Subversion Repositories cheapmusic

Rev

Rev 13 | Rev 15 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
2 - 1 
<?php
7 - 2 
include_once('php/sessions_db.php');
3 
include_once('php/cryptor.php');
9 - 4 
include_once('php/vendors.php');
7 - 5 
 
9 - 6 
error_reporting(E_ALL);
7 
 
2 - 8 
if ($_SERVER["SERVER_NAME"] == "www.findcheapmusic.com") {
14 - 9 
    ini_set("zlib.output_compression", "On");
5 - 10 
	header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
11 
	header("X-Content-Type-Options: nosniff");
12 
	header("X-XSS-Protection: 1; mode=block");
13 
	header("Access-Control-Allow-Origin: *");
14 
	header("Referrer-Policy: no-referrer");
15 
	header("X-Frame-Options: SAMEORIGIN");
16 
	header("Set-Cookie: ^(.*)$ $1;HttpOnly;Secure");
10 - 17 
	header("Content-Security-Policy: default-src 'none'; font-src https://use.fontawesome.com; form-action 'self'; img-src 'self' data: https://img.discogs.com https://thumbs1.ebaystatic.com https://thumbs2.ebaystatic.com https://thumbs3.ebaystatic.com https://thumbs4.ebaystatic.com; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/ https://use.fontawesome.com/releases/v5.8.1/css/;frame-ancestors 'self'");
2 - 18 
}
19 
 
7 - 20 
$configFile = parse_ini_file("../MyFiles/config/cheapmusic.ini",true);
21 
$crypt = Cryptor::getInstance($configFile['cryptor']);
22 
$tmpSessionTab = (isset($_POST["sessionTab"]) && $_POST["sessionTab"] > 0 ? $_POST["sessionTab"] : null);
23 
$handler = MySessionHandler::getInstance($tmpSessionTab, $configFile['mysqli']);
9 - 24 
$vendors = Vendors::getInstance();
25 
$vendors->setVendor($configFile['ebay'], Vendors::EBAY);
26 
$vendors->setVendor($configFile['discogs'], Vendors::DISCOGS);
7 - 27 
unset($configFile);
28 
 
2 - 29 
ini_set("session.cookie_httponly", 1);
30 
ini_set("session.cookie_secure", 1);
7 - 31 
session_set_save_handler($handler, true);
2 - 32 
session_start();
33 
?>
34 
<!DOCTYPE html>
35 
<html lang="en-US">
36 
<head>
37 
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
38 
    <title>Find Cheap Music...</title>
39 
    <meta name="viewport" content="width=device-width, initial-scale=1">
40 
    <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">
41 
    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js" integrity="sha384-JUMjoW8OzDJw4oFpWIB2Bu/c6768ObEthBMVSiIx4ruBIEdyNSUQAjJNFqT5pnJ6" crossorigin="anonymous"></script>
42 
    <script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>
43 
    <script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>
6 - 44 
    <link rel="stylesheet" href="css/style.min.css" integrity="sha384-zfDdfwK/GMKsN/HIVw5QfYNpAuPYAhtEwYs/IFiDiboUBjXRjHpjPt1gdNtJgAWA" crossorigin="anonymous">
3 - 45 
    <link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.8.1/css/all.css" integrity="sha384-50oBUHEmvpQ+1lW4y57PTFmhCaXp0ML5d60M1M7uH2+nqUivzIebhndOJK28anvf" crossorigin="anonymous">
2 - 46 
    <!-- Global site tag (gtag.js) - Google Analytics -->
47 
    <!--script async src="https://www.googletagmanager.com/gtag/js?id=UA-138428761-2"></script-->
48 
    <!--script src="/js/gtag.js" integrity="sha384-ZoAmOe9K3AXr6ONEK6njtE/HMsMvyjck9EfsgXdZLG7rEiz5GqXEk3RQc2cFIRNY" crossorigin="anonymous"></script-->
49 
</head>
50 
<body>
51 
 
52 
<?php
53 
include_once('php/tools.php');
54 
 
5 - 55 
initSessionVariables();
2 - 56 
 
57 
if ($_SERVER["REQUEST_METHOD"] == "POST") {
5 - 58 
	if ($_POST["submit"] == "Search") {
59 
		$zip = sanitizeInput($_POST['buyerZip']);
60 
		if (strlen($zip) == 5 && preg_match("/^[0-9 ]*$/", $zip)) {
61 
			$_SESSION["buyer"]["Zip"] = $zip;
62 
		} else if (strlen($zip) == 0) {
63 
			$_SESSION["buyer"]["Zip"] = "";
64 
		}
2 - 65 
 
14 - 66 
		$searchTerm = searchFriendlyString($_POST['searchTerm']);
9 - 67 
		if (empty($searchTerm)) {
68 
			resetSessionVars();
5 - 69 
		} else {
9 - 70 
			$_SESSION["searchTerm"] = $searchTerm;
2 - 71 
 
5 - 72 
            if (checkSearchFilters()) {
73 
    			performSearch();
74 
    		}
75 
		}
76 
	} else if ($_POST["submit"] == "Save") {
77 
		$_SESSION["filterCondition"]["New"] = checkPV("filterConditionNew");
78 
		$_SESSION["filterCondition"]["Used"] = checkPV("filterConditionUsed");
79 
		$_SESSION["filterMediaType"]["CD"] = checkPV("filterMediaTypeCD");
80 
		$_SESSION["filterMediaType"]["Record"] = checkPV("filterMediaTypeRecord");
81 
		$_SESSION["filterMediaType"]["Digital"] = checkPV("filterMediaTypeDigital");
2 - 82 
 
5 - 83 
        if (checkSearchFilters()) {
84 
			performSearch();
85 
		}
14 - 86 
	} else if ($_POST["submit"] == "discogsSearch") {
87 
		$searchTerm = searchFriendlyString($_POST['discogsSearchTerm']);
88 
		if (empty($searchTerm)) {
89 
			resetSessionVars();
90 
		} else {
91 
			$_SESSION["searchTerm"] = $searchTerm;
92 
 
93 
            if (checkSearchFilters()) {
94 
    			performSearch();
95 
    		}
96 
		}
5 - 97 
	} else if (in_array($_POST["submit"], $buttonArr)) {
98 
		$_SESSION["currentView"] = $_POST["submit"];
99 
		filterResults();
100 
	}
101 
} else if ($_SERVER["REQUEST_METHOD"] == "GET") {
102 
	if (isset($_GET['z'])) {
9 - 103 
    	$_SESSION["buyer"]["Zip"] = "";
5 - 104 
		$zip = sanitizeInput($_GET['z']);
105 
		if (strlen($zip) == 5 && preg_match("/^[0-9 ]*$/", $zip)) {
106 
			$_SESSION["buyer"]["Zip"] = $zip;
107 
		}
108 
	}
2 - 109 
 
9 - 110 
    $_SESSION["searchTerm"] = "";
5 - 111 
	if (isset($_GET['q'])) {
14 - 112 
		$_SESSION["searchTerm"] = searchFriendlyString($_GET["q"]);
5 - 113 
        if (checkSearchFilters()) {
114 
    		performSearch();
115 
    	}
116 
	}
2 - 117 
}
118 
?>
119 
 
14 - 120 
    <form method="post" action="/index.php">
121 
        <input type="hidden" name="sessionTab" value="<?php echo $handler->getSessionTab(); ?>">
122 
       	<input type="hidden" name="searchTerm" value="<?php echo getSV("searchTerm") ?>">
123 
       	<input type="hidden" name="buyerZip" value="<?php echo $_SESSION["buyer"]["Zip"];?>">
124 
        <nav class="navbar navbar-expand-sm bg-dark navbar-dark">
125 
            <button type="submit" name="submit" value="Search" class="navbar-brand btn">Home</button>
126 
            <button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#collapsibleNavbar">
127 
                <span class="navbar-toggler-icon"></span>
128 
            </button>
129 
            <div class="collapse navbar-collapse" id="collapsibleNavbar">
130 
                <ul class="navbar-nav">
131 
                    <li class="nav-item">
132 
                        <button  type="submit" name="submit" value="terms" class="nav-link btn">Terms of Service</button>
133 
                    </li>
134 
                    <li class="nav-item">
135 
                        <button  type="submit" name="submit" value="privacy" class="nav-link btn">Privacy Policy</button>
136 
                    </li>
137 
                </ul>
138 
            </div>
139 
        </nav>
140 
    </form>
2 - 141 
 
3 - 142 
    <div class="page-header bg-primary">
143 
        <div class="container text-center py-3">
14 - 144 
        <?php
145 
            if (getPV('submit') == "terms") {
146 
                echo file_get_contents('snippets/headerTerms.txt');
147 
            } else if (getPV('submit') == "privacy") {
148 
                echo file_get_contents('snippets/headerPrivacy.txt');
149 
            } else {
150 
                echo file_get_contents('snippets/header.txt');
151 
            }
152 
        ?>
2 - 153 
        </div>
154 
    </div>
155 
 
3 - 156 
	<div class="container-fluid bg-primary py-3">
5 - 157 
        <?php
14 - 158 
        if (!in_array(getPV('submit'), array("terms", "privacy"))) {
5 - 159 
            echo $_SESSION["filterWarnings"];
14 - 160 
        }
5 - 161 
        ?>
14 - 162 
        <form <?php if (in_array(getPV('submit'), array("terms", "privacy"))) {echo "style=\"display:none;\"";} ?> method="post" action="/index.php"
2 - 163 
            onsubmit="document.getElementById('search').innerHTML = '&lt;span class=\'spinner-border spinner-border-sm\'&gt;&lt;/span&gt; Searching, please wait...';">
11 - 164 
            <input id="sessionTab" type="hidden" name="sessionTab" value="<?php echo $handler->getSessionTab(); ?>">
2 - 165 
        	<div class="input-group mb-3">
166 
            	<div class="input-group-prepend">
4 - 167 
                    <div class="d-none d-sm-block">
168 
                        <button class="btn input-group-text mx-1 rounded" type="button" data-toggle="modal" data-target="#searchInfoModal"><i class="fas fa-info-circle" style="font-size:25px"></i></button>
169 
                	</div>
170 
                	<button class="btn input-group-text mx-1 rounded" type="button" data-toggle="modal" data-target="#filterModal" data-keyboard="false"><i class="fas fa-filter" style='font-size:25px'></i></button>
2 - 171 
            	</div>
14 - 172 
            	<input id="searchTerm" list="searchHistory" name="searchTerm" type="text" class="form-control ml-1" placeholder="Search by Barcode, Artist, Title, ..." value="<?php echo getSV("searchTerm") ?>">
173 
            	<datalist id="searchHistory">
174 
            	    <?php echo getSearchHistory(); ?>
175 
            	</datalist>
2 - 176 
            	<div class="input-group-append">
177 
                    <button id="search" type="submit" class="btn btn-success" name="submit" value="Search">Go</button>
178 
                </div>
179 
        	</div>
4 - 180 
        	<div class="input-group input-group-sm mb-3 col-xl-5 col-lg-7 col-md-12 col-sm-12 col-12">
2 - 181 
            	<div class="input-group-prepend input-group-sm">
4 - 182 
          			<!--span class="input-group-text mx-1">Shipping to:</span-->
183 
          			<label class="mr-2">Shipping to:</label>
2 - 184 
            	</div>
4 - 185 
                <div class="d-none d-sm-inline-flex">
186 
              		<input type="text" class="form-control form-control-sm mx-1" maxlength="20" style="width:12em!important" id="buyerCountry" name="buyerCountry" value="United States" readonly>
187 
                    <input type="text" class="form-control form-control-sm mx-1" maxlength="3" style="width:3.5em!important" id="buyerCurrency" name="buyerCurrency" value="USD" readonly>
188 
                </div>
5 - 189 
            	<input type="text" class="form-control form-control-sm mx-1" maxlength="5" style="width:2.5em!important" id="buyerZip" name="buyerZip" placeholder="Zip Code" value="<?php echo $_SESSION["buyer"]["Zip"];?>">
2 - 190 
	            <?php
5 - 191 
                    if ($_SESSION["buyer"]["Zip"] == '') {
4 - 192 
                    	echo '<div class="input-group-append input-group-sm mx-1 rounded">';
5 - 193 
                    	echo '  <i class="fas fa-exclamation-triangle input-group-text img-fluid rounded" style="font-size:14px;color:orange;" title="Please enter your postal code to get the accurate shipping cost for items listed using a shipping rate table." data-toggle="tooltip" data-placement="auto" data-delay="100"></i>';
194 
                    	echo '</div>';
195 
                    }
2 - 196 
                ?>
197 
        	</div>
198 
        </form>
199 
    </div>
200 
 
5 - 201 
    <?php
14 - 202 
    if (getPV('submit') == "terms") {
203 
        echo file_get_contents('snippets/terms.txt');
204 
    } else if (getPV('submit') == "privacy") {
205 
        echo file_get_contents('snippets/privacy.txt');
206 
    } else {
9 - 207 
        if ($_SESSION["lowestPrice"]["All"] > 0.00 || !empty($_SESSION["searchTerm"])) {
12 - 208 
            echo $_SESSION["discogs"];
11 - 209 
	        echo "<div id=\"productTable\">";
9 - 210 
            echo printTableHeader();
211 
            echo buildTable();
11 - 212 
            echo "</div>";
9 - 213 
        }
5 - 214 
        echo printSearchFilterModal();
215 
        echo printSearchInfoModal();
14 - 216 
        session_commit();
217 
    }
5 - 218 
    ?>
2 - 219 
 
14 - 220 
    <div class="modal" id="progressBarDiv">
221 
        <div class="modal-dialog">
222 
            <div class="modal-content">
223 
                <div class="modal-header">
224 
                    <h4 id="progressBarHeader"></h4>
225 
                </div>
226 
                <div class="modal-body">
227 
                    <div class="progress">
228 
                        <div id="progressBar" class="progress-bar" style="width:0%">0%</div>
229 
                    </div>
230 
                </div>
231 
            </div>
232 
        </div>
233 
    </div>
234 
 
2 - 235 
    <footer class="container-fluid text-center">
236 
        <p>Disclaimer: As an Associate we earn from qualifying purchases.</p>
9 - 237 
        <p>Copyright &#169; <?php echo date("Y"); ?> FindCheapMusic.com. All rights reserved.</p>
2 - 238 
    </footer>
239 
 
11 - 240 
    <script src="/js/dr.min.js" integrity="sha384-dxd4PdwnWxgxHO8a50F7CizVhl9/GaPSQHyOtYUzpZYBvTgiWLRLj6rQYc/w1vNF" crossorigin="anonymous"></script>
2 - 241 
</body>
242 
</html>