Jump to content

A little help


n1kko

Recommended Posts

Not really sure what the problem maybe with this, site will just not load unless I remove a couple of headers

 

Works with these lines removed,:confused:

 

 header( "Location: ".$sshopurl."secure/login.php?next={$_GET['next']}&shk&p={$_SERVER['PHP_SELF']}" );
        exit( );

 header( "Location: ".$adminurl."adlogin.php" );
        exit( );

 header( "Location: ".$adminurl."perms.php?noperm={$admin_dirs[$i]}" );
    exit( );

 

Full Code

<?php
function write_cache( $f_cache_data, $f_cache_file )
{
    if ( !( $fp = fopen( $f_cache_file, "w" ) ) )
    {
        trigger_error( "Error opening cache file" );
        exit( );
    }
    if ( !flock( $fp, LOCK_EX ) )
    {
        trigger_error( "Unable to lock file" );
        exit( );
    }
    if ( !fwrite( $fp, serialize( $f_cache_data ) ) )
    {
        trigger_error( "Error writing to cache file" );
        exit( );
    }
    flock( $fp, LOCK_UN );
    fclose( $fp );
}
function read_cache( $f_cache_file )
{
    if ( !file_exists( $f_cache_file ) )
    {
        trigger_error( "Invalid cache file" );
        exit( );
    }
    return unserialize( file_get_contents( $f_cache_file ) );
}
function list_options( $arrayname, $mode )
{
    global $row;
    global $row_2;
    $sarray = "";
    foreach ( $arrayname as $v )
    {
        if ( !isset( $row['salutation'] ) && $row['salutation'] == $v || isset( $row_2['salutation'] ) && $row_2['salutation'] == $v )
        {
            if ( !isset( $mode ) )
            {
                echo "<option value=\"".$v."\" selected>{$v}</option>\n";
            }
            else
            {
                $sarray .= "<option value=\"".$v."\" selected>{$v}</option>\n";
            }
        }
        else if ( !isset( $mode ) )
        {
            echo "<option value=\"".$v."\">{$v}</option>\n";
        }
        else
        {
            $sarray .= "<option value=\"".$v."\">{$v}</option>\n";
        }
    }
    return $sarray;
}
function genprevnext( $numrows, $position, $nresults, $scriptis, $extras )
{
    $disppages = intval( $numrows / $nresults );
    if ( $numrows % $nresults )
    {
        ++$disppages;
    }
    if ( $nresults <= $position )
    {
        $current_page_num = $position / $nresults + 1;
    }
    else
    {
        $current_page_num = 1;
    }
    if ( 1 < $disppages )
    {
        echo "(Viewing ".$current_page_num." of {$disppages} pages)<br /><br />";
    }
    if ( !( $numrows <= $nresults ) )
    {
        if ( "{$nresults}" <= $position )
        {
            $prevoffset = $position - $nresults;
            echo "<a href=\"".$shopur."{$scriptis}?position={$prevoffset}&nresults={$nresults}{$extras}\">« Prev</a>";
        }
        else
        {
            echo "<a href=\"#\">« Prev </a>";
        }
        $pages = intval( $numrows / $nresults );
        if ( $numrows % $nresults )
        {
            ++$pages;
        }
        $i = 1;
        for ( ; $i <= $pages; ++$i )
        {
            $newoffset = $nresults * ( $i - 1 );
            echo "<a href=\"".$http."{$scriptis}?position={$newoffset}&nresults={$nresults}{$extras}\">{$i}</a>";
        }
        if ( !( $offset / $nresults == $pages ) || $pages != 1 )
        {
            $newoffset = $position + $nresults;
            if ( $numrows <= $newoffset )
            {
                echo "<a href=\"#\">Next »</a>";
            }
            else
            {
                echo "<a href=\"".$shopur."{$scriptis}?position={$newoffset}&nresults={$nresults}{$extras}\">Next »</a>";
            }
        }
    }
}
function buildCategorySelect( )
{
    global $connection;
    global $category_id;
    $level = "0";
    $sql = "SELECT * from categories WHERE category_parent_id='deftl'";
    if ( !( $result = @mysql_query( $sql, $connection ) ) )
    {
        exit( "** COULD NOT BUILD CATEGORY DROP DOWN ** ".mysql_error( ) );
    }
    while ( $row = mysql_fetch_array( $result ) )
    {
        $parent = "{$row['category_id']}";
        $row[category_name] = stripslashes( "{$row['category_name']}" );
        if ( $category_id == $row[category_id] )
        {
            echo "<option value=\"".$row['category_id']."\" selected>+ {$row['category_name']}</option>\n";
        }
        else
        {
            echo "<option value=\"".$row['category_id']."\">+ {$row['category_name']}</option>\n";
        }
        getchildren( $parent, $level );
    }
}
function getChildren( $parent, $level )
{
    global $connection;
    global $category_id;
    ++$level;
    $sql1 = "SELECT * from categories WHERE category_parent_id='".$parent."' order by category_name";
    if ( !( $result1 = @mysql_query( $sql1, $connection ) ) )
    {
        exit( "Couldn't build category tree child part: ".mysql_error( ) );
    }
    while ( $row1 = mysql_fetch_array( $result1 ) )
    {
        $parent = "{$row1['category_id']}";
        if ( $category_id == $row1[category_id] )
        {
            echo "<option value=\"".$row1['category_id']."\" selected>";
        }
        else
        {
            echo "<option value=\"".$row1['category_id']."\">";
        }
        $i = 0;
        for ( ; $i < $level; ++$i )
        {
            echo "";
        }
        echo "|--[".$level."]";
        echo "".$row1['category_name']."</option>\n";
        getchildren( $parent, $level );
    }
}
function getChildrenSEL( $parent, $myparent, $level )
{
    global $connection;
    global $https;
    global $category_id;
    ++$level;
    $sql1 = "SELECT * from categories WHERE category_parent_id='".$parent."' order by category_name";
    if ( !( $result1 = @mysql_query( $sql1, $connection ) ) )
    {
        exit( "Couldn't build category tree child part: ".mysql_error( ) );
    }
    while ( $row1 = mysql_fetch_array( $result1 ) )
    {
        $parent = "{$row1['category_id']}";
        if ( $myparent == $row1[category_id] )
        {
            echo "<option value=\"".$row1['category_id']."\" selected>";
        }
        else if ( $category_id == $row1[category_id] )
        {
            echo "<option value=\"deftl\">";
        }
        else
        {
            echo "<option value=\"".$row1['category_id']."\">";
        }
        $i = 0;
        for ( ; $i < $level; ++$i )
        {
            echo "";
        }
        echo "|".$level."|";
        echo "{$row1['category_name']}</option>\n";
        getchildrensel( $parent, $myparent, $level );
    }
}
function makeCategoryMap( )
{
    global $connection;
    global $adminurl;
    $level = "0";
    $sql = "SELECT * from categories WHERE category_parent_id='deftl'";
    if ( !( $result = @mysql_query( $sql, $connection ) ) )
    {
        exit( "Couldn't build category tree parent part: ".mysql_error( ) );
    }
    while ( $row = mysql_fetch_array( $result ) )
    {
        $parent = "{$row['category_id']}";
        $sql3 = "SELECT product_id from products WHERE category_id='".$parent."'";
        if ( !( $result3 = @mysql_query( $sql3, $connection ) ) )
        {
            exit( "Couldn't get data from products db" );
        }
        $numrows = mysql_num_rows( $result3 );
        if ( $numrows < 1 )
        {
            $linker = "";
        }
        else
        {
            $linker = "<input type=\"button\" class=\"list\" onclick=\"location.href='".$adminurl."products/productlist.php?category_id={$row['category_id']}'\" value=\"Products ({$numrows})\" />";
        }
        $row[category_name] = stripslashes( "{$row['category_name']}" );
        echo "<tr>\n\t\t\t\t<td> + <a href=\"".$adminurl."products/editcategory.php?category_id={$row['category_id']}\" title=\"{$row['category_desc']}\">{$row['category_name']}</a> </td>\n\t\t\t\t<td>";
        if ( $row[category_publish] == Y )
        {
            echo "<input type=\"button\" class=\"deactivate\" value=\"(click to deactivate)\" onclick=\"location.href='".$adminurl."products/bin/categoryonoff.php?category_id={$row['category_id']}&act=N'\" />";
        }
        else
        {
            echo "<input type=\"button\" class=\"activate\" value=\"(click to activate)\" onclick=\"location.href='".$adminurl."products/bin/categoryonoff.php?category_id={$row['category_id']}&act=Y'\" />";
        }
        echo "</td>\n\t\t\t\t<td> <input type=\"button\" class=\"add\" onclick=\"location.href='".$adminurl."products/addproduct.php?category_id={$row['category_id']}'\" value=\"Add\" /> {$linker} </td>\n\t\t\t\t<td> <input type=\"button\" class=\"edit\" onclick=\"location.href='{$adminurl}products/editcategory.php?category_id={$row['category_id']}'\" value=\"Edit\" /> <input type=\"button\" class=\"delete\" value=\"DELETE\" onclick='usr_conf(\"{$adminurl}products/bin/deletecategory.php\",\"category_id={$row['category_id']}\",\"Are you sure you want to delete this category?\");' /> </td>\n\t\t\t</tr>\n";
        getchildrenlist( $parent, $level );
    }
}
function getChildrenList( $parent, $level )
{
    global $connection;
    global $adminurl;
    ++$level;
    $where_in_level = "0";
    $sql1 = "SELECT * from categories WHERE category_parent_id='".$parent."'";
    if ( !( $result1 = @mysql_query( $sql1, $connection ) ) )
    {
        exit( "Couldn't build category tree child part: ".mysql_error( ) );
    }
    while ( $row1 = mysql_fetch_array( $result1 ) )
    {
        ++$where_in_level;
        $parent = "{$row1['category_id']}";
        $level_indent = $level - 1;
        $i = 0;
        for ( ; $i < $level_indent; ++$i )
        {
            echo "";
        }
        if ( $last_level == $level )
        {
            echo "";
        }
        else
        {
            echo "";
        }
        $i = 0;
        for ( ; $i < $level; ++$i )
        {
            echo "";
        }
        $sql3 = "SELECT product_id from products WHERE category_id='".$parent."'";
        if ( !( $result3 = @mysql_query( $sql3, $connection ) ) )
        {
            exit( "Couldn't get data from products db" );
        }
        $numrows = mysql_num_rows( $result3 );
        if ( $numrows < 1 )
        {
            $linker = "";
        }
        else
        {
            $linker = "<input type=\"button\" class=\"list\" onclick=\"location.href='".$adminurl."products/productlist.php?category_id={$row1['category_id']}'\" value=\"Products ({$numrows})\" />";
        }
        echo "\t<tr>\n\t\t<td> » (".$level.") <a href=\"{$adminurl}products/editcategory.php?category_id={$row1['category_id']}\" title=\"{$row1['category_desc']}\">{$row1['category_name']}</a></td>\n\t\t\t<td>";
        if ( $row1[category_publish] == Y )
        {
            echo "<input type=\"button\" class=\"deactivate\" value=\"(click to deactivate)\" onclick=\"location.href='".$adminurl."products/bin/categoryonoff.php?category_id={$row1['category_id']}&act=N'\" />";
        }
        else
        {
            echo "<input type=\"button\" class=\"activate\" value=\"(click to activate)\" onclick=\"location.href='".$adminurl."products/bin/categoryonoff.php?category_id={$row1['category_id']}&act=Y'\" />";
        }
        echo "</td> \n\t\t\t<td><input type=\"button\" class=\"add\" onclick=\"location.href='".$adminurl."products/addproduct.php?category_id={$row1['category_id']}'\" value=\"Add\" /> {$linker}</td>\n\t\t\t<td> <input type=\"button\" class=\"edit\" onclick=\"location.href='{$adminurl}products/editcategory.php?category_id={$row1['category_id']}'\" value=\"Edit\" /> <input type=\"button\" class=\"delete\" value=\"DELETE\" onclick='usr_conf(\"{$adminurl}products/bin/deletecategory.php\",\"category_id={$row1['category_id']}\",\"Are you sure you want to delete this category?\");' /></td>\n\t</tr>\n";
        getchildrenlist( $parent, $level );
        $last_level = $level;
    }
}
function productcheckcategories( )
{
    global $connection;
    global $oktoadd;
    $sql3 = "SELECT * from categories";
    if ( !( $result3 = @mysql_query( $sql3, $connection ) ) )
    {
        exit( "Couldn't get data from category db" );
    }
    $numrows = mysql_num_rows( $result3 );
    if ( 1 <= $numrows )
    {
        $oktoadd = "Y";
    }
}
function countrycompareDD( $country_dd )
{
    global $connection;
    echo "<select name=\"country\">";
    $sql3 = "SELECT country_short, country_long from country WHERE zone_id !='0'";
    if ( !( $result3 = @mysql_query( $sql3, $connection ) ) )
    {
        exit( "Couldn't execute request 1" );
    }
    while ( $row3 = mysql_fetch_array( $result3 ) )
    {
        if ( $row3[country_short] == $country_dd )
        {
            echo "<option value=\"".$row3['country_short']."\" selected>{$row3['country_long']}</option>\n";
        }
        else
        {
            echo "<option value=\"".$row3['country_short']."\">{$row3['country_long']}</option>\n";
        }
    }
    echo "</select>";
}
function alternatecolour( $level )
{
    global $altclass;
    $class_1 = " class=altlight";
    $class_2 = " class=altdark";
    $altclass = $class_1;
    $level % 2 ? 0 : ( $altclass = $class_2 );
}
function check_email_address( $email )
{
    if ( !ereg( "[^@]{1,64}@[^@]{1,255}", $email ) )
    {
        return FALSE;
    }
    $email_array = explode( "@", $email );
    $local_array = explode( ".", $email_array[0] );
    $i = 0;
    for ( ; $i < sizeof( $local_array ); ++$i )
    {
        if ( ereg( "^(([A-Za-z0-9!#\$%&'*+/=?^_`{|}~-][A-Za-z0-9!#\$%&'*+/=?^_`{|}~\\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))\$", $local_array[$i] ) )
        {
            continue;
        }
        return FALSE;
    }
    if ( !ereg( "^\\[?[0-9\\.]+\\]?\$", $email_array[1] ) )
    {
        $domain_array = explode( ".", $email_array[1] );
        if ( sizeof( $domain_array ) < 2 )
        {
            return FALSE;
        }
        $i = 0;
        for ( ; $i < sizeof( $domain_array ); ++$i )
        {
            if ( ereg( "^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))\$", $domain_array[$i] ) )
            {
                continue;
            }
            return FALSE;
        }
    }
    return TRUE;
}
$sYear = "2007";
$cwd = dirname( __FILE__ );
$instdir = str_replace( "private", "", "{$cwd}" );
include( "{$instdir}private/config.php" );
include( "{$instdir}private/cache.php" );
if ( !$shopurl )
{
    header( "Location: install/" );
    exit( );
}
include( "{$instdir}private/db_connect.php" );
include( "{$instdir}private/messages.php" );
include( "{$instdir}private/shop_messages.php" );
$s_cache_file = "{$sscache_dir}key.txt";
if ( $sscache == "Y" && file_exists( $s_cache_file ) && time( ) - $sscache_exp < filemtime( $s_cache_file ) )
{
    $s_cache_data = read_cache( $s_cache_file );
}
else
{
    $sql = "SELECT copyRightKey,domainName FROM shop_settings";
    if ( !( $result = @mysql_query( $sql, $connection ) ) )
    {
        exit( "**COULD NOT GET COPYRIGHT KEYS**" );
    }
    while ( $row = mysql_fetch_array( $result ) )
    {
        $s_cache_data[] = $row;
    }
    if ( "".$sscache."" == "Y" && isset( $s_cache_data ) )
    {
        write_cache( $s_cache_data, $s_cache_file );
    }
}
if ( isset( $s_cache_data ) )
{
    foreach ( $s_cache_data as $key => $row )
    {
        $copyRightCode = "{$row['copyRightKey']}";
        $domainName = "{$row['domainName']}";
    }
    $s_cache_data = "";
}
$stylish = array( "" );
$admin_dirs = array( "settings", "orders", "newsletter", "reports", "shoppers", "products", "content" );
$mtta = array( "mail", "smtp" );
$ppgfields = array( "ppemail", "ppmerchantid", "ppsecret", "pptestmode", "ppinstid", "ppintip", "ppextip", "ppgiftaid", "ppApply3DSecure", "ppApplyAVSCV2", "ppauthmode", "ppsignature" );
$category_style = array( "List with Thumbnail", "List no Thumbnail", "Grid 2 Across", "Grid 3 Across", "Grid 4 Across", "Grid 5 Across" );
$category_sort_order = array( "Alphabetical", "Newest Items First", "Newest Items Last", "Featured Items First", "Custom Sort", "Price Low - High", "Price High - Low" );
$sf_style = array( "List", "Grid 2 Across", "Grid 3 Across", "Grid 4 Across", "Grid 5 Across" );
$sf_sort_order = array( "Alphabetical", "By ID", "Randomised" );
$cf_sort_order = array( "Alphabetical", "By ID", "Custom" );
$allow_next = array( "selectdeliveryaddress.php", "revieworder.php", "reviewproduct.php", "revieworder.php?clearptid=Y", "orders.php" );
if ( $_GET[next] && !in_array( "{$_GET['next']}", $allow_next ) )
{
    echo "Not allowed!";
    exit( );
}
$GLOBALS['_GET'][category_id] = mysql_real_escape_string( "{$_GET['category_id']}" );
$GLOBALS['_GET'][product_id] = mysql_real_escape_string( "{$_GET['product_id']}" );
$GLOBALS['_GET'][product_xo_id] = mysql_real_escape_string( "{$_GET['product_xo_id']}" );
$GLOBALS['_GET'][o_id] = mysql_real_escape_string( "{$_GET['o_id']}" );
$GLOBALS['_GET'][p_id] = mysql_real_escape_string( "{$_GET['p_id']}" );
$GLOBALS['_GET'][a_id] = mysql_real_escape_string( "{$_GET['a_id']}" );
$GLOBALS['_POST'][query_string] = mysql_real_escape_string( "{$_POST['query_string']}" );
$GLOBALS['_POST'][new_currency_id] = mysql_real_escape_string( "{$_POST['new_currency_id']}" );
$GLOBALS['_POST'][pre_xo_id] = mysql_real_escape_string( "{$_POST['pre_xo_id']}" );
$GLOBALS['_POST'][p_id] = mysql_real_escape_string( "{$_POST['p_id']}" );
$GLOBALS['_POST'][qty] = mysql_real_escape_string( "{$_POST['qty']}" );
$GLOBALS['_POST'][loginemail] = mysql_real_escape_string( "{$_POST['loginemail']}" );
$GLOBALS['_POST'][loginpass] = mysql_real_escape_string( "{$_POST['loginpass']}" );
$GLOBALS['_POST'][mail_outs] = mysql_real_escape_string( "{$_POST['mail_outs']}" );
$GLOBALS['_POST'][old_password] = mysql_real_escape_string( "{$_POST['old_password']}" );
$GLOBALS['_POST'][confirm_password] = mysql_real_escape_string( "{$_POST['confirm_password']}" );
$GLOBALS['_GET'][category_id] = mysql_real_escape_string( "{$_GET['category_id']}" );
$GLOBALS['_GET'][product_id] = mysql_real_escape_string( "{$_GET['product_id']}" );
$GLOBALS['_GET'][new_currency_id] = mysql_real_escape_string( "{$_GET['new_currency_id']}" );
$GLOBALS['_GET'][new_currency_id] = mysql_real_escape_string( "{$_GET['new_currency_id']}" );
$search = array( "@<script[^>]*?>.*?</script>@si", "@<[\\/\\!]*?[^<>]*?>@si", "@&(quot|#34);@i", "@&(amp|#38);@i", "@&(lt|#60);@i", "@&(gt|#62);@i", "@&(nbsp|#160);@i", "@&(iexcl|#161);@i", "@&(cent|#162);@i", "@&(pound|#163);@i", "@&(copy|#169);@i", "@&#(\\d+);@e" );
$replace = array(
    "",
    "",
    "\\1",
    "\"",
    "&",
    "<",
    ">",
    "",
    chr( 161 ),
    chr( 162 ),
    chr( 163 ),
    chr( 169 ),
    "chr(\\1)"
);
$GLOBALS['_POST'][company] = mysql_real_escape_string( "{$_POST['company']}" );
$GLOBALS['_POST'][company] = preg_replace( $search, $replace, $_POST[company] );
$GLOBALS['_POST'][first_name] = mysql_real_escape_string( "{$_POST['first_name']}" );
$GLOBALS['_POST'][first_name] = preg_replace( $search, $replace, $_POST[first_name] );
$GLOBALS['_POST'][last_name] = mysql_real_escape_string( "{$_POST['last_name']}" );
$GLOBALS['_POST'][last_name] = preg_replace( $search, $replace, $_POST[last_name] );
$GLOBALS['_POST'][email] = mysql_real_escape_string( "{$_POST['email']}" );
$GLOBALS['_POST'][email] = preg_replace( $search, $replace, $_POST[email] );
$GLOBALS['_POST'][no_name] = mysql_real_escape_string( "{$_POST['no_name']}" );
$GLOBALS['_POST'][no_name] = preg_replace( $search, $replace, $_POST[no_name] );
$GLOBALS['_POST'][street] = mysql_real_escape_string( "{$_POST['street']}" );
$GLOBALS['_POST'][street] = preg_replace( $search, $replace, $_POST[street] );
$GLOBALS['_POST'][town] = mysql_real_escape_string( "{$_POST['town']}" );
$GLOBALS['_POST'][town] = preg_replace( $search, $replace, $_POST[town] );
$GLOBALS['_POST'][county] = mysql_real_escape_string( "{$_POST['county']}" );
$GLOBALS['_POST'][county] = preg_replace( $search, $replace, $_POST[county] );
$GLOBALS['_POST'][postcode] = mysql_real_escape_string( "{$_POST['postcode']}" );
$GLOBALS['_POST'][postcode] = preg_replace( $search, $replace, $_POST[postcode] );
$GLOBALS['_POST'][country] = mysql_real_escape_string( "{$_POST['country']}" );
$GLOBALS['_POST'][country] = preg_replace( $search, $replace, $_POST[country] );
$GLOBALS['_POST'][day_tel] = mysql_real_escape_string( "{$_POST['day_tel']}" );
$GLOBALS['_POST'][day_tel] = preg_replace( $search, $replace, $_POST[day_tel] );
$GLOBALS['_POST'][eve_tel] = mysql_real_escape_string( "{$_POST['eve_tel']}" );
$GLOBALS['_POST'][eve_tel] = preg_replace( $search, $replace, $_POST[eve_tel] );
$GLOBALS['_POST'][mobile] = mysql_real_escape_string( "{$_POST['mobile']}" );
$GLOBALS['_POST'][mobile] = preg_replace( $search, $replace, $_POST[mobile] );
$GLOBALS['_POST'][fax] = mysql_real_escape_string( "{$_POST['fax']}" );
$GLOBALS['_POST'][fax] = preg_replace( $search, $replace, $_POST[fax] );
$GLOBALS['_POST'][emailaddress] = mysql_real_escape_string( "{$_POST['emailaddress']}" );
$GLOBALS['_POST'][emailaddress] = preg_replace( $search, $replace, $_POST[emailaddress] );
$GLOBALS['_POST'][password] = mysql_real_escape_string( "{$_POST['password']}" );
$GLOBALS['_POST'][password] = preg_replace( $search, $replace, $_POST[password] );
if ( $_GET[sssess] )
{
    session_id( $_GET[sssess] );
}
session_start( );
header( "cache-control: private" );
if ( isset( $_GET[redeempoints] ) && $_GET[redeempoints] == "Y" )
{
    $_SESSION[redeemer] = "Y";
}
if ( $_POST[purchaseorder] )
{
    $_SESSION[po] = "{$_POST['purchaseorder']}";
}
if ( !$_SESSION[loginemail] )
{
    $_SESSION[loginemail] = "noemail@site";
}
if ( !$_SESSION[adminemail] )
{
    $_SESSION[adminemail] = "noadmin@site";
}
if ( $_POST[discode] )
{
    $_SESSION[discode] = trim( "{$_POST['discode']}" );
}
$auth_ok_check = md5( "{$_SESSION['loginemail']}.{$hash}" );
$admin_ok_check = md5( "{$_SESSION['adminemail']}.{$hash}" );
if ( isset( $_GET['oidref'] ) )
{
    $GLOBALS['_GET']['oidref'] = mysql_real_escape_string( $_GET['oidref'] );
    $sql = "SELECT o_id FROM order_list WHERE ref='".$_GET['oidref']."' AND unh='{$_GET['oidref']}'";
    if ( !( $result = @mysql_query( $sql, $connection ) ) )
    {
        exit( "**COULD NOT GET COPYRIGHT KEYS**" );
    }
    if ( $row = mysql_fetch_array( $result ) )
    {
        $_SESSION['unh'] = $_GET['oidref'];
        header( "Location: ".$sshopurl."orderdetails_os.php?o_id={$row['o_id']}" );
        exit( );
    }
    if ( $_SESSION['auth_ok'] == $auth_ok_check )
    {
        header( "Location: ".$sshopurl."secure/orders.php" );
        exit( );
    }
    header( "Location: ".$sshopurl."secure/login.php?next=orders.php" );
    exit( );
}
if ( preg_match( "/secure/", "{$_SERVER['PHP_SELF']}" ) && !preg_match( "/doqreg.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/qreg.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/voicepaycallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/secpaysecpagecallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/vps_handle_protx_response.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/protx/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/protxformcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/protxcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/worldpaycallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/securetradingcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/barclayscpicallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/paypalcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/moneybookerscallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/nochexcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/offlinecallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/doregister.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/register.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/doprereg.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/login.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/dologin.php/", "{$_SERVER['PHP_SELF']}" ) )
{
    if ( $auth_ok_check != $_SESSION[auth_ok] )
    {
        header( "Location: ".$sshopurl."secure/login.php?next={$_GET['next']}&shk&p={$_SERVER['PHP_SELF']}" );
        exit( );
    }
    if ( preg_match( "/secure/", "{$_SERVER['PHP_SELF']}" ) )
    {
        $isaccount = "1";
    }
}
if ( preg_match( "/".$adminDir."/", "{$_SERVER['PHP_SELF']}" ) && !preg_match( "/adlogin.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/forgetful.php/", "{$_SERVER['PHP_SELF']}" ) )
{
    if ( $admin_ok_check != $_SESSION[admin_ok] )
    {
        header( "Location: ".$adminurl."adlogin.php" );
        exit( );
    }
    if ( preg_match( "/".$adminDir."/", "{$_SERVER['PHP_SELF']}" ) )
    {
        $isadmin = "1";
    }
}
$noadirs = count( $admin_dirs );
$i = 0;
for ( ; $i <= $noadirs; ++$i )
{
    if ( !preg_match( "/admin\\/".$admin_dirs[$i]."/", "{$_SERVER['PHP_SELF']}" ) && preg_match( "/".$admin_dirs[$i]."/", "{$_SESSION['admin_type']}" ) )
    {
        continue;
    }
    header( "Location: ".$adminurl."perms.php?noperm={$admin_dirs[$i]}" );
    exit( );
}
if ( !$_SESSION[shopper_type] )
{
    $_SESSION[shopper_type] = "1";
}
if ( $_GET[setcurrency] == 1 )
{
    if ( $_GET[new_currency_id] )
    {
        $GLOBALS['_POST'][new_currency_id] = $_GET[new_currency_id];
    }
    $_SESSION['currency_id'] = $_POST[new_currency_id];
}
if ( $_GET[clearptid] == Y )
{
    session_unregister( "ptid" );
}
if ( $_GET[selectpostage] == 1 )
{
    if ( $_POST[selptid] == Free || $_POST[selptid] == free )
    {
        session_unregister( "ptid" );
    }
    else if ( isset( $_POST[selptid] ) )
    {
        $_SESSION['ptid'] = $_POST[selptid];
    }
    else
    {
        session_unregister( "ptid" );
    }
    $GLOBALS['_POST'][selptid] = mysql_real_escape_string( $_POST[selptid] );
    $sql1 = "UPDATE basket SET ptid='".$_POST['selptid']."' WHERE session_id='".session_id( )."'";
    if ( !( $result1 = @mysql_query( $sql1, $connection ) ) )
    {
        exit( "Couldn't execute request 1" );}}
?>

 

Link to comment
https://forums.phpfreaks.com/topic/218430-a-little-help/
Share on other sites

Thanks guys,

 

Yes headers are sent

 

Warning: Cannot modify header information - headers already sent by (output started at /home/xxxxx/public_html/private/messages.php:53) in /home/xxxxx/public_html/private/corefunctions.php on line 522

 

 

Warning: Cannot modify header information - headers already sent by (output started at /home/xxxxx/public_html/private/messages.php:53) in /home/xxxxx/public_html/private/corefunctions.php on line 571

 

messages.php line 53: $SHOPPERS_accexists = "There is already an account on the system that uses the email address ".$_GET['emailaddress'].", please remove that account and try again or use a different address!";

 

corefunctions.php line 522: header( "cache-control: private" );

corefunctions.php line 571: header( "Location: ".$sshopurl."secure/login.php?next={$_GET['next']}&shk&p={$_SERVER['PHP_SELF']}" );

 

I have tried to fix but not a coder and really struggling,

 

Thanks

Link to comment
https://forums.phpfreaks.com/topic/218430-a-little-help/#findComment-1133193
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.