Business
/
NickelBox
Observar 1
Favorito 0
Fork 0
Código Issues 7 Pull requests 0 Versões 0 Wiki Atividade
An easy point of sale system with automatic inventory tracking. https://netsyms.biz/apps/nickelbox/
Você não pode selecionar mais de 25 tópicos Os tópicos devem começar com uma letra ou um número, podem incluir traços ('-') e podem ter até 35 caracteres.
221 Commits
1 Branch
Tag: 07bba54130
Branches Tags
${ item.name }
Criar branch ${ searchTerm }
de 07bba54130
${ noResults }
NickelBox/required.php

required.php 5.8KB
Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188 
  1. <?php

  2. 

  3. /* This Source Code Form is subject to the terms of the Mozilla Public

  4.  * License, v. 2.0. If a copy of the MPL was not distributed with this

  5.  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

  6. 

  7. /**

  8.  * This file contains global settings and utility functions.

  9.  */

  10. ob_start(); // allow sending headers after content

  11. // Settings file

  12. require __DIR__ . '/settings.php';

  13. 

  14. // Unicode, solves almost all stupid encoding problems

  15. header('Content-Type: text/html; charset=utf-8');

  16. 

  17. // Strip PHP version

  18. header('X-Powered-By: PHP');

  19. 

  20. // Security

  21. header('X-Content-Type-Options: nosniff');

  22. header('X-XSS-Protection: 1; mode=block');

  23. header('X-Frame-Options: "DENY"');

  24. header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"');

  25. $SECURE_NONCE = base64_encode(random_bytes(8));

  26. 

  27. $session_length = 60 * 60 * 1; // 1 hour

  28. ini_set('session.gc_maxlifetime', $session_length);

  29. session_set_cookie_params($session_length, "/", null, false, false);

  30. 

  31. session_start(); // stick some cookies in it

  32. // renew session cookie

  33. setcookie(session_name(), session_id(), time() + $session_length, "/", false, false);

  34. 

  35. if ($_SESSION['mobile'] === TRUE) {

  36.     header("Content-Security-Policy: "

  37.             . "default-src 'self';"

  38.             . "object-src 'none'; "

  39.             . "img-src * data:; "

  40.             . "media-src 'self'; "

  41.             . "frame-src 'self'; "

  42.             . "font-src 'self'; "

  43.             . "connect-src *; "

  44.             . "style-src 'self' 'unsafe-inline'; "

  45.             . "script-src 'self' 'unsafe-inline'");

  46. } else {

  47.     header("Content-Security-Policy: "

  48.             . "default-src 'self';"

  49.             . "object-src 'none'; "

  50.             . "img-src * data:; "

  51.             . "media-src 'self'; "

  52.             . "frame-src 'self'; "

  53.             . "font-src 'self'; "

  54.             . "connect-src *; "

  55.             . "style-src 'self' 'nonce-$SECURE_NONCE'; "

  56.             . "script-src 'self' 'nonce-$SECURE_NONCE'");

  57. }

  58. 

  59. //

  60. // Composer

  61. require __DIR__ . '/vendor/autoload.php';

  62. 

  63. // List of alert messages

  64. require __DIR__ . '/langs/messages.php';

  65. 

  66. $libs = glob(__DIR__ . "/lib/*.lib.php");

  67. foreach ($libs as $lib) {

  68.     require_once $lib;

  69. }

  70. 

  71. $Strings = new Strings($SETTINGS['language']);

  72. 

  73. /**

  74.  * Kill off the running process and spit out an error message

  75.  * @param string $error error message

  76.  */

  77. function sendError($error) {

  78.     global $SECURE_NONCE;

  79.     die("<!DOCTYPE html>"

  80.             . "<meta charset=\"UTF-8\">"

  81.             . "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">"

  82.             . "<title>Error</title>"

  83.             . "<style nonce=\"" . $SECURE_NONCE . "\">"

  84.             . "h1 {color: red; font-family: sans-serif; font-size: 20px; margin-bottom: 0px;} "

  85.             . "h2 {font-family: sans-serif; font-size: 16px;} "

  86.             . "p {font-family: monospace; font-size: 14px; width: 100%; wrap-style: break-word;} "

  87.             . "i {font-size: 12px;}"

  88.             . "</style>"

  89.             . "<h1>A fatal application error has occurred.</h1>"

  90.             . "<i>(This isn't your fault.)</i>"

  91.             . "<h2>Details:</h2>"

  92.             . "<p>" . htmlspecialchars($error) . "</p>");

  93. }

  94. 

  95. date_default_timezone_set($SETTINGS['timezone']);

  96. 

  97. // Database settings

  98. // Also inits database and stuff

  99. use Medoo\Medoo;

  100. 

  101. $database;

  102. $binstack;

  103. try {

  104.     $database = new Medoo([

  105.         'database_type' => $SETTINGS['database']['type'],

  106.         'database_name' => $SETTINGS['database']['name'],

  107.         'server' => $SETTINGS['database']['server'],

  108.         'username' => $SETTINGS['database']['user'],

  109.         'password' => $SETTINGS['database']['password'],

  110.         'charset' => $SETTINGS['database']['charset']

  111.     ]);

  112.     $binstack = new Medoo([

  113.         'database_type' => $SETTINGS['binstack_database']['type'],

  114.         'database_name' => $SETTINGS['binstack_database']['name'],

  115.         'server' => $SETTINGS['binstack_database']['server'],

  116.         'username' => $SETTINGS['binstack_database']['user'],

  117.         'password' => $SETTINGS['binstack_database']['password'],

  118.         'charset' => $SETTINGS['binstack_database']['charset']

  119.     ]);

  120. } catch (Exception $ex) {

  121.     //header('HTTP/1.1 500 Internal Server Error');

  122.     sendError("Database error.  Try again later.  $ex");

  123. }

  124. 

  125. 

  126. if (!$SETTINGS['debug']) {

  127.     error_reporting(0);

  128. } else {

  129.     error_reporting(E_ALL);

  130.     ini_set('display_errors', 'On');

  131. }

  132. 

  133. 

  134. $VARS;

  135. if ($_SERVER['REQUEST_METHOD'] === 'POST') {

  136.     $VARS = $_POST;

  137.     define("GET", false);

  138. } else {

  139.     $VARS = $_GET;

  140.     define("GET", true);

  141. }

  142. 

  143. function dieifnotloggedin() {

  144.     global $SETTINGS;

  145.     if ($_SESSION['loggedin'] != true) {

  146.         sendError("Session expired.  Please log out and log in again.");

  147.     }

  148.     $user = new User($_SESSION['uid']);

  149.     foreach ($SETTINGS['permissions'] as $perm) {

  150.         if (!$user->hasPermission($perm)) {

  151.             session_destroy();

  152.             die("You don't have permission to be here.");

  153.         }

  154.     }

  155. }

  156. 

  157. /**

  158.  * Check if the previous database action had a problem.

  159.  * @param array $specials int=>string array with special response messages for SQL errors

  160.  */

  161. function checkDBError($specials = []) {

  162.     global $database;

  163.     $errors = $database->error();

  164.     if (!is_null($errors[1])) {

  165.         foreach ($specials as $code => $text) {

  166.             if ($errors[1] == $code) {

  167.                 sendError($text);

  168.             }

  169.         }

  170.         sendError("A database error occurred:<br /><code>" . $errors[2] . "</code>");

  171.     }

  172. }

  173. 

  174. function redirectIfNotLoggedIn() {

  175.     global $SETTINGS;

  176.     if ($_SESSION['loggedin'] !== TRUE) {

  177.         header('Location: ' . $SETTINGS['url'] . '/index.php');

  178.         die();

  179.     }

  180.     $user = new User($_SESSION['uid']);

  181.     foreach ($SETTINGS['permissions'] as $perm) {

  182.         if (!$user->hasPermission($perm)) {

  183.             session_destroy();

  184.             header('Location: ./index.php');

  185.             die("You don't have permission to be here.");

  186.         }

  187.     }

  188. }