An easy point of sale system with automatic inventory tracking. https://netsyms.biz/apps/nickelbox/
Du kannst nicht mehr als 25 Themen auswählen Themen müssen mit entweder einem Buchstaben oder einer Ziffer beginnen. Sie können Bindestriche („-“) enthalten und bis zu 35 Zeichen lang sein.

required.php 5.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188
  1. <?php
  2. /* This Source Code Form is subject to the terms of the Mozilla Public
  3. * License, v. 2.0. If a copy of the MPL was not distributed with this
  4. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  5. /**
  6. * This file contains global settings and utility functions.
  7. */
  8. ob_start(); // allow sending headers after content
  9. // Settings file
  10. require __DIR__ . '/settings.php';
  11. // Unicode, solves almost all stupid encoding problems
  12. header('Content-Type: text/html; charset=utf-8');
  13. // Strip PHP version
  14. header('X-Powered-By: PHP');
  15. // Security
  16. header('X-Content-Type-Options: nosniff');
  17. header('X-XSS-Protection: 1; mode=block');
  18. header('X-Frame-Options: "DENY"');
  19. header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"');
  20. $SECURE_NONCE = base64_encode(random_bytes(8));
  21. $session_length = 60 * 60 * 1; // 1 hour
  22. ini_set('session.gc_maxlifetime', $session_length);
  23. session_set_cookie_params($session_length, "/", null, false, false);
  24. session_start(); // stick some cookies in it
  25. // renew session cookie
  26. setcookie(session_name(), session_id(), time() + $session_length, "/", false, false);
  27. if ($_SESSION['mobile'] === TRUE) {
  28. header("Content-Security-Policy: "
  29. . "default-src 'self';"
  30. . "object-src 'none'; "
  31. . "img-src * data:; "
  32. . "media-src 'self'; "
  33. . "frame-src 'self'; "
  34. . "font-src 'self'; "
  35. . "connect-src *; "
  36. . "style-src 'self' 'unsafe-inline'; "
  37. . "script-src 'self' 'unsafe-inline'");
  38. } else {
  39. header("Content-Security-Policy: "
  40. . "default-src 'self';"
  41. . "object-src 'none'; "
  42. . "img-src * data:; "
  43. . "media-src 'self'; "
  44. . "frame-src 'self'; "
  45. . "font-src 'self'; "
  46. . "connect-src *; "
  47. . "style-src 'self' 'nonce-$SECURE_NONCE'; "
  48. . "script-src 'self' 'nonce-$SECURE_NONCE'");
  49. }
  50. //
  51. // Composer
  52. require __DIR__ . '/vendor/autoload.php';
  53. // List of alert messages
  54. require __DIR__ . '/langs/messages.php';
  55. $libs = glob(__DIR__ . "/lib/*.lib.php");
  56. foreach ($libs as $lib) {
  57. require_once $lib;
  58. }
  59. $Strings = new Strings($SETTINGS['language']);
  60. /**
  61. * Kill off the running process and spit out an error message
  62. * @param string $error error message
  63. */
  64. function sendError($error) {
  65. global $SECURE_NONCE;
  66. die("<!DOCTYPE html>"
  67. . "<meta charset=\"UTF-8\">"
  68. . "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">"
  69. . "<title>Error</title>"
  70. . "<style nonce=\"" . $SECURE_NONCE . "\">"
  71. . "h1 {color: red; font-family: sans-serif; font-size: 20px; margin-bottom: 0px;} "
  72. . "h2 {font-family: sans-serif; font-size: 16px;} "
  73. . "p {font-family: monospace; font-size: 14px; width: 100%; wrap-style: break-word;} "
  74. . "i {font-size: 12px;}"
  75. . "</style>"
  76. . "<h1>A fatal application error has occurred.</h1>"
  77. . "<i>(This isn't your fault.)</i>"
  78. . "<h2>Details:</h2>"
  79. . "<p>" . htmlspecialchars($error) . "</p>");
  80. }
  81. date_default_timezone_set($SETTINGS['timezone']);
  82. // Database settings
  83. // Also inits database and stuff
  84. use Medoo\Medoo;
  85. $database;
  86. $binstack;
  87. try {
  88. $database = new Medoo([
  89. 'database_type' => $SETTINGS['database']['type'],
  90. 'database_name' => $SETTINGS['database']['name'],
  91. 'server' => $SETTINGS['database']['server'],
  92. 'username' => $SETTINGS['database']['user'],
  93. 'password' => $SETTINGS['database']['password'],
  94. 'charset' => $SETTINGS['database']['charset']
  95. ]);
  96. $binstack = new Medoo([
  97. 'database_type' => $SETTINGS['binstack_database']['type'],
  98. 'database_name' => $SETTINGS['binstack_database']['name'],
  99. 'server' => $SETTINGS['binstack_database']['server'],
  100. 'username' => $SETTINGS['binstack_database']['user'],
  101. 'password' => $SETTINGS['binstack_database']['password'],
  102. 'charset' => $SETTINGS['binstack_database']['charset']
  103. ]);
  104. } catch (Exception $ex) {
  105. //header('HTTP/1.1 500 Internal Server Error');
  106. sendError("Database error. Try again later. $ex");
  107. }
  108. if (!$SETTINGS['debug']) {
  109. error_reporting(0);
  110. } else {
  111. error_reporting(E_ALL);
  112. ini_set('display_errors', 'On');
  113. }
  114. $VARS;
  115. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  116. $VARS = $_POST;
  117. define("GET", false);
  118. } else {
  119. $VARS = $_GET;
  120. define("GET", true);
  121. }
  122. function dieifnotloggedin() {
  123. global $SETTINGS;
  124. if ($_SESSION['loggedin'] != true) {
  125. sendError("Session expired. Please log out and log in again.");
  126. }
  127. $user = new User($_SESSION['uid']);
  128. foreach ($SETTINGS['permissions'] as $perm) {
  129. if (!$user->hasPermission($perm)) {
  130. session_destroy();
  131. die("You don't have permission to be here.");
  132. }
  133. }
  134. }
  135. /**
  136. * Check if the previous database action had a problem.
  137. * @param array $specials int=>string array with special response messages for SQL errors
  138. */
  139. function checkDBError($specials = []) {
  140. global $database;
  141. $errors = $database->error();
  142. if (!is_null($errors[1])) {
  143. foreach ($specials as $code => $text) {
  144. if ($errors[1] == $code) {
  145. sendError($text);
  146. }
  147. }
  148. sendError("A database error occurred:<br /><code>" . $errors[2] . "</code>");
  149. }
  150. }
  151. function redirectIfNotLoggedIn() {
  152. global $SETTINGS;
  153. if ($_SESSION['loggedin'] !== TRUE) {
  154. header('Location: ' . $SETTINGS['url'] . '/index.php');
  155. die();
  156. }
  157. $user = new User($_SESSION['uid']);
  158. foreach ($SETTINGS['permissions'] as $perm) {
  159. if (!$user->hasPermission($perm)) {
  160. session_destroy();
  161. header('Location: ./index.php');
  162. die("You don't have permission to be here.");
  163. }
  164. }
  165. }