<?php
/*
X-cart weight update
*/
## THIS SCRIPT IS PASSWORD PROTECTED
# You can generate a MD5 hash (required) at a site such as http://bfl.rctek.com/tools/?tool=hasher
# Example password is "PassWord"
$sett["password"] = "";
## MySQL settings go here
# Variable names should make the needed details obvious
$mysql["server"] = "";
$mysql["username"] = "";
$mysql["password"] = "";
$mysql["database_name"] = "";
## Authentication tokens
# This handles encrypted authentication tokens, to prevent prying eyes getting passwords
# No real need to change this, although key changes may be advisable
# Change this setting to some random string. It acts as a key for encryption.
$sett["auth_key"] = ":W?u8PbEmGtNsHiOzD_w:oB[G<mFC";
# Change this for the maximum idle time for each call of the script - Value in seconds (900 = 15 mins)
$sett["auth_idle"] = 900;
## Misc settings
# No real need to change these
#Change this if you save this file under a different name
$sett["filename"] = "weight_updator.php";
## It's all code from now on
#
#
#
mysql_connect($mysql["server"], $mysql["username"], $mysql["password"]);
mysql_select_db($mysql["database_name"]);
function get_rnd_iv($iv_len)
{
$iv = '';
while ($iv_len-- > 0) {
$iv .= chr(mt_rand() & 0xff);
}
return $iv;
}
function md5_encrypt($plain_text, $password, $iv_len = 16)
{
$plain_text .= "\x13";
$n = strlen($plain_text);
if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16));
$i = 0;
$enc_text = get_rnd_iv($iv_len);
$iv = substr($password ^ $enc_text, 0, 512);
while ($i < $n) {
$block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv));
$enc_text .= $block;
$iv = substr($block . $iv, 0, 512) ^ $password;
$i += 16;
}
return base64_encode($enc_text);
}
function md5_decrypt($enc_text, $password, $iv_len = 16)
{
$enc_text = base64_decode($enc_text);
$n = strlen($enc_text);
$i = $iv_len;
$plain_text = '';
$iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512);
while ($i < $n) {
$block = substr($enc_text, $i, 16);
$plain_text .= $block ^ pack('H*', md5($iv));
$iv = substr($block . $iv, 0, 512) ^ $password;
$i += 16;
}
return preg_replace('/\\x13\\x00*$/', '', $plain_text);
}
class authenticate {
var $decrypt;
var $idle = 300;
var $key;
var $pass;
function authenticate ($input, $key, $password, $idle) {
$this->idle = $idle;
$this->key = $key;
$this->pass = strtolower($password);
parse_str(md5_decrypt($input, $key), $tmp);
if (is_array($tmp) && ($tmp["validate"] == "VALID:".$this->key)) {
$this->decrypt = $tmp;
return $this;
}
if (strtolower(md5($input)) == $this->pass) {
$this->build_auth($password);
return $this;
}
$this->build_auth();
return $this;
}
function build_auth($pass = "") {
$this->decrypt["validate"] = sprintf("VALID:%s", $this->key);
$this->decrypt["idle"] = time();
$this->decrypt["password"] = $pass;
}
function is_valid() {
if ($this->decrypt["password"] == $this->pass) {
if ((time() - $this->idle) < $this->decrypt["idle"]) {
return TRUE;
}
}
return FALSE;
}
function build_key() {
$this->decrypt["idle"] = time();
foreach ($this->decrypt AS $key=>$val) {
$str[] = sprintf("%s=%s", $key, urlencode($val));
}
return htmlentities(md5_encrypt(implode("&", $str), $this->key));
}
}
## Main body
$auth = new authenticate($_POST["pass"], $sett["auth_key"], $sett["password"], $sett["auth_idle"]);
if (!$auth->is_valid()) {
?>
<h2>Authentication failed</h2>
Please provide your password:</p>
<form action="./<?=$sett["filename"]?>" method="post">
<input type="text" name="pass">
<input type="submit" value="Login">
</form>
<div align="center">Copyright © 2005
Craig Brass and
Phil Richardson</div>
<?php
exit;
}
$our_error = array();
$expr_str = "";
switch (strtolower($_POST["method"])) {
/* Save this record and move to the next - Don't break*/
case "save and next":
$expr_str = ">";
/* Save and refresh the record - Safe to break here*/
case "save and refresh":
if (number_format($_POST["newweight"], 2, ".", "") != number_format($_POST["weight"], 2, ".", "")) {
$sql = sprintf("UPDATE xcart_products SET weight='%s' WHERE productid=%s LIMIT 1", number_format($_POST["newweight"], 2, ".", ""), intval($_POST["cid"]));
mysql_query($sql);
$our_error[] = "Records updated sucesfully. ";
} else {
$our_error[] = "No changes made duing the previous update. ";
}
if ($expr_str == "") { $expr_str = "="; }
$sql = sprintf("SELECT xcart_products.productid AS productid, xcart_products.productcode AS productcode, xcart_products.product AS product, xcart_products.weight AS weight FROM xcart_products WHERE xcart_products.productid %s %s ORDER BY xcart_products.productid ASC LIMIT 1", $expr_str, intval($_POST["cid"]));
break;
/* Load next record */
case "next without saving":
$sql = sprintf("SELECT xcart_products.productid AS productid, xcart_products.productcode AS productcode, xcart_products.product AS product, xcart_products.weight AS weight FROM xcart_products WHERE xcart_products.productid > %s ORDER BY xcart_products.productid ASC LIMIT 1", intval($_POST["cid"]));
break;
/* Load previous record */
case "previous without saving":
$sql = sprintf("SELECT xcart_products.productid AS productid, xcart_products.productcode AS productcode, xcart_products.product AS product, xcart_products.weight AS weight FROM xcart_products WHERE xcart_products.productid < %s ORDER BY xcart_products.productid DESC LIMIT 1", intval($_POST["cid"]));
break;
/* Load a specific record */
case "goto row":
$sql = sprintf("SELECT xcart_products.productid AS productid, xcart_products.productcode AS productcode, xcart_products.product AS product, xcart_products.weight AS weight FROM xcart_products WHERE xcart_products.productid = %s ORDER BY xcart_products.productid ASC LIMIT 1", intval($_POST["cid"]));
break;
/* Load the first row of the table
This is also the default action, so fall through */
case "first row":
Default:
$sql = "SELECT xcart_products.productid AS productid, xcart_products.productcode AS productcode, xcart_products.product AS product, xcart_products.weight AS weight FROM xcart_products ORDER BY xcart_products.productid ASC LIMIT 1";
break;
}
# Check for results - Display warning that you need to navigate to first record
$res = mysql_query($sql);
if (mysql_num_rows($res) < 1) {
$current_id = "1";
$our_error[] = "No records returned. Use the controls below to navigate to a different record.";
} else {
$data = mysql_fetch_object($res);
$current_id = $data->productid;
}
?>
<h2>Weight editor</h2>
<?php /* Navigation buttons - First record and Jump to */ ?>
<div>
<form action="./<?=$sett["filename"]?>" method="post">
<input type="hidden" name="pass" value="<?=$auth->build_key()?>">
<input type="submit" name="method" value="First row">
<input type="text" name="cid" value="<?=$current_id?>">
<input type="submit" name="method" value="Goto row">
</form>
</div>
<?php /* Only display the content table when we have a record */ ?>
<?php if (mysql_num_rows($res) != "0") { ?>
<form action="./<?=$sett["filename"]?>" method="post">
<input type="hidden" name="pass" value="<?=$auth->build_key()?>">
<input type="hidden" name="cid" value="<?=$current_id?>">
<input type="hidden" name="weight" value="<?=$data->weight?>">
<table>
<tr>
<td style="padding-right:15px; text-align:right; font-weight:bold">Product ID</td>
<td><?=$current_id?></td>
</tr>
<tr>
<td style="padding-right:15px; text-align:right; font-weight:bold">Product Code</td>
<td><?=$data->productcode?></td>
</tr>
<tr>
<td style="padding-right:15px; text-align:right; font-weight:bold">Product Name</td>
<td><?=$data->product?></td>
</tr>
<tr>
<td style="padding-right:15px; text-align:right; font-weight:bold">Current Weight</td>
<td><?=number_format($data->weight, 2, ".", "")?></td>
</tr>
<tr>
<td style="padding-right:15px; text-align:right; font-weight:bold">New Weight</td>
<td><input type="text" name="newweight" value="<?=number_format($data->weight, 2, ".", "")?>"></td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="method" value="Previous without saving">
<input type="submit" name="method" value="Save and refresh">
<input type="submit" name="method" value="Save and next">
<input type="submit" name="method" value="Next without saving">
</td>
</tr>
</table>
</form>
<?php } ?>
<?php
if (count($our_error) > 0) {
foreach ($our_error AS $value) {
?>
<div style="font-weight:bold;color:#800000;font-style:italic;background-color:#FFF0B7;padding:5px;border:1px solid #FFB96C;"><?=$value?></div>
<?php
}
}
?>
<div align="center">Copyright © 2005
Craig Brass and
Phil Richardson</div>