GT - Index.php

1. <?php
2. /*
3. Template Name: Home Page
4. */
5. ?>
6. <?php
7. ############################################
8. ######## ESSENTIAL CORE HEAD START #########
9. ############################################
10. $child_dir = get_stylesheet_directory();
11. $child_fn_dir = get_stylesheet_directory() . '/library/functions/';
12. if (file_exists($child_dir.'/child.txt')) {
13. $ct_on=1;
14. } else{$ct_on=0;}
15.  
16. if(isset($_REQUEST['ajax']) && $_REQUEST['ajax'] != '')
17. {
18. include_once(TEMPLATEPATH.'/ajax_queries.php');exit;
19. }else
20. if(isset($_REQUEST['export']) && $_REQUEST['export'] != '')
21. {
22. include_once(TEMPLATEPATH.'/export.php');exit;
23. }else
24. if(isset($_REQUEST['pay_mobile']) && $_REQUEST['pay_mobile'] != '')
25. {
26. include_once(TEMPLATEPATH.'/app/paypal_mobile_response.php');exit;
27. }else
28. if(isset($_REQUEST['api']) && $_REQUEST['api'] != '')
29. {
30. include_once(TEMPLATEPATH.'/app/api_get_markers.php');exit;
31. }else
32. if(isset($_REQUEST['api_submit']) && $_REQUEST['api_submit'] != '')
33. {
34. include_once(TEMPLATEPATH.'/app/api_submit.php');exit;
35. }else
36. if(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'get_markers')
37. {
38. if($ct_on && file_exists($child_dir.'/library/map/get_markers.php')){include_once($child_dir.'/library/map/get_markers.php');exit;}
39. else{include_once (TEMPLATEPATH . '/library/map/get_markers.php');exit;}
40. }else
41. if(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'ga')
42. {
43. if($ct_on && file_exists($child_dir.'/library/includes/google_analytics.php')){include_once ($child_dir.'/library/includes/google_analytics.php');}
44. else{include_once (TEMPLATEPATH . '/library/includes/google_analytics.php');}exit;
45. }else
46. if(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'calendar')
47. {
48. if($ct_on && file_exists($child_dir.'/library/calendar/calendar.php')){include_once ($child_dir.'/library/calendar/calendar.php');}
49. else{include_once (TEMPLATEPATH . '/library/calendar/calendar.php');}exit;
50. }else
51. if(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'favorite')
52. {
53. if(isset($_REQUEST['action']) && $_REQUEST['action']=='add')
54. {
55. add_to_favorite($_REQUEST['pid']);
56. }else{
57. remove_from_favorite($_REQUEST['pid']);
58. }
59. }else
60. if(isset($_REQUEST['ptype']) && $_REQUEST['ptype']=='profile')
61. {
62. global $current_user;
63. if(!$current_user->data->ID)
64. {
65. wp_redirect(site_url().'/?ptype=login');
66. exit;
67. }
68. if($ct_on && file_exists($child_dir.'/library/includes/profile.php')){include_once ($child_dir.'/library/includes/profile.php');}
69. else{include_once (TEMPLATEPATH . '/library/includes/profile.php');}exit;
70. }elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'phpinfo')
71. { echo 'Access Denied!'; // Added by Stiofan
72. //echo phpinfo();exit; // removed by Stiofan hebtech.co.uk ### Not a security risk by it's self but a window in to your server for the baddies ###
73. }elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'csvdl')
74. {
75. if($ct_on && file_exists($child_dir."/library/includes/csvdl.php")){include_once ($child_dir."/library/includes/csvdl.php");}
76. else{include_once (TEMPLATEPATH . "/library/includes/csvdl.php");}
77. }
78. elseif(isset($_REQUEST['ptype']) && ($_REQUEST['ptype'] == 'register' || $_REQUEST['ptype'] == 'login'))
79. {
80. if($ct_on && file_exists($child_dir."/library/includes/registration.php")){include_once ($child_dir."/library/includes/registration.php");}
81. else{include_once (TEMPLATEPATH . "/library/includes/registration.php");}
82. }
83. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'verify')
84. {
85. if($ct_on && file_exists($child_dir."/library/includes/claim_listing_verify.php")){include_once ($child_dir."/library/includes/claim_listing_verify.php");}
86. else{include_once (TEMPLATEPATH . "/library/includes/claim_listing_verify.php");}
87. }
88. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype']=='post_listing' && $_REQUEST['pid']){
89. $id = $_REQUEST['pid'];
90. if(get_edit_post_link($id)){
91. if($ct_on && file_exists($child_dir.'/submit_place.php')){include_once ($child_dir.'/submit_place.php');}
92. else{include_once (TEMPLATEPATH . '/submit_place.php');}exit;
93. }else echo 'Access Denied!';
94. }elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype']=='post_listing')
95. {
96. if($_REQUEST['ptype']=='post_listing' && get_option('is_user_addevent')=='0'){wp_redirect(site_url());exit;}
97. if($ct_on && file_exists($child_dir.'/submit_place.php')){include_once ($child_dir.'/submit_place.php');}
98. else{include_once (TEMPLATEPATH . '/submit_place.php');}exit;
99. }elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype']=='post_event')
100. {
101. if($_REQUEST['ptype']=='post_event' && get_option('is_user_eventlist')=='0' && $_REQUEST['pid']==''){wp_redirect(site_url());exit;}
102. if($ct_on && file_exists($child_dir.'/submit_event.php')){include_once ($child_dir.'/submit_event.php');}
103. else{include_once (TEMPLATEPATH . '/submit_event.php');}exit;
104. }
105. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'preview')
106. {
107. if($_REQUEST['pid']) //SECURITY FIX BY STIOFAN HEBTECH.CO.UK - CHECK IF USER HAS PERMISION TO VIEW DELETE LISTING PAGE
108. {
109. $id = $_REQUEST['pid'];
110. if(get_edit_post_link($id)){
111. if($ct_on && file_exists($child_dir."/library/includes/preview.php")){include_once ($child_dir."/library/includes/preview.php");}
112. else{include_once (TEMPLATEPATH . "/library/includes/preview.php");}
113. }elseif($_REQUEST['alook']){
114. if($ct_on && file_exists($child_dir."/library/includes/preview.php")){include_once ($child_dir."/library/includes/preview.php");}
115. else{include_once (TEMPLATEPATH . "/library/includes/preview.php");}
116. }
117. else echo 'Access Denied!';
118.  
119. }else {if($ct_on && file_exists($child_dir."/library/includes/preview.php")){include_once ($child_dir."/library/includes/preview.php");}
120. else{include_once (TEMPLATEPATH . "/library/includes/preview.php");}}
121. }
122. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'preview_event')
123. {
124. if($_REQUEST['pid']) //SECURITY FIX BY STIOFAN HEBTECH.CO.UK - CHECK IF USER HAS PERMISION TO VIEW DELETE LISTING PAGE
125. {
126. $id = $_REQUEST['pid'];
127. if(get_edit_post_link($id)){
128. if($ct_on && file_exists($child_dir."/library/includes/preview_event.php")){include_once ($child_dir."/library/includes/preview_event.php");}
129. else{include_once (TEMPLATEPATH . "/library/includes/preview_event.php");}
130. }elseif($_REQUEST['alook']){if($ct_on && file_exists($child_dir."/library/includes/preview_event.php")){include_once ($child_dir."/library/includes/preview_event.php");}
131. else{include_once (TEMPLATEPATH . "/library/includes/preview_event.php");}}
132.  
133. else echo 'Access Denied!';
134.  
135. }else {if($ct_on && file_exists($child_dir."/library/includes/preview_event.php")){include_once ($child_dir."/library/includes/preview_event.php");}
136. else{include_once (TEMPLATEPATH . "/library/includes/preview_event.php");}}
137. }
138. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'paynow')
139. {
140. if($ct_on && file_exists($child_dir."/library/includes/paynow.php")){include_once ($child_dir."/library/includes/paynow.php");}
141. else{include_once (TEMPLATEPATH . "/library/includes/paynow.php");}
142. }elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'paynow_event')
143. {
144. if($ct_on && file_exists($child_dir."/library/includes/paynow_event.php")){include_once ($child_dir."/library/includes/paynow_event.php");}
145. else{include_once (TEMPLATEPATH . "/library/includes/paynow_event.php");}
146. }
147. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'cancel_return')
148. {
149. if($ct_on && file_exists($child_dir.'/library/includes/cancel.php')){include_once ($child_dir.'/library/includes/cancel.php');}
150. else{include_once (TEMPLATEPATH . '/library/includes/cancel.php');}
151. exit;
152. }
153. elseif(isset($_GET['ptype']) && ($_GET['ptype'] == 'return' || $_GET['ptype'] == 'payment_success')) // PAYMENT GATEWAY RETURN
154. {
155. if($ct_on && file_exists($child_dir.'/library/includes/return.php')){include_once ($child_dir.'/library/includes/return.php');}
156. else{include_once (TEMPLATEPATH . '/library/includes/return.php');}
157. exit;
158. }
159. elseif(isset($_GET['ptype']) && $_GET['ptype'] == 'success') // PAYMENT GATEWAY RETURN
160. {
161. if($ct_on && file_exists($child_dir.'/library/includes/success.php')){include_once ($child_dir.'/library/includes/success.php');}
162. else{include_once (TEMPLATEPATH . '/library/includes/success.php');}
163. exit;
164. }
165. elseif(isset($_GET['ptype']) && $_GET['ptype'] == 'notifyurl') // PAYMENT GATEWAY NOTIFY URL
166. {
167. if(isset($_GET['pmethod']) && $_GET['pmethod'] == 'paypal')
168. {
169. if($ct_on && file_exists($child_dir.'/library/includes/ipn_process.php')){include_once ($child_dir.'/library/includes/ipn_process.php');}
170. else{include_once (TEMPLATEPATH . '/library/includes/ipn_process.php');}
171. }elseif(isset($_GET['pmethod']) && $_GET['pmethod'] == '2co')
172. {
173. if($ct_on && file_exists($child_dir.'/library/includes/ipn_process_2co.php')){include_once ($child_dir.'/library/includes/ipn_process_2co.php');}
174. else{include_once (TEMPLATEPATH . '/library/includes/ipn_process_2co.php');}
175. }
176. exit;
177. }
178. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'sort_image')
179. {
180. global $wpdb;
181. //echo $_REQUEST['pid'];
182. $arr_pid = explode(',',$_REQUEST['pid']);
183. for($j=0;$j<count($arr_pid);$j++)
184. {
185. $media_id = $arr_pid[$j];
186. if(strstr($media_id,'div_'))
187. {
188. $media_id = str_replace('div_','',$arr_pid[$j]);
189. }
190. $wpdb->query('update '.$wpdb->posts.' set menu_order = "'.$j.'" where ID = "'.$media_id.'" ');
191. }
192. echo 'Image order saved successfully';
193. }
194. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'delete')
195. {
196. global $current_user;
197. if($_REQUEST['pid']) //SECURITY FIX BY STIOFAN HEBTECH.CO.UK - CHECK IF USER HAS PERMISION TO DELETE LISTING
198. {$pid = $_REQUEST['pid'];
199. if(get_edit_post_link($pid)){
200. wp_delete_post($_REQUEST['pid']);
201. wp_redirect(get_author_link($echo = false, $current_user->data->ID));
202. }else echo 'Access Denied!'; // Added by Stiofan
203. } else echo 'Access Denied!'; // Added by Stiofan
204. }
205. elseif(isset($_REQUEST['ptype']) && $_REQUEST['ptype'] == 'att_delete')
206. {
207. if($_REQUEST['remove'] == 'temp')
208. {
209.  
210. if($_SESSION["file_info"])
211. {
212. $tmp_file_info = array();
213. foreach($_SESSION["file_info"] as $image_id=>$val)
214. {
215. if($image_id == $_REQUEST['pid'])
216. {
217. @unlink(ABSPATH."/".$upload_folder_path."tmp/".$_REQUEST['pid'].".jpg");
218. }else{
219. $tmp_file_info[$image_id] = $val;
220. }
221.  
222. }
223. $_SESSION["file_info"] = $tmp_file_info;
224. }
225.  
226.  
227. }else{ global $current_user;
228. if(get_edit_post_link($_REQUEST['pid'])){
229. wp_delete_attachment($_REQUEST['pid']);
230. }else echo 'Access Denied!'; // Added by Stiofan
231. }
232. }
233. else
234. {
235. ############################################
236. ######## ESSENTIAL CORE HEAD STOP ##########
237. ############################################
238. get_header();?>
239. <?php dynamic_sidebar(1);?>
240. <div id="wrapper" class="clearfix">
241. <div id="content" class="clearfix">
242. <?php dynamic_sidebar(2); ?>
243. </div> <!-- content #end -->
244. <div id="sidebar">
245. <?php dynamic_sidebar(3); ?>
246. </div> <!-- sidebar #end -->
247. <?php get_footer(); ?>
248. <?php }?>