<?php
/**
 * osCommerce, Open Source E-Commerce Solutions
 * http://www.oscommerce.com
 *
 * Copyright (c) 2010 osCommerce
 *
 * Converted to pragmaMX 0.1.11
 *
 * By Peter Stein aka BdMdesigN Copyright (c) 2009 - 2011
 * http://www.osc4pragmamx.org
 *
 * Released under the GNU General Public License V2 ONLY
 */

// start the timer for the page parse time log
//  define('PAGE_PARSE_START_TIME', microtime());
if (!defined('MX_TIME')) {
    define('MX_TIME', microtime(true));
}

// set the level of error reporting
//  error_reporting(E_ALL & ~E_NOTICE);

// load server configuration parameters
//@require('mainfile.php');
@require('config.php');
@require(dirname(__FILE__) . '/configure.php');

// define the project version --- obsolete, now retrieved with tep_get_version()
  define('PROJECT_VERSION', 'osCommerce Online Merchant v2.3.1');
  define('OSC4PRAGMAMX_VERSIONID', 'osc4pragmamx 2.3.1');

// some code to solve compatibility issues
//  require(dirname(__FILE__) . '/functions/compatibility.php');

// set the type of request (secure or not)
  $request_type = (getenv('HTTPS') == 'on') ? 'SSL' : 'NONSSL';

// set php_self in the local scope
  $PHP_SELF = (((strlen(ini_get('cgi.fix_pathinfo')) > 0) && ((bool)ini_get('cgi.fix_pathinfo') == false)) || !isset($_SERVER['SCRIPT_NAME'])) ? basename($PHP_SELF) : basename($_SERVER['SCRIPT_NAME']);
//$_SERVER['PHP_SELF'] = preg_replace('#^[\\\\/]+#', '/', dirname($_SERVER['PHP_SELF']) . '/' . basename(__file__));

  if ($request_type == 'NONSSL') {
    define('DIR_WS_CATALOG', DIR_WS_HTTP_CATALOG);
//  } else {
//    define('DIR_WS_CATALOG', DIR_WS_HTTPS_CATALOG);
  }

// include the list of project filenames
  require(dirname(__FILE__) . '/filenames.php');

// include the list of project database tables
  require(dirname(__FILE__) . '/database_tables.php');

// include the database functions
  require(dirname(__FILE__) . '/functions/database.php');

// customization for the design layout
  define('BOX_WIDTH', 175); // how wide the boxes should be in pixels (default: 125)

// make a connection to the database... now
//  tep_db_connect() or die('Unable to connect to database server!');

// set the application parameters
  $configuration_query = tep_db_query('select configuration_key as cfgKey, configuration_value as cfgValue from ' . TABLE_CONFIGURATION);
  while ($configuration = tep_db_fetch_array($configuration_query)) {
    define($configuration['cfgKey'], $configuration['cfgValue']);
  }

  function tep_in_array($lookup_value, $lookup_array) {
      if (function_exists('in_array')) {
        if (in_array($lookup_value, $lookup_array)) return true;
      } else {
        reset($lookup_array);
        while (list($key, $value) = each($lookup_array)) {
          if ($value == $lookup_value) return true;
        }
      }

      return false;
  }

  function tep_get_file_name($exclude_array = '') {

      if ($exclude_array == '') $exclude_array = array();

      $get_url = '';

      reset($_GET);
      while (list($key, $value) = each($_GET)) {
        if (($key != session_name()) && ($key != 'error') && (!tep_in_array($key, $exclude_array))) {
           if ($key =='file') {
  	        $get_url = $value ;
           }
  	  }
      }

      return $get_url;
  }

// if gzip_compression is enabled, start to buffer the output
//  if ( (GZIP_COMPRESSION == 'true') && ($ext_zlib_loaded = extension_loaded('zlib')) && (PHP_VERSION >= '4') ) {
//    if (($ini_zlib_output_compression = (int)ini_get('zlib.output_compression')) < 1) {
//      if (PHP_VERSION >= '4.0.4') {
//        ob_start('ob_gzhandler');
//      } else {
//        include(DIR_WS_FUNCTIONS . 'gzip_compression.php');
//        ob_start();
//        ob_implicit_flush();
//      }
//    } else {
//      ini_set('zlib.output_compression_level', GZIP_LEVEL);
//    }
//  }

// set the HTTP GET parameters manually if search_engine_friendly_urls is enabled
//  if (SEARCH_ENGINE_FRIENDLY_URLS == 'true') {
//    if (strlen(getenv('PATH_INFO')) > 1) {
//      $GET_array = array();
//      $PHP_SELF = str_replace(getenv('PATH_INFO'), '', $PHP_SELF);
//      $vars = explode('/', substr(getenv('PATH_INFO'), 1));
//      do_magic_quotes_gpc($vars);
//      for ($i=0, $n=sizeof($vars); $i<$n; $i++) {
//        if (strpos($vars[$i], '[]')) {
//          $GET_array[substr($vars[$i], 0, -2)][] = $vars[$i+1];
//        } else {
//          $_GET[$vars[$i]] = $vars[$i+1];
//        }
//        $i++;
//      }
//
//      if (sizeof($GET_array) > 0) {
//        while (list($key, $value) = each($GET_array)) {
//          $_GET[$key] = $value;
//        }
//      }
//    }
//  }

// define general functions used application-wide
  require(dirname(__FILE__) . '/functions/general.php');
  require(dirname(__FILE__) . '/functions/html_output.php');

// set the cookie domain
//  $cookie_domain = $_SERVER['SERVER_NAME'];
//  $cookie_path = $_SERVER['SERVER_NAME'];

// include cache functions if enabled
  if (USE_CACHE == 'true') include(dirname(__FILE__) . '/functions/cache.php');

// include shopping cart class
  require(dirname(__FILE__) . '/classes/shopping_cart.php');

// include navigation history class
  require(dirname(__FILE__) . '/classes/navigation_history.php');

// check if sessions are supported, otherwise use the php3 compatible session class
//  if (!function_exists('session_start')) {
//    define('PHP_SESSION_NAME', 'osCsid');
//    define('PHP_SESSION_PATH', $cookie_path);
//    define('PHP_SESSION_DOMAIN', $cookie_domain);
//    define('PHP_SESSION_SAVE_PATH', SESSION_WRITE_DIRECTORY);
//
//    include(DIR_WS_CLASSES . 'sessions.php');
//  }

// define how the session functions will be used
//  require(dirname(__FILE__) . '/functions/sessions.php');

// set the session name and save path
//  session_name('osCsid');
//  tep_session_save_path(SESSION_WRITE_DIRECTORY);

// set the session cookie parameters
//   if (function_exists('session_set_cookie_params')) {
//    session_set_cookie_params(0, $cookie_path, $cookie_domain);
//  } elseif (function_exists('ini_set')) {
//    ini_set('session.cookie_lifetime', '0');
//    ini_set('session.cookie_path', $cookie_path);
//    ini_set('session.cookie_domain', $cookie_domain);
//  }

//  @ini_set('session.use_only_cookies', (SESSION_FORCE_COOKIE_USE == 'True') ? 1 : 0);

// set the session ID if it exists
//   if (isset($_POST[session_name()])) {
//     session_id($_POST[session_name()]);
//   } elseif (isset($_GET[session_name()]) ) {
//     session_id($_GET[session_name()]);
//   }

// start the session
//  $session_started = false;
//  if (SESSION_FORCE_COOKIE_USE == 'True') {
//    setcookie('cookie_test', 'please_accept_for_session', time()+60*60*24*30, $cookie_path, $cookie_domain);
//
//    if (isset($_COOKIE['cookie_test'])) {
//      tep_session_start();
//      $session_started = true;
//    }
//  } elseif (SESSION_BLOCK_SPIDERS == 'True') {
//    $user_agent = strtolower(getenv('HTTP_USER_AGENT'));
//    $spider_flag = false;
//
//    if (tep_not_null($user_agent)) {
//      $spiders = file(dirname(__FILE__) . '/spiders.txt');
//
//      for ($i=0, $n=sizeof($spiders); $i<$n; $i++) {
//        if (tep_not_null($spiders[$i])) {
//          if (is_integer(strpos($user_agent, trim($spiders[$i])))) {
//            $spider_flag = true;
//            break;
//          }
//        }
//     }
//   }

//    if ($spider_flag == false) {
//      tep_session_start();
//      $session_started = true;
//    }
//  } else {
//    tep_session_start();
//    $session_started = true;
//  }

//  if ( ($session_started == true) && (PHP_VERSION >= 4.3) && function_exists('ini_get') && (ini_get('register_globals') == false) ) {
//    extract($_SESSION, EXTR_OVERWRITE+EXTR_REFS);
//  }

// initialize a session token
  if (!mxSessionGetVar('sessiontoken')) {
    $sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());
    mxSessionSetVar('sessiontoken', $sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand()));
  }

// set SID once, even if empty
//  $SID = (defined('SID') ? SID : '');

// verify the ssl_session_id if the feature is enabled
//  if ( ($request_type == 'SSL') && (SESSION_CHECK_SSL_SESSION_ID == 'True') && (ENABLE_SSL == true) && ($session_started == true) ) {
//    $ssl_session_id = getenv('SSL_SESSION_ID');
//    if (!tep_session_is_registered('SSL_SESSION_ID')) {
//      $SESSION_SSL_ID = $ssl_session_id;
//      tep_session_register('SESSION_SSL_ID');
//    }

//    if ($SESSION_SSL_ID != $ssl_session_id) {
//      mxSessionDestroy();
//      tep_redirect(tep_href_link(FILENAME_SSL_CHECK));
//    }
//  }

// verify the browser user agent if the feature is enabled
  if (SESSION_CHECK_USER_AGENT == 'True') {
    $http_user_agent = getenv('HTTP_USER_AGENT');
    if (!mxSessionGetVar('SESSION_USER_AGENT')) {
      $SESSION_USER_AGENT = $http_user_agent;
      mxSessionSetVar('SESSION_USER_AGENT', $SESSION_USER_AGENT = $http_user_agent);
    }

//    if ($SESSION_USER_AGENT != $http_user_agent) {
//      mxSessionDestroy();
//      tep_redirect(tep_href_link(FILENAME_LOGIN));
//    }
  }

// verify the IP address if the feature is enabled
  if (SESSION_CHECK_IP_ADDRESS == 'True') {
    $ip_address = tep_get_ip_address();
    if (!mxSessionGetVar('SESSION_IP_ADDRESS')) {
      $SESSION_IP_ADDRESS = $ip_address;
      mxSessionSetVar('SESSION_IP_ADDRESS', $SESSION_IP_ADDRESS = $ip_address);
    }

//    if ($SESSION_IP_ADDRESS != $ip_address) {
//      mxSessionDestroy();
//      tep_redirect(tep_href_link(FILENAME_LOGIN));
//    }
  }

// create the shopping cart
if (isset($_GET['cart'])) {
        $cart = intval($_GET['cart']);
    }
    if (empty($cart)) {
        $cart = "";
    }

  if (!mxSessionGetVar('cart') || !is_object($cart)) {
    $cart = new shoppingCart;
  }
     mxSessionSetVar('cart', $cart);

// include currencies class and create an instance
  require(dirname(__FILE__) . '/classes/currencies.php');
  $currencies = new currencies();

// include the mail classes
  require(dirname(__FILE__) . '/classes/mime.php');
  require(dirname(__FILE__) . '/classes/email.php');

// set the language

$languages_query = mysql_query('select languages_id from ' . $prefix . '_oscpmx_languages where directory =' . (int)$language . '');
list($languages_id) = mysql_fetch_row($languages_query);
  if (!mxSessionGetVar('language') || isset($_GET['language'])) {
    if (!mxSessionGetVar('language')) {
      mxSessionSetVar('language', $language);
      mxSessionSetVar('languages_id', $languages_id);
    }

    include(dirname(__FILE__) . '/classes/language.php');
    $lng = new language();

    if (isset($_GET['language']) && tep_not_null($_GET['language'])) {
      $lng->set_language($_GET['language']);
    } else {
      $lng->get_browser_language();
    }

    $language = $lng->language['directory'];
    $languages_id = $lng->language['id'];
  }

// include the language translations
  require(dirname(__FILE__) . '/languages/' . $language . '.php');

// currency
if (isset($_GET['currency'])) {
        $currency = intval($_GET['currency']);
    }
    if (empty($currency)) {
        $currency = "";
    }

  if (!mxSessionGetVar('currency') || isset($_GET['currency']) || ( (USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && (LANGUAGE_CURRENCY != $currency) ) ) {
    if (!mxSessionGetVar('currency')) mxSessionSetVar('currency', $currency = ((USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && $currencies->is_set(LANGUAGE_CURRENCY)) ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY);

    if (isset($_GET['currency']) && $currencies->is_set($_GET['currency'])) {
      $currency = $_GET['currency'];
    } else {
      $currency = ((USE_DEFAULT_LANGUAGE_CURRENCY == 'true') && $currencies->is_set(LANGUAGE_CURRENCY)) ? LANGUAGE_CURRENCY : DEFAULT_CURRENCY;
    }
  }

// navigation history
if (isset($_GET['navigation'])) {
        $navigation = intval($_GET['navigation']);
    }
    if (empty($navigation)) {
        $navigation = "";
    }

  if (!mxSessionGetVar('navigation') || !is_object($navigation)) {
  $navigation = new navigationHistory;
  mxSessionSetVar('navigation', $navigation);
  }
 $navigation->add_current_page();


// set the User Data if it exists
$userdata = mxGetUserData();

if (isset($_GET['uid'])) {
        $uid = intval($_GET($userdata['uid']));
    }
    if (empty($userdata['uid'])) {
        $userdata['uid'] = "1";
    }

if (isset($_GET['customers_default_address_id'])) {
        $customers_default_address_id = intval($_GET($userdata['customers_default_address_id']));
    }
    if (empty($userdata['customers_default_address_id'])) {
        $userdata['customers_default_address_id'] = "";
    }

if (isset($_GET['user_firstname'])) {
        $user_firstname = intval($_GET($userdata['user_firstname']));
    }
    if (empty($userdata['user_firstname'])) {
        $userdata['user_firstname'] = "";
    }

if (isset($_GET['user_country_id'])) {
        $user_country_id = intval($_GET($userdata['user_country_id']));
    }
    if (empty($userdata['user_country_id'])) {
        $userdata['user_country_id'] = "";
    }

if (isset($_GET['user_zone_id'])) {
        $user_zone_id = intval($_GET($userdata['user_zone_id']));
    }
    if (empty($userdata['user_zone_id'])) {
        $userdata['user_zone_id'] = "";
    }

$uid = $userdata['uid'];
$customer_default_address_id = $userdata['customers_default_address_id'];
$customer_first_name = $userdata['user_firstname'];
$user_country_id = $userdata['user_country_id'];
$user_zone_id = $userdata['user_zone_id'];

if (mxSessionGetVar('user_uid')) {
mxSessionSetVar('uid', $uid);
mxSessionSetVar('customer_default_address_id', $customer_default_address_id);
mxSessionSetVar('customer_first_name', $customer_first_name);
mxSessionSetVar('customer_country_id', $user_country_id);
mxSessionSetVar('customer_zone_id', $user_zone_id);
} else {
mxSessionSetVar('uid', $uid = "1");
}

// action recorder
  include(dirname(__FILE__) . '/classes/action_recorder.php');

// Shopping cart actions
  if (isset($_GET['action'])) {

// redirect the customer to a friendly cookie-must-be-enabled page if cookies are disabled
//    if ($session_started == false) {
//      tep_redirect(tep_href_link(FILENAME_COOKIE_USAGE));
//    }

    if (DISPLAY_CART == 'true') {
      $goto =  FILENAME_SHOPPING_CART;
      $parameters = array('action', 'cPath', 'products_id', 'pid');
    } else {
      $goto = basename($PHP_SELF);
      if ($_GET['action'] == 'buy_now') {
        $parameters = array('action', 'pid', 'products_id');
      } else {
        $parameters = array('action', 'pid');
      }
    }
    switch ($_GET['action']) {
      // customer wants to update the product quantity in their shopping cart
      case 'update_product' : for ($i=0, $n=sizeof($_POST['products_id']); $i<$n; $i++) {
                                if (in_array($_POST['products_id'][$i], (is_array($_POST['cart_delete']) ? $_POST['cart_delete'] : array()))) {
                                  $cart->remove($_POST['products_id'][$i]);
                                } else {
                                  $attributes = ($_POST['id'][$_POST['products_id'][$i]]) ? $_POST['id'][$_POST['products_id'][$i]] : '';
                                  $cart->add_cart($_POST['products_id'][$i], $_POST['cart_quantity'][$i], $attributes, false);
                                }
                              }
                              tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
                              break;
      // customer adds a product from the products page
      case 'add_product' :    if (isset($_POST['products_id']) && is_numeric($_POST['products_id'])) {
                                $attributes = isset($_POST['id']) ? $_POST['id'] : '';
                                $cart->add_cart($_POST['products_id'], $cart->get_quantity(tep_get_uprid($_POST['products_id'], $attributes))+1, $attributes);
                              }
                              tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
                              break;
      // customer removes a product from their shopping cart
      case 'remove_product' : if (isset($_GET['products_id'])) {
                                $cart->remove($_GET['products_id']);
                              }
                              tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
                              break;
      // performed by the 'buy now' button in product listings and review page
      case 'buy_now' :        if (isset($_GET['products_id'])) {
                                if (tep_has_product_attributes($_GET['products_id'])) {
                                  tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $_GET['products_id']));
                                } else {
                                  $cart->add_cart($_GET['products_id'], $cart->get_quantity($_GET['products_id'])+1);
                                }
                              }
                              tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
                              break;
      case 'notify' :         if (mxSessionGetVar('uid')) {
                                if (isset($_GET['products_id'])) {
                                  $notify = $_GET['products_id'];
                                } elseif (isset($_GET['notify'])) {
                                  $notify = $_GET['notify'];
                                } elseif (isset($_POST['notify'])) {
                                  $notify = $_POST['notify'];
                                } else {
                                  tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action', 'notify'))));
                                }
                                if (!is_array($notify)) $notify = array($notify);
                                for ($i=0, $n=sizeof($notify); $i<$n; $i++) {
                                  $check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $notify[$i] . "' and uid = '" . $uid . "'");
                                  $check = tep_db_fetch_array($check_query);
                                  if ($check['count'] < 1) {
                                    tep_db_query("insert into " . TABLE_PRODUCTS_NOTIFICATIONS . " (products_id, uid, date_added) values ('" . $notify[$i] . "', '" . $uid . "', now())");
                                  }
                                }
                                tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action', 'notify'))));
                              } else {
                                $navigation->set_snapshot();
                                tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
                              }
                              break;
      case 'notify_remove' :  if (mxSessionGetVar('uid') && isset($_GET['products_id'])) {
                                $check_query = tep_db_query("select count(*) as count from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $_GET['products_id'] . "' and uid = '" . $uid . "'");
                                $check = tep_db_fetch_array($check_query);
                                if ($check['count'] > 0) {
                                  tep_db_query("delete from " . TABLE_PRODUCTS_NOTIFICATIONS . " where products_id = '" . $_GET['products_id'] . "' and uid = '" . $uid . "'");
                                }
                                tep_redirect(tep_href_link(basename($PHP_SELF), tep_get_all_get_params(array('action'))));
                              } else {
                                $navigation->set_snapshot();
                                tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
                              }
                              break;
      case 'cust_order' :     if (mxSessionGetVar('uid') && isset($_GET['pid'])) {
                                if (tep_has_product_attributes($_GET['pid'])) {
                                  tep_redirect(tep_href_link(FILENAME_PRODUCT_INFO, 'products_id=' . $_GET['pid']));
                                } else {
                                  $cart->add_cart($_GET['pid'], $cart->get_quantity($_GET['pid'])+1);
                                }
                              }
                              tep_redirect(tep_href_link($goto, tep_get_all_get_params($parameters)));
                              break;
    }
  }

// display Shoppingcart
  if (is_object($cart)) $cart->restore_contents();

// include the who's online functions
  require(dirname(__FILE__) . '/functions/whos_online.php');
  tep_update_whos_online();

// include the password crypto functions
//  require(dirname(__FILE__) . '/functions/password_funcs.php');

// include validation functions (right now only email address)
  require(dirname(__FILE__) . '/functions/validations.php');

// split-page-results
  require(dirname(__FILE__) . '/classes/split_page_results.php');

// Graphical Boxes
//  require(dirname(__FILE__) . '/mws_functions.php');

// infobox
  require(dirname(__FILE__) . '/classes/boxes.php');

// auto expire special products
  require(dirname(__FILE__) . '/functions/specials.php');
  tep_expire_specials();

  require(dirname(__FILE__) . '/classes/osc_template.php');
  $oscTemplate = new oscTemplate();

// calculate category path
  if (isset($_GET['cPath'])) {
    $cPath = $_GET['cPath'];
  } elseif (isset($_GET['products_id']) && !isset($_GET['manufacturers_id'])) {
    $cPath = tep_get_product_path($_GET['products_id']);
  } else {
    $cPath = '';
  }

  if (tep_not_null($cPath)) {
    $cPath_array = tep_parse_category_path($cPath);
    $cPath = implode('_', $cPath_array);
    $current_category_id = $cPath_array[(sizeof($cPath_array)-1)];
  } else {
    $current_category_id = 0;
  }

// include the breadcrumb class and start the breadcrumb trail
  require(dirname(__FILE__) . '/classes/breadcrumb.php');
  $breadcrumb = new breadcrumb;

  $breadcrumb->add(HEADER_TITLE_TOP);
  $breadcrumb->add(HEADER_TITLE_CATALOG, tep_href_link(FILENAME_DEFAULT));

// add category names or the manufacturer name to the breadcrumb trail
  if (isset($cPath_array)) {
    for ($i=0, $n=sizeof($cPath_array); $i<$n; $i++) {
      $categories_query = tep_db_query("select categories_name from " . TABLE_CATEGORIES_DESCRIPTION . " where categories_id = '" . (int)$cPath_array[$i] . "' and language_id = '" . (int)$languages_id . "'");
      if (tep_db_num_rows($categories_query) > 0) {
        $categories = tep_db_fetch_array($categories_query);
        $breadcrumb->add($categories['categories_name'], tep_href_link(FILENAME_DEFAULT, 'cPath=' . implode('_', array_slice($cPath_array, 0, ($i+1)))));
      } else {
        break;
      }
    }
  } elseif (isset($_GET['manufacturers_id'])) {
    $manufacturers_query = tep_db_query("select manufacturers_name from " . TABLE_MANUFACTURERS . " where manufacturers_id = '" . (int)$_GET['manufacturers_id'] . "'");
    if (tep_db_num_rows($manufacturers_query)) {
      $manufacturers = tep_db_fetch_array($manufacturers_query);
      $breadcrumb->add($manufacturers['manufacturers_name'], tep_href_link(FILENAME_DEFAULT, 'manufacturers_id=' . $_GET['manufacturers_id']));
    }
  }

// add the products model to the breadcrumb trail
  if (isset($_GET['products_id'])) {
    $model_query = tep_db_query("select products_model from " . TABLE_PRODUCTS . " where products_id = '" . (int)$_GET['products_id'] . "'");
    if (tep_db_num_rows($model_query)) {
      $model = tep_db_fetch_array($model_query);
      $breadcrumb->add($model['products_model'], tep_href_link(FILENAME_PRODUCT_INFO, 'cPath=' . $cPath . '&products_id=' . $_GET['products_id']));
    }
  }

// initialize the message stack for output messages
  require(dirname(__FILE__) . '/classes/message_stack.php');
  $messageStack = new messageStack;

?>
