corefunctions.php

<?php
function write_cache($f_cache_data, $f_cache_file) {
    if (!($fp = fopen($f_cache_file, "w"))) {
        trigger_error("Error opening cache file");
        exit();
    }
    if (!flock($fp, LOCK_EX)) {
        trigger_error("Unable to lock file");
        exit();
    }
    if (!fwrite($fp, serialize($f_cache_data))) {
        trigger_error("Error writing to cache file");
        exit();
    }
    flock($fp, LOCK_UN);
    fclose($fp);
}
function read_cache($f_cache_file) {
    if (!file_exists($f_cache_file)) {
        trigger_error("Invalid cache file");
        exit();
    }
    return unserialize(file_get_contents($f_cache_file));
}
function list_options($arrayname, $mode) {
    global $row;
    global $row_2;
    $sarray = "";
    foreach($arrayname as $v) {
        if (!isset($row['salutation']) && $row['salutation'] == $v || isset($row_2['salutation']) && $row_2['salutation'] == $v) {
            if (!isset($mode)) {
                echo "<option value=\"" . $v . "\" selected>{$v}</option>\n";
            } else {
                $sarray.= "<option value=\"" . $v . "\" selected>{$v}</option>\n";
            }
        } else if (!isset($mode)) {
            echo "<option value=\"" . $v . "\">{$v}</option>\n";
        } else {
            $sarray.= "<option value=\"" . $v . "\">{$v}</option>\n";
        }
    }
    return $sarray;
}
function genprevnext($numrows, $position, $nresults, $scriptis, $extras) {
    $disppages = intval($numrows / $nresults);
    if ($numrows % $nresults) {
        ++$disppages;
    }
    if ($nresults <= $position) {
        $current_page_num = $position / $nresults + 1;
    } else {
        $current_page_num = 1;
    }
    if (1 < $disppages) {
        echo "(Viewing " . $current_page_num . " of {$disppages} pages)<br /><br />";
    }
    if (!($numrows <= $nresults)) {
        if ("{$nresults}" <= $position) {
            $prevoffset = $position - $nresults;
            echo "<a href=\"" . $shopur . "{$scriptis}?position={$prevoffset}&nresults={$nresults}{$extras}\">&laquo; Prev</a>";
        } else {
            echo "<a href=\"#\">&laquo; Prev&nbsp;</a>";
        }
        $pages = intval($numrows / $nresults);
        if ($numrows % $nresults) {
            ++$pages;
        }
        $i = 1;
        for (;$i <= $pages;++$i) {
            $newoffset = $nresults * ($i - 1);
            echo "<a href=\"" . $http . "{$scriptis}?position={$newoffset}&nresults={$nresults}{$extras}\">{$i}</a>";
        }
        if (!($offset / $nresults == $pages) || $pages != 1) {
            $newoffset = $position + $nresults;
            if ($numrows <= $newoffset) {
                echo "<a href=\"#\">Next &raquo;</a>";
            } else {
                echo "<a href=\"" . $shopur . "{$scriptis}?position={$newoffset}&nresults={$nresults}{$extras}\">Next &raquo;</a>";
            }
        }
    }
}
function buildCategorySelect() {
    global $connection;
    global $category_id;
    $level = "0";
    $sql = "SELECT * from categories WHERE category_parent_id='deftl'";
    if (!($result = @mysql_query($sql, $connection))) {
        exit("** COULD NOT BUILD CATEGORY DROP DOWN ** " . mysql_error());
    }
    while ($row = mysql_fetch_array($result)) {
        $parent = "{$row['category_id']}";
        $row[category_name] = stripslashes("{$row['category_name']}");
        if ($category_id == $row[category_id]) {
            echo "<option value=\"" . $row['category_id'] . "\" selected>+ {$row['category_name']}</option>\n";
        } else {
            echo "<option value=\"" . $row['category_id'] . "\">+ {$row['category_name']}</option>\n";
        }
        getchildren($parent, $level);
    }
}
function getChildren($parent, $level) {
    global $connection;
    global $category_id;
    ++$level;
    $sql1 = "SELECT * from categories WHERE category_parent_id='" . $parent . "' order by category_name";
    if (!($result1 = @mysql_query($sql1, $connection))) {
        exit("Couldn't build category tree child part: " . mysql_error());
    }
    while ($row1 = mysql_fetch_array($result1)) {
        $parent = "{$row1['category_id']}";
        if ($category_id == $row1[category_id]) {
            echo "<option value=\"" . $row1['category_id'] . "\" selected>";
        } else {
            echo "<option value=\"" . $row1['category_id'] . "\">";
        }
        $i = 0;
        for (;$i < $level;++$i) {
            echo " ";
        }
        echo "|--[" . $level . "]";
        echo " " . $row1['category_name'] . "</option>\n";
        getchildren($parent, $level);
    }
}
function getChildrenSEL($parent, $myparent, $level) {
    global $connection;
    global $https;
    global $category_id;
    ++$level;
    $sql1 = "SELECT * from categories WHERE category_parent_id='" . $parent . "' order by category_name";
    if (!($result1 = @mysql_query($sql1, $connection))) {
        exit("Couldn't build category tree child part: " . mysql_error());
    }
    while ($row1 = mysql_fetch_array($result1)) {
        $parent = "{$row1['category_id']}";
        if ($myparent == $row1[category_id]) {
            echo "<option value=\"" . $row1['category_id'] . "\" selected>";
        } else if ($category_id == $row1[category_id]) {
            echo "<option value=\"deftl\">";
        } else {
            echo "<option value=\"" . $row1['category_id'] . "\">";
        }
        $i = 0;
        for (;$i < $level;++$i) {
            echo " ";
        }
        echo "|" . $level . "|";
        echo "{$row1['category_name']}</option>\n";
        getchildrensel($parent, $myparent, $level);
    }
}
function makeCategoryMap() {
    global $connection;
    global $adminurl;
    $level = "0";
    $sql = "SELECT * from categories WHERE category_parent_id='deftl'";
    if (!($result = @mysql_query($sql, $connection))) {
        exit("Couldn't build category tree parent part: " . mysql_error());
    }
    while ($row = mysql_fetch_array($result)) {
        $parent = "{$row['category_id']}";
        $sql3 = "SELECT product_id from products WHERE category_id='" . $parent . "'";
        if (!($result3 = @mysql_query($sql3, $connection))) {
            exit("Couldn't get data from products db");
        }
        $numrows = mysql_num_rows($result3);
        if ($numrows < 1) {
            $linker = "";
        } else {
            $linker = "<input type=\"button\" class=\"list\" onclick=\"location.href='" . $adminurl . "products/productlist.php?category_id={$row['category_id']}'\" value=\"Products ({$numrows})\" />";
        }
        $row[category_name] = stripslashes("{$row['category_name']}");
        echo "<tr>\n\t\t\t\t<td> + <a href=\"" . $adminurl . "products/editcategory.php?category_id={$row['category_id']}\" title=\"{$row['category_desc']}\">{$row['category_name']}</a> </td>\n\t\t\t\t<td>";
        if ($row[category_publish] == Y) {
            echo "<input type=\"button\" class=\"deactivate\" value=\"(click to deactivate)\" onclick=\"location.href='" . $adminurl . "products/bin/categoryonoff.php?category_id={$row['category_id']}&act=N'\" />";
        } else {
            echo "<input type=\"button\" class=\"activate\" value=\"(click to activate)\" onclick=\"location.href='" . $adminurl . "products/bin/categoryonoff.php?category_id={$row['category_id']}&act=Y'\" />";
        }
        echo "</td>\n\t\t\t\t<td> <input type=\"button\" class=\"add\" onclick=\"location.href='" . $adminurl . "products/addproduct.php?category_id={$row['category_id']}'\" value=\"Add\" /> {$linker} </td>\n\t\t\t\t<td> <input type=\"button\" class=\"edit\" onclick=\"location.href='{$adminurl}products/editcategory.php?category_id={$row['category_id']}'\" value=\"Edit\" /> <input type=\"button\" class=\"delete\" value=\"DELETE\" onclick='usr_conf(\"{$adminurl}products/bin/deletecategory.php\",\"category_id={$row['category_id']}\",\"Are you sure you want to delete this category?\");' /> </td>\n\t\t\t</tr>\n";
        getchildrenlist($parent, $level);
    }
}
function getChildrenList($parent, $level) {
    global $connection;
    global $adminurl;
    ++$level;
    $where_in_level = "0";
    $sql1 = "SELECT * from categories WHERE category_parent_id='" . $parent . "'";
    if (!($result1 = @mysql_query($sql1, $connection))) {
        exit("Couldn't build category tree child part: " . mysql_error());
    }
    while ($row1 = mysql_fetch_array($result1)) {
        ++$where_in_level;
        $parent = "{$row1['category_id']}";
        $level_indent = $level - 1;
        $i = 0;
        for (;$i < $level_indent;++$i) {
            echo " ";
        }
        if ($last_level == $level) {
            echo " ";
        } else {
            echo " ";
        }
        $i = 0;
        for (;$i < $level;++$i) {
            echo " ";
        }
        $sql3 = "SELECT product_id from products WHERE category_id='" . $parent . "'";
        if (!($result3 = @mysql_query($sql3, $connection))) {
            exit("Couldn't get data from products db");
        }
        $numrows = mysql_num_rows($result3);
        if ($numrows < 1) {
            $linker = "";
        } else {
            $linker = "<input type=\"button\" class=\"list\" onclick=\"location.href='" . $adminurl . "products/productlist.php?category_id={$row1['category_id']}'\" value=\"Products ({$numrows})\" />";
        }
        echo "\t<tr>\n\t\t<td> &raquo; (" . $level . ") <a href=\"{$adminurl}products/editcategory.php?category_id={$row1['category_id']}\" title=\"{$row1['category_desc']}\">{$row1['category_name']}</a></td>\n\t\t\t<td>";
        if ($row1[category_publish] == Y) {
            echo "<input type=\"button\" class=\"deactivate\" value=\"(click to deactivate)\" onclick=\"location.href='" . $adminurl . "products/bin/categoryonoff.php?category_id={$row1['category_id']}&act=N'\" />";
        } else {
            echo "<input type=\"button\" class=\"activate\" value=\"(click to activate)\" onclick=\"location.href='" . $adminurl . "products/bin/categoryonoff.php?category_id={$row1['category_id']}&act=Y'\" />";
        }
        echo "</td> \n\t\t\t<td><input type=\"button\" class=\"add\" onclick=\"location.href='" . $adminurl . "products/addproduct.php?category_id={$row1['category_id']}'\" value=\"Add\" /> {$linker}</td>\n\t\t\t<td> <input type=\"button\" class=\"edit\" onclick=\"location.href='{$adminurl}products/editcategory.php?category_id={$row1['category_id']}'\" value=\"Edit\" /> <input type=\"button\" class=\"delete\" value=\"DELETE\" onclick='usr_conf(\"{$adminurl}products/bin/deletecategory.php\",\"category_id={$row1['category_id']}\",\"Are you sure you want to delete this category?\");' /></td>\n\t</tr>\n";
        getchildrenlist($parent, $level);
        $last_level = $level;
    }
}
function productcheckcategories() {
    global $connection;
    global $oktoadd;
    $sql3 = "SELECT * from categories";
    if (!($result3 = @mysql_query($sql3, $connection))) {
        exit("Couldn't get data from category db");
    }
    $numrows = mysql_num_rows($result3);
    if (1 <= $numrows) {
        $oktoadd = "Y";
    }
}
function countrycompareDD($country_dd) {
    global $connection;
    echo "<select name=\"country\">";
    $sql3 = "SELECT country_short, country_long from country WHERE zone_id !='0'";
    if (!($result3 = @mysql_query($sql3, $connection))) {
        exit("Couldn't execute request 1");
    }
    while ($row3 = mysql_fetch_array($result3)) {
        if ($row3[country_short] == $country_dd) {
            echo "<option value=\"" . $row3['country_short'] . "\" selected>{$row3['country_long']}</option>\n";
        } else {
            echo "<option value=\"" . $row3['country_short'] . "\">{$row3['country_long']}</option>\n";
        }
    }
    echo "</select>";
}
function alternatecolour($level) {
    global $altclass;
    $class_1 = " class=altlight";
    $class_2 = " class=altdark";
    $altclass = $class_1;
    $level % 2 ? 0 : ($altclass = $class_2);
}
function check_email_address($email) {
    if (!ereg("[^@]{1,64}@[^@]{1,255}", $email)) {
        return FALSE;
    }
    $email_array = explode("@", $email);
    $local_array = explode(".", $email_array[0]);
    $i = 0;
    for (;$i < sizeof($local_array);++$i) {
        if (ereg("^(([A-Za-z0-9!#\$%&'*+/=?^_`{|}~-][A-Za-z0-9!#\$%&'*+/=?^_`{|}~\\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))\$", $local_array[$i])) {
            continue;
        }
        return FALSE;
    }
    if (!ereg("^\\[?[0-9\\.]+\\]?\$", $email_array[1])) {
        $domain_array = explode(".", $email_array[1]);
        if (sizeof($domain_array) < 2) {
            return FALSE;
        }
        $i = 0;
        for (;$i < sizeof($domain_array);++$i) {
            if (ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))\$", $domain_array[$i])) {
                continue;
            }
            return FALSE;
        }
    }
    return TRUE;
}
$sYear = "2007";
$cwd = dirname(__FILE__);
$instdir = str_replace("private", "", "{$cwd}");
include ("{$instdir}private/config.php");
include ("{$instdir}private/cache.php");
if (!$shopurl) {
    header("Location: install/");
    exit();
}
include ("{$instdir}private/db_connect.php");
include ("{$instdir}private/messages.php");
include ("{$instdir}private/shop_messages.php");
$s_cache_file = "{$sscache_dir}key.txt";
if ($sscache == "Y" && file_exists($s_cache_file) && time() - $sscache_exp < filemtime($s_cache_file)) {
    $s_cache_data = read_cache($s_cache_file);
} else {
    $sql = "SELECT copyRightKey,domainName FROM shop_settings";
    if (!($result = @mysql_query($sql, $connection))) {
        exit("**COULD NOT GET COPYRIGHT KEYS**");
    }
    while ($row = mysql_fetch_array($result)) {
        $s_cache_data[] = $row;
    }
    if ("" . $sscache . "" == "Y" && isset($s_cache_data)) {
        write_cache($s_cache_data, $s_cache_file);
    }
}
if (isset($s_cache_data)) {
    foreach($s_cache_data as $key => $row) {
        $copyRightCode = "{$row['copyRightKey']}";
        $domainName = "{$row['domainName']}";
    }
    $s_cache_data = "";
}
$stylish = array("tuxdiscs.com_CC66BD976A919DBA1D389EA030F1C98E", "homeheatgas.co.uk_7E3987914C37A595611AA2B02647AB3E", "htcshop.co.uk_D1463A8E25B25DBBF2828A05F1A4C786", "creativegiftcompany.co.uk_A0084DC13CAD4EF04745341D7B2859A0", "satnavnow.com_CB37C0E975D7C997C02DD8C2A903CCCE", "officesource.co.uk_D1F94EC11C220D3607897126CF0FC60B", "snapitshowit.com_EA669BA712152AC7604824CC4C821810", "englandathome.co.uk_FA3831E23466E7B22D4A17076C0795FC", "ellisofficefurniture.co.uk_B36B5A3FBEB39CF965EDE33C4F6607EE", "myweddingbox.co.uk_4856BFB9DBF37F90C0FA492CE087154E", "dukkaan.net_AA339C99F82BCD6C7DB0CB38A1A2D35C", "sosophisticated.co.uk_524D866DF422AB6211030E0400408957", "pure-beauty.co.uk_8DF947D81601F80C75A6109FD8E14DDA", "pure-beauty_31B643B484171B66354FC78FB2C272AA", "goodiessweetshop.co.uk_77489A3F2430FB4AF433250B9BFF9F71", "whiskcooking.co.uk_DDEB2054E47603FA9183BF8C91FD703D", "bodychef.co.uk_9F2D61781FA3B2F70EFDD3992604A551", "athenaflooring.co.uk_E7D0D322B5F23A3A2BFBB010001AB21B", "partyshop-mold.co.uk_41E26ED3FA379384B2EB103F60EDD059", "thegolfzone.net_86A65F7F8E7355649A4BA1B78462A60B", "littlereddogshop.co.uk_03B59361FD76EC594037262FEB44EAD3", "furnituregiant.co.uk_8C2C781A7C590FF3239182ED3DC24368", "dancevinyls.com_0999AB3CEAF33D53C7599BF2AFB9D804", "brainegg.com_A76ADAE00F80DA87C83C1C6B7939809E", "mrbates.co.uk_B24D6A529B75FD6BC256EB4FF8FAA28A", "metrosales.co.uk_3F507226A07DF97E8DAD87FED2BD7C25", "2pic1.co.uk_2FD2A963331EE04AFE7882AC447F3D53", "thingsonline.co.uk_340520B537817C03E4EEE71765A9769D", "tenpinshop.com_9ACBC1B6E153F74E2E8D58DF4AFFFE37", "drakepneumatics.co.uk_282A7137E3AAA0E7FA1A3A8E42899C49", "ipendpoints.co.uk_7470912986F50101ED255A5AF8679DB3");
$admin_dirs = array("settings", "orders", "newsletter", "reports", "shoppers", "products", "content");
$mtta = array("mail", "smtp");
$ppgfields = array("ppemail", "ppmerchantid", "ppsecret", "pptestmode", "ppinstid", "ppintip", "ppextip", "ppgiftaid", "ppApply3DSecure", "ppApplyAVSCV2", "ppauthmode", "ppsignature");
$category_style = array("List with Thumbnail", "List no Thumbnail", "Grid 2 Across", "Grid 3 Across", "Grid 4 Across", "Grid 5 Across");
$category_sort_order = array("Alphabetical", "Newest Items First", "Newest Items Last", "Featured Items First", "Custom Sort", "Price Low - High", "Price High - Low");
$sf_style = array("List", "Grid 2 Across", "Grid 3 Across", "Grid 4 Across", "Grid 5 Across");
$sf_sort_order = array("Alphabetical", "By ID", "Randomised");
$cf_sort_order = array("Alphabetical", "By ID", "Custom");
$allow_next = array("selectdeliveryaddress.php", "revieworder.php", "reviewproduct.php", "revieworder.php?clearptid=Y", "orders.php");
if ($_GET[next] && !in_array("{$_GET['next']}", $allow_next)) {
    echo "Not allowed!";
    exit();
}
$GLOBALS['_GET'][category_id] = mysql_real_escape_string("{$_GET['category_id']}");
$GLOBALS['_GET'][product_id] = mysql_real_escape_string("{$_GET['product_id']}");
$GLOBALS['_GET'][product_xo_id] = mysql_real_escape_string("{$_GET['product_xo_id']}");
$GLOBALS['_GET'][o_id] = mysql_real_escape_string("{$_GET['o_id']}");
$GLOBALS['_GET'][p_id] = mysql_real_escape_string("{$_GET['p_id']}");
$GLOBALS['_GET'][a_id] = mysql_real_escape_string("{$_GET['a_id']}");
$GLOBALS['_POST'][query_string] = mysql_real_escape_string("{$_POST['query_string']}");
$GLOBALS['_POST'][new_currency_id] = mysql_real_escape_string("{$_POST['new_currency_id']}");
$GLOBALS['_POST'][pre_xo_id] = mysql_real_escape_string("{$_POST['pre_xo_id']}");
$GLOBALS['_POST'][p_id] = mysql_real_escape_string("{$_POST['p_id']}");
$GLOBALS['_POST'][qty] = mysql_real_escape_string("{$_POST['qty']}");
$GLOBALS['_POST'][loginemail] = mysql_real_escape_string("{$_POST['loginemail']}");
$GLOBALS['_POST'][loginpass] = mysql_real_escape_string("{$_POST['loginpass']}");
$GLOBALS['_POST'][mail_outs] = mysql_real_escape_string("{$_POST['mail_outs']}");
$GLOBALS['_POST'][old_password] = mysql_real_escape_string("{$_POST['old_password']}");
$GLOBALS['_POST'][confirm_password] = mysql_real_escape_string("{$_POST['confirm_password']}");
$GLOBALS['_GET'][category_id] = mysql_real_escape_string("{$_GET['category_id']}");
$GLOBALS['_GET'][product_id] = mysql_real_escape_string("{$_GET['product_id']}");
$GLOBALS['_GET'][new_currency_id] = mysql_real_escape_string("{$_GET['new_currency_id']}");
$GLOBALS['_GET'][new_currency_id] = mysql_real_escape_string("{$_GET['new_currency_id']}");
$search = array("@<script[^>]*?>.*?</script>@si", "@<[\\/\\!]*?[^<>]*?>@si", "@&(quot|#34);@i", "@&(amp|#38);@i", "@&(lt|#60);@i", "@&(gt|#62);@i", "@&(nbsp|#160);@i", "@&(iexcl|#161);@i", "@&(cent|#162);@i", "@&(pound|#163);@i", "@&(copy|#169);@i", "@&#(\\d+);@e");
$replace = array("", "", "\\1", "\"", "&", "<", ">", " ", chr(161), chr(162), chr(163), chr(169), "chr(\\1)");
$GLOBALS['_POST'][company] = mysql_real_escape_string("{$_POST['company']}");
$GLOBALS['_POST'][company] = preg_replace($search, $replace, $_POST[company]);
$GLOBALS['_POST'][first_name] = mysql_real_escape_string("{$_POST['first_name']}");
$GLOBALS['_POST'][first_name] = preg_replace($search, $replace, $_POST[first_name]);
$GLOBALS['_POST'][last_name] = mysql_real_escape_string("{$_POST['last_name']}");
$GLOBALS['_POST'][last_name] = preg_replace($search, $replace, $_POST[last_name]);
$GLOBALS['_POST'][email] = mysql_real_escape_string("{$_POST['email']}");
$GLOBALS['_POST'][email] = preg_replace($search, $replace, $_POST[email]);
$GLOBALS['_POST'][no_name] = mysql_real_escape_string("{$_POST['no_name']}");
$GLOBALS['_POST'][no_name] = preg_replace($search, $replace, $_POST[no_name]);
$GLOBALS['_POST'][street] = mysql_real_escape_string("{$_POST['street']}");
$GLOBALS['_POST'][street] = preg_replace($search, $replace, $_POST[street]);
$GLOBALS['_POST'][town] = mysql_real_escape_string("{$_POST['town']}");
$GLOBALS['_POST'][town] = preg_replace($search, $replace, $_POST[town]);
$GLOBALS['_POST'][county] = mysql_real_escape_string("{$_POST['county']}");
$GLOBALS['_POST'][county] = preg_replace($search, $replace, $_POST[county]);
$GLOBALS['_POST'][postcode] = mysql_real_escape_string("{$_POST['postcode']}");
$GLOBALS['_POST'][postcode] = preg_replace($search, $replace, $_POST[postcode]);
$GLOBALS['_POST'][country] = mysql_real_escape_string("{$_POST['country']}");
$GLOBALS['_POST'][country] = preg_replace($search, $replace, $_POST[country]);
$GLOBALS['_POST'][day_tel] = mysql_real_escape_string("{$_POST['day_tel']}");
$GLOBALS['_POST'][day_tel] = preg_replace($search, $replace, $_POST[day_tel]);
$GLOBALS['_POST'][eve_tel] = mysql_real_escape_string("{$_POST['eve_tel']}");
$GLOBALS['_POST'][eve_tel] = preg_replace($search, $replace, $_POST[eve_tel]);
$GLOBALS['_POST'][mobile] = mysql_real_escape_string("{$_POST['mobile']}");
$GLOBALS['_POST'][mobile] = preg_replace($search, $replace, $_POST[mobile]);
$GLOBALS['_POST'][fax] = mysql_real_escape_string("{$_POST['fax']}");
$GLOBALS['_POST'][fax] = preg_replace($search, $replace, $_POST[fax]);
$GLOBALS['_POST'][emailaddress] = mysql_real_escape_string("{$_POST['emailaddress']}");
$GLOBALS['_POST'][emailaddress] = preg_replace($search, $replace, $_POST[emailaddress]);
$GLOBALS['_POST'][password] = mysql_real_escape_string("{$_POST['password']}");
$GLOBALS['_POST'][password] = preg_replace($search, $replace, $_POST[password]);
if ($_GET[sssess]) {
    session_id($_GET[sssess]);
}
session_start();
header("cache-control: private");
if (isset($_GET[redeempoints]) && $_GET[redeempoints] == "Y") {
    $_SESSION[redeemer] = "Y";
}
if ($_POST[purchaseorder]) {
    $_SESSION[po] = "{$_POST['purchaseorder']}";
}
if (!$_SESSION[loginemail]) {
    $_SESSION[loginemail] = "noemail@ssprite";
}
if (!$_SESSION[adminemail]) {
    $_SESSION[adminemail] = "noadmin@ssprite";
}
if ($_POST[discode]) {
    $_SESSION[discode] = trim("{$_POST['discode']}");
}
$auth_ok_check = md5("{$_SESSION['loginemail']}.{$hash}");
$admin_ok_check = md5("{$_SESSION['adminemail']}.{$hash}");
if (isset($_GET['oidref'])) {
    $GLOBALS['_GET']['oidref'] = mysql_real_escape_string($_GET['oidref']);
    $sql = "SELECT o_id FROM order_list WHERE ref='" . $_GET['oidref'] . "' AND unh='{$_GET['oidref']}'";
    if (!($result = @mysql_query($sql, $connection))) {
        exit("**COULD NOT GET COPYRIGHT KEYS**");
    }
    if ($row = mysql_fetch_array($result)) {
        $_SESSION['unh'] = $_GET['oidref'];
        header("location: " . $sshopurl . "orderdetails_os.php?o_id={$row['o_id']}");
        exit();
    }
    if ($_SESSION['auth_ok'] == $auth_ok_check) {
        header("location: " . $sshopurl . "secure/orders.php");
        exit();
    }
    header("location: " . $sshopurl . "secure/login.php?next=orders.php");
    exit();
}
if (preg_match("/secure/", "{$_SERVER['PHP_SELF']}") && !preg_match("/doqreg.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/qreg.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/voicepaycallback.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/secpaysecpagecallback.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/vps_handle_protx_response.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/protx/", "{$_SERVER['PHP_SELF']}") || !preg_match("/protxformcallback.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/protxcallback.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/worldpaycallback.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/securetradingcallback.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/barclayscpicallback.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/paypalcallback.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/moneybookerscallback.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/nochexcallback.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/offlinecallback.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/doregister.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/register.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/doprereg.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/login.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/dologin.php/", "{$_SERVER['PHP_SELF']}")) {
    if ($auth_ok_check != $_SESSION[auth_ok]) {
        header("Location: " . $sshopurl . "secure/login.php?next={$_GET['next']}&shk&p={$_SERVER['PHP_SELF']}");
        exit();
    }
    if (preg_match("/secure/", "{$_SERVER['PHP_SELF']}")) {
        $isaccount = "1";
    }
}
if (preg_match("/" . $adminDir . "/", "{$_SERVER['PHP_SELF']}") && !preg_match("/adlogin.php/", "{$_SERVER['PHP_SELF']}") || !preg_match("/forgetful.php/", "{$_SERVER['PHP_SELF']}")) {
    if ($admin_ok_check != $_SESSION[admin_ok]) {
        header("Location: " . $adminurl . "adlogin.php");
        exit();
    }
    if (preg_match("/" . $adminDir . "/", "{$_SERVER['PHP_SELF']}")) {
        $isadmin = "1";
    }
}
$noadirs = count($admin_dirs);
$i = 0;
for (;$i <= $noadirs;++$i) {
    if (!preg_match("/admin\\/" . $admin_dirs[$i] . "/", "{$_SERVER['PHP_SELF']}") && preg_match("/" . $admin_dirs[$i] . "/", "{$_SESSION['admin_type']}")) {
        continue;
    }
    header("Location: " . $adminurl . "perms.php?noperm={$admin_dirs[$i]}");
    exit();
}
if (!$_SESSION[shopper_type]) {
    $_SESSION[shopper_type] = "1";
}
if ($_GET[setcurrency] == 1) {
    if ($_GET[new_currency_id]) {
        $GLOBALS['_POST'][new_currency_id] = $_GET[new_currency_id];
    }
    $_SESSION['currency_id'] = $_POST[new_currency_id];
}
if ($_GET[clearptid] == Y) {
    session_unregister("ptid");
}
if ($_GET[selectpostage] == 1) {
    if ($_POST[selptid] == Free || $_POST[selptid] == free) {
        session_unregister("ptid");
    } else if (isset($_POST[selptid])) {
        $_SESSION['ptid'] = $_POST[selptid];
    } else {
        session_unregister("ptid");
    }
    $GLOBALS['_POST'][selptid] = mysql_real_escape_string($_POST[selptid]);
    $sql1 = "UPDATE basket SET ptid='" . $_POST['selptid'] . "' WHERE session_id='" . session_id() . "'";
    if (!($result1 = @mysql_query($sql1, $connection))) {
        exit("Couldn't execute request 1");
    }
}
?>