An easy point of sale system with automatic inventory tracking. https://netsyms.biz/apps/nickelbox/
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

required.php 7.0KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237
  1. <?php
  2. /**
  3. * This file contains global settings and utility functions.
  4. */
  5. ob_start(); // allow sending headers after content
  6. // Unicode, solves almost all stupid encoding problems
  7. header('Content-Type: text/html; charset=utf-8');
  8. // l33t $ecurity h4x
  9. header('X-Content-Type-Options: nosniff');
  10. header('X-XSS-Protection: 1; mode=block');
  11. header('X-Powered-By: PHP'); // no versions makes it harder to find vulns
  12. header('X-Frame-Options: "DENY"');
  13. header('Referrer-Policy: "no-referrer, strict-origin-when-cross-origin"');
  14. $SECURE_NONCE = base64_encode(random_bytes(8));
  15. $session_length = 60 * 60; // 1 hour
  16. session_set_cookie_params($session_length, "/", null, false, false);
  17. session_start(); // stick some cookies in it
  18. // renew session cookie
  19. setcookie(session_name(), session_id(), time() + $session_length);
  20. if ($_SESSION['mobile'] === TRUE) {
  21. header("Content-Security-Policy: "
  22. . "default-src 'self';"
  23. . "object-src 'none'; "
  24. . "img-src * data:; "
  25. . "media-src 'self'; "
  26. . "frame-src 'none'; "
  27. . "font-src 'self'; "
  28. . "connect-src *; "
  29. . "style-src 'self' 'unsafe-inline'; "
  30. . "script-src 'self' 'unsafe-inline'");
  31. } else {
  32. header("Content-Security-Policy: "
  33. . "default-src 'self';"
  34. . "object-src 'none'; "
  35. . "img-src * data:; "
  36. . "media-src 'self'; "
  37. . "frame-src 'none'; "
  38. . "font-src 'self'; "
  39. . "connect-src *; "
  40. . "style-src 'self' 'nonce-$SECURE_NONCE'; "
  41. . "script-src 'self' 'nonce-$SECURE_NONCE'");
  42. }
  43. //
  44. // Composer
  45. require __DIR__ . '/vendor/autoload.php';
  46. // Settings file
  47. require __DIR__ . '/settings.php';
  48. // List of alert messages
  49. require __DIR__ . '/lang/messages.php';
  50. // text strings (i18n)
  51. require __DIR__ . '/lang/' . LANGUAGE . ".php";
  52. /**
  53. * Kill off the running process and spit out an error message
  54. * @param string $error error message
  55. */
  56. function sendError($error) {
  57. global $SECURE_NONCE;
  58. die("<!DOCTYPE html>"
  59. . "<meta charset=\"UTF-8\">"
  60. . "<meta name=\"viewport\" content=\"width=device-width, initial-scale=1\">"
  61. . "<title>Error</title>"
  62. . "<style nonce=\"" . $SECURE_NONCE . "\">"
  63. . "h1 {color: red; font-family: sans-serif; font-size: 20px; margin-bottom: 0px;} "
  64. . "h2 {font-family: sans-serif; font-size: 16px;} "
  65. . "p {font-family: monospace; font-size: 14px; width: 100%; wrap-style: break-word;} "
  66. . "i {font-size: 12px;}"
  67. . "</style>"
  68. . "<h1>A fatal application error has occurred.</h1>"
  69. . "<i>(This isn't your fault.)</i>"
  70. . "<h2>Details:</h2>"
  71. . "<p>" . htmlspecialchars($error) . "</p>");
  72. }
  73. date_default_timezone_set(TIMEZONE);
  74. // Database settings
  75. // Also inits database and stuff
  76. use Medoo\Medoo;
  77. $database;
  78. try {
  79. $database = new Medoo([
  80. 'database_type' => DB_TYPE,
  81. 'database_name' => DB_NAME,
  82. 'server' => DB_SERVER,
  83. 'username' => DB_USER,
  84. 'password' => DB_PASS,
  85. 'charset' => DB_CHARSET
  86. ]);
  87. } catch (Exception $ex) {
  88. //header('HTTP/1.1 500 Internal Server Error');
  89. sendError("Database error. Try again later. $ex");
  90. }
  91. if (!DEBUG) {
  92. error_reporting(0);
  93. } else {
  94. error_reporting(E_ALL);
  95. ini_set('display_errors', 'On');
  96. }
  97. $VARS;
  98. if ($_SERVER['REQUEST_METHOD'] === 'POST') {
  99. $VARS = $_POST;
  100. define("GET", false);
  101. } else {
  102. $VARS = $_GET;
  103. define("GET", true);
  104. }
  105. /**
  106. * Checks if a string or whatever is empty.
  107. * @param $str The thingy to check
  108. * @return boolean True if it's empty or whatever.
  109. */
  110. function is_empty($str) {
  111. return (is_null($str) || !isset($str) || $str == '');
  112. }
  113. /**
  114. * I18N string getter. If the key doesn't exist, outputs the key itself.
  115. * @param string $key I18N string key
  116. * @param boolean $echo whether to echo the result or return it (default echo)
  117. */
  118. function lang($key, $echo = true) {
  119. if (array_key_exists($key, STRINGS)) {
  120. $str = STRINGS[$key];
  121. } else {
  122. trigger_error("Language key \"$key\" does not exist in " . LANGUAGE, E_USER_WARNING);
  123. $str = $key;
  124. }
  125. if ($echo) {
  126. echo $str;
  127. } else {
  128. return $str;
  129. }
  130. }
  131. /**
  132. * I18N string getter (with builder). If the key doesn't exist, outputs the key itself.
  133. * @param string $key I18N string key
  134. * @param array $replace key-value array of replacements.
  135. * If the string value is "hello {abc}" and you give ["abc" => "123"], the
  136. * result will be "hello 123".
  137. * @param boolean $echo whether to echo the result or return it (default echo)
  138. */
  139. function lang2($key, $replace, $echo = true) {
  140. if (array_key_exists($key, STRINGS)) {
  141. $str = STRINGS[$key];
  142. } else {
  143. trigger_error("Language key \"$key\" does not exist in " . LANGUAGE, E_USER_WARNING);
  144. $str = $key;
  145. }
  146. foreach ($replace as $find => $repl) {
  147. $str = str_replace("{" . $find . "}", $repl, $str);
  148. }
  149. if ($echo) {
  150. echo $str;
  151. } else {
  152. return $str;
  153. }
  154. }
  155. function dieifnotloggedin() {
  156. if ($_SESSION['loggedin'] != true) {
  157. sendError("Session expired. Please log out and log in again.");
  158. }
  159. }
  160. /**
  161. * Check if the previous database action had a problem.
  162. * @param array $specials int=>string array with special response messages for SQL errors
  163. */
  164. function checkDBError($specials = []) {
  165. global $database;
  166. $errors = $database->error();
  167. if (!is_null($errors[1])) {
  168. foreach ($specials as $code => $text) {
  169. if ($errors[1] == $code) {
  170. sendError($text);
  171. }
  172. }
  173. sendError("A database error occurred:<br /><code>" . $errors[2] . "</code>");
  174. }
  175. }
  176. /*
  177. * http://stackoverflow.com/a/20075147
  178. */
  179. if (!function_exists('base_url')) {
  180. function base_url($atRoot = FALSE, $atCore = FALSE, $parse = FALSE) {
  181. if (isset($_SERVER['HTTP_HOST'])) {
  182. $http = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https' : 'http';
  183. $hostname = $_SERVER['HTTP_HOST'];
  184. $dir = str_replace(basename($_SERVER['SCRIPT_NAME']), '', $_SERVER['SCRIPT_NAME']);
  185. $core = preg_split('@/@', str_replace($_SERVER['DOCUMENT_ROOT'], '', realpath(dirname(__FILE__))), NULL, PREG_SPLIT_NO_EMPTY);
  186. $core = $core[0];
  187. $tmplt = $atRoot ? ($atCore ? "%s://%s/%s/" : "%s://%s/") : ($atCore ? "%s://%s/%s/" : "%s://%s%s");
  188. $end = $atRoot ? ($atCore ? $core : $hostname) : ($atCore ? $core : $dir);
  189. $base_url = sprintf($tmplt, $http, $hostname, $end);
  190. } else
  191. $base_url = 'http://localhost/';
  192. if ($parse) {
  193. $base_url = parse_url($base_url);
  194. if (isset($base_url['path']))
  195. if ($base_url['path'] == '/')
  196. $base_url['path'] = '';
  197. }
  198. return $base_url;
  199. }
  200. }
  201. function redirectIfNotLoggedIn() {
  202. if ($_SESSION['loggedin'] !== TRUE) {
  203. header('Location: ' . URL . '/index.php');
  204. die();
  205. }
  206. }