Subversion Repositories cheapmusic

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
2 - 1
<?php
2
if ($_SERVER["SERVER_NAME"] == "www.findcheapmusic.com") {
3
  header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
4
  header("X-Content-Type-Options: nosniff");
5
  header("X-XSS-Protection: 1; mode=block");
6
  header("Access-Control-Allow-Origin: *");
7
  header("Referrer-Policy: no-referrer");
8
  header("X-Frame-Options: SAMEORIGIN");
9
  header("Set-Cookie: ^(.*)$ $1;HttpOnly;Secure");
10
  header("Content-Security-Policy:  default-src 'none'; img-src 'self'; script-src 'unsafe-inline'; style-src 'unsafe-inline';frame-ancestors 'self'");
11
}
12
 
13
if (isset($_GET["target"])) {
14
 
15
    $location = base64_decode($_GET["target"]);
16
 
9 - 17
    saveRedirect();
2 - 18
    printHeader();
19
    printMessage($location);
20
    printFooter();
9 - 21
    saveRedirect();
14 - 22
    session_commit();
2 - 23
 
24
    echo '<script type="text/javascript">setTimeout( function() { location.href="' . $location . '"; }, 250);</script>';
25
 
26
    exit;
27
 
28
} else {
29
 
30
    header("Location: https://www.findcheapmusic.com/index.php");
31
 
32
    exit;
33
 
34
}
35
 
36
function printHeader() {
37
    echo '<!DOCTYPE html>';
38
    echo '<html lang="en">';
39
    echo '<head>';
9 - 40
    echo '    <title>FindCheapMusic Transfer Page</title>';
2 - 41
    echo '    <meta charset="UTF-8">';
42
    echo '    <meta name="viewport" content="width=device-width, initial-scale=1.0">';
43
    echo '    <style>';
44
    echo '    html, body { margin: 0; padding: 0; width: 100%; height: 100%; display: table; }';
45
    echo '    #content { display: table-cell; text-align: center; vertical-align: middle; }';
46
    echo '    </style>';
47
    echo '</head>';
48
    echo '<body>';
49
    echo '    <div id="content">';
50
}
51
 
52
function printMessage($location) {
9 - 53
    echo '<h1>FindCheapMusic Transfer Page</h1>';
54
    echo '<p>You are now leaving FindCheapMusic.com. <a href="' . $location . '">Press here</a> if the page doesn\'t load.';
2 - 55
}
56
 
57
function printFooter() {
58
    echo '    </div>';
59
    echo '</body>';
60
    echo '</html>';
61
    echo '';
62
}
9 - 63
 
64
function saveRedirect() {
65
    include_once('php/sessions_db.php');
66
    include_once('php/cryptor.php');
67
 
68
    $configFile = parse_ini_file("../MyFiles/config/cheapmusic.ini",true);
69
    $crypt = Cryptor::getInstance($configFile['cryptor']);
70
    $tmpSessionTab = (isset($_POST["sessionTab"]) && $_POST["sessionTab"] > 0 ? $_POST["sessionTab"] : null);
71
    $handler = MySessionHandler::getInstance($tmpSessionTab, $configFile['mysqli']);
72
    unset($configFile);
73
 
74
    ini_set("session.cookie_httponly", 1);
75
    ini_set("session.cookie_secure", 1);
76
    session_set_save_handler($handler, true);
11 - 77
    @session_start();
9 - 78
 
79
    $_sess_db = $handler->getDBSessionId();
80
 
81
    $access = mysqli_real_escape_string($_sess_db, time());
82
    $url = mysqli_real_escape_string($_sess_db, base64_decode($_GET["target"]));
83
 
84
    $sql = "INSERT
85
            INTO transfers
86
            (sessId, access, url)
87
            VALUES  ('" . session_id() . "', '$access', '$url')";
88
 
89
    return mysqli_query($_sess_db, $sql);
90
}
2 - 91
?>