An easy point of sale system with automatic inventory tracking. https://netsyms.biz/apps/nickelbox/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130
  1. <?php
  2. /* This Source Code Form is subject to the terms of the Mozilla Public
  3. * License, v. 2.0. If a copy of the MPL was not distributed with this
  4. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  5. /**
  6. * This file contains global settings and utility functions.
  7. */
  8. ob_start(); // allow sending headers after content
  9. // Settings file
  10. require __DIR__ . '/../settings.php';
  11. // Unicode, solves almost all stupid encoding problems
  12. header('Content-Type: text/html; charset=utf-8');
  13. // Strip PHP version
  14. header('X-Powered-By: PHP');
  15. // Security
  16. header('X-Content-Type-Options: nosniff');
  17. header('X-XSS-Protection: 1; mode=block');
  18. header('X-Frame-Options: "DENY"');
  19. header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"');
  20. $SECURE_NONCE = base64_encode(random_bytes(8));
  21. $session_length = 60 * 60 * 24 * 2; // 2 days
  22. ini_set('session.gc_maxlifetime', $session_length);
  23. session_set_cookie_params($session_length, "/", null, false, false);
  24. session_start(); // stick some cookies in it
  25. // renew session cookie
  26. setcookie(session_name(), session_id(), time() + $session_length, "/", false, false);
  27. header("Content-Security-Policy: "
  28. . "default-src 'self';"
  29. . "object-src 'none'; "
  30. . "img-src * data:; "
  31. . "media-src 'self'; "
  32. . "frame-src 'self'; "
  33. . "font-src 'self'; "
  34. . "connect-src *; "
  35. . "style-src 'self' 'nonce-$SECURE_NONCE'; "
  36. . "script-src 'self' 'nonce-$SECURE_NONCE'");
  37. //
  38. // Composer
  39. require __DIR__ . '/../vendor/autoload.php';
  40. /**
  41. * Kill off the running process and spit out an error message
  42. * @param string $error error message
  43. */
  44. function sendError($error) {
  45. global $SECURE_NONCE;
  46. die("<!DOCTYPE html>"
  47. . "<meta charset=\"UTF-8\">"
  48. . "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">"
  49. . "<title>Error</title>"
  50. . "<style nonce=\"" . $SECURE_NONCE . "\">"
  51. . "h1 {color: red; font-family: sans-serif; font-size: 20px; margin-bottom: 0px;} "
  52. . "h2 {font-family: sans-serif; font-size: 16px;} "
  53. . "p {font-family: monospace; font-size: 14px; width: 100%; wrap-style: break-word;} "
  54. . "i {font-size: 12px;}"
  55. . "</style>"
  56. . "<h1>A fatal application error has occurred.</h1>"
  57. . "<i>(This isn't your fault.)</i>"
  58. . "<h2>Details:</h2>"
  59. . "<p>" . htmlspecialchars($error) . "</p>");
  60. }
  61. date_default_timezone_set($SETTINGS['timezone']);
  62. // Database settings
  63. // Also inits database and stuff
  64. use Medoo\Medoo;
  65. $database;
  66. $binstack;
  67. try {
  68. $database = new Medoo([
  69. 'database_type' => $SETTINGS['database']['type'],
  70. 'database_name' => $SETTINGS['database']['name'],
  71. 'server' => $SETTINGS['database']['server'],
  72. 'username' => $SETTINGS['database']['user'],
  73. 'password' => $SETTINGS['database']['password'],
  74. 'charset' => $SETTINGS['database']['charset']
  75. ]);
  76. $binstack = new Medoo([
  77. 'database_type' => $SETTINGS['binstack_database']['type'],
  78. 'database_name' => $SETTINGS['binstack_database']['name'],
  79. 'server' => $SETTINGS['binstack_database']['server'],
  80. 'username' => $SETTINGS['binstack_database']['user'],
  81. 'password' => $SETTINGS['binstack_database']['password'],
  82. 'charset' => $SETTINGS['binstack_database']['charset']
  83. ]);
  84. } catch (Exception $ex) {
  85. //header('HTTP/1.1 500 Internal Server Error');
  86. sendError("Database error. Try again later. $ex");
  87. }
  88. if (!$SETTINGS['debug']) {
  89. error_reporting(0);
  90. } else {
  91. error_reporting(E_ALL);
  92. ini_set('display_errors', 'On');
  93. }
  94. $VARS;
  95. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  96. $VARS = $_POST;
  97. define("GET", false);
  98. } else {
  99. $VARS = $_GET;
  100. define("GET", true);
  101. }
  102. $loggedin = false;
  103. $account = null;
  104. if (!empty($_SESSION['shop_account'])) {
  105. $account = $_SESSION['shop_account'];
  106. if ($database->has('customers', ['AND' => ['name' => $account['name'], 'password' => $account['hashed_password']]])) {
  107. $loggedin = true;
  108. } else {
  109. $account = null;
  110. }
  111. }