Subversion Repositories cheapmusic

<?php

include_once('php/sessions_db.php');

include_once('php/cryptor.php');

if ($_SERVER["SERVER_NAME"] == "www.findcheapmusic.com") {

	header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");

	header("X-Content-Type-Options: nosniff");

	header("X-XSS-Protection: 1; mode=block");

	header("Access-Control-Allow-Origin: *");

	header("Referrer-Policy: no-referrer");

	header("X-Frame-Options: SAMEORIGIN");

	header("Set-Cookie: ^(.*)$ $1;HttpOnly;Secure");

	header("Content-Security-Policy: default-src 'none'; font-src https://use.fontawesome.com; form-action 'self'; img-src 'self' data: https://thumbs1.ebaystatic.com https://thumbs2.ebaystatic.com https://thumbs3.ebaystatic.com https://thumbs4.ebaystatic.com; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/ https://use.fontawesome.com/releases/v5.8.1/css/;frame-ancestors 'self'");

}

$configFile = parse_ini_file("../MyFiles/config/cheapmusic.ini",true);

$crypt = Cryptor::getInstance($configFile['cryptor']);

$tmpSessionTab = (isset($_POST["sessionTab"]) && $_POST["sessionTab"] > 0 ? $_POST["sessionTab"] : null);

echo "Tmp Session Tab = " . $tmpSessionTab . "<br>";

$handler = MySessionHandler::getInstance($tmpSessionTab, $configFile['mysqli']);

unset($configFile);

ini_set("session.cookie_httponly", 1);

ini_set("session.cookie_secure", 1);

session_set_save_handler($handler, true);

session_start();

?>

<!DOCTYPE html>

<html lang="en-US">

<head>

    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">

    <title>Find Cheap Music...</title>

    <meta name="viewport" content="width=device-width, initial-scale=1">

    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">

    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js" integrity="sha384-JUMjoW8OzDJw4oFpWIB2Bu/c6768ObEthBMVSiIx4ruBIEdyNSUQAjJNFqT5pnJ6" crossorigin="anonymous"></script>

    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>

    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>

    <link rel="stylesheet" href="css/style.min.css" integrity="sha384-zfDdfwK/GMKsN/HIVw5QfYNpAuPYAhtEwYs/IFiDiboUBjXRjHpjPt1gdNtJgAWA" crossorigin="anonymous">

    <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.8.1/css/all.css" integrity="sha384-50oBUHEmvpQ+1lW4y57PTFmhCaXp0ML5d60M1M7uH2+nqUivzIebhndOJK28anvf" crossorigin="anonymous">

    <!-- Global site tag (gtag.js) - Google Analytics -->

    <!--script async src="https://www.googletagmanager.com/gtag/js?id=UA-138428761-2"></script-->

    <!--script src="/js/gtag.js" integrity="sha384-ZoAmOe9K3AXr6ONEK6njtE/HMsMvyjck9EfsgXdZLG7rEiz5GqXEk3RQc2cFIRNY" crossorigin="anonymous"></script-->

</head>

<body>

<?php

include_once('php/clsLibGTIN.php');

include_once('php/tools.php');

initSessionVariables();

if ($_SERVER["REQUEST_METHOD"] == "POST") {

	if ($_POST["submit"] == "Search") {

		$zip = sanitizeInput($_POST['buyerZip']);

		if (strlen($zip) == 5 && preg_match("/^[0-9 ]*$/", $zip)) {

			$_SESSION["buyer"]["Zip"] = $zip;

		} else if (strlen($zip) == 0) {

			$_SESSION["buyer"]["Zip"] = "";

		}

		if (empty($_POST["searchTerm"])) {

			$_SESSION["searchTerm"] = "";

			$_SESSION["resultArr"] = [];

		} else {

			$_SESSION["searchTerm"] = sanitizeInput($_POST["searchTerm"]);

            if (checkSearchFilters()) {

    			performSearch();

    		}

		}

	} else if ($_POST["submit"] == "Save") {

		$_SESSION["filterCondition"]["New"] = checkPV("filterConditionNew");

		$_SESSION["filterCondition"]["Used"] = checkPV("filterConditionUsed");

		$_SESSION["filterMediaType"]["CD"] = checkPV("filterMediaTypeCD");

		$_SESSION["filterMediaType"]["Record"] = checkPV("filterMediaTypeRecord");

		$_SESSION["filterMediaType"]["Digital"] = checkPV("filterMediaTypeDigital");

        if (checkSearchFilters()) {

			performSearch();

		}

	} else if (in_array($_POST["submit"], $buttonArr)) {

		$_SESSION["currentView"] = $_POST["submit"];

		filterResults();

	}

} else if ($_SERVER["REQUEST_METHOD"] == "GET") {

	$_SESSION["buyer"]["Zip"] = "";

	if (isset($_GET['z'])) {

		$zip = sanitizeInput($_GET['z']);

		if (strlen($zip) == 5 && preg_match("/^[0-9 ]*$/", $zip)) {

			$_SESSION["buyer"]["Zip"] = $zip;

		}

	}

	if (isset($_GET['q'])) {

		$_SESSION["searchTerm"] = sanitizeInput($_GET["q"]);

        if (checkSearchFilters()) {

    		performSearch();

    	}

	} else {

	    $_SESSION["searchTerm"] = "";

	}

}

?>

    <nav class="navbar navbar-expand-sm bg-dark navbar-dark">

        <a class="navbar-brand" href="#">Home</a>

        <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#collapsibleNavbar">

            <span class="navbar-toggler-icon"></span>

        </button>

        <div class="collapse navbar-collapse" id="collapsibleNavbar">

            <ul class="navbar-nav">

                <li class="nav-item">

                    <a class="nav-link" href="terms.html">Terms of Service</a>

                </li>

                <li class="nav-item">

                    <a class="nav-link" href="privacy.html">Privacy Policy</a>

                </li>

            </ul>

        </div>

    </nav>

    <div class="page-header bg-primary">

        <div class="container text-center py-3">

            <h1>Find Cheap Music...</h1>

            <p class="d-none d-sm-block">Find the cheapest music online. Advertisement free website.</p>

        </div>

    </div>

	<div class="container-fluid bg-primary py-3">

        <?php

            echo $_SESSION["filterWarnings"];

        ?>

        <form method="post" action="/index.php"

            onsubmit="document.getElementById('search').innerHTML = '<span class=\'spinner-border spinner-border-sm\'></span> Searching, please wait...';">

            <input type="hidden" name="sessionTab" value="<?php echo $handler->getSessionTab(); ?>">

        	<div class="input-group mb-3">

            	<div class="input-group-prepend">

                    <div class="d-none d-sm-block">

                        <button class="btn input-group-text mx-1 rounded" type="button" data-toggle="modal" data-target="#searchInfoModal"><i class="fas fa-info-circle" style="font-size:25px"></i></button>

                	</div>

                	<button class="btn input-group-text mx-1 rounded" type="button" data-toggle="modal" data-target="#filterModal" data-keyboard="false"><i class="fas fa-filter" style='font-size:25px'></i></button>

            	</div>

            	<input id="searchTerm" name="searchTerm" type="text" class="form-control ml-1" placeholder="Search by Barcode, Label, Artist, Title, ..." value="<?php echo getSV("searchTerm") ?>">

            	<div class="input-group-append">

                    <button id="search" type="submit" class="btn btn-success" name="submit" value="Search">Go</button>

                </div>

        	</div>

        	<div class="input-group input-group-sm mb-3 col-xl-5 col-lg-7 col-md-12 col-sm-12 col-12">

            	<div class="input-group-prepend input-group-sm">

          			<!--span class="input-group-text mx-1">Shipping to:</span-->

          			<label class="mr-2">Shipping to:</label>

            	</div>

                <div class="d-none d-sm-inline-flex">

              		<input type="text" class="form-control form-control-sm mx-1" maxlength="20" style="width:12em!important" id="buyerCountry" name="buyerCountry" value="United States" readonly>

                    <input type="text" class="form-control form-control-sm mx-1" maxlength="3" style="width:3.5em!important" id="buyerCurrency" name="buyerCurrency" value="USD" readonly>

                </div>

            	<input type="text" class="form-control form-control-sm mx-1" maxlength="5" style="width:2.5em!important" id="buyerZip" name="buyerZip" placeholder="Zip Code" value="<?php echo $_SESSION["buyer"]["Zip"];?>">

	            <?php

                    if ($_SESSION["buyer"]["Zip"] == '') {

                    	echo '<div class="input-group-append input-group-sm mx-1 rounded">';

                    	echo '  <i class="fas fa-exclamation-triangle input-group-text img-fluid rounded" style="font-size:14px;color:orange;" title="Please enter your postal code to get the accurate shipping cost for items listed using a shipping rate table." data-toggle="tooltip" data-placement="auto" data-delay="100"></i>';

                    	echo '</div>';

                    }

                ?>

        	</div>

        </form>

    </div>

    <?php

echo "Session Tab = " . $handler->getSessionTab() . "<br>";

        echo printTableHeader();

        echo buildTable();

        echo printSearchFilterModal();

        echo printSearchInfoModal();

    ?>

    <footer class="container-fluid text-center">

        <p>Disclaimer: As an Associate we earn from qualifying purchases.</p>

        <p>Copyright &#169; 2019 FindCheapMusic.com. All rights reserved.</p>

    </footer>

    <script src="/js/dr.min.js" integrity="sha384-EtIwzuKAwnONywwaqKOYs3eD2KXe6HrxJ1Ako6N6cR5LHyrLhKsaxBuSbkJhhtEH" crossorigin="anonymous"></script>

</body>

</html>