#################################################################
## PHP Pro Bid v6.11 ##
##-------------------------------------------------------------##
## Copyright ©2007 PHP Pro Software LTD. All rights reserved. ##
##-------------------------------------------------------------##
#################################################################
$fileExtension = (file_exists('includes/global.php')) ? '' : '../';
include_once ($fileExtension.'includes/config.php');
define('INCLUDED', 1);
define('DEFAULT_DB_LANGUAGE', 'english');
define('COOKIE_SECRET_KEY', 'MyKey'); // edit this definition to secure the cookie
function getmicrotime()
{
list($usec, $sec) = explode(" ", microtime());
return ((float)$usec + (float)$sec);
}
if(!function_exists('memory_get_usage'))
{
function memory_get_usage()
{
if ( substr(PHP_OS,0,3) == 'WIN')
{
$output = array();
exec( 'tasklist /FI "PID eq ' . getmypid() . '" /FO LIST', $output );
return preg_replace( '/[\D]/', '', $output[5] ) * 1024;
}
else
{
//We now assume the OS is UNIX
$pid = getmypid();
exec("ps -eo%mem,rss,pid | grep $pid", $output);
$output = explode(" ", $output[0]);
//rss is given in 1024 byte units
return $output[1] * 1024;
}
}
}
$time_start = getmicrotime();
##$memory_start = memory_get_usage();
include_once ($fileExtension.'language/'.DEFAULT_DB_LANGUAGE.'/db.lang.php');
include_once ($fileExtension.'includes/class_database.php');
$db = new database;
$db->connect($db_host, $db_username, $db_password);
$db->select_db($db_name);
$db->display_errors = true;
include_once ($fileExtension.'includes/class_session.php'); ## global
## create the session class, will contain all session variables.
$session = new session;
include_once ($fileExtension.'includes/init.php'); ## global
header('Content-Type: text/html; charset=' . LANG_CODEPAGE);
define('RSS_FEED', 'http://themoneyconverter.com/rss-feed/' . $setts['currency'] . '/rss.xml');
## 6.06 mod -> override $setts['site_lang'] with $session->value('site_lang')
if ($session->is_set('site_lang'))
{
$setts['site_lang'] = $session->value('site_lang');
}
$current_version = '6.11';
include_once ($fileExtension.'includes/functions_security.php');
cleanData();
/**
* sanitize order_type and order_field variables
*/
$_REQUEST['order_type'] = (in_array($_REQUEST['order_type'], array('ASC', 'DESC'))) ? $_REQUEST['order_type'] : '';
if (!empty($_REQUEST['order_field']))
{
$order_field_explode = explode(' ', $_REQUEST['order_field']);
if (count($order_field_explode) > 1)
{
die('Fatal Error: Query Prohibited');
}
}
include_once ($fileExtension.'includes/class_shipping_carriers.php'); ## global
include_once ($fileExtension.'includes/functions_smtp.php'); ## global
include_once ($fileExtension.'includes/utf8.php'); ## global
include_once ($fileExtension.'includes/functions.php'); ## global
include_once ($fileExtension.'includes/functions_browse.php');
@include_once ($fileExtension.'includes/functions_integration.php'); ## PPB & PPA Integration
## now do the theme alterations in case of categories and auction_details
$is_custom_skin = 0;
if (stristr($_SERVER['PHP_SELF'], 'categories.php'))
{
$category_id = $db->main_category(intval($_GET['parent_id']));
$is_custom_skin = 1;
}
else if (stristr($_SERVER['PHP_SELF'], 'auction_details.php'))
{
$category_id = $db->get_sql_field("SELECT category_id FROM " . DB_PREFIX . "auctions WHERE
auction_id='" . intval($_GET['auction_id']) . "'", 'category_id');
$category_id = $db->main_category($category_id);
$is_custom_skin = 1;
}
if ($is_custom_skin)
{
$custom_skin = $db->get_sql_field("SELECT custom_skin FROM " . DB_PREFIX . "categories WHERE
category_id='" . $category_id . "'", 'custom_skin');
if (!empty($custom_skin))
{
$setts['default_theme'] = $custom_skin;
define ('DEFAULT_THEME', $custom_skin);
}
}
if (!IN_AJAX)
{
unlink_pin();
}
include_once ($fileExtension.'includes/class_template.php');
## initialize the template for the output that will be generated
$template = new template('templates/');
$setts['ga_code'] = $db->add_special_chars($setts['ga_code']);
$template->set('setts', $setts);
$template->set('layout', $layout);
$template->set('current_version', $current_version);
$template->set('is_seller', $session->value('is_seller'));
/* banner positions -> skin dependant */
$setts['banner_positions'] = array(
0 => GMSG_BANNER_POSITION_0,
1 => GMSG_BANNER_POSITION_1,
2 => GMSG_BANNER_POSITION_2,
3 => GMSG_BANNER_POSITION_3,
4 => GMSG_BANNER_POSITION_4,
5 => GMSG_BANNER_POSITION_5,
6 => GMSG_BANNER_POSITION_CATS
);
$template->set('banner_positions', $setts['banner_positions']);
(string) $template_output = NULL;
if ($setts['maintenance_mode'] && $session->value('adminarea')!='Active' && IN_ADMIN != 1 && IN_AJAX != 1)
{
$template_output = $template->process('maintenance_splash_page.tpl.php');
echo $template_output;
die();
}
include_once ($fileExtension.'includes/class_voucher.php');
include_once ($fileExtension.'includes/class_fees_main.php');
include_once ($fileExtension.'includes/class_tax.php');
$fees = new fees_main();
$fees->setts = &$setts;
$template->set('fees', $fees);
include_once ($fileExtension.'includes/functions_carriers.php'); ## global
$template->set('db', $db);
/* remember me option */
$username_cookie = $session->cookie_value('username_cookie');
$username_session = $session->value('username');
if (!empty($username_cookie) || !empty($username_session))
{
include_once ($fileExtension.'includes/class_fees.php');
include_once ($fileExtension.'includes/functions_login.php');
$signup_fee = new fees();
$signup_fee->setts = &$setts;
$login_username = (!empty($username_session)) ? $username_session : $username_cookie;
$login_output = login_user($login_username, '', '', true);
$session->set('membersarea', $login_output['active']);
$session->set('username', $login_output['username']);
$session->set('user_id', $login_output['user_id']);
$session->set('is_seller', $login_output['is_seller']);
$session->set('temp_user_id', $login_output['temp_user_id']); // for use with activate_account.php only!
}
include_once ($fileExtension.'includes/class_banner.php');
## classes used in most files will be initialized here.
include_once ($fileExtension.'includes/functions_date.php');
## declare all the pages that can contain custom fields
$custom_fields_pages = array ('register', 'reputation_sale', 'reputation_purchase',
'auction', 'wanted_ad', 'reverse', 'provider_profile', 'reputation_poster', 'reputation_provider'
);
## custom section pages
$custom_section_pages = array ('help', 'news', 'faq', 'custom_page', 'announcements');
$custom_section_pages_ordering = array('help', 'faq', 'custom_page');
$custom_pages = array('about_us', 'contact_us', 'terms', 'privacy');
## declare all tables that are linkable to custom fields
$linkable_tables = array('countries');
$limits = array(10, 25, 50, 100);
$item_types = array ('all', 'auctions', 'stores', 'buy_out', 'relisted');
## load the cron if it is run from the site.
if ($setts['cron_job_type'] == 2 && IN_ADMIN != 1 && IN_AJAX != 1)
{
$manual_cron = true;
include_once ($fileExtension . 'cron_jobs/main_cron.php');
}
$auction_ordering = array('a.name', 'a.start_price', 'a.max_bid', 'a.nb_bids', 'a.end_time', 'a.start_time', 'current_price');
$order_types = array('DESC', 'ASC');
$browse_pages = array('categories.php', 'auctions_show.php', 'auction_search.php', 'other_items.php', 'shop.php');
$template->set('browse_pages', $browse_pages);
### IP Logging addon, created by Kevin
if ($session->value('user_id') > 0)
{
$set = 0;
/*
$db->query("CREATE TABLE IF NOT EXISTS " . DB_PREFIX . "iphistory (
`memberid` INT NOT NULL,
`time1` INT NOT NULL,
`time2` INT NOT NULL,
`ip` VARCHAR(20) NOT NULL
)");
*/
$sql_select_iphistory = $db->query("SELECT time1, time2, ip FROM " . DB_PREFIX . "iphistory WHERE
memberid='" . $session->value('user_id') . "' ORDER by time1 DESC LIMIT 1");
if ($db->num_rows($sql_select_iphistory) > 0)
{
if ($ip_details = $db->fetch_array($sql_select_iphistory))
{
if ($ip_details['ip'] == $_SERVER['REMOTE_ADDR'])
{
$db->query("UPDATE " . DB_PREFIX . "iphistory SET time2='" . CURRENT_TIME . "' WHERE
time1='" . $ip_details['time1'] . "' AND ip='" . $ip_details['ip'] . "'");
$set = 1;
}
}
}
if (!$set)
{
$db->query("INSERT INTO " . DB_PREFIX . "iphistory VALUES
('" . $session->value('user_id') . "', '" . CURRENT_TIME . "', '0', '" . $_SERVER['REMOTE_ADDR'] . "')");
}
}
include_once ($fileExtension.'includes/class_shop.php');
include_once ($fileExtension.'includes/functions_addons.php');
$reverse_sect_get = array('open', 'closed', 'scheduled', 'awarded');
$reverse_sect_provide = array('my_profile', 'my_bids', 'won');
$template->set('reverse_sect_get', $reverse_sect_get);
$template->set('reverse_sect_provide', $reverse_sect_provide);
?>
#################################################################
## PHP Pro Bid v6.10 ##
##-------------------------------------------------------------##
## Copyright ©2007 PHP Pro Software LTD. All rights reserved. ##
##-------------------------------------------------------------##
#################################################################
function login_user ($username, $password, $redirect_url = '', $admin_login = false)
{
global $db, $setts, $signup_fee;
(array) $login_output = NULL;
if ($admin_login) ## the spoofer login, we dont need to check for the password here
{
logout(false, false);
$login_query = $db->query("SELECT user_id, username, active, approved, salt, payment_status, is_seller, mail_activated FROM " . DB_PREFIX . "users WHERE
username='" . $username . "' LIMIT 0,1");
}
else
{
$salt = $db->get_sql_field("SELECT salt FROM " . DB_PREFIX . "users WHERE username='" . $username . "'", "salt");
$password_hashed = password_hash($password, $salt);
$password_old = substr(md5($password), 0, 30); ## added for backward compatibility (v5.25 and older versions)
$login_query = $db->query("SELECT user_id, username, active, approved, salt,
payment_status, is_seller, mail_activated FROM " . DB_PREFIX . "users WHERE username='" . $username . "' AND
(password='" . $password_hashed . "' OR password='" . $password_old . "') LIMIT 0,1");
}
$is_login = $db->num_rows($login_query);
$login_output['redirect_url'] = 'login.php?invalid_login=1';
$login_output['user_exists'] = false;
/**
* Important: the redirect to activate_account.php only needs to happen if the signup fee wasnt paid.
*/
if ($is_login)
{
$login_output = $db->fetch_array($login_query);
$login_output['user_exists'] = true;
$login_output['redirect_url'] = (!empty($redirect_url)) ? $redirect_url : 'index.php';
$login_output['is_seller'] = ($setts['enable_private_site']) ? $login_output['is_seller'] : 1;
## add signup fee procedure here.
$signup_result = $signup_fee->signup($login_output['user_id']);
if ($login_output['active'] == 1 && $login_output['approved'] == 1 && $login_output['mail_activated'] == 1)
{
$login_output['active'] = 'Active';
}
else if ($login_output['approved'] == 0 || $login_output['mail_activated'] == 0 || ($signup_result['amount']>0 && $login_output['payment_status'] != 'confirmed')) /* the signup fee wasnt paid, redirect to the payment page */
{
$login_output['active'] = null;
$login_output['redirect_url'] = 'activate_account.php';
// user_id and username wont be activated either, the user will need to log in again after making the signup fee payment
$login_output['temp_user_id'] = $login_output['user_id'];
$login_output['user_id'] = null;
$login_output['username'] = null;
}
else /* means the user is suspended for whichever reason. Members area access is limited. */
{
$login_output['active'] = null;
$login_output['redirect_url'] = 'members_area.php?page=account§ion=management';
}
## need to fix the function here to see how it handles every situation.
}
return $login_output;
}
function login_admin ($username, $password, $pin_generated, $pin_submitted, $check_pin = true)
{
global $db;
(array) $login_output = NULL;
$login_query = $db->query("SELECT * FROM " . DB_PREFIX . "admins WHERE
username='" . $username . "' AND password='" . md5($password) . "' LIMIT 0,1");
$is_login = $db->num_rows($login_query);
if ($is_login)
{
$login_details = $db->fetch_array($login_query);
$valid_pin = ($check_pin) ? check_pin($pin_generated, $pin_submitted) : true;
if ($valid_pin)
{
$login_output['active'] = 'Active';
$login_output['level'] = $login_details['level'];
$update_last_login = $db->query("UPDATE " . DB_PREFIX . "admins SET
date_lastlogin='" . CURRENT_TIME . "' WHERE id='" . $login_details['id'] . "'");
}
}
return $login_output;
}
function logout ($logout_admin = false, $redirect = true)
{
global $session;
if ($logout_admin)
{
$session->unregister('adminarea');
$session->unregister('adminlevel');
}
else
{
$session->unregister('membersarea');
$session->unregister('username');
$session->unregister('user_id');
$session->unregister('is_seller');
$session->unregister('rm_username');
$session->unregister('login_store');
$session->unregister('login_category');
$session->unset_cookie('username_cookie');
}
if ($redirect)
{
header_redirect('index.php');
}
}
function password_hash ($password, $salt)
{
return md5(md5($password) . $salt);
}
function login_spoofer ($username, $admin_username, $admin_password)
{
global $db;
(array) $login_output = NULL;
$login_query = $db->query("SELECT * FROM " . DB_PREFIX . "admins WHERE
username='" . $admin_username . "' AND password='" . md5($admin_password) . "' AND level='1' LIMIT 0,1");
$is_login = $db->num_rows($login_query);
$login_output['admin_exists'] = false;
if ($is_login)
{
$login_output = login_user($username, '', '', true);
$login_output['admin_exists'] = true;
}
return $login_output;
}
?>
#################################################################
## PHP Pro Bid v6.11 ##
##-------------------------------------------------------------##
## Copyright ©2007 PHP Pro Software LTD. All rights reserved. ##
##-------------------------------------------------------------##
#################################################################
function nav_btns_position($submit = false, $save_draft = false, $first_step = false)
{
global $setts;
(string) $display_output = null;
$next_step_btn = ($submit) ? GMSG_LIST_NOW : GMSG_NEXT_STEP;
$buttons = array(
'previous' => '',
'next' => '',
'draft' => '');
if ($setts['sell_nav_position'] == 1)
{
$display_output = ((!$first_step) ? $buttons['previous'] . ' ' : '') . $buttons['next'];
}
else if ($setts['sell_nav_position'] == 2)
{
$display_output = $buttons['next'] . ((!$first_step) ? ' ' . $buttons['previous'] : '');
}
if ($save_draft)
{
$display_output .= ' ' . $buttons['draft'];
}
return $display_output;
}
function show_buyout($item_details) // max_bid, reserve_price, buyout_price, nb_bids
{
global $layout, $setts;
$output = false;
if ($layout['enable_buyout'] && $setts['buyout_process'] == 1 && $item_details['buyout_price'] > 0 && $item_details['closed'] == 0)
{
if ($setts['always_show_buyout'])
{
$output = ($item_details['max_bid'] > $item_details['buyout_price']) ? false : true;
}
else
{
if ($item_details['nb_bids'] <= 0)
{
$output = true;
}
else
{
if ($item_details['reserve_price'])
{
$output = ($item_details['max_bid'] < $item_details['reserve_price']) ? true : false;
}
else
{
$output = false;
}
}
}
}
return $output;
}
function show_makeoffer($item_details)
{
global $layout, $setts;
$output = false;
if ($layout['enable_buyout'] && $setts['makeoffer_process'] == 1 && $item_details['closed'] == 0)
{
if ($setts['always_show_buyout'])
{
$output = ($item_details['max_bid'] > $item_details['offer_max']) ? false : true;
}
else
{
if ($item_details['nb_bids'] <= 0)
{
$output = true;
}
else
{
if ($item_details['reserve_price'])
{
$output = ($item_details['max_bid'] < $item_details['reserve_price']) ? true : false;
}
else
{
$output = false;
}
}
}
}
return $output;
}
function item_pics($item_details)
{
global $setts, $db, $session, $fees;
(string) $display_output = null;
$is_images = $db->count_rows('auction_media', "WHERE auction_id='" . $item_details['auction_id'] . "' AND
media_type=1 AND upload_in_progress=0");
if ($is_images)
{
$display_output .= '
';
}
$show_buyout = show_buyout($item_details);
if ($setts['buyout_process'] == 1 && $show_buyout)
{
$image_link = '
';
if ($session->value('user_id') != $item_details['owner_id'])
{
$display_output .= '' . $image_link . '';
}
else
{
$display_output .= $image_link;
}
$display_output .= ' ' . GMSG_FOR . ' ' . $fees->display_amount($item_details['buyout_price'], $item_details['currency']) . ' ';
}
if ($setts['makeoffer_process'] == 1 && $item_details['is_offer'])
{
$image_link = '
';
if ($session->value('user_id') != $item_details['owner_id'])
{
$display_output .= '' . $image_link . '';
}
else
{
$display_output .= $image_link;
}
}
if ($item_details['enable_swap'] && !$item_details['closed'])
{
$image_link = '
';
if ($session->value('user_id') != $item_details['owner_id'])
{
$display_output .= '' . $image_link . '';
}
else
{
$display_output .= $image_link;
}
}
/*
if ($item_details['postage_amount'] <= 0)
{
$display_output .= '
';
}
*/
return $display_output;
}
function show_limit($selected, $file_path, $other_params)
{
global $db, $limits;
$display = array();
foreach ($limits as $limit)
{
$link = '' . $limit . '';
if ($limit == $selected)
{
$link = '' . $link . '';
}
$display[] = $link;
}
return MSG_ITEMS_PER_PAGE . ': ' . $db->implode_array($display, ' | ');
}
function first_step_details($user_details, $shop_status)
{
global $setts;
if ($user_details['shop_active'] && $shop_status['remaining_items'] > 0)
{
if ($setts['enable_store_only_mode'])
{
return true;
}
else
{
return false;
}
}
else
{
return true;
}
}
function readonly_start_price($item_details)
{
global $db;
$category_id = $db->main_category($item_details['category_id']);
$custom_fee = $db->count_rows('categories', "WHERE category_id='" . $category_id . "' AND custom_fees='1'");
$category_id = ($custom_fee) ? $category_id : 0;
$read_only = false;
$nb_setup_fees = $db->count_rows('fees_tiers', "WHERE fee_type='setup' AND
category_id='{$category_id}'");
if ($nb_setup_fees == 1)
{
$is_percentage = $db->count_rows('fees_tiers', "WHERE fee_type='setup' AND
calc_type='percent' AND category_id='{$category_id}'");
$read_only = ($is_percentage) ? true : $read_only;
}
else if ($nb_setup_fees > 1)
{
$read_only = true;
}
return $read_only;
}
?>
#################################################################
## PHP Pro Bid v6.10 ##
##-------------------------------------------------------------##
## Copyright ©2007 PHP Pro Software LTD. All rights reserved. ##
##-------------------------------------------------------------##
#################################################################
if ( !defined('INCLUDED') ) { die("Access Denied"); }
$time_start = getmicrotime();
$currentTime = time();
include ('themes/'.$setts['default_theme'].'/title.php');
/* we will add new banner settings */
$banner_position = array();
foreach ($setts['banner_positions'] as $key => $value)
{
$banner_position[$key] = $site_banner->select_banner($_SERVER['PHP_SELF'], intval($_REQUEST['parent_id']), intval($_REQUEST['auction_id']), $key);
if (!empty($banner_position[$key]))
{
$banner_position[$key] = '