Subversion Repositories cheapmusic

Rev

Rev 132 | Rev 134 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
2 - 1 
<?php
107 - 2 
 
121 - 3 
include_once ($_SERVER['DOCUMENT_ROOT'] . "/php/hosting.php");
65 - 4 
include_once ($_SERVER['DOCUMENT_ROOT'] . "/php/sessions_db.php");
5 
include_once ($_SERVER['DOCUMENT_ROOT'] . "/php/cryptor.php");
6 
include_once ($_SERVER['DOCUMENT_ROOT'] . "/php/vendors.php");
7 
include_once ($_SERVER['DOCUMENT_ROOT'] . "/php/tools.php");
8 
include_once ($_SERVER['DOCUMENT_ROOT'] . "/php/wishlist.php");
119 - 9 
include_once ($_SERVER['DOCUMENT_ROOT'] . "/php/NonceUtil.php");
7 - 10 
 
9 - 11 
error_reporting(E_ALL);
12 
 
35 - 13 
$userData = [];
57 - 14 
$userTheme = 'default';
70 - 15 
$configFile = parse_ini_file($_SERVER['DOCUMENT_ROOT'] . FCM_CONFIGFILE, true);
7 - 16 
$crypt = Cryptor::getInstance($configFile['cryptor']);
107 - 17 
$tmpSessionTab = (!empty(getPGV("sessionTab")) && getPGV("sessionTab") > 0 ? getPGV("sessionTab"): null);
7 - 18 
$handler = MySessionHandler::getInstance($tmpSessionTab, $configFile['mysqli']);
9 - 19 
$vendors = Vendors::getInstance();
83 - 20 
Vendors::setAllVendors($configFile, $vendors);
121 - 21 
$systemConf = $configFile['system'];
7 - 22 
unset($configFile);
23 
 
121 - 24 
session_set_cookie_params(604800, '/', '.' . $systemConf["domain_name"], true, true);
7 - 25 
session_set_save_handler($handler, true);
35 - 26 
if (!empty($_COOKIE['PHPSESSID'])) {
27 
    session_id($_COOKIE['PHPSESSID']);
28 
}
2 - 29 
session_start();
35 - 30 
 
127 - 31 
initSessionVariables();
32 
$_SESSION["htmlIndent"] = (!empty($systemConf["htmlIndent"]) ? intval($systemConf["htmlIndent"]) : 0);
121 - 33 
$_SESSION["gtag"] = ($systemConf["g_tag"] == "1");
124 - 34 
$_SESSION["nonce"] = NonceUtil::generate($systemConf["nonce_secret"], 1800);
119 - 35 
include_once ($_SERVER['DOCUMENT_ROOT'] . "/php/csp.php");
36 
 
35 - 37 
// Check whether user ID is available in cookie
65 - 38 
if (!empty($_COOKIE['rememberUserId']) && !empty($_COOKIE['hash']) && empty($_SESSION['sessData']['loginType'])) {
35 - 39 
    require_once 'login/includes/config.php';
40 
    require_once 'login/includes/User.class.php';
41 
    require_once 'login/includes/password.php';
42 
    $user = new User();
43 
    $conditions['where'] = array(
44 
        'id' => $_COOKIE['rememberUserId']
45 
    );
46 
    $conditions['return_type'] = 'single';
47 
    $userData = $user->getRows($conditions);
48 
    if (!empty($userData) && password_verify($userData['password'] . $userData['id'], $_COOKIE['hash'])) {
65 - 49 
        $_SESSION['sessData']['userLoggedIn'] = true;
35 - 50 
        $_SESSION['sessData']['userID'] = $_COOKIE['rememberUserId'];
36 - 51 
        $userPicture = getUserImage($userData);
57 - 52 
        $userTheme = $userData['theme'];
59 - 53 
        $_SESSION["currentLayout"] = ($userData['cardView'] == '1' ? 'CardView' : 'TableView');
57 - 54 
        if (empty($_SESSION["manualFilter"])) {
55 
            $_SESSION['buyer']['Zip'] = $userData['zip'];
56 
            $_SESSION['buyer']['Country'] = 'United States';
57 
            $_SESSION['buyer']['Currency'] = 'USD';
65 - 58 
            $_SESSION["filterCondition"]["New"] = $userData['conditionNew'];
59 
            $_SESSION["filterCondition"]["Used"] = $userData['conditionUsed'];
60 
            $_SESSION["filterMediaType"]["CD"] = $userData['mediaCD'];
61 
            $_SESSION["filterMediaType"]["Record"] = $userData['mediaRecord'];
62 
            $_SESSION["filterMediaType"]["Digital"] = $userData['mediaDigital'];
63 
            $_SESSION["filterMediaType"]["Book"] = $userData['mediaBook'];
64 
        }
65 
    }
66 
    else {
35 - 67 
        unsetSessData();
68 
    }
65 - 69 
    // or if the user has already logged in
114 - 70 
 
65 - 71 
}
72 
else if (isLoggedIn()) {
35 - 73 
    require_once 'login/includes/config.php';
74 
    require_once 'login/includes/User.class.php';
75 
    require_once 'login/includes/password.php';
76 
    $user = new User();
77 
    $conditions['where'] = array(
78 
        'id' => $_SESSION['sessData']['userID']
79 
    );
80 
    $conditions['return_type'] = 'single';
81 
    $userData = $user->getRows($conditions);
57 - 82 
 
35 - 83 
    if (!empty($userData)) {
36 - 84 
        $userPicture = getUserImage($userData);
57 - 85 
        $userTheme = $userData['theme'];
59 - 86 
        $_SESSION["currentLayout"] = ($userData['cardView'] == '1' ? 'CardView' : 'TableView');
57 - 87 
        if (empty($_SESSION["manualFilter"])) {
35 - 88 
            $_SESSION['buyer']['Zip'] = $userData['zip'];
89 
            $_SESSION['buyer']['Country'] = 'United States';
90 
            $_SESSION['buyer']['Currency'] = 'USD';
65 - 91 
            $_SESSION["filterCondition"]["New"] = $userData['conditionNew'];
92 
            $_SESSION["filterCondition"]["Used"] = $userData['conditionUsed'];
93 
            $_SESSION["filterMediaType"]["CD"] = $userData['mediaCD'];
94 
            $_SESSION["filterMediaType"]["Record"] = $userData['mediaRecord'];
95 
            $_SESSION["filterMediaType"]["Digital"] = $userData['mediaDigital'];
96 
            $_SESSION["filterMediaType"]["Book"] = $userData['mediaBook'];
35 - 97 
        }
65 - 98 
    }
99 
    else {
35 - 100 
        unsetSessData();
101 
    }
65 - 102 
    // not logged in
114 - 103 
 
65 - 104 
}
105 
else {
35 - 106 
    unsetSessData();
107 
}
57 - 108 
 
78 - 109 
checkPriceMonitor();
114 - 110 
 
127 - 111 
echo "<!DOCTYPE html>"; // html5
2 - 112 
 
127 - 113 
$xh = new Html;
114 
$xh->init($_SESSION["htmlIndent"]);
115 
$xh->add_attribute("lang", "en-US");
116 
$xh->tag('html');
117 
$xh->tag('head');
132 - 118 
    $xh->insert_code(headTitle(getPGV('submit')));
127 - 119 
    $xh->add_attribute('name', "keywords");
120 
    $xh->add_attribute('content', "Cheap,Music,Album,Single,Promo,CD,Compact Disc,Vinyl,Record,Digital,Download,Sheet,Book");
121 
    $xh->single_tag('meta');
122 
    $xh->insert_code(metaDescription(getPGV('submit')));
123 
    $xh->insert_code(htmlHeader());
124 
    $xh->insert_code(file_get_contents('snippets/fb_tw.txt'));
125 
    $xh->close(); // head
126 
$xh->tag('body');
127 
 
121 - 128 
if ($_SESSION["gtag"]) {
127 - 129 
    $xh->add_attribute('nonce', base64_encode($_SESSION["nonce"]));
130 
    $xh->tag('noscript');
131 
        $xh->add_attribute("src", "https://www.googletagmanager.com/ns.html?id=GTM-PCNTXZ7");
132 
        $xh->add_attribute("height", "0");
133 
        $xh->add_attribute("width", "0");
134 
        $xh->add_attribute("style", "display:none;visibility:hidden");
135 
        $xh->add_attribute("title", "Tagmanager");
136 
        $xh->tag('iframe', "");
137 
    $xh->close(); // noscript
119 - 138 
}
139 
 
2 - 140 
if ($_SERVER["REQUEST_METHOD"] == "POST") {
65 - 141 
    if ($_POST["submit"] == "Search") {
35 - 142 
        if (empty($_SESSION['buyer']['Zip'])) {
65 - 143 
            $zip = (empty($_POST['buyerZip']) ? "" : sanitizeInput($_POST['buyerZip']));
144 
            if (strlen($zip) == 5 && preg_match("/^[0-9 ]*$/", $zip)) {
57 - 145 
                if ($_SESSION["buyer"]["Zip"] != $zip) {
65 - 146 
                    $_SESSION["manualFilter"] = true;
147 
                    $_SESSION["buyer"]["Zip"] = $zip;
148 
                }
149 
            }
150 
            else if (strlen($zip) == 0) {
151 
                $_SESSION["buyer"]["Zip"] = "";
152 
            }
153 
        }
2 - 154 
 
46 - 155 
        $_SESSION["discogsTitle"] = "";
156 
        $_SESSION["discogsArtist"] = "";
65 - 157 
        $searchTerm = (empty($_POST['searchTerm']) ? "" : searchFriendlyString($_POST['searchTerm']));
158 
        if (empty($searchTerm)) {
159 
            resetSessionVars();
160 
        }
161 
        else {
162 
            $_SESSION["searchTerm"] = $searchTerm;
116 - 163 
            performSearch();
65 - 164 
        }
165 
    }
166 
    else if ($_POST["submit"] == "Save") {
167 
        $_SESSION["manualFilter"] = true;
66 - 168 
        if (!isset($_POST["filterCondition"])) {$_POST["filterCondition"] = []; }
169 
        if (!is_array($_POST["filterCondition"])) { $_POST["filterCondition"] = [ $_POST["filterCondition"] ];}
170 
        $_SESSION["filterCondition"]["New"] = in_array("New", $_POST["filterCondition"]);
171 
        $_SESSION["filterCondition"]["Used"] = in_array("Used", $_POST["filterCondition"]);
172 
        if (!isset($_POST["filterMediaType"])) {$_POST["filterMediaType"] = []; }
173 
        if (!is_array($_POST["filterMediaType"])) { $_POST["filterMediaType"] = [ $_POST["filterMediaType"] ];}
174 
        $_SESSION["filterMediaType"]["CD"] = in_array("CD", $_POST["filterMediaType"]);
175 
        $_SESSION["filterMediaType"]["Record"] = in_array("Record", $_POST["filterMediaType"]);
176 
        $_SESSION["filterMediaType"]["Digital"] = in_array("Digital", $_POST["filterMediaType"]);
177 
        $_SESSION["filterMediaType"]["Book"] = in_array("Book", $_POST["filterMediaType"]);
2 - 178 
 
46 - 179 
        $_SESSION["discogsTitle"] = "";
180 
        $_SESSION["discogsArtist"] = "";
65 - 181 
        $searchTerm = searchFriendlyString($_POST['searchTerm']);
182 
        if (empty($searchTerm)) {
183 
            resetSessionVars();
184 
        }
185 
        else {
186 
            $_SESSION["searchTerm"] = $searchTerm;
116 - 187 
            performSearch();
65 - 188 
        }
189 
    }
190 
    else if ($_POST["submit"] == "discogsSearch") {
50 - 191 
        $searchTerm = "";
192 
        if (!empty($_POST['discogsBarcode'])) {
65 - 193 
            $searchTerm = searchFriendlyString($_POST['discogsBarcode']);
194 
        }
195 
        else {
50 - 196 
            if (!empty($_POST['discogsTitle'])) {
197 
                $searchTerm = $_POST['discogsTitle'];
198 
            }
58 - 199 
 
50 - 200 
            if (!empty($_POST['discogsArtist'])) {
201 
                $searchTerm .= " " . $_POST['discogsArtist'];
202 
            }
58 - 203 
 
50 - 204 
            $searchTerm = trim($searchTerm);
205 
        }
206 
 
65 - 207 
        if (empty($searchTerm)) {
208 
            resetSessionVars();
209 
        }
210 
        else {
211 
            $_SESSION["searchTerm"] = $searchTerm;
46 - 212 
            if (isset($_POST['discogsTitle'])) {
213 
                $_SESSION["discogsTitle"] = searchFriendlyString($_POST['discogsTitle']);
214 
            }
215 
            if (isset($_POST['discogsArtist'])) {
216 
                $_SESSION["discogsArtist"] = searchFriendlyString($_POST['discogsArtist']);
217 
            }
14 - 218 
 
116 - 219 
            performSearch();
65 - 220 
        }
221 
    }
73 - 222 
    else if ($_POST["submit"] == "unsubscribe") {
223 
// bugbug
224 
    }
65 - 225 
}
226 
else if ($_SERVER["REQUEST_METHOD"] == "GET") {
227 
    if (isset($_GET['z'])) {
228 
        $_SESSION["buyer"]["Zip"] = "";
229 
        $zip = sanitizeInput($_GET['z']);
230 
        if (strlen($zip) == 5 && preg_match("/^[0-9 ]*$/", $zip)) {
231 
            $_SESSION["buyer"]["Zip"] = $zip;
232 
        }
233 
    }
2 - 234 
 
9 - 235 
    $_SESSION["searchTerm"] = "";
65 - 236 
    if (isset($_GET['q'])) {
237 
        $_SESSION["searchTerm"] = searchFriendlyString($_GET["q"]);
116 - 238 
        performSearch();
65 - 239 
    }
2 - 240 
}
241 
 
127 - 242 
$xh->insert_code(navigationPane(isset($userPicture) ? $userPicture : null));
243 
 
244 
    $xh->add_attribute("class", "page-header bg-primary");
245 
    $xh->tag('div');
246 
        $xh->add_attribute("class", "container text-center py-3");
247 
        $xh->tag('div');
248 
 
65 - 249 
if (getPGV('submit') == "terms") {
127 - 250 
    $xh->tag('h1', "Terms of Service");
65 - 251 
}
252 
else if (getPGV('submit') == "privacy") {
127 - 253 
    $xh->tag('h1', "Privacy Policy");
65 - 254 
}
255 
else if (getPGV('submit') == "coupons") {
127 - 256 
    $xh->tag('h1', "Special Offers &amp; Coupon Codes");
65 - 257 
}
258 
else if (getPGV('submit') == "wishlist") {
127 - 259 
    $xh->tag('h1', "Wishlist");
78 - 260 
    if (!empty($_SESSION['priceMonitor'])) {
127 - 261 
        $xh->add_attribute("method", "post");
262 
        $xh->add_attribute("action", "/index.php");
263 
        $xh->tag('form');
264 
            $xh->insert_code(inputSessionTab());
265 
            $xh->insert_code(inputNonce());
266 
            $xh->add_attribute("class", "btn btn-info rounded");
267 
            $xh->add_attribute("id", "priceMonitor");
268 
            $xh->add_attribute("type", "submit");
269 
            $xh->add_attribute("name", "submit");
270 
            $xh->add_attribute("value", "priceMonitor");
271 
            $xh->tag('button', "Price Monitor Results");
272 
            if (!empty($_SESSION['priceMonitor']['newFlag']) && $_SESSION['priceMonitor']['newFlag'] === true) {
273 
                $xh->add_attribute("class", "badge badge-pill badge-dark");
274 
                 $xh->tag('span', ">New");
275 
            }
276 
            $xh->close(); // button
277 
        $xh->close(); // form
78 - 278 
    }
65 - 279 
}
78 - 280 
else if (getPGV('submit') == "priceMonitor") {
127 - 281 
    $xh->tag('h1', "Price Monitor Results");
78 - 282 
}
65 - 283 
else if (getPGV('submit') == "help") {
127 - 284 
    $xh->tag('h1', "Getting Started");
65 - 285 
}
113 - 286 
else if (getPGV('submit') == "barcode") {
127 - 287 
    $xh->tag('h1', "Barcode Checker");
113 - 288 
}
73 - 289 
else if (getPGV('submit') == "unsubscribe") {
127 - 290 
    $xh->tag('h1', "Unsubscribe Wishlist");
73 - 291 
}
65 - 292 
else {
127 - 293 
    $xh->tag('h1', "Find Cheap CDs, Records, Digital, Books and Sheets");
294 
    $xh->add_attribute("id", "textslide");
295 
    $xh->add_attribute("class", "d-none d-sm-block");
296 
    $xh->tag('p', "Bookmark FindCheapMusic.com");
65 - 297 
}
2 - 298 
 
127 - 299 
        $xh->close(); // div
300 
    $xh->close(); // div
73 - 301 
 
128 - 302 
 
127 - 303 
    $xh->insert_code(mainSearchForm());
2 - 304 
 
65 - 305 
if (getPGV('submit') == "terms") {
120 - 306 
    $snip = file_get_contents('snippets/terms.txt');
307 
    $snip = str_replace("<script>", "<script nonce=\"" . base64_encode($_SESSION["nonce"]) . "\">", $snip);
127 - 308 
    $xh->insert_code($snip);
65 - 309 
}
310 
else if (getPGV('submit') == "privacy") {
120 - 311 
    $snip = file_get_contents('snippets/privacy.txt');
312 
    $snip = str_replace("<script>", "<script nonce=\"" . base64_encode($_SESSION["nonce"]) . "\">", $snip);
127 - 313 
    $xh->insert_code($snip);
65 - 314 
}
315 
else if (getPGV('submit') == "help") {
127 - 316 
    $xh->insert_code(printHelp());
65 - 317 
}
113 - 318 
else if (getPGV('submit') == "barcode") {
127 - 319 
    $xh->insert_code(barcodePage());
113 - 320 
}
65 - 321 
else if (getPGV('submit') == "coupons") {
322 
    //get_linkshareCoupons(); // bugbug
127 - 323 
    $xh->insert_code(getCouponCodes());
65 - 324 
}
325 
else if (getPGV('submit') == "wishlist") {
127 - 326 
    $xh->insert_code(getWishlist());
65 - 327 
}
78 - 328 
else if (getPGV('submit') == "priceMonitor") {
127 - 329 
    $xh->add_attribute("class", "container");
330 
    $xh->add_attribute("id", "productTable");
331 
    $xh->tag('div');
332 
    $xh->insert_code(getPriceMonitor());
333 
    $xh->close(); // div
78 - 334 
}
73 - 335 
else if (getPGV('submit') == "unsubscribe") {
127 - 336 
    $xh->insert_code(unsubscribeWishlist($_GET));
73 - 337 
}
65 - 338 
else if (getPGV('submit') == "random") {
339 
    findDiscogsMaster("***RANDOM***");
119 - 340 
    if (!empty($_SESSION["discogs"])) {
127 - 341 
        $xh->insert_code(str_replace("xxxNONCExxx", base64_encode($_SESSION["nonce"]), $_SESSION["discogs"]));
119 - 342 
    }
65 - 343 
}
344 
else {
345 
    if ($_SESSION["lowestPrice"]["All"] > 0.00 || !empty($_SESSION["searchTerm"])) {
127 - 346 
        $xh->insert_code(str_replace("xxxNONCExxx", base64_encode($_SESSION["nonce"]), $_SESSION["discogs"]));
347 
        $xh->add_attribute("class", "container border py-2");
348 
        $xh->add_attribute("id", "productTable");
349 
        $xh->tag('div');
350 
        $xh->insert_code(storeOfferHeader());
104 - 351 
        if ($_SESSION["lowestPrice"]["All"] > 0.00) {
127 - 352 
            $xh->insert_code(printResultHeader());
104 - 353 
        }
127 - 354 
        $xh->insert_code(printResult());
355 
        $xh->close(); // div
133 - 356 
        $xh->insert_code(productTableEventListeners());
65 - 357 
    }
358 
    else if (!empty($_SESSION["discogs"])) {
127 - 359 
        $xh->insert_code(str_replace("xxxNONCExxx", base64_encode($_SESSION["nonce"]), $_SESSION["discogs"]));
65 - 360 
    }
361 
    else {
127 - 362 
        $xh->insert_code(startscreen());
14 - 363 
    }
127 - 364 
 
365 
    $xh->insert_code(printSearchInfoModal());
65 - 366 
}
2 - 367 
 
127 - 368 
$xh->insert_code(printProgessbarModal());
14 - 369 
 
128 - 370 
$xh->insert_code(printSocialIconBar());
81 - 371 
 
127 - 372 
$xh->insert_code(htmlFooter());
2 - 373 
 
127 - 374 
$xh->insert_code(headerQuoteSlides());
375 
 
376 
$xh->insert_code(downloadAtOnload());
377 
 
378 
$xh->tag('form');
379 
    $xh->add_attribute("type", "hidden");
380 
    $xh->add_attribute("id", "nonce");
381 
    $xh->add_attribute("name", "nonce");
382 
    $xh->add_attribute("value", $_SESSION["nonce"]);
383 
    $xh->single_tag('input');
384 
$xh->close(); // form
385 
 
386 
$xh->close(); // body
387 
$xh->close(); // html
388 
 
389 
$html = $xh->flush();
390 
//error_log(print_r($html, 1));
391 
 
392 
echo $html;
393 
 
394 
MySessionHandler::commit(session_id());