Subversion Repositories cheapmusic

<?php
include_once ('php/hosting.php');
include_once ('php/constants.php');
include_once ('php/sessions_db.php');
include_once ('php/cryptor.php');
include_once ('php/tools.php');
include_once ('php/clsLibGTIN.php');
include_once ("php/NonceUtil.php");

error_reporting(E_ALL);

$configFile = parse_ini_file($_SERVER['DOCUMENT_ROOT'] . FCM_CONFIGFILE, true);
$crypt = Cryptor::getInstance($configFile['cryptor']);
$tmpSessionTab = (isset($_POST["sessionTab"]) && $_POST["sessionTab"] > 0 ? $_POST["sessionTab"] : null);
$handler = MySessionHandler::getInstance($tmpSessionTab, $configFile['mysqli']);
$systemConf = $configFile['system'];
unset($configFile);

session_set_cookie_params(604800, '/', '.findcheapmusic.com', true, true);
session_set_save_handler($handler, true);
if (!empty($_COOKIE['PHPSESSID'])) {
    session_id($_COOKIE['PHPSESSID']);
}
session_start();

initSessionVariables();

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (!getPGV("nonce") || NonceUtil::check($systemConf["nonce_secret"], getPGV("nonce")) === false) {
        exit;
    }
    
    $barcode = getPGV("barcode");
    

    if ($_POST["submit"] == "check") {
        if (empty($barcode) || !is_numeric($barcode) || strlen($barcode) > 14 || strlen($barcode) < 8) {
            myExit("Invalid Barcode", null, true);
        }

        $type = clsLibGTIN::GTINCheck($barcode, false, 1);
        $value = clsLibGTIN::GTINCheck($barcode);
        if (!$type) {
            myExit("Barcode does not have a valid check digit", null, true);
        } else {
            myExit("Valid barcode<br>" . $type . " " . $value, $value);
        }
    } else if ($_POST["submit"] == "calc") {
        if (empty($barcode) || strlen($barcode) > 13 || strlen($barcode) < 8) {
            myExit("Invalid Barcode", null, true);
        }

        $type = clsLibGTIN::GTINCheck($barcode, false, 1);
        $value = clsLibGTIN::GTINCheck($barcode);
        if ($type) {
            myExit("Barcode already has a valid check digit" . "<br>" . $type . " " . $value, $value);
        }
        $res = $checkDigit = clsLibGTIN::GTINCalcCheckDigit($barcode);
        if (!$res) {
            myExit("Invalid Barcode", null, true);
        }
        $type = clsLibGTIN::GTINCheck($barcode . $checkDigit, false, 1);
        $value = clsLibGTIN::GTINCheck($barcode . $checkDigit);
        myExit("Check Digit is " . $checkDigit . "<br>" . $type . " " . $value, $value);
    }
}

MySessionHandler::commit(session_id());
exit;

function myExit($msg, $value, $isError = false) {
    echo '<span class="' . ($isError ? 'text-danger' : 'text-success') . '">' . $msg . '</span>';
    if (!$isError) {
        echo '<div class="mt-3">';
        echo '<form id="barcodeSearchForm" method="post" action="/index.php">';
        echo '<input type="hidden" name="sessionTab" value="' . MySessionHandler::getSessionTab() . '" />';
        echo '<input id="barcodeSearchTerm" type="hidden" name="searchTerm" value="' . $value . '" />';
        echo '<button id="barcodeSearchBtn" type="submit" class="btn btn-success" name="submit" value="Search">Search ' . $value . '</button>';
        echo '</form>';
        echo '</div>';
        saveBarcodeSearch($value);
    }
    MySessionHandler::commit(session_id());
    exit;
}

function saveBarcodeSearch($value) {
    $_sess_db = MySessionHandler::getDBSessionId();

    $access = mysqli_real_escape_string($_sess_db, time());
    $barcode = mysqli_real_escape_string($_sess_db, $value);
    $userId = (empty($_SESSION['sessData']['userID']) ? 'NULL' : $_SESSION['sessData']['userID']);
    $ip = inet_pton($_SERVER['REMOTE_ADDR']);

    $sql = "INSERT
            INTO barcodeChecks
            (sessId, access, ip, barcode, userId)
            VALUES  ('" . session_id() . "', '$access', '$ip', '$barcode', $userId)";

    if (!mysqli_query($_sess_db, $sql)) {
        error_log("Error: " . $sql . " | " . mysqli_error($_sess_db));
    }
 
}