<?php
// osCommerce Product Manager for Windows (oscpmwin).
// Copyright ©2003-2007 by Mario A. Valdez-Ramirez.
// You can contact Mario A. Valdez-Ramirez
// by email at mario@mariovaldez.org or paper mail at
// Olmos 809, San Nicolas, NL. 66495, Mexico.
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or (at
// your option) any later version.
// This program is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
// ==================================
// Start of configuration options...
// ==================================
$opm_images_directory = "images/";
$opm_enable_logfile = false;
$opm_enable_extralog = false;
$opm_debug_file = "opm_debug.txt";
$opm_browser_debug = false;
$opm_enable_auth = true;
$opm_password_override = "";
$opm_upload_perms = "0644";
$opm_timezone_shift = 0;
$opm_allow_compression = true;
$opm_compress_level = 1;
$opm_cfg_useproxy = false;
$opm_cfg_proxyaddress = "192.168.0.1";
$opm_cfg_proxyport = 3128;
// ==================================
// End of configuration options...
// ==================================
$opm_httpconn_timeout = 60; // 60 seconds
$opm_tag_recordbegin = "BR"; // BR
$opm_tag_recordend = "ER"; // ER
$opm_tag_field = "DF"; // DF
$opm_tag_databegin = "["; // [
$opm_tag_dataend = "]"; // ]
$opm_tag_comment = "#"; // #
$opm_tag_stats = "ST"; // ST
$opm_tag_fieldlist = "FL"; // FL
$opm_session_string = "OSCPMCHECKER";
$opm_max_failedlogins = 8; // Max logins before blocking the client.
$opm_max_blocktime = 3600; // Time a client is blocked after too many failures.
$opm_max_tracktime = 900; // Time to store the login story of each client.
$opm_sleep_afterfail = 15; // Delay when login fails.
$opm_script_version = "0.8.9";
error_reporting(E_ALL & ~E_NOTICE);
$opm_realpath = str_replace (basename (__FILE__), "", __FILE__) . $opm_images_directory;
$opm_tmpsoftwarename = explode (" ", $HTTP_SERVER_VARS["SERVER_SOFTWARE"]);
$opm_tmposname = explode (" ", php_uname ());
$opm_useragent = "User-Agent: OSCPMWin/$opm_script_version " . $opm_tmpsoftwarename[0] . " MySQL/unknown " . $opm_tmposname[0];
@set_time_limit (300);
if (!$opm_upload_perms) {
$opm_upload_perms = "0600";
}
$opm_ip_address = $_SERVER["REMOTE_ADDR"];
if (!$opm_ip_address) {
$opm_ip_address = $HTTP_SERVER_VARS["REMOTE_ADDR"];
if (!$opm_ip_address) {
$opm_ip_address = $_ENV["REMOTE_ADDR"];
if (!$opm_ip_address) {
$opm_ip_address = getenv("REMOTE_ADDR");
}
else $opm_ip_address = "";
}
}
// Get all parameters about the request.
if (!$opm_browser_debug) {
$opm_passwordhash = strtoupper (trim ($_POST["Pw"]));
$opm_operation = strtolower (trim ($_POST["Op"]));
$opm_filename = str_replace (" ", "_", str_replace ("..", "", str_replace ("\\", "", str_replace ("//", "/", trim ($_POST["Fn"])))));
$opm_subdir = str_replace (" ", "_", str_replace ("..", "", str_replace ("\\", "", str_replace ("//", "/", trim ($_POST["SD"])))));
$opm_query = base64_decode (trim ($_POST["Qy"]));
$opm_reqversion = trim ($_POST["Vn"]);
$opm_logintimestamp = trim ($_POST["TS"]);
$opm_compress = abs ($_POST["Gz"]);
}
else {
$opm_passwordhash = strtoupper (trim ($_GET["Pw"]));
$opm_operation = strtolower (trim ($_GET["Op"]));
$opm_filename = str_replace (" ", "_", str_replace ("..", "", str_replace ("\\", "", str_replace ("//", "/", trim ($_GET["Fn"])))));
$opm_subdir = str_replace (" ", "_", str_replace ("..", "", str_replace ("\\", "", str_replace ("//", "/", trim ($_GET["SD"])))));
$opm_query = trim ($_GET["Qy"]);
$opm_reqversion = trim ($_GET["Vn"]);
$opm_logintimestamp = trim ($_GET["TS"]);
$opm_compress = abs ($_GET["Gz"]);
}
if (($opm_filename{0} == "/") || ($opm_filename{0} == ".")) {
$opm_filename = substr ($opm_filename, 1, strlen ($opm_filename) - 1);
}
$opm_compress = ($opm_compress && $opm_allow_compression);
/*
Note on parameters:
When the operation needs a parameter, it shold be send using
either FN or QY (Filename or Query). The difference is that
FN is cleaned (deleting slashes, dots and spaces) while QY
is not cleaned. However, QY is always Base64-encoded.
*/
// Log basic information about the request.
if ($opm_enable_extralog) {
if (!$opm_browser_debug) {
opm_FNDebug_Log (print_r ($_POST, true));
}
else {
opm_FNDebug_Log (print_r ($_GET, true));
}
}
else {
opm_FNDebug_Log ("");
}
opm_FNDebug_Log ("REALPATH=" . $opm_realpath);
opm_FNDebug_Log ("PASSWORDHASH=" . $opm_passwordhash);
opm_FNDebug_Log ("OPERATION=" . $opm_operation);
opm_FNDebug_Log ("FILENAME=" . $opm_filename);
opm_FNDebug_Log ("SUBDIR=" . $opm_subdir);
opm_FNDebug_Log ("QUERY=" . $opm_query);
opm_FNDebug_Log ("REQVERSION=" . $opm_reqversion);
opm_FNDebug_Log ("LOGINTIMESTAMP=" . $opm_logintimestamp);
opm_FNDebug_Log ("COMPRESS=" . $opm_compress);
// Include osCommerce database configuration and functions.
require ("includes/configure.php");
require (DIR_WS_INCLUDES . "database_tables.php");
require (DIR_WS_FUNCTIONS . "database.php");
if ($opm_browser_debug) { echo "<pre>"; }
// Check if script version is the expected by client.
if (($opm_script_version != $opm_reqversion) && ($opm_operation)) {
opm_FNDebug_Log ("ERROR 1000 wrong script version. Expected $opm_reqversion, but we are $opm_script_version.");
echo "ERROR 1000 WRONG SCRIPT VERSION";
return;
}
// Check if the image directory is valid.
if (!is_dir ($opm_realpath) && ($opm_operation)) {
opm_FNDebug_Log ("ERROR 1010 cannot find the images directory. Expecting $opm_realpath exist.");
echo "ERROR 1010 IMAGE DIRECTORY NOT FOUND";
return;
}
// Connect to database.
if (!tep_db_connect ()) {
echo "ERROR 1031 NO DATABASE CONNECTION";
return;
}
// Get osCommerce DB password and compare it with client password.
// Unless no operation is requested.
if ($opm_operation) {
if ($opm_enable_auth) {
if (defined ("DB_SERVER_PASSWORD") || ($opm_password_override != "")) {
// Check if the client is known...
$opm_failed_attempts = 0;
$opm_failed_time = time ();
$opm_sql_result = tep_db_query ("select customer_id, full_name, session_id, ip_address, time_entry, time_last_click, last_page_url from " . TABLE_WHOS_ONLINE . " where customer_id=0 and session_id='$opm_session_string' and ip_address='$opm_ip_address'");
if ($opm_sql_record = tep_db_fetch_array ($opm_sql_result)) {
// It is known...
if (round (abs ($opm_sql_record["time_last_click"])) > ($opm_failed_time - $opm_max_tracktime)) {
$opm_failed_attempts = round (abs ($opm_sql_record["last_page_url"]));
if ($opm_failed_attempts > $opm_max_failedlogins) {
// It is blocked...
$opm_failed_time = time () + $opm_max_blocktime;
}
}
else {
// We are not tracking it...
$opm_failed_attempts = 0;
}
// Updates the tracking information...
$opm_sql_result = tep_db_query ("update " . TABLE_WHOS_ONLINE . " set time_last_click='$opm_failed_time' where customer_id=0 and session_id='$opm_session_string' and ip_address='$opm_ip_address'");
}
else {
// Creates a tracking record...
$opm_sql_result = tep_db_query ("insert into " . TABLE_WHOS_ONLINE . " (customer_id, full_name, session_id, ip_address, time_entry, time_last_click, last_page_url) values (0, '$opm_session_string', '$opm_session_string', '$opm_ip_address', '$opm_failed_time', '$opm_failed_time', '0')");
}
if ($opm_failed_attempts > $opm_max_failedlogins) {
// The client is blocked, show error...
opm_FNDebug_Log ("ERROR 1024 the client ($opm_ip_address) has been blocked, too many failed logins ($opm_failed_attempts).");
sleep ($opm_sleep_afterfail);
echo "ERROR 1024 BLOCKED";
return;
}
else {
// The client is not blocked, continue...
if ($opm_password_override != "") {
opm_FNDebug_Log ("Password override is enabled.");
$opm_serverpassword = strtoupper (md5 ($opm_logintimestamp . $opm_password_override));
}
else {
$opm_serverpassword = strtoupper (md5 ($opm_logintimestamp . DB_SERVER_PASSWORD));
}
opm_FNDebug_Log ("SERVERPASSWORDHASH=" . $opm_serverpassword);
if ($opm_serverpassword != $opm_passwordhash) {
// Password mismatch...
opm_FNDebug_Log ("ERROR 1020 the server and client passwords do not match.");
$opm_failed_attempts++;
opm_FNDebug_Log ("Failed logins from $opm_ip_address = $opm_failed_attempts");
// Update tracking data about this...
$opm_sql_result = tep_db_query ("update " . TABLE_WHOS_ONLINE . " set time_last_click='$opm_failed_time', last_page_url='$opm_failed_attempts' where customer_id=0 and session_id='$opm_session_string' and ip_address='$opm_ip_address'");
if ($opm_failed_attempts > 1) {
// This is not the first failure, delay a bit...
sleep ($opm_sleep_afterfail);
}
echo "ERROR 1020 PASSWORD MISMATCH";
return;
}
else {
// Password match, reset failures count in tracking data...
$opm_sql_result = tep_db_query ("update " . TABLE_WHOS_ONLINE . " set time_last_click='$opm_failed_time', last_page_url='0' where customer_id=0 and session_id='$opm_session_string' and ip_address='$opm_ip_address'");
}
}
}
else {
opm_FNDebug_Log ("ERROR 1021 the server password was not found.");
echo "ERROR 1021 CANNOT FIND SERVER PASSWORD";
return;
}
}
else {
opm_FNDebug_Log ("Password authentication is disabled.");
}
}
else {
$opm_simpletest_dbok = false;
$opm_simpletest_imgok = false;
echo "<html><head><title>osCommerce Product Manager (OSCPMWin).</title>\n";
echo "<style>\nBODY { font-family: sans-serif; background-color: #FFFFFF; }\n";
echo "LI { padding: 5px; }\n";
echo "H3 { padding: 5px 5px 5px 20px; }\n";
echo "A { color: #0000FF; text-decoration: none; }\n";
echo "A:hover { color: #FF0000; text-decoration: underline; }\n";
echo "DIV { border: solid 2px #000000; margin: 10px 20px 10px 20px; }";
echo ".ok { background-color: #CCFFCC; }\n";
echo ".notok { background-color: #FFCCCC; }\n";
echo ".info { background-color: #EEEEFF; }\n";
echo ".links { background-color: #EEEEEE; }\n";
echo "</style>\n";
echo "</head><body>\n";
echo "<h3>osCommerce Product Manager (OSCPMWin),<br>server-side script $opm_script_version</h3>\n";
$opm_simpletest_dbok = (boolean) (tep_db_connect ());
$opm_simpletest_imgok = (boolean) (file_exists ($opm_realpath) && is_readable ($opm_realpath) && is_writable ($opm_realpath) && is_dir ($opm_realpath));
if ($opm_simpletest_dbok && $opm_simpletest_imgok) {
echo "<div class=\"ok\">";
}
else {
echo "<div class=\"notok\">";
}
echo "<ul>\n";
if ($opm_simpletest_dbok) {
echo "<li><strong>Database connection seems OK.</strong></li>\n";
}
else {
echo "<li><strong>Database connection failed.</strong><br><small>Check that the database server is working properly. This should not happen if the web store is working properly.</small></li>\n";
}
if ($opm_simpletest_imgok) {
echo "<li><strong>Image directory seems OK.</strong></li>\n";
}
else {
echo "<li><strong>Image directory not found, not readable or not writable.</strong><br><small>Check the opm_images_directory option in this script, and that this script has permissions to read and write in that directory.</small></li>\n";
}
echo "</ul>";
if ($opm_simpletest_dbok && $opm_simpletest_imgok) {
echo "<h3><strong>Everything seems OK. :)</strong></h3>\n";
}
else {
echo "<h3><strong>There seems to be a problem. :(</strong></h3>\n";
}
echo "</div>";
echo "<div class=\"info\"><ul>";
if ($opm_browser_debug) {
echo "<li>Browser-debug mode is enabled.";
}
else {
echo "<li>Browser-debug mode is disabled";
}
echo "<br><small>This is for developers only. To be used only if you are debugging this script or the client application.</small></li>\n";
if ($opm_enable_logfile) {
echo "<li>Logging file is enabled.";
}
else {
echo "<li>Logging file is disabled";
}
echo "<br><small>For debugging purposes only, not for production stores (because if enabled, slows the server down and consumes too much disk space).</small></li>\n";
if ($opm_cfg_useproxy) {
echo "<li>Proxy-usage is enabled.";
}
else {
echo "<li>Proxy-usage is disabled";
}
echo "<br><small>To be used if the web server is behind a proxy so that all http connections are done thru the proxy.</small></li>\n";
if ($opm_allow_compression) {
echo "<li>Compression is enabled.";
}
else {
echo "<li>Compression is disabled";
}
echo "<br><small>Compression of data traffic improves the speed of the data transfer. The compression level is set to $opm_compress_level. This setting is not enforced unless the client application request a compressed data stream too.</small></li>\n";
echo "<li>The time zone shift is set to $opm_timezone_shift.<br><small>To be used with some timestamps</small>.</li>\n";
echo "</ul></div>";
echo "<div class=\"links\"><ul>";
echo "<li><a href=\"http://www.mariovaldez.net/software/oscpmwin/\">OSCPMWin homepage</a>.</li>\n";
echo "<li><a href=\"http://www.mariovaldez.net/webapps/forums/index.php?c=9\">OSCPMWin web forums</a>.</li>\n";
echo "<li><a href=\"http://www.oscommerce.org/\">osCommerce homepage</a>.</li>\n";
echo "</ul></div>";
echo "<p><small>©2003-2007 by Mario A. Valdez-Ramirez.<br>\n";
echo "This program is free software; you can redistribute it and/or modify\n";
echo "it under the terms of the GNU General Public License as published by\n";
echo "the Free Software Foundation; either version 2 of the License, or (at\n";
echo "your option) any later version.</small></p>\n";
echo "</body></html>";
return;
}
// ==================================
// Do nothing.
// NOOP do nothing.
// ==================================
if ($opm_operation == "noop") {
echo "OK NOOP START\n";
opm_FNDebug_Log ("OK NOOP requested.");
echo "OK NOOP END\n";
}
// ==================================
// Returns a PHPINFO dump.
// PHPINFO returns a dump of PHPINFO function.
// ==================================
if ($opm_operation == "phpinfo") {
echo "OK PHPINFO START\n";
ob_start ();
phpinfo ();
$opm_phpinfo = ob_get_contents ();
ob_end_clean ();
$opm_phpinfo = str_replace ("<h2>", str_repeat ("=", 40) . "\n* ", $opm_phpinfo);
$opm_phpinfo = str_replace ("</h2>", "\n" . str_repeat ("=", 40) . "\n", $opm_phpinfo);
$opm_phpinfo = str_replace ("<th>", " | ", $opm_phpinfo);
$opm_phpinfo = str_replace ("</th>", " | ", $opm_phpinfo);
$opm_phpinfo = str_replace ("<td class=\"v\">", " | ", $opm_phpinfo);
$opm_phpinfo = strip_tags ($opm_phpinfo);
$opm_phpinfo_lines = explode ("\n", $opm_phpinfo);
$opm_phpinfo = "";
foreach ($opm_phpinfo_lines as $opm_phpinfo_curline) {
$opm_phpinfo_curline = trim ($opm_phpinfo_curline);
if ($opm_phpinfo_curline) {
$opm_phpinfo .= $opm_phpinfo_curline . "\n";
}
}
echo $opm_phpinfo;
echo "OK PHPINFO END\n";
}
// ==================================
// CHECK if a file exists.
// CHECK requires the full path of the image.
// ==================================
if ($opm_operation == "check") {
if ($opm_filename) {
if (file_exists ($opm_realpath . $opm_filename)) {
opm_FNDebug_Log ("OK file found $opm_filename.");
echo "OK FILE EXISTS";
}
else {
opm_FNDebug_Log ("ERROR 1110 file not found $opm_filename.");
echo "ERROR 1110 FILE NOT FOUND";
}
}
}
// ==================================
// LIST all files recursively.
// LIST returns the filenames with paths.
// ==================================
if ($opm_operation == "list") {
echo "OK LIST START\n";
opm_FNList_Files ($opm_realpath, "", false);
echo "OK LIST END\n";
}
// ==================================
// LISTDIRS only dirs recursively.
// LISTDIRS returns no filenames.
// ==================================
if ($opm_operation == "listdirs") {
echo "OK LISTDIRS START\n";
opm_FNList_Files ($opm_realpath, "", true);
echo "OK LISTDIRS END\n";
}
// ==================================
// DELETE an image.
// DELETE requires the filename of the image with path.
// DELETE1 deletes the image if less than one record references it.
// DELETE2 deletes the image if less than two records reference it.
// ==================================
if (($opm_operation == "delete1") || ($opm_operation == "delete2")) {
if ($opm_operation == "delete1") {
$allowed_owners = 1;
}
else {
$allowed_owners = 2;
}
if ($opm_filename) {
// Check for More Pics 6 extension...
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("describe " . TABLE_PRODUCTS . " products_subimage6"));
if ($opm_sqlresult[0]) {
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("select count(products_id) from " . TABLE_PRODUCTS . " where products_image='$opm_filename' or products_subimage1='$opm_filename' or products_subimage2='$opm_filename' or products_subimage3='$opm_filename' or products_subimage4='$opm_filename' or products_subimage5='$opm_filename' or products_subimage6='$opm_filename'"));
}
else {
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("select count(products_id) from " . TABLE_PRODUCTS . " where products_image='$opm_filename'"));
}
if ($opm_sqlresult[0] < $allowed_owners) {
if (file_exists ($opm_realpath . $opm_filename)) {
if (@unlink ($opm_realpath . $opm_filename)) {
if (!file_exists ($opm_realpath . $opm_filename)) {
opm_FNDebug_Log ("OK file deleted $opm_filename.");
echo "OK DELETE";
}
else {
opm_FNDebug_Log ("ERROR 1120 file cannot be deleted $opm_filename.");
echo "ERROR 1120 DELETE FILE REMAINS";
}
}
else {
opm_FNDebug_Log ("ERROR 1121 when deleting $opm_filename.");
echo "ERROR 1121 DELETE UNKNOWN";
}
}
else {
opm_FNDebug_Log ("OK file not found when deleting $opm_filename.");
echo "OK DELETE FILE NOT FOUND";
}
}
else {
opm_FNDebug_Log ("OK file is used by other record (" . ($opm_sqlresult[0] - 1) . ").");
echo "OK DELETE FILE IN USE";
}
}
else {
opm_FNDebug_Log ("OK filename empty.");
echo "OK DELETE FILENAME EMPTY";
}
}
// ==================================
// UPLOAD an image.
// UPLOAD requires the path, without filename, where the image will be stored.
// UPLOAD returns the image filename with the path.
// ==================================
if ($opm_operation == "upload") {
if ($_FILES["Fl"]["name"] && $_FILES["Fl"]["size"]) {
if (is_uploaded_file ($_FILES["Fl"]["tmp_name"])) {
if ($opm_filename) {
$newfn = $opm_filename;
}
else {
$newfn = trim ($_FILES["Fl"]["name"]);
}
$newfn = str_replace (" ", "_", $newfn);
$newfn = str_replace ("/", "", $newfn);
$newfn = str_replace ("\\", "", $newfn);
$newfn = ereg_replace("[^[:alnum:]\._]", "", $newfn);
$newfn = strtolower ($newfn);
if ($opm_subdir) {
if ((!file_exists ($opm_realpath . $opm_subdir)) || (!is_dir ($opm_realpath . $opm_subdir))) {
opm_FNDebug_Log ("will create directory=" . $opm_realpath . $opm_subdir);
opm_FNmkdirs ($opm_realpath . $opm_subdir, 0777);
}
if (file_exists ($opm_realpath . $opm_subdir) && (is_dir ($opm_realpath . $opm_subdir))) {
opm_FNDebug_Log ("directory exists=" . $opm_realpath . $opm_subdir);
$newfn = $opm_subdir . "/" . $newfn;
}
else {
opm_FNDebug_Log ("directory does not exist, will ignore=" . $opm_realpath . $opm_subdir);
}
}
opm_FNDebug_Log ("wanted filename=" . $newfn);
$newfn = opm_FNSmart_Rename ($newfn, 100);
opm_FNDebug_Log ("smart filename=" . $newfn);
opm_FNDebug_Log ("REALPATH=" . $opm_realpath);
if (!file_exists ($opm_realpath . $newfn)) {
opm_FNDebug_Log ("file not exist=" . $opm_realpath . $newfn);
if (@move_uploaded_file ($_FILES["Fl"]["tmp_name"], $opm_realpath . $newfn)) {
opm_FNDebug_Log ("moving file to=" . $opm_realpath . $newfn);
if (file_exists ($opm_realpath . $newfn)) {
opm_FNDebug_Log ("upload complete=" . $opm_realpath . $newfn);
@chmod ($opm_realpath . $newfn, octdec ($opm_upload_perms));
echo "OK UPLOAD [" . $newfn . "]";
}
else {
opm_FNDebug_Log ("ERROR 1130 file not copied=" . $opm_realpath . $newfn);
echo "ERROR 1130 UPLOAD FILE NOT FOUND";
}
}
else {
opm_FNDebug_Log ("ERROR 1131 file not copied=" . $opm_realpath . $newfn);
echo "ERROR 1131 UPLOAD CANNOT MOVE";
}
}
else {
opm_FNDebug_Log ("ERROR 1133 file exist=" . $opm_realpath . $newfn);
echo "ERROR 1133 UPLOAD EXIST [" . $newfn . "]";
}
}
else {
opm_FNDebug_Log ("ERROR 1134 cannot find uploaded file!");
echo "ERROR 1134 UPLOAD";
}
}
}
// ==================================
// CAPABILITY listing.
// CAPABILITY returns a list of identified modules.
// ==================================
if ($opm_operation == "capa") {
opm_FNDebug_Log ("OK Capability search started.");
echo "OK CAPABILITY START\n";
// Credit Card Payment...
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_CC_STATUS'"));
if ($opm_sqlresult[0]) {
opm_FNDebug_Log ("OK PAY_CC capcbility found.");
echo "PAY_CC\n";
}
// Money Order Payment...
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_MONEYORDER_STATUS'"));
if ($opm_sqlresult[0]) {
opm_FNDebug_Log ("OK PAY_ORDER capcbility found.");
echo "PAY_ORDER\n";
}
// COD Payment...
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_COD_STATUS'"));
if ($opm_sqlresult[0]) {
opm_FNDebug_Log ("OK PAY_CC capcbility found.");
echo "PAY_CC\n";
}
// PayPal Payment...
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_PAYMENT_PAYPAL_STATUS'"));
if ($opm_sqlresult[0]) {
opm_FNDebug_Log ("OK PAY_PP capcbility found.");
echo "PAY_PP\n";
}
// Flat Rate Shipping...
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_SHIPPING_FLAT_STATUS'"));
if ($opm_sqlresult[0]) {
opm_FNDebug_Log ("OK SHIP_FLAT capcbility found.");
echo "SHIP_FLAT\n";
}
// Table Shipping...
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_SHIPPING_TABLE_STATUS'"));
if ($opm_sqlresult[0]) {
opm_FNDebug_Log ("OK SHIP_TBL capcbility found.");
echo "SHIP_TBL\n";
}
// Store PickUp Shipping...
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("select configuration_value from " . TABLE_CONFIGURATION . " where configuration_key = 'MODULE_SHIPPING_SPU_STATUS'"));
if ($opm_sqlresult[0]) {
opm_FNDebug_Log ("OK SHIP_SPU capcbility found.");
echo "SHIP_SPU\n";
}
// Multi Pickup Shipping...
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("show tables like 'stores'"));
if ($opm_sqlresult[0]) {
opm_FNDebug_Log ("OK SHIP_MPU capcbility found.");
echo "SHIP_MPU\n";
}
// More Pics 6...
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("describe " . TABLE_PRODUCTS . " products_subimage6"));
if ($opm_sqlresult[0]) {
opm_FNDebug_Log ("OK MOREPICS6 capcbility found.");
echo "MOREPICS6\n";
}
// Total B2B...
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("describe " . TABLE_CUSTOMERS . " customers_groups_id"));
if ($opm_sqlresult[0]) {
opm_FNDebug_Log ("OK TOTALB2B capcbility found.");
echo "TOTALB2B\n";
}
// Poll Booth...
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("show tables like 'phesis_poll_config'"));
if ($opm_sqlresult[0]) {
opm_FNDebug_Log ("OK POLLBOOTH capcbility found.");
echo "POLLBOOTH\n";
}
// Header Tags Controller...
$opm_sqlresult = explode ("\n", opm_FNExec_Query ("describe " . TABLE_PRODUCTS_DESCRIPTION . " products_head_keywords_tag"));
if ($opm_sqlresult[0]) {
opm_FNDebug_Log ("OK HEADERTAGS capcbility found.");
echo "HEADERTAGS\n";
}
opm_FNDebug_Log ("OK Capability search finished.");
echo "OK CAPABILITY END\n";
}
// ==================================
// BACKUP database.
// BACKUP returns a SQL dump.
// ==================================
if ($opm_operation == "backup") {
opm_FNDebug_Log ("OK Backup of database requested.");
$opm_bak_filename = date ("Ymd_His", mktime(date("H")+$opm_timezone_shift,date("i"),date("s"),date("m"),date("d"),date("Y"))) . ".sql";
opm_FNBackup ($opm_realpath . $opm_bak_filename);
if (file_exists ($opm_realpath . $opm_bak_filename)) {
opm_FNgzip_file ($opm_realpath . $opm_bak_filename, $opm_realpath . $opm_bak_filename . ".gz");
if (file_exists ($opm_realpath . $opm_bak_filename . ".gz")) {
$opm_bak_filesize = filesize ($opm_realpath . $opm_bak_filename . ".gz");
header ("Content-type: application/octet-stream");
header ("Content-disposition: attachement; filename=" . $opm_bak_filename . ".gz");
header("Content-Length: " . $opm_bak_filesize);
header ("Pragma: no-store");
readfile ($opm_realpath . $opm_bak_filename . ".gz");
@unlink ($opm_realpath . $opm_bak_filename . ".gz");
opm_FNDebug_Log ("OK Deleting compressed backup file.");
}
@unlink ($opm_realpath . $opm_bak_filename);
opm_FNDebug_Log ("OK Deleting uncompressed backup file.");
}
else {
opm_FNDebug_Log ("ERROR 1140 Backup file not found.");
}
opm_FNDebug_Log ("OK Backup operation finished.");
}
// ==================================
// Get XCHGRATES.
// XCHGRATES returns the exchange rates of currencies.
// ==================================
if ($opm_operation == "xchgrates") {
opm_FNDebug_Log ("OK Starting XCHGRATES operation.");
if ($opm_filename) {
$opm_filename = strtoupper ($opm_filename);
$opm_main_currency = substr ($opm_filename, 0, 3);
$opm_xchange_currencies = str_replace (",", "_", substr ($opm_filename, 4));
if (($opm_main_currency) && ($opm_xchange_currencies)) {
$opm_xchange_page = "http://www.oanda.com/convert/fxdaily?value=1&exch=$opm_main_currency&dest=Get+Table&sel_list=$opm_xchange_currencies&format=CSV&redirected=1";
$opm_page_data = opm_FNget_webpage ($opm_xchange_page);
if ($opm_page_data) {
$opm_page_data = strip_tags ($opm_page_data);
$opm_page_data = preg_replace ("/[\r\n]+[\s\t]*[\r\n]+/", "", $opm_page_data);
$opm_xr_matches = array ();
preg_match_all ("/(.+),(\w{3}),([0-9.]+),([0-9.]+)/i", $opm_page_data, $opm_xr_matches);
echo "OK XCHGRATES START\n";
foreach ($opm_xr_matches[2] as $key => $value) {
echo $opm_xr_matches[2][$key] . "," . $opm_xr_matches[4][$key] . "\n";
}
echo "OK XCHGRATES END\n";
}
else {
opm_FNDebug_Log ("ERROR 1150 The remote server answer is empty or invalid.");
echo "ERROR 1150 XCHGRATES REMOTE SERVER ERROR";
}
}
else {
opm_FNDebug_Log ("ERROR 1151 The specified currency codes are invalid.");
echo "ERROR 1151 XCHGRATES INVALID CURRENCY";
}
}
else {
opm_FNDebug_Log ("ERROR 1152 The no currency codes were specified.");
echo "ERROR 1152 XCHGRATES EMPTY CURRENCY";
}
}
// ==================================
// Execute DBQUERY.
// DBQUERY returns ...
// ==================================
if ($opm_operation == "dbquery") {
opm_FNDebug_Log ("OK Starting DBQUERY operation.");
if ($opm_query) {
echo "OK DBQUERY START\n";
echo opm_FNExec_Query ($opm_query, false, true);
echo "OK DBQUERY END\n";
}
else {
opm_FNDebug_Log ("ERROR 1171 The database query is empty.");
echo "ERROR 1171 DBQUERY EMPTY DATABASE QUERY";
}
opm_FNDebug_Log ("OK Finishing DBQUERY operation.");
}
if ($opm_browser_debug) { echo "</pre>"; }
return;
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
function opm_FNList_Files ($dirname, $parentdir, $onlydirs) {
$dirhandle = opendir ($dirname);
while (($file = readdir ($dirhandle)) != false)
$sorteddir[count ($sorteddir)] = $file;
closedir ($dirhandle);
natcasesort ($sorteddir);
if (!$onlydirs) {
foreach ($sorteddir as $file) {
if (($file != ".") && ($file != "..")) {
if (!is_dir ($dirname . $file)) {
if ($parentdir) {
echo $parentdir . "/" . $file . "\n";
}
else {
echo $file . "\n";
}
}
}
}
foreach ($sorteddir as $file) {
if (($file != ".") && ($file != "..")) {
if (is_dir ($dirname . $file)) {
if ($parentdir) {
opm_FNList_Files ($dirname . $file . "/", $parentdir . "/" . $file, $onlydirs);
}
else {
opm_FNList_Files ($dirname . $file . "/", $file, $onlydirs);
}
}
}
}
}
else {
foreach ($sorteddir as $file) {
if (($file != ".") && ($file != "..")) {
if (is_dir ($dirname . $file)) {
if ($parentdir) {
echo $parentdir . "/" . $file . "\n";
opm_FNList_Files ($dirname . $file . "/", $parentdir . "/" . $file, $onlydirs);
}
else {
echo $file . "\n";
opm_FNList_Files ($dirname . $file . "/", $file, $onlydirs);
}
}
}
}
}
}
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
function opm_FNSmart_Rename ($wantedname, $tries) {
global $opm_realpath;
$newname = $wantedname;
$newext = '.' . array_pop (explode ('.', $wantedname));
for ($trycounter = 1; $trycounter <= $tries; $trycounter++) {
if (!file_exists ($opm_realpath . $newname)) {
return ($newname);
}
else {
$newdirname = dirname ($wantedname);
if ($newdirname != ".") {
$newname = dirname ($wantedname) . "/" . basename ($wantedname, $newext) . "_" . $trycounter . $newext;
}
else {
$newname = basename ($wantedname, $newext) . "_" . $trycounter . $newext;
}
}
}
return ($wantedname);
}
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
function opm_FNDebug_Log ($logline) {
global $opm_enable_logfile, $opm_debug_file, $opm_timezone_shift;
if ($opm_enable_logfile) {
if (!(file_exists ($opm_debug_file) && !is_writable ($opm_debug_file))) {
$opm_timestamp = date ("Y-m-d H:i:s", mktime(date("H")+$opm_timezone_shift,date("i"),date("s"),date("m"),date("d"),date("Y")));
$opm_lfilef = @fopen ($opm_debug_file, 'a');
if ($opm_lfilef) {
if ($logline) {
@fwrite ($opm_lfilef, $opm_timestamp . ": " . $logline . "\n");
}
else {
@fwrite ($opm_lfilef, "\n");
}
@fclose ($opm_lfilef);
}
}
}
}
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
// Based on code posted on php.net by saint@corenova.com and bart@cdasites.com
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
function opm_FNmkdirs ($dirname) {
if (is_dir ($dirname) || empty ($dirname)) return 1;
if (file_exists ($dirname) && !is_dir ($dirname)) return 0;
if (opm_FNmkdirs (substr ($dirname, 0, strrpos ($dirname, '/')))) {
if (!file_exists($dirname)) {
return @mkdir ($dirname, 0777);
}
}
return 0;
}
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
function opm_FNExec_Query ($sql_query, $rawdata = true, $encodeddata = false) {
global $opm_tag_recordbegin, $opm_tag_recordend, $opm_tag_field, $opm_tag_cfield, $opm_tag_fieldlist;
global $opm_tag_databegin, $opm_tag_dataend, $opm_tag_comment, $opm_tag_stats;
global $opm_compress, $opm_compress_level;
$result_string = "";
$record_count = 0;
$query_type = strtoupper (substr ($sql_query, 0, strpos ($sql_query, " ")));
opm_FNDebug_Log ("SQLQUERY=" . $sql_query);
$sql_result = tep_db_query ($sql_query);
if (($query_type == "SELECT") || ($query_type == "SHOW") || ($query_type == "DESCRIBE")) {
while ($sql_record = tep_db_fetch_array ($sql_result)) {
$record_count++;
$sql_fullrec = "";
if ($rawdata) {
foreach ($sql_record as $key => $value) {
$result_string .= $value . "\n";
}
}
else {
$result_string .= "$opm_tag_recordbegin\n";
foreach ($sql_record as $key => $value) {
if ($encodeddata) {
$encodedfield = base64_encode ($value);
}
else {
$encodedfield = htmlentities ($value);
}
$result_string .= "$opm_tag_field " . $opm_tag_databegin . $encodedfield . $opm_tag_dataend . "\n";
$sql_fullrec .= $encodedfield;
}
$result_string .= "$opm_tag_recordend " . abs (crc32 ($sql_fullrec)) . "\n";
}
}
}
elseif ($query_type == "INSERT") {
$sql_result = tep_db_insert_id ();
$record_count = 1;
$sql_fullrec = "";
if ($rawdata) {
$result_string .= $sql_result . "\n";
}
else {
$result_string .= "$opm_tag_recordbegin\n";
if ($encodeddata) {
$encodedfield = base64_encode ($sql_result);
}
else {
$encodedfield = htmlentities ($sql_result);
}
$result_string .= "$opm_tag_field " . $opm_tag_databegin . $encodedfield . $opm_tag_dataend . "\n";
$sql_fullrec .= $encodedfield;
$result_string .= "$opm_tag_recordend " . abs (crc32 ($sql_fullrec)) . "\n";
}
}
if (!$rawdata) {
if ($opm_compress) {
opm_FNDebug_Log ("RECORDSET SIZE (UNCOMPRESSED)=" . strlen ($result_string));
$result_string = base64_encode (gzcompress ($result_string, $opm_compress_level)) . "\n";
}
}
opm_FNDebug_Log ("RECORDSET SIZE=" . strlen ($result_string));
return $result_string;
}
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
// Based on code from osCommerce (/admin/backup.php).
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
function opm_FNBackup ($dump_file) {
global $opm_script_version;
if ($dump_file) {
$bakfilef = fopen ($dump_file, 'w');
$bakline = "# OSCPMWin (server-side $opm_script_version)\n";
$bakline .= "# Database: " . DB_DATABASE . "@" . DB_SERVER . "\n";
$bakline .= "# Date: " . date ("Y-m-d H:i:s", mktime(date("H")+$opm_timezone_shift,date("i"),date("s"),date("m"),date("d"),date("Y"))) . "\n";
fwrite ($bakfilef, $bakline);
$tables_query = tep_db_query ("show tables");
while ($tables = tep_db_fetch_array ($tables_query)) {
list (, $table) = each ($tables);
$bakline = "drop table if exists $table;\ncreate table $table (\n";
$table_list = array ();
$fields_query = tep_db_query ("show fields from $table");
while ($fields = tep_db_fetch_array($fields_query)) {
$table_list[] = $fields["Field"];
$bakline .= " " . $fields["Field"] . " " . $fields["Type"];
if (strlen ($fields["Default"]) > 0) $bakline .= " default '" . $fields["Default"] . "'";
if (strtoupper ($fields["Null"]) != "YES") $bakline .= " not null";
if (isset ($fields["Extra"])) $bakline .= " " . $fields["Extra"];
$bakline .= ",\n";
}
$bakline = ereg_replace(",\n$", '', $bakline);
$index = array ();
$keys_query = tep_db_query ("show keys from $table");
while ($keys = tep_db_fetch_array ($keys_query)) {
$kname = $keys["Key_name"];
if (!isset ($index[$kname])) {
$index[$kname] = array ("unique" => !$keys["Non_unique"], "columns" => array());
}
$index[$kname]["columns"][] = $keys["Column_name"];
}
while (list($kname, $info) = each($index)) {
$bakline .= ",\n";
$columns = implode($info["columns"], ", ");
if ($kname == "PRIMARY") {
$bakline .= " PRIMARY KEY ($columns)";
} elseif ($info["unique"]) {
$bakline .= " UNIQUE $kname ($columns)";
} else {
$bakline .= " KEY $kname ($columns)";
}
}
$bakline .= "\n);\n\n";
fwrite ($bakfilef, $bakline);
$rows_query = tep_db_query ("select " . implode (",", $table_list) . " from $table");
while ($rows = tep_db_fetch_array ($rows_query)) {
$bakline = "insert into $table (" . implode (", ", $table_list) . ") values (";
reset ($table_list);
while (list (, $i) = each ($table_list)) {
if (!isset ($rows[$i])) {
$bakline .= "NULL, ";
} elseif (($rows[$i] != "") && (strtoupper ($rows[$i]) != "NULL")) {
$row = addslashes ($rows[$i]);
$row = ereg_replace("\n#", "\n".'\#', $row);
$bakline .= "'$row', ";
} else {
$bakline .= "'', ";
}
}
$bakline = ereg_replace (", $", "", $bakline) . ");\n";
fwrite ($bakfilef, $bakline);
}
}
fclose ($bakfilef);
}
}
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
// Compress a file with the gzip algorithm.
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
function opm_FNgzip_file ($opm_gzsource, $opm_gztarget) {
if (function_exists ("gzwrite") && file_exists ($opm_gzsource)) {
$opm_ungzfp = fopen($opm_gzsource, "rb");
$opm_gzfp = gzopen($opm_gztarget, "wb9");
if ($opm_gzfp && $opm_ungzfp) {
while (!feof ($opm_ungzfp)) {
gzwrite ($opm_gzfp, fread ($opm_ungzfp, 65535));
}
@fclose ($opm_ungzfp);
@gzclose ($opm_gzfp);
return (true);
}
else {
@fclose ($opm_ungzfp);
@gzclose ($opm_gzfp);
return (false);
}
}
else {
return (false);
}
}
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
// Request a page from a web server.
// If using a proxy server, redirect the call thru the proxy.
// %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
function opm_FNget_webpage ($target_url) {
global $opm_useragent, $opm_httpconn_timeout, $opm_cfg_useproxy, $opm_cfg_proxyaddress, $opm_cfg_proxyport;
$opm_http_content = "";
$errno = 0;
$errstr = "";
$urlparts = parse_url ($target_url);
if ($urlparts["host"]) {
@ignore_user_abort (true);
if ($opm_cfg_useproxy) {
$opm_sockconn = @fsockopen ($opm_cfg_proxyaddress, $opm_cfg_proxyport, $errno, $errstr, $opm_httpconn_timeout);
}
else {
$opm_sockconn = @fsockopen ($urlparts["host"], (empty($urlparts["port"]) ? "80" : $urlparts["port"]), $errno, $errstr, $opm_httpconn_timeout);
}
if ($opm_sockconn) {
if ($opm_cfg_useproxy) {
fputs ($opm_sockconn, "GET " . $urlparts["scheme"] . "://" . $urlparts["host"] . $urlparts["path"] . "?" . $urlparts["query"] . " HTTP/1.0\r\nHost: " . $opm_cfg_proxyaddress . "\r\nUser-Agent: $opm_useragent\r\nPragma: no-cache\r\nConnection: Close\r\n\r\n");
}
else {
fputs ($opm_sockconn, "GET " . $urlparts["path"] . "?" . $urlparts["query"] . " HTTP/1.0\r\nHost: " . $urlparts["host"] . "\r\nUser-Agent: $opm_useragent\r\nConnection: Close\r\n\r\n");
}
while ((!feof($opm_sockconn)) && (!is_readable ($opm_skfilename))) {
$opm_http_content .= fgets ($opm_sockconn, 10240);
}
@fclose ($opm_sockconn);
if (eregi ("HTTP.*200 OK", $opm_http_content)) {
$opm_http_content = str_replace ("\r", "", $opm_http_content);
$opm_http_content = substr ($opm_http_content, strpos ($opm_http_content, "\n\n") + 2);
return ($opm_http_content);
}
}
}
return ("");
}
?>