Use separate required.php for online store
pai
275c32f2dd
commit
78187b5224
@ -0,0 +1,127 @@
|
||||
<?php
|
||||
|
||||
/* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
||||
|
||||
/**
|
||||
* This file contains global settings and utility functions.
|
||||
*/
|
||||
ob_start(); // allow sending headers after content
|
||||
// Settings file
|
||||
require __DIR__ . '/../settings.php';
|
||||
|
||||
// Unicode, solves almost all stupid encoding problems
|
||||
header('Content-Type: text/html; charset=utf-8');
|
||||
|
||||
// Strip PHP version
|
||||
header('X-Powered-By: PHP');
|
||||
|
||||
// Security
|
||||
header('X-Content-Type-Options: nosniff');
|
||||
header('X-XSS-Protection: 1; mode=block');
|
||||
header('X-Frame-Options: "DENY"');
|
||||
header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"');
|
||||
$SECURE_NONCE = base64_encode(random_bytes(8));
|
||||
|
||||
$session_length = 60 * 60 * 24 * 2; // 2 days
|
||||
ini_set('session.gc_maxlifetime', $session_length);
|
||||
session_set_cookie_params($session_length, "/", null, false, false);
|
||||
|
||||
session_start(); // stick some cookies in it
|
||||
// renew session cookie
|
||||
setcookie(session_name(), session_id(), time() + $session_length, "/", false, false);
|
||||
|
||||
header("Content-Security-Policy: "
|
||||
. "default-src 'self';"
|
||||
. "object-src 'none'; "
|
||||
. "img-src * data:; "
|
||||
. "media-src 'self'; "
|
||||
. "frame-src 'self'; "
|
||||
. "font-src 'self'; "
|
||||
. "connect-src *; "
|
||||
. "style-src 'self' 'nonce-$SECURE_NONCE' $captcha_server; "
|
||||
. "script-src 'self' 'nonce-$SECURE_NONCE' $captcha_server");
|
||||
|
||||
//
|
||||
// Composer
|
||||
require __DIR__ . '/../vendor/autoload.php';
|
||||
|
||||
/**
|
||||
* Kill off the running process and spit out an error message
|
||||
* @param string $error error message
|
||||
*/
|
||||
function sendError($error) {
|
||||
global $SECURE_NONCE;
|
||||
die("<!DOCTYPE html>"
|
||||
. "<meta charset=\"UTF-8\">"
|
||||
. "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">"
|
||||
. "<title>Error</title>"
|
||||
. "<style nonce=\"" . $SECURE_NONCE . "\">"
|
||||
. "h1 {color: red; font-family: sans-serif; font-size: 20px; margin-bottom: 0px;} "
|
||||
. "h2 {font-family: sans-serif; font-size: 16px;} "
|
||||
. "p {font-family: monospace; font-size: 14px; width: 100%; wrap-style: break-word;} "
|
||||
. "i {font-size: 12px;}"
|
||||
. "</style>"
|
||||
. "<h1>A fatal application error has occurred.</h1>"
|
||||
. "<i>(This isn't your fault.)</i>"
|
||||
. "<h2>Details:</h2>"
|
||||
. "<p>" . htmlspecialchars($error) . "</p>");
|
||||
}
|
||||
|
||||
date_default_timezone_set(TIMEZONE);
|
||||
|
||||
// Database settings
|
||||
// Also inits database and stuff
|
||||
use Medoo\Medoo;
|
||||
|
||||
$database;
|
||||
$binstack;
|
||||
try {
|
||||
$database = new Medoo([
|
||||
'database_type' => DB_TYPE,
|
||||
'database_name' => DB_NAME,
|
||||
'server' => DB_SERVER,
|
||||
'username' => DB_USER,
|
||||
'password' => DB_PASS,
|
||||
'charset' => DB_CHARSET
|
||||
]);
|
||||
$binstack = new Medoo([
|
||||
'database_type' => BINSTACK_DB_TYPE,
|
||||
'database_name' => BINSTACK_DB_NAME,
|
||||
'server' => BINSTACK_DB_SERVER,
|
||||
'username' => BINSTACK_DB_USER,
|
||||
'password' => BINSTACK_DB_PASS,
|
||||
'charset' => BINSTACK_DB_CHARSET
|
||||
]);
|
||||
} catch (Exception $ex) {
|
||||
//header('HTTP/1.1 500 Internal Server Error');
|
||||
sendError("Database error. Try again later. $ex");
|
||||
}
|
||||
|
||||
|
||||
if (!DEBUG) {
|
||||
error_reporting(0);
|
||||
} else {
|
||||
error_reporting(E_ALL);
|
||||
ini_set('display_errors', 'On');
|
||||
}
|
||||
|
||||
|
||||
$VARS;
|
||||
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
||||
$VARS = $_POST;
|
||||
define("GET", false);
|
||||
} else {
|
||||
$VARS = $_GET;
|
||||
define("GET", true);
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if a string or whatever is empty.
|
||||
* @param $str The thingy to check
|
||||
* @return boolean True if it's empty or whatever.
|
||||
*/
|
||||
function is_empty($str) {
|
||||
return (is_null($str) || !isset($str) || $str == '');
|
||||
}
|
Carregando…
Referência em uma nova issue