WebSVN – cheapmusic – Blame – /www/index.php

Rev	Author	Line No.	Line
2	-	1	`<?php`
7	-	2	`include_once('php/sessions_db.php');`
		3	`include_once('php/cryptor.php');`
9	-	4	`include_once('php/vendors.php');`
7	-	5
9	-	6	`error_reporting(E_ALL);`
		7
2	-	8	`if ($_SERVER["SERVER_NAME"] == "www.findcheapmusic.com") {`
14	-	9	`ini_set("zlib.output_compression", "On");`
5	-	10	`header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");`
		11	`header("X-Content-Type-Options: nosniff");`
		12	`header("X-XSS-Protection: 1; mode=block");`
		13	`header("Access-Control-Allow-Origin: *");`
		14	`header("Referrer-Policy: no-referrer");`
		15	`header("X-Frame-Options: SAMEORIGIN");`
		16	`header("Set-Cookie: ^(.*)$ $1;HttpOnly;Secure");`
10	-	17	header("Content-Security-Policy: default-src 'none'; font-src https://use.fontawesome.com; form-action 'self'; img-src 'self' data: https://img.discogs.com https://thumbs1.ebaystatic.com https://thumbs2.ebaystatic.com https://thumbs3.ebaystatic.com https://thumbs4.ebaystatic.com; script-src 'self' 'unsafe-inline' https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js; style-src 'self' 'unsafe-inline' https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/ https://use.fontawesome.com/releases/v5.8.1/css/;frame-ancestors 'self'");
2	-	18	`}`
		19
7	-	20	`$configFile = parse_ini_file("../MyFiles/config/cheapmusic.ini",true);`
		21	`$crypt = Cryptor::getInstance($configFile['cryptor']);`
		22	`$tmpSessionTab = (isset($_POST["sessionTab"]) && $_POST["sessionTab"] > 0 ? $_POST["sessionTab"] : null);`
		23	`$handler = MySessionHandler::getInstance($tmpSessionTab, $configFile['mysqli']);`
9	-	24	`$vendors = Vendors::getInstance();`
		25	`$vendors->setVendor($configFile['ebay'], Vendors::EBAY);`
		26	`$vendors->setVendor($configFile['discogs'], Vendors::DISCOGS);`
7	-	27	`unset($configFile);`
		28
2	-	29	`ini_set("session.cookie_httponly", 1);`
		30	`ini_set("session.cookie_secure", 1);`
7	-	31	`session_set_save_handler($handler, true);`
2	-	32	`session_start();`
		33	`?>`
		34	`<!DOCTYPE html>`
		35	`<html lang="en-US">`
		36	`<head>`
		37	`<meta http-equiv="Content-Type" content="text/html; charset=utf-8">`
		38	`<title>Find Cheap Music...</title>`
		39	`<meta name="viewport" content="width=device-width, initial-scale=1">`
		40	`<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css" integrity="sha384-ggOyR0iXCbMQv3Xipma34MD+dH/1fQ784/j6cY/iJTQUOhcWr7x9JvoRxT2MZw1T" crossorigin="anonymous">`
		41	`<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js" integrity="sha384-JUMjoW8OzDJw4oFpWIB2Bu/c6768ObEthBMVSiIx4ruBIEdyNSUQAjJNFqT5pnJ6" crossorigin="anonymous"></script>`
		42	`<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js" integrity="sha384-UO2eT0CpHqdSJQ6hJty5KVphtPhzWj9WO1clHTMGa3JDZwrnQq4sF86dIHNDz0W1" crossorigin="anonymous"></script>`
		43	`<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous"></script>`
6	-	44	`<link rel="stylesheet" href="css/style.min.css" integrity="sha384-zfDdfwK/GMKsN/HIVw5QfYNpAuPYAhtEwYs/IFiDiboUBjXRjHpjPt1gdNtJgAWA" crossorigin="anonymous">`
3	-	45	`<link rel="stylesheet" href="https://use.fontawesome.com/releases/v5.8.1/css/all.css" integrity="sha384-50oBUHEmvpQ+1lW4y57PTFmhCaXp0ML5d60M1M7uH2+nqUivzIebhndOJK28anvf" crossorigin="anonymous">`
16	-	46	`<link rel="stylesheet" href="css/jquery-editable-select.min.css" integrity="sha384-ylZcrryORe1brwha2l7zJNLDV1VOmdXPb1DDx9ZaiMyNN0t3kOHLBJyFhTZu7/qC" crossorigin="anonymous">`
		47	`<script src="js/jquery-editable-select.min.js" integrity="sha384-wZoBY63PDi1b6YunZUyZkRud3LIMd3R0LKK+L11tUDaM+R3ZhhCTlCSozwKkf4+w" crossorigin="anonymous"></script>`
2	-	48	`<!-- Global site tag (gtag.js) - Google Analytics -->`
		49	`<!--script async src="https://www.googletagmanager.com/gtag/js?id=UA-138428761-2"></script-->`
		50	`<!--script src="/js/gtag.js" integrity="sha384-ZoAmOe9K3AXr6ONEK6njtE/HMsMvyjck9EfsgXdZLG7rEiz5GqXEk3RQc2cFIRNY" crossorigin="anonymous"></script-->`
		51	`</head>`
		52	`<body>`
		53
		54	`<?php`
		55	`include_once('php/tools.php');`
		56
5	-	57	`initSessionVariables();`
2	-	58
		59	`if ($_SERVER["REQUEST_METHOD"] == "POST") {`
5	-	60	`if ($_POST["submit"] == "Search") {`
		61	`$zip = sanitizeInput($_POST['buyerZip']);`
		62	`if (strlen($zip) == 5 && preg_match("/^[0-9 ]*$/", $zip)) {`
		63	`$_SESSION["buyer"]["Zip"] = $zip;`
		64	`} else if (strlen($zip) == 0) {`
		65	`$_SESSION["buyer"]["Zip"] = "";`
		66	`}`
2	-	67
14	-	68	`$searchTerm = searchFriendlyString($_POST['searchTerm']);`
9	-	69	`if (empty($searchTerm)) {`
		70	`resetSessionVars();`
5	-	71	`} else {`
9	-	72	`$_SESSION["searchTerm"] = $searchTerm;`
2	-	73
5	-	74	`if (checkSearchFilters()) {`
		75	`performSearch();`
		76	`}`
		77	`}`
		78	`} else if ($_POST["submit"] == "Save") {`
		79	`$_SESSION["filterCondition"]["New"] = checkPV("filterConditionNew");`
		80	`$_SESSION["filterCondition"]["Used"] = checkPV("filterConditionUsed");`
		81	`$_SESSION["filterMediaType"]["CD"] = checkPV("filterMediaTypeCD");`
		82	`$_SESSION["filterMediaType"]["Record"] = checkPV("filterMediaTypeRecord");`
		83	`$_SESSION["filterMediaType"]["Digital"] = checkPV("filterMediaTypeDigital");`
2	-	84
5	-	85	`if (checkSearchFilters()) {`
		86	`performSearch();`
		87	`}`
14	-	88	`} else if ($_POST["submit"] == "discogsSearch") {`
		89	`$searchTerm = searchFriendlyString($_POST['discogsSearchTerm']);`
		90	`if (empty($searchTerm)) {`
		91	`resetSessionVars();`
		92	`} else {`
		93	`$_SESSION["searchTerm"] = $searchTerm;`
		94
		95	`if (checkSearchFilters()) {`
		96	`performSearch();`
		97	`}`
		98	`}`
5	-	99	`} else if (in_array($_POST["submit"], $buttonArr)) {`
		100	`$_SESSION["currentView"] = $_POST["submit"];`
		101	`filterResults();`
		102	`}`
		103	`} else if ($_SERVER["REQUEST_METHOD"] == "GET") {`
		104	`if (isset($_GET['z'])) {`
9	-	105	`$_SESSION["buyer"]["Zip"] = "";`
5	-	106	`$zip = sanitizeInput($_GET['z']);`
		107	`if (strlen($zip) == 5 && preg_match("/^[0-9 ]*$/", $zip)) {`
		108	`$_SESSION["buyer"]["Zip"] = $zip;`
		109	`}`
		110	`}`
2	-	111
9	-	112	`$_SESSION["searchTerm"] = "";`
5	-	113	`if (isset($_GET['q'])) {`
14	-	114	`$_SESSION["searchTerm"] = searchFriendlyString($_GET["q"]);`
5	-	115	`if (checkSearchFilters()) {`
		116	`performSearch();`
		117	`}`
		118	`}`
2	-	119	`}`
		120	`?>`
		121
14	-	122	`<form method="post" action="/index.php">`
		123	`<input type="hidden" name="sessionTab" value="<?php echo $handler->getSessionTab(); ?>">`
		124	`<input type="hidden" name="searchTerm" value="<?php echo getSV("searchTerm") ?>">`
		125	`<input type="hidden" name="buyerZip" value="<?php echo $_SESSION["buyer"]["Zip"];?>">`
		126	`<nav class="navbar navbar-expand-sm bg-dark navbar-dark">`
		127	`<button type="submit" name="submit" value="Search" class="navbar-brand btn">Home</button>`
		128	`<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#collapsibleNavbar">`
		129	`<span class="navbar-toggler-icon"></span>`
		130	`</button>`
		131	`<div class="collapse navbar-collapse" id="collapsibleNavbar">`
		132	`<ul class="navbar-nav">`
		133	`<li class="nav-item">`
15	-	134	`<button type="submit" name="submit" value="terms" class="nav-link btn">Terms of Service</button>`
14	-	135	`</li>`
		136	`<li class="nav-item">`
15	-	137	`<button type="submit" name="submit" value="privacy" class="nav-link btn">Privacy Policy</button>`
14	-	138	`</li>`
		139	`</ul>`
		140	`</div>`
		141	`</nav>`
		142	`</form>`
2	-	143
3	-	144	`<div class="page-header bg-primary">`
		145	`<div class="container text-center py-3">`
14	-	146	`<?php`
		147	`if (getPV('submit') == "terms") {`
		148	`echo file_get_contents('snippets/headerTerms.txt');`
		149	`} else if (getPV('submit') == "privacy") {`
		150	`echo file_get_contents('snippets/headerPrivacy.txt');`
		151	`} else {`
		152	`echo file_get_contents('snippets/header.txt');`
		153	`}`
		154	`?>`
2	-	155	`</div>`
		156	`</div>`
		157
3	-	158	`<div class="container-fluid bg-primary py-3">`
5	-	159	`<?php`
14	-	160	`if (!in_array(getPV('submit'), array("terms", "privacy"))) {`
5	-	161	`echo $_SESSION["filterWarnings"];`
14	-	162	`}`
5	-	163	`?>`
15	-	164	`<form <?php if (in_array(getPV('submit'), array("terms", "privacy"))) {echo "hidden";} ?> method="post" action="/index.php"`
		165	`onsubmit="progressBar('Searching for ' + document.getElementById('searchTerm').value);document.getElementById('searchBtn').innerHTML = '<span class=\'spinner-border spinner-border-sm\'></span> Searching, please wait...';">`
		166	`<input id="sessionId" type="hidden" name="sessionId" value="<?php echo session_id(); ?>">`
11	-	167	`<input id="sessionTab" type="hidden" name="sessionTab" value="<?php echo $handler->getSessionTab(); ?>">`
2	-	168	`<div class="input-group mb-3">`
		169	`<div class="input-group-prepend">`
4	-	170	`<div class="d-none d-sm-block">`
		171	`<button class="btn input-group-text mx-1 rounded" type="button" data-toggle="modal" data-target="#searchInfoModal"><i class="fas fa-info-circle" style="font-size:25px"></i></button>`
		172	`</div>`
		173	`<button class="btn input-group-text mx-1 rounded" type="button" data-toggle="modal" data-target="#filterModal" data-keyboard="false"><i class="fas fa-filter" style='font-size:25px'></i></button>`
2	-	174	`</div>`
16	-	175	`<select id="searchTerm" list="searchHistory" name="searchTerm" type="text" class="form-control ml-1 editable-select" autocomplete-off placeholder="Search by Barcode, Artist, Title, ..." value="<?php echo getSV("searchTerm") ?>">`
14	-	176	`<?php echo getSearchHistory(); ?>`
16	-	177	`</select>`
2	-	178	`<div class="input-group-append">`
15	-	179	`<button id="searchBtn" type="submit" class="btn btn-success" name="submit" value="Search">Go</button>`
2	-	180	`</div>`
		181	`</div>`
4	-	182	`<div class="input-group input-group-sm mb-3 col-xl-5 col-lg-7 col-md-12 col-sm-12 col-12">`
2	-	183	`<div class="input-group-prepend input-group-sm">`
4	-	184	`<!--span class="input-group-text mx-1">Shipping to:</span-->`
		185	`<label class="mr-2">Shipping to:</label>`
2	-	186	`</div>`
4	-	187	`<div class="d-none d-sm-inline-flex">`
		188	`<input type="text" class="form-control form-control-sm mx-1" maxlength="20" style="width:12em!important" id="buyerCountry" name="buyerCountry" value="United States" readonly>`
		189	`<input type="text" class="form-control form-control-sm mx-1" maxlength="3" style="width:3.5em!important" id="buyerCurrency" name="buyerCurrency" value="USD" readonly>`
		190	`</div>`
5	-	191	`<input type="text" class="form-control form-control-sm mx-1" maxlength="5" style="width:2.5em!important" id="buyerZip" name="buyerZip" placeholder="Zip Code" value="<?php echo $_SESSION["buyer"]["Zip"];?>">`
2	-	192	`<?php`
5	-	193	`if ($_SESSION["buyer"]["Zip"] == '') {`
4	-	194	`echo '<div class="input-group-append input-group-sm mx-1 rounded">';`
5	-	195	`echo ' <i class="fas fa-exclamation-triangle input-group-text img-fluid rounded" style="font-size:14px;color:orange;" title="Please enter your postal code to get the accurate shipping cost for items listed using a shipping rate table." data-toggle="tooltip" data-placement="auto" data-delay="100"></i>';`
		196	`echo '</div>';`
		197	`}`
2	-	198	`?>`
		199	`</div>`
		200	`</form>`
		201	`</div>`
		202
5	-	203	`<?php`
14	-	204	`if (getPV('submit') == "terms") {`
		205	`echo file_get_contents('snippets/terms.txt');`
		206	`} else if (getPV('submit') == "privacy") {`
		207	`echo file_get_contents('snippets/privacy.txt');`
		208	`} else {`
9	-	209	`if ($_SESSION["lowestPrice"]["All"] > 0.00 \|\| !empty($_SESSION["searchTerm"])) {`
12	-	210	`echo $_SESSION["discogs"];`
11	-	211	`echo "<div id=\"productTable\">";`
9	-	212	`echo printTableHeader();`
		213	`echo buildTable();`
11	-	214	`echo "</div>";`
9	-	215	`}`
5	-	216	`echo printSearchFilterModal();`
		217	`echo printSearchInfoModal();`
14	-	218	`session_commit();`
		219	`}`
5	-	220	`?>`
2	-	221
14	-	222	`<div class="modal" id="progressBarDiv">`
		223	`<div class="modal-dialog">`
		224	`<div class="modal-content">`
		225	`<div class="modal-header">`
15	-	226	`<h4 id="progressBarHeader">Searching</h4>`
14	-	227	`</div>`
		228	`<div class="modal-body">`
		229	`<div class="progress">`
		230	`<div id="progressBar" class="progress-bar" style="width:0%">0%</div>`
		231	`</div>`
		232	`</div>`
15	-	233	`<div class="modal-footer">`
		234	`<span id="progressBarMessage"></span>`
		235	`</div>`
14	-	236	`</div>`
		237	`</div>`
		238	`</div>`
		239
2	-	240	`<footer class="container-fluid text-center">`
		241	`<p>Disclaimer: As an Associate we earn from qualifying purchases.</p>`
9	-	242	`<p>Copyright © <?php echo date("Y"); ?> FindCheapMusic.com. All rights reserved.</p>`
2	-	243	`</footer>`
		244
16	-	245	`<script src="/js/dr.min.js" integrity="sha384-zlmvCCTDB20evqOkLqgX/Hj9N21ss3ScwXo8tYLW5EBNaKXXkK1zJk6ACt3let8y" crossorigin="anonymous"></script>`
2	-	246	`</body>`
		247	`</html>`

Subversion Repositories cheapmusic

(root)/www/index.php – Rev 16