| | All rights reserved. | +-----------------------------------------------------------------------------+ | PLEASE READ THE FULL TEXT OF SOFTWARE LICENSE AGREEMENT IN THE "COPYRIGHT" | | FILE PROVIDED WITH THIS DISTRIBUTION. THE AGREEMENT TEXT IS ALSO AVAILABLE | | AT THE FOLLOWING URL: http://www.x-cart.com/license.php | | | | THIS AGREEMENT EXPRESSES THE TERMS AND CONDITIONS ON WHICH YOU MAY USE | | THIS SOFTWARE PROGRAM AND ASSOCIATED DOCUMENTATION THAT RUSLAN R. | | FAZLIEV (hereinafter referred to as "THE AUTHOR") IS FURNISHING OR MAKING | | AVAILABLE TO YOU WITH THIS AGREEMENT (COLLECTIVELY, THE "SOFTWARE"). | | PLEASE REVIEW THE TERMS AND CONDITIONS OF THIS LICENSE AGREEMENT | | CAREFULLY BEFORE INSTALLING OR USING THE SOFTWARE. BY INSTALLING, | | COPYING OR OTHERWISE USING THE SOFTWARE, YOU AND YOUR COMPANY | | (COLLECTIVELY, "YOU") ARE ACCEPTING AND AGREEING TO THE TERMS OF THIS | | LICENSE AGREEMENT. IF YOU ARE NOT WILLING TO BE BOUND BY THIS | | AGREEMENT, DO NOT INSTALL OR USE THE SOFTWARE. VARIOUS COPYRIGHTS AND | | OTHER INTELLECTUAL PROPERTY RIGHTS PROTECT THE SOFTWARE. THIS | | AGREEMENT IS A LICENSE AGREEMENT THAT GIVES YOU LIMITED RIGHTS TO USE | | THE SOFTWARE AND NOT AN AGREEMENT FOR SALE OR FOR TRANSFER OF TITLE.| | THE AUTHOR RETAINS ALL RIGHTS NOT EXPRESSLY GRANTED BY THIS AGREEMENT. | | | | The Initial Developer of the Original Code is Ruslan R. Fazliev | | Portions created by Ruslan R. Fazliev are Copyright (C) 2001-2008 | | Ruslan R. Fazliev. All Rights Reserved. | +-----------------------------------------------------------------------------+ \*****************************************************************************/ # # $Id: https.php,v 1.21.2.12 2008/07/04 08:29:58 ferz Exp $ # # HTTP-HTTPS redirection mechanism code # if ( !defined('XCART_START') ) { header("Location: home.php"); die("Access denied"); } x_load('files'); x_session_register("https_redirect_counter", 0); x_session_register("https_redirect_forbidden", false); $https_messages = array(array("mode=order_message","orderids="), "error_message.php"); $https_scripts = array(); if (empty($REQUEST_URI) || substr($REQUEST_URI, -1) == '/') $HTTP_SERVER_VARS['REQUEST_URI'] = $REQUEST_URI = $PHP_SELF.($QUERY_STRING ? ("?".$QUERY_STRING) : ""); # # create payment scripts entries in $https_scripts # $payment_data = func_data_cache_get("payments_https"); if ($payment_data && is_array($payment_data)) { foreach ($payment_data as $payment_method_data) { $https_scripts[] = array("paymentid=".$payment_method_data["paymentid"],"mode=checkout"); if ($payment_method_data['processor'] && !in_array($payment_method_data['processor'], $https_scripts)) $https_scripts[] = $payment_method_data['processor']; } } $https_scripts[] = "secure_login.php"; if ($config["Security"]["use_https_login"] == "Y") { $https_scripts[] = "register.php"; $https_scripts[] = array("cart.php", "mode=checkout"); $https_scripts[] = array("cart.php", "mode=auth"); $https_scripts[] = array("error_message.php", "need_login"); } function is_https_link($link, $https_scripts) { if (empty($https_scripts)) return false; $link = preg_replace('!^/+!S','', $link); foreach ($https_scripts as $https_script) { if (!is_array($https_script)) $https_script = array($https_script); $tmp = true; foreach ($https_script as $v) { $p = strpos($link, $v); if ($p === false) { $tmp = false; break; } if ($v[strlen($v)-1] === '=') continue; if ($p + strlen($v) < strlen($link)) { $last = $link[$p+strlen($v)]; if ($last === '?') continue; if ($last !== '&') { $tmp = false; break; } } } if ($tmp) return true; } return false; } $current_script = "/".basename($REQUEST_URI); ############################################################ # X-CART-SEO Mod :: http://code.google.com/p/x-cart-seo/ ############################################################ $original_query = parse_url($current_script); $original_query = $original_query['query'] ? $original_query['query'] : ''; # END SEO # # Generate additional PHPSESSID var # $additional_query = ($original_query?"&":"?").(strstr($QUERY_STRING,$XCART_SESSION_NAME) ? "" : $XCART_SESSION_NAME."=".$XCARTSESSID); ## XC SEO if (!preg_match("/(?:^|&)sl=/", $additional_query) && $xcart_http_host != $xcart_https_host) $additional_query .= "&sl=".$store_language."&is_https_redirect=Y"; if ($REQUEST_METHOD == "GET" && empty($HTTP_GET_VARS["keep_https"]) && ($HTTPS || !$https_redirect_forbidden)) { $tmp_location = ""; if (!$HTTPS && is_https_link($current_script, $https_scripts)) { $tmp_location = $https_location.DIR_CUSTOMER.$current_script.$additional_query; } elseif (!$HTTPS && is_https_link($current_script, $https_messages) && !strncasecmp($HTTP_REFERER, $https_location, strlen($https_location))) { $tmp_location = $https_location.DIR_CUSTOMER.$current_script.$additional_query; } elseif ($config["Security"]["dont_leave_https"] != "Y" && $HTTPS && !is_https_link($current_script, $https_scripts) && !is_https_link($current_script, $https_messages)) { x_session_register("login_redirect"); $do_redirect = empty($login_redirect); x_session_unregister("login_redirect"); if ($do_redirect) { $tmp_location = $http_location.DIR_CUSTOMER.$current_script.$additional_query; } } $https_redirect_limit = intval($https_redirect_limit); if (!empty($tmp_location) && !$HTTPS && $https_redirect_limit > 0 && $https_redirect_counter > $https_redirect_limit) $https_redirect_forbidden = true; if (!empty($tmp_location) && ($HTTPS || !$https_redirect_forbidden)) { $https_redirect_counter++; if ($smarty->webmaster_mode) { echo ' '; echo "

".func_get_langvar_by_name("txt_header_location_note", array("time" => 2, "location" => $tmp_location), false, true, true); echo ""; echo "\n"; exit; } else { func_header_location($tmp_location); } } else { $https_redirect_counter = 0; } } ?>