n1kko Posted November 9, 2011 Share Posted November 9, 2011 Hi, Struggling to find the problem just getting page is not redirecting properly from browser <?php function seoclean_ad( $uc_string ) { $seo_clean_string = strtolower( "{$uc_string}" ); $seo_clean_string = str_replace( " ", "_".SS_SEOSPREP."", "{$seo_clean_string}" ); $seo_clean_string = str_replace( "&", "and", "{$seo_clean_string}" ); $seo_clean_string = preg_replace( "[^A-Za-z0-9_-]", "", $seo_clean_string ); $seo_clean_string = "{$seo_clean_string}".SEO_SUFFIX.""; return $seo_clean_string; } function prepare_template_output( $data ) { if ( is_array( $data ) ) { $ret = array( ); foreach ( $data as $key => $value ) { $ret[$key] = prepare_template_output( $value ); } return $ret; } if ( !is_numeric( $data ) ) { $data = stripslashes( $data ); $data = trim( $data ); $data = htmlentities( $data ); } return $data; } function ukDate( $inDate ) { global $outDate; list( $uYear, $uMonth, $uDay ) = explode( "-", "{$inDate}" ); $outDate = "{$uDay}-{$uMonth}-{$uYear}"; return $outDate; } function write_cache( $f_cache_data, $f_cache_file ) { if ( !( $fp = fopen( $f_cache_file, "w" ) ) ) { trigger_error( "Error opening cache file" ); exit( ); } if ( !flock( $fp, LOCK_EX ) ) { trigger_error( "Unable to lock file" ); exit( ); } if ( !fwrite( $fp, serialize( $f_cache_data ) ) ) { trigger_error( "Error writing to cache file" ); exit( ); } flock( $fp, LOCK_UN ); fclose( $fp ); } function read_cache( $f_cache_file ) { if ( !file_exists( $f_cache_file ) ) { trigger_error( "Invalid cache file" ); exit( ); } return unserialize( file_get_contents( $f_cache_file ) ); } function list_options( $arrayname, $mode ) { global $row; global $row_2; $sarray = ""; foreach ( $arrayname as $v ) { if ( !isset( $row['salutation'] ) && $row['salutation'] == $v || isset( $row_2['salutation'] ) && $row_2['salutation'] == $v ) { if ( !isset( $mode ) ) { echo "<option value=\"".$v."\" selected>{$v}</option>\n"; } else { $sarray .= "<option value=\"".$v."\" selected>{$v}</option>\n"; } } else if ( !isset( $mode ) ) { echo "<option value=\"".$v."\">{$v}</option>\n"; } else { $sarray .= "<option value=\"".$v."\">{$v}</option>\n"; } } return $sarray; } function genprevnext( $total_pages, $position, $nresults, $scriptis, $extras ) { global $shopurl; global $seoFriend; global $connection; global $instdir; global $smode; if ( !empty( $smode ) ) { $smodebits = "{$smode}/"; } else { $smodebits = ""; } if ( !empty( $_GET['smode'] ) ) { $smodebits = "".htmlentities( $_GET['smode'] )."/"; } else { $smodebits = ""; } $disppages = intval( $total_pages / $nresults ); if ( $total_pages % $nresults ) { ++$disppages; } if ( $nresults <= $position ) { $current_page_num = $position / $nresults + 1; } else { $current_page_num = 1; } $limit = $nresults; $stages = 3; $position = $position; $page = $position / $nresults + 1; if ( $page ) { $start = ( $page - 1 ) * $limit; } else { $start = 0; } if ( $page == 0 ) { $page = 1; } $prev = $page - 1; $next = $page + 1; $lastpage = ceil( $total_pages / $limit ); $LastPagem1 = $lastpage - 1; $paginglinks = ""; if ( 1 < $lastpage ) { if ( 1 < $page ) { $prevoffset = $position - $nresults; $paginate .= "<a href=\"".$scriptis."?position={$prevoffset}&nresults={$nresults}{$extras}\">« Prev</a>"; } else { $paginate .= "<span class='pagination-disabled'>« Prev</span>"; } if ( $lastpage < 7 + $stages * 2 ) { $counter = 1; for ( ; $counter <= $lastpage; ++$counter ) { $newoffset = $counter * $limit - $limit; if ( $counter == $page ) { $paginglinks .= "<span class=\"pagination-current\">".$counter."</span>"; } else { $paginglinks .= "<a href=\"".$scriptis."?position={$newoffset}&nresults={$nresults}{$extras}\">{$counter}</a>"; } break; } } while ( 1 ); } else if ( 5 + $stages * 2 < $lastpage ) { if ( $page < 1 + $stages * 2 ) { $counter = 1; for ( ; $counter < 4 + $stages * 2; ++$counter ) { $newoffset = $counter * $limit - $limit; if ( $counter == $page ) { $paginglinks .= "<span class=\"pagination-current\">".$counter."</span>"; } else { $paginglinks .= "<a href=\"".$scriptis."?position={$newoffset}&nresults={$nresults}{$extras}\">{$counter}</a>"; } } $paginglinks .= "..."; $newoffsetlm1 = $LastPagem1 * $limit - $limit; $newoffsetlp = $lastpage * $limit - $limit; $paginglinks .= "<a href=\"".$scriptis."?position={$newoffsetlm1}&nresults={$nresults}{$extras}\">{$LastPagem1}</a>"; $paginglinks .= "<a href=\"".$scriptis."?position={$newoffsetlp}&nresults={$nresults}{$extras}\">{$lastpage}</a>"; } else if ( $page < $lastpage - $stages * 2 && $stages * 2 < $page ) { $paginglinks .= "<a href=\"".$scriptis."?position=0&nresults={$nresults}{$extras}\">1</a>"; $paginglinks .= "<a href=\"".$scriptis."?position={$limit}&nresults={$nresults}{$extras}\">2</a>"; $paginglinks .= "..."; $counter = $page - $stages; for ( ; $counter <= $page + $stages; ++$counter ) { $newoffset = $counter * $limit - $limit; if ( $counter == $page ) { $paginglinks .= "<span class=\"pagination-current\">".$counter."</span>"; } else { $paginglinks .= "<a href=\"".$scriptis."?position={$newoffset}&nresults={$nresults}{$extras}\">{$counter}</a>"; } } $paginglinks .= "..."; $newoffsetlm1 = $LastPagem1 * $limit - $limit; $newoffsetlp = $lastpage * $limit - $limit; $paginglinks .= "<a href=\"".$scriptis."?position={$newoffsetlm1}&nresults={$nresults}{$extras}\">{$LastPagem1}</a>"; $paginglinks .= "<a href=\"".$scriptis."?position={$newoffsetlp}&nresults={$nresults}{$extras}\">{$lastpage}</a>"; } else { $paginglinks .= "<a href=\"".$scriptis."?position=0&nresults={$nresults}{$extras}\">1</a>"; $paginglinks .= "<a href=\"".$scriptis."?position={$limit}&nresults={$nresults}{$extras}\">2</a>"; $paginglinks .= "..."; $counter = $lastpage - ( 2 + $stages * 2 ); for ( ; $counter <= $lastpage; ++$counter ) { $newoffset = $counter * $limit - $limit; if ( $counter == $page ) { $paginglinks .= "<span class=\"pagination-current\">".$counter."</span>"; } else { $paginglinks .= "<a href=\"".$scriptis."?position={$newoffset}&nresults={$nresults}{$extras}\">{$counter}</a>"; } } } } $paginate .= $paginglinks; if ( $page < $counter - 1 ) { $newoffset = $position + $nresults; $paginate .= "<a href=\"".$scriptis."?position={$newoffset}&nresults={$nresults}{$extras}\">Next »</a>"; } else { $paginate .= "<span class=\"pagination-disabled\">Next »</span>"; } } if ( $nresults < $total_pages ) { echo $paginate; } function buildCategorySelect( ) { global $connection; global $category_id; $level = "0"; $sql = "SELECT * from categories WHERE category_parent_id='deftl'"; if ( !( $result = @mysql_query( $sql, $connection ) ) ) { exit( "** COULD NOT BUILD CATEGORY DROP DOWN ** ".mysql_error( ) ); } while ( $row = mysql_fetch_array( $result ) ) { $parent = "{$row['category_id']}"; $row[category_name] = stripslashes( "{$row['category_name']}" ); if ( $category_id == $row[category_id] ) { echo "<option value=\"".$row['category_id']."\" selected>+ {$row['category_name']}</option>\n"; } else { echo "<option value=\"".$row['category_id']."\">+ {$row['category_name']}</option>\n"; } getchildren( $parent, $level ); } } function getChildren( $parent, $level ) { global $connection; global $category_id; ++$level; if ( !ctype_digit( $parent ) ) { $parent = ""; } $sql1 = "SELECT * from categories WHERE category_parent_id='".$parent."' order by category_name"; if ( !( $result1 = @mysql_query( $sql1, $connection ) ) ) { exit( "Couldn't build category tree child part: ".mysql_error( ) ); } while ( $row1 = mysql_fetch_array( $result1 ) ) { $parent = "{$row1['category_id']}"; if ( $category_id == $row1[category_id] ) { echo "<option value=\"".$row1['category_id']."\" selected>"; } else { echo "<option value=\"".$row1['category_id']."\">"; } $i = 0; for ( ; $i < $level; ++$i ) { echo " "; } echo "|--[".$level."]"; echo " ".$row1['category_name']."</option>\n"; getchildren( $parent, $level ); } } function getChildrenSEL( $parent, $myparent, $level ) { global $connection; global $https; global $category_id; ++$level; if ( !ctype_digit( $parent ) ) { $parent = ""; } $sql1 = "SELECT * from categories WHERE category_parent_id='".$parent."' order by category_name"; if ( !( $result1 = @mysql_query( $sql1, $connection ) ) ) { exit( "Couldn't build category tree child part: ".mysql_error( ) ); } while ( $row1 = mysql_fetch_array( $result1 ) ) { $parent = "{$row1['category_id']}"; if ( $myparent == $row1[category_id] ) { echo "<option value=\"".$row1['category_id']."\" selected>"; } else if ( $category_id == $row1[category_id] ) { echo "<option value=\"deftl\">"; } else { echo "<option value=\"".$row1['category_id']."\">"; } $i = 0; for ( ; $i < $level; ++$i ) { echo " "; } echo "|".$level."|"; echo "{$row1['category_name']}</option>\n"; getchildrensel( $parent, $myparent, $level ); } } function makeCategoryMap( ) { global $connection; global $adminurl; $level = "0"; $sql = "SELECT * from categories WHERE category_parent_id='deftl'"; if ( !( $result = @mysql_query( $sql, $connection ) ) ) { exit( "Couldn't build category tree parent part: ".mysql_error( ) ); } while ( $row = mysql_fetch_array( $result ) ) { $parent = "{$row['category_id']}"; $sql3 = "SELECT product_id from products WHERE category_id='".$parent."'"; if ( !( $result3 = @mysql_query( $sql3, $connection ) ) ) { exit( "Couldn't get data from products db" ); } $numrows = mysql_num_rows( $result3 ); if ( $numrows < 1 ) { $linker = ""; } else { $linker = "<input type=\"button\" class=\"list\" onclick=\"location.href='".$adminurl."products/productlist.php?category_id={$row['category_id']}'\" value=\"Products ({$numrows})\" />"; } $row[category_name] = stripslashes( "{$row['category_name']}" ); echo "<tr>\n\t\t\t\t<td> + <a href=\"".$adminurl."products/editcategory.php?category_id={$row['category_id']}\" title=\"{$row['category_desc']}\">{$row['category_name']}</a> </td>\n\t\t\t\t<td>"; if ( $row[category_publish] == Y ) { echo "<input type=\"button\" class=\"deactivate\" value=\"(click to deactivate)\" onclick=\"location.href='".$adminurl."products/bin/categoryonoff.php?category_id={$row['category_id']}&act=N'\" />"; } else { echo "<input type=\"button\" class=\"activate\" value=\"(click to activate)\" onclick=\"location.href='".$adminurl."products/bin/categoryonoff.php?category_id={$row['category_id']}&act=Y'\" />"; } echo "</td>\n\t\t\t\t<td> <input type=\"button\" class=\"add\" onclick=\"location.href='".$adminurl."products/addproduct.php?category_id={$row['category_id']}'\" value=\"Add\" /> {$linker} </td>\n\t\t\t\t<td> <input type=\"button\" class=\"edit\" onclick=\"location.href='{$adminurl}products/editcategory.php?category_id={$row['category_id']}'\" value=\"Edit\" /> <input type=\"button\" class=\"delete\" value=\"DELETE\" onclick='usr_conf(\"{$adminurl}products/bin/deletecategory.php\",\"category_id={$row['category_id']}\",\"Are you sure you want to delete this category?\");' /> </td>\n\t\t\t</tr>\n"; getchildrenlist( $parent, $level ); } } function getChildrenList( $parent, $level ) { global $connection; global $adminurl; ++$level; $where_in_level = "0"; if ( !ctype_digit( $parent ) ) { $parent = ""; } $sql1 = "SELECT * from categories WHERE category_parent_id='".$parent."'"; if ( !( $result1 = @mysql_query( $sql1, $connection ) ) ) { exit( "Couldn't build category tree child part: ".mysql_error( ) ); } while ( $row1 = mysql_fetch_array( $result1 ) ) { ++$where_in_level; $parent = "{$row1['category_id']}"; $level_indent = $level - 1; $i = 0; for ( ; $i < $level_indent; ++$i ) { echo " "; } if ( $last_level == $level ) { echo " "; } else { echo " "; } $i = 0; for ( ; $i < $level; ++$i ) { echo " "; } $sql3 = "SELECT product_id from products WHERE category_id='".$parent."'"; if ( !( $result3 = @mysql_query( $sql3, $connection ) ) ) { exit( "Couldn't get data from products db" ); } $numrows = mysql_num_rows( $result3 ); if ( $numrows < 1 ) { $linker = ""; } else { $linker = "<input type=\"button\" class=\"list\" onclick=\"location.href='".$adminurl."products/productlist.php?category_id={$row1['category_id']}'\" value=\"Products ({$numrows})\" />"; } echo "\t<tr>\n\t\t<td> » (".$level.") <a href=\"{$adminurl}products/editcategory.php?category_id={$row1['category_id']}\" title=\"{$row1['category_desc']}\">{$row1['category_name']}</a></td>\n\t\t\t<td>"; if ( $row1[category_publish] == Y ) { echo "<input type=\"button\" class=\"deactivate\" value=\"(click to deactivate)\" onclick=\"location.href='".$adminurl."products/bin/categoryonoff.php?category_id={$row1['category_id']}&act=N'\" />"; } else { echo "<input type=\"button\" class=\"activate\" value=\"(click to activate)\" onclick=\"location.href='".$adminurl."products/bin/categoryonoff.php?category_id={$row1['category_id']}&act=Y'\" />"; } echo "</td> \n\t\t\t<td><input type=\"button\" class=\"add\" onclick=\"location.href='".$adminurl."products/addproduct.php?category_id={$row1['category_id']}'\" value=\"Add\" /> {$linker}</td>\n\t\t\t<td> <input type=\"button\" class=\"edit\" onclick=\"location.href='{$adminurl}products/editcategory.php?category_id={$row1['category_id']}'\" value=\"Edit\" /> <input type=\"button\" class=\"delete\" value=\"DELETE\" onclick='usr_conf(\"{$adminurl}products/bin/deletecategory.php\",\"category_id={$row1['category_id']}\",\"Are you sure you want to delete this category?\");' /></td>\n\t</tr>\n"; getchildrenlist( $parent, $level ); $last_level = $level; } } function productcheckcategories( ) { global $connection; global $oktoadd; $sql3 = "SELECT * from categories"; if ( !( $result3 = @mysql_query( $sql3, $connection ) ) ) { exit( "Couldn't get data from category db" ); } $numrows = mysql_num_rows( $result3 ); if ( 1 <= $numrows ) { $oktoadd = "Y"; } } function countrycompareDD( $country_dd ) { global $connection; echo "<select name=\"country\">"; $sql3 = "SELECT country_short, country_long from country WHERE zone_id !='0'"; if ( !( $result3 = @mysql_query( $sql3, $connection ) ) ) { exit( "Couldn't execute request 1" ); } while ( $row3 = mysql_fetch_array( $result3 ) ) { if ( $row3[country_short] == $country_dd ) { echo "<option value=\"".$row3['country_short']."\" selected>{$row3['country_long']}</option>\n"; } else { echo "<option value=\"".$row3['country_short']."\">{$row3['country_long']}</option>\n"; } } echo "</select>"; } function alternatecolour( $level ) { global $altclass; $class_1 = " class=altlight"; $class_2 = " class=altdark"; $altclass = $class_1; $level % 2 ? 0 : ( $altclass = $class_2 ); } function check_email_address( $email ) { if ( !preg_match( "/[^@]{1,64}@[^@]{1,255}/i", $email ) ) { return FALSE; } $email_array = explode( "@", $email ); $local_array = explode( ".", $email_array[0] ); $i = 0; for ( ; $i < sizeof( $local_array ); ++$i ) { if ( preg_match( ">^(([A-Za-z0-9!#\$%&'*+/=?^_`{|}~-][A-Za-z0-9!#\$%&'*+/=?^_`{|}~\\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))\$>i", $local_array[$i] ) ) { continue; } return FALSE; } if ( !preg_match( "/^\\[?[0-9\\.]+\\]?\$/i", $email_array[1] ) ) { $domain_array = explode( ".", $email_array[1] ); if ( sizeof( $domain_array ) < 2 ) { return FALSE; } $i = 0; for ( ; $i < sizeof( $domain_array ); ++$i ) { if ( preg_match( "/^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))\$/i", $domain_array[$i] ) ) { continue; } return FALSE; } } return TRUE; } if ( get_magic_quotes_gpc( ) ) { $in = array( $GLOBALS['_GET'], $GLOBALS['_POST'], $GLOBALS['_COOKIE'] ); while ( list( $k, $v ) = each( &$in ) ) { foreach ( $v as $key => $val ) { if ( !is_array( $val ) ) { $in[$k][$key] = stripslashes( $val ); } else { $in[] =& $in[$k][$key]; } } } unset( $in ); } if ( isset( $_POST ) || isset( $_GET ) ) { $in = array( $GLOBALS['_GET'], $GLOBALS['_POST'] ); while ( list( $k, $v ) = each( &$in ) ) { foreach ( $v as $key => $val ) { if ( !is_array( $val ) ) { if ( ( $key == "txtContent" || $key == "category_desc" || !( $key == "metaadd" ) && !( $admin_ok_check == $_SESSION[admin_ok] ) ) || !preg_match( "/".$adminDir."/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/paypalcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/updatecurrency.php/", "{$_SERVER['PHP_SELF']}" ) ) { if ( !preg_match( "/createcurrency.php/", "{$_SERVER['PHP_SELF']}" ) ) { $val = preg_replace( "/\\s+/", " ", $val ); $in[$k][$key] = htmlentities( trim( $val ) ); } } } else { $in[] =& $in[$k][$key]; } } } unset( $in ); } $sYear = "2007"; $cwd = dirname( __FILE__ ); $instdir = str_replace( "private", "", "{$cwd}" ); include( "{$instdir}private/config.php" ); include( "{$instdir}private/cache.php" ); include( "{$instdir}private/pca_config.php" ); if ( empty( $shopurl ) ) { header( "Location: install/" ); exit( ); } include( "{$instdir}private/db_connect.php" ); include( "{$instdir}private/messages.php" ); include( "{$instdir}private/shop_messages.php" ); $admin_dirs = array( "settings", "orders", "newsletter", "reports", "shoppers", "products", "content" ); $mtta = array( "mail", "smtp" ); $ppgfields = array( "ppemail", "ppmerchantid", "ppsecret", "pptestmode", "ppinstid", "ppintip", "ppextip", "ppgiftaid", "ppApply3DSecure", "ppApplyAVSCV2", "ppauthmode", "ppsignature" ); $category_style = array( "List with Thumbnail", "List no Thumbnail", "Grid" ); $category_sort_order = array( "Alphabetical", "Newest Items First", "Newest Items Last", "Featured Items First", "Custom Sort", "Price Low - High", "Price High - Low" ); $sf_style = array( "List", "Grid" ); $sf_sort_order = array( "Alphabetical", "By ID", "Randomised" ); $cf_sort_order = array( "Alphabetical", "By ID", "Custom" ); $allow_next = array( "selectdeliveryaddress.php", "revieworder.php", "reviewproduct.php", "revieworder.php?clearptid=Y", "orders.php" ); if ( $_GET[next] && !in_array( "{$_GET['next']}", $allow_next ) ) { echo "Not allowed!"; exit( ); } if ( !ctype_digit( $_GET[cmsid] ) ) { $GLOBALS['_GET'][cmsid] = ""; } $GLOBALS['_GET'][cmsid] = mysql_real_escape_string( "{$_GET['cmsid']}" ); if ( !ctype_digit( $_GET[category_id] ) ) { $GLOBALS['_GET'][category_id] = ""; } $GLOBALS['_GET'][category_id] = mysql_real_escape_string( "{$_GET['category_id']}" ); if ( !ctype_digit( $_GET[product_id] ) ) { $GLOBALS['_GET'][product_id] = ""; } $GLOBALS['_GET'][product_id] = mysql_real_escape_string( "{$_GET['product_id']}" ); if ( !ctype_digit( $_GET[product_xo_id] ) ) { $GLOBALS['_GET'][product_xo_id] = ""; } $GLOBALS['_GET'][product_xo_id] = mysql_real_escape_string( "{$_GET['product_xo_id']}" ); if ( !ctype_digit( $_GET[o_id] ) ) { $GLOBALS['_GET'][o_id] = ""; } $GLOBALS['_GET'][o_id] = mysql_real_escape_string( "{$_GET['o_id']}" ); if ( !ctype_digit( $_GET[p_id] ) ) { $GLOBALS['_GET'][p_id] = ""; } $GLOBALS['_GET'][p_id] = mysql_real_escape_string( "{$_GET['p_id']}" ); if ( !ctype_digit( $_GET[a_id] ) ) { $GLOBALS['_GET'][a_id] = ""; } $GLOBALS['_GET'][a_id] = mysql_real_escape_string( "{$_GET['a_id']}" ); $GLOBALS['_POST'][query_string] = mysql_real_escape_string( "{$_POST['query_string']}" ); if ( !ctype_digit( $_POST[pre_xo_id] ) ) { $GLOBALS['_POST'][pre_xo_id] = ""; } $GLOBALS['_POST'][pre_xo_id] = mysql_real_escape_string( "{$_POST['pre_xo_id']}" ); if ( !ctype_digit( $_POST[p_id] ) ) { $GLOBALS['_POST'][p_id] = ""; } $GLOBALS['_POST'][p_id] = mysql_real_escape_string( "{$_POST['p_id']}" ); if ( !ctype_digit( $_POST[qty] ) ) { $GLOBALS['_POST'][qty] = ""; } $GLOBALS['_POST'][qty] = mysql_real_escape_string( "{$_POST['qty']}" ); $GLOBALS['_POST'][loginemail] = mysql_real_escape_string( "{$_POST['loginemail']}" ); $GLOBALS['_POST'][loginpass] = mysql_real_escape_string( "{$_POST['loginpass']}" ); if ( $_POST[mail_outs] != "Y" && $_POST[mail_outs] != "N" ) { $GLOBALS['_POST'][mail_outs] = "Y"; } $GLOBALS['_POST'][mail_outs] = mysql_real_escape_string( "{$_POST['mail_outs']}" ); $GLOBALS['_POST'][old_password] = mysql_real_escape_string( "{$_POST['old_password']}" ); $GLOBALS['_POST'][confirm_password] = mysql_real_escape_string( "{$_POST['confirm_password']}" ); $search = array( "@<script[^>]*?>.*?</script>@si", "@<[\\/\\!]*?[^<>]*?>@si", "@&(quot|#34);@i", "@&(amp|#38);@i", "@&(lt|#60);@i", "@&(gt|#62);@i", "@&(nbsp|#160);@i", "@&(iexcl|#161);@i", "@&(cent|#162);@i", "@&(pound|#163);@i", "@&(copy|#169);@i", "@&#(\\d+);@e" ); $replace = array( "", "", "\\1", "\"", "&", "<", ">", " ", chr( 161 ), chr( 162 ), chr( 163 ), chr( 169 ), "chr(\\1)" ); $GLOBALS['_POST'][company] = mysql_real_escape_string( "{$_POST['company']}" ); $GLOBALS['_POST'][company] = mysql_real_escape_string( "{$_POST['company']}" ); $GLOBALS['_POST'][company] = preg_replace( $search, $replace, $_POST[company] ); $GLOBALS['_POST'][first_name] = mysql_real_escape_string( "{$_POST['first_name']}" ); $GLOBALS['_POST'][first_name] = preg_replace( $search, $replace, $_POST[first_name] ); $GLOBALS['_POST'][last_name] = mysql_real_escape_string( "{$_POST['last_name']}" ); $GLOBALS['_POST'][last_name] = preg_replace( $search, $replace, $_POST[last_name] ); $GLOBALS['_POST'][email] = mysql_real_escape_string( "{$_POST['email']}" ); $GLOBALS['_POST'][email] = preg_replace( $search, $replace, $_POST[email] ); $GLOBALS['_POST'][no_name] = mysql_real_escape_string( "{$_POST['no_name']}" ); $GLOBALS['_POST'][no_name] = preg_replace( $search, $replace, $_POST[no_name] ); $GLOBALS['_POST'][street] = mysql_real_escape_string( "{$_POST['street']}" ); $GLOBALS['_POST'][street] = preg_replace( $search, $replace, $_POST[street] ); $GLOBALS['_POST'][town] = mysql_real_escape_string( "{$_POST['town']}" ); $GLOBALS['_POST'][town] = preg_replace( $search, $replace, $_POST[town] ); $GLOBALS['_POST'][county] = mysql_real_escape_string( "{$_POST['county']}" ); $GLOBALS['_POST'][county] = preg_replace( $search, $replace, $_POST[county] ); $GLOBALS['_POST'][postcode] = mysql_real_escape_string( "{$_POST['postcode']}" ); $GLOBALS['_POST'][postcode] = preg_replace( $search, $replace, $_POST[postcode] ); $GLOBALS['_POST'][country] = mysql_real_escape_string( "{$_POST['country']}" ); $GLOBALS['_POST'][country] = preg_replace( $search, $replace, $_POST[country] ); $GLOBALS['_POST'][day_tel] = mysql_real_escape_string( "{$_POST['day_tel']}" ); $GLOBALS['_POST'][day_tel] = preg_replace( $search, $replace, $_POST[day_tel] ); $GLOBALS['_POST'][eve_tel] = mysql_real_escape_string( "{$_POST['eve_tel']}" ); $GLOBALS['_POST'][eve_tel] = preg_replace( $search, $replace, $_POST[eve_tel] ); $GLOBALS['_POST'][mobile] = mysql_real_escape_string( "{$_POST['mobile']}" ); $GLOBALS['_POST'][mobile] = preg_replace( $search, $replace, $_POST[mobile] ); $GLOBALS['_POST'][fax] = mysql_real_escape_string( "{$_POST['fax']}" ); $GLOBALS['_POST'][fax] = preg_replace( $search, $replace, $_POST[fax] ); $GLOBALS['_POST'][emailaddress] = mysql_real_escape_string( "{$_POST['emailaddress']}" ); $GLOBALS['_POST'][emailaddress] = preg_replace( $search, $replace, $_POST[emailaddress] ); $GLOBALS['_POST'][password] = mysql_real_escape_string( "{$_POST['password']}" ); $GLOBALS['_POST'][password] = preg_replace( $search, $replace, $_POST[password] ); $GLOBALS['_POST'][review] = mysql_real_escape_string( "{$_POST['review']}" ); $GLOBALS['_POST'][review] = preg_replace( $search, $replace, $_POST[review] ); $GLOBALS['_POST'][rating] = mysql_real_escape_string( "{$_POST['rating']}" ); $GLOBALS['_POST'][rating] = preg_replace( $search, $replace, $_POST[rating] ); $GLOBALS['_POST'][smode] = mysql_real_escape_string( "{$_POST['smode']}" ); $GLOBALS['_POST'][smode] = preg_replace( $search, $replace, $_POST[smode] ); if ( !ctype_digit( $_POST[ship_addr] ) ) { $GLOBALS['_POST'][ship_addr] = ""; } $GLOBALS['_POST'][ship_addr] = mysql_real_escape_string( "{$_POST['ship_addr']}" ); $GLOBALS['_POST'][ship_addr] = preg_replace( $search, $replace, $_POST[ship_addr] ); if ( !ctype_digit( $_GET[ship_addr] ) ) { $GLOBALS['_GET'][ship_addr] = ""; } $GLOBALS['_GET'][ship_addr] = mysql_real_escape_string( "{$_GET['ship_addr']}" ); $GLOBALS['_GET'][ship_addr] = preg_replace( $search, $replace, $_GET[ship_addr] ); if ( $_GET[sssess] ) { session_id( $_GET[sssess] ); } session_start( ); header( "cache-control: private" ); if ( isset( $_GET[redeempoints] ) && $_GET[redeempoints] == "Y" ) { $_SESSION[redeemer] = "Y"; } if ( $_POST[purchaseorder] ) { $_SESSION[po] = mysql_real_escape_string( "{$_POST['purchaseorder']}" ); } if ( !$_SESSION[loginemail] ) { $_SESSION[loginemail] = "noemail@store"; } if ( !$_SESSION[adminemail] ) { $_SESSION[adminemail] = "noadmin@store"; } if ( !empty( $_POST['discode'] ) ) { $_SESSION['discode'] = htmlentities( trim( $_POST['discode'] ) ); } $auth_ok_check = md5( "{$_SESSION['loginemail']}.{$hash}" ); $admin_ok_check = md5( "{$_SESSION['adminemail']}.{$hash}" ); if ( isset( $_GET['oidref'] ) ) { $GLOBALS['_GET']['oidref'] = mysql_real_escape_string( $_GET['oidref'] ); $sql = "SELECT o_id FROM order_list WHERE ref='".$_GET['oidref']."' AND unh='{$_GET['oidref']}'"; if ( !( $result = @mysql_query( $sql, $connection ) ) ) { exit( "**COULD NOT GET COPYRIGHT KEYS**" ); } if ( $row = mysql_fetch_array( $result ) ) { $_SESSION['unh'] = $_GET['oidref']; header( "location: ".$sshopurl."orderdetails_os.php?o_id={$row['o_id']}" ); exit( ); } if ( $_SESSION['auth_ok'] == $auth_ok_check ) { header( "location: ".$sshopurl."secure/orders.php" ); exit( ); } header( "location: ".$sshopurl."secure/login.php?next=orders.php" ); exit( ); } if ( preg_match( "/secure/", "{$_SERVER['PHP_SELF']}" ) && !preg_match( "/cardsavehostedredirectcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/charityclearcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/forgetful.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/ewayukcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/ewaynzcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/sagepay/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/sagepayformcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/sagepayservercallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/getpassword.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/realexcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/totalwebsolutionsecommerchantcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/doqreg.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/qreg.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/paypointmetachargecallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/voicepaycallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/secpaysecpagecallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/vps_handle_protx_response.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/protx/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/protxformcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/protxcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/worldpaycallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/securetradingcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/barclayscpicallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/paypalcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/moneybookerscallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/nochexcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/offlinecallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/doregister.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/register.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/doprereg.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/index.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/dologin.php/", "{$_SERVER['PHP_SELF']}" ) ) { if ( $auth_ok_check != $_SESSION[auth_ok] ) { header( "Location: ".$sshopurl."secure/login.php?{$_GET['next']}&shk&p={$_SERVER['PHP_SELF']}" ); exit( ); } if ( preg_match( "/secure/", "{$_SERVER['PHP_SELF']}" ) ) { $isaccount = "1"; } } if ( preg_match( "/".$adminDir."/", "{$_SERVER['PHP_SELF']}" ) && !preg_match( "/adlogin.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/forgetful.php/", "{$_SERVER['PHP_SELF']}" ) ) { if ( $admin_ok_check != $_SESSION[admin_ok] ) { header( "Location: ".$adminurl."ss-admin/adlogin.php" ); exit( ); } if ( preg_match( "/".$adminDir."/", "{$_SERVER['PHP_SELF']}" ) ) { $isadmin = "1"; } } $noadirs = count( $admin_dirs ); $i = 0; for ( ; $i <= $noadirs; ++$i ) { if ( !preg_match( "/admin\\/".$admin_dirs[$i]."/", "{$_SERVER['PHP_SELF']}" ) && preg_match( "/".$admin_dirs[$i]."/", "{$_SESSION['admin_type']}" ) ) { continue; } header( "Location: ".$adminurl."perms.php?noperm={$admin_dirs[$i]}" ); exit( ); } if ( !$_SESSION[shopper_type] ) { $_SESSION[shopper_type] = "1"; } if ( $_GET[setcurrency] == "1" ) { if ( ctype_digit( $_GET['new_currency_id'] ) ) { $GLOBALS['_POST'][new_currency_id] = $_GET['new_currency_id']; } if ( ctype_digit( $_POST['new_currency_id'] ) ) { $sql3 = "SELECT currency_id from currency WHERE currency_id='".$_POST['new_currency_id']."'"; if ( !( $result3 = @mysql_query( $sql3, $connection ) ) ) { exit( "Couldn't check for valid currency" ); } while ( $row3 = mysql_fetch_array( $result3 ) ) { $_SESSION['currency_id'] = $row3['currency_id']; } } } if ( $_GET['clearptid'] == "Y" ) { unset( $_SESSION['ptid'] ); } if ( $_GET[selectpostage] == 1 ) { if ( $_POST[selptid] == Free || $_POST[selptid] == free ) { unset( $_SESSION['ptid'] ); } else if ( isset( $_POST[selptid] ) ) { $_SESSION['ptid'] = $_POST[selptid]; } else { unset( $_SESSION['ptid'] ); } $GLOBALS['_POST'][selptid] = mysql_real_escape_string( $_POST[selptid] ); $sql1 = "UPDATE basket SET ptid='".$_POST['selptid']."' WHERE session_id='".session_id( )."'"; if ( !( $result1 = @mysql_query( $sql1, $connection ) ) ) { exit( "Couldn't execute request 1" ); } } ?> Quote Link to comment Share on other sites More sharing options...
xyph Posted November 9, 2011 Share Posted November 9, 2011 Not many people are going to sift through all that code to figure out what you're trying to do. You need to isolate the issue, and remove code not causing it. Are you reporting errors properly? If you're not sure, then copy the snippet in my signature at the top of your page. the 'Location' directive in headers requires a complete URL. This is specified right in the PHP manual under header and a pure-PHP example is given on how to automate this. Once you've tried the above, let us know any errors you may be having, and post a working version of only the code you're having issues with. Remove any includes, or code that could have an effect on variables that we can't see. Quote Link to comment Share on other sites More sharing options...
n1kko Posted November 9, 2011 Author Share Posted November 9, 2011 Thanks for the fast reply somewhere in here is causing the error <?php if ( preg_match( "/secure/", "{$_SERVER['PHP_SELF']}" ) && !preg_match( "/cardsavehostedredirectcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/charityclearcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/forgetful.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/ewayukcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/ewaynzcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/sagepay/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/sagepayformcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/sagepayservercallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/getpassword.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/realexcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/totalwebsolutionsecommerchantcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/doqreg.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/qreg.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/paypointmetachargecallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/voicepaycallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/secpaysecpagecallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/vps_handle_protx_response.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/protx/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/protxformcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/protxcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/worldpaycallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/securetradingcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/barclayscpicallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/paypalcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/moneybookerscallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/nochexcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/offlinecallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/doregister.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/register.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/doprereg.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/index.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/dologin.php/", "{$_SERVER['PHP_SELF']}" ) ) { if ( $auth_ok_check != $_SESSION[auth_ok] ) { header( "Location: ".$sshopurl."secure/login.php?{$_GET['next']}{$_SERVER['PHP_SELF']}" ); exit( ); } if ( preg_match( "/secure/", "{$_SERVER['PHP_SELF']}" ) ) { $isaccount = "1"; } } if ( preg_match( "/".$adminDir."/", "{$_SERVER['PHP_SELF']}" ) && !preg_match( "/adlogin.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/forgetful.php/", "{$_SERVER['PHP_SELF']}" ) ) { if ( $admin_ok_check != $_SESSION[admin_ok] ) { header( "Location: ".$adminurl."ss-admin/adlogin.php" ); exit( ); } if ( preg_match( "/".$adminDir."/", "{$_SERVER['PHP_SELF']}" ) ) { $isadmin = "1"; } } $noadirs = count( $admin_dirs ); $i = 0; for ( ; $i <= $noadirs; ++$i ) { if ( !preg_match( "/admin\\/".$admin_dirs[$i]."/", "{$_SERVER['PHP_SELF']}" ) && preg_match( "/".$admin_dirs[$i]."/", "{$_SESSION['admin_type']}" ) ) { continue; } header( "Location: ".$adminurl."perms.php?noperm={$admin_dirs[$i]}" ); exit( ); } ?> And these are the errors Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at /home/site/public_html/folder/private/corefunctions.php:3) in /home/site/public_html/folder/private/corefunctions.php on line 785 Warning: Cannot modify header information - headers already sent by (output started at /home/site/public_html/folder/private/corefunctions.php:3) in /home/site/public_html/folder/private/corefunctions.php on line 786 Warning: Cannot modify header information - headers already sent by (output started at /home/site/public_html/folder/private/corefunctions.php:3) in /home/site/public_html/folder/private/corefunctions.php on line 835 Quote Link to comment Share on other sites More sharing options...
xyph Posted November 9, 2011 Share Posted November 9, 2011 This line if ( preg_match( "/secure/", "{$_SERVER['PHP_SELF']}" ) && !preg_match( "/cardsavehostedredirectcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/charityclearcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/forgetful.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/ewayukcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/ewaynzcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/sagepay/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/sagepayformcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/sagepayservercallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/getpassword.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/realexcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/totalwebsolutionsecommerchantcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/doqreg.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/qreg.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/paypointmetachargecallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/voicepaycallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/secpaysecpagecallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/vps_handle_protx_response.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/protx/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/protxformcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/protxcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/worldpaycallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/securetradingcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/barclayscpicallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/paypalcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/moneybookerscallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/nochexcallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/offlinecallback.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/doregister.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/register.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/doprereg.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/index.php/", "{$_SERVER['PHP_SELF']}" ) || !preg_match( "/dologin.php/", "{$_SERVER['PHP_SELF']}" ) ) is absolutely insane. I think you're in over your head here, and there's a LOT more to fix in your script than a header() issue. Sadly, I don't have time to go over all of the problems in your code to be confident that your redirect issue has been solved. I apologize, and good luck. Quote Link to comment Share on other sites More sharing options...
n1kko Posted November 9, 2011 Author Share Posted November 9, 2011 many thanks for your time. Quote Link to comment Share on other sites More sharing options...
n1kko Posted November 9, 2011 Author Share Posted November 9, 2011 Sorry me again, I think this is the problem header( "Location: ".$sshopurl."secure/login.php?next={$_GET['next']}&shk&p={$_SERVER['PHP_SELF']}" ); as the url in the browser is /secure/login.php?next=&shk&p=/secure/index.php so I'm guessing this is wrong: &shk&p= Thanks Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.