not submitted with a correct ID') , 'error'); 174 include('includes/footer.php'); 175 exit; 176 } 177} 178 179function CreateRandomHash($Length){ 180 $Characters = 'ABCDEFGHIJKLMOPQRSTUVXWYZ0123456789'; 181 $SizeofCharArray = strlen($Characters); 182 $SizeofCharArray--; 183 184 $Hash=''; 185 for($i=1;$i<=$Length;$i++){ 186 $Position = rand(0,$SizeofCharArray); 187 $Hash .= substr($Characters,$Position,1); 188 } 189 190 return $Hash; 191} 192?> 193