<?


//breadcrum
function getPageName($cat,$lang){
	$sql_catsel=mysql_query("select strName from js_cms where intID='$cat' and isUp='1' order by strOrder, strName") or die(mysql_error());
	$numrows_catsel=mysql_num_rows($sql_catsel);
	
	$langid_tmp = $_SESSION['langid'];
	
	if($numrows_catsel!=0)
	{
		while($r_catsel=mysql_fetch_array($sql_catsel))
		{
			$name_catsel=stripslashes($r_catsel["strName"]);

			//multilanguage
			$sql_catsel2=mysql_query("select strName from js_cms_content where MotherID='$cat' and LangID='$lang'") or die(mysql_error());
			$numrows_catsel2=mysql_num_rows($sql_catsel2);
			
			if($numrows_catsel>0)
			{
				$r_catsel2=mysql_fetch_array($sql_catsel2);

				$name_catsel2=stripslashes($r_catsel2["strName"]);
			}
			
			if($name_catsel2)
				$product_title=$name_catsel2;
			else
				$product_title=$name_catsel;
		}
	}
	return $product_title;
}

function getPageParentID($cat){
	$sql_catsel=mysql_query("select MotherID from js_cms where intID='$cat' and isUp='1' order by strOrder, strName") or die(mysql_error());
	$numrows_catsel=mysql_num_rows($sql_catsel);
	if($numrows_catsel!=0)
	{
		while($r_catsel=mysql_fetch_array($sql_catsel))
		{
			$mother=$r_catsel["MotherID"];
		}
	}
	return $mother;
}

function getCategoryName($cat,$lang){
	$sql_catsel=mysql_query("select strName from js_store_products_category where intID='$cat' and isUp='1' order by strOrder, strName limit 0,1") or die(mysql_error());
	$numrows_catsel=mysql_num_rows($sql_catsel);
	
	if($numrows_catsel!=0)
	{
		while($r_catsel=mysql_fetch_array($sql_catsel))
		{
			$name_catsel=$r_catsel["strName"];

			//multilanguage
			$sql_catsel2=mysql_query("select strName from js_store_products_category_content where MotherID='$cat' and LangID='$lang'") or die(mysql_error());
			$numrows_catsel2=mysql_num_rows($sql_catsel2);
			
			if($numrows_catsel>0)
			{
				$r_catsel2=mysql_fetch_array($sql_catsel2);

				$name_catsel2=$r_catsel2["strName"];
			}
			
			if($name_catsel2)
				$product_title=$name_catsel2;
			else
				$product_title=$name_catsel;
		}
	}
	return $product_title;
}

function getCategoryParentID($cat){
	$sql_catsel=mysql_query("select MotherID from js_store_products_category where intID='$cat' and isUp='1' order by strOrder, strName limit 0,1") or die(mysql_error());
	$numrows_catsel=mysql_num_rows($sql_catsel);
	if($numrows_catsel!=0)
	{
		while($r_catsel=mysql_fetch_array($sql_catsel))
		{
			$mother=$r_catsel["MotherID"];
		}
	}
	return $mother;
}

//end breadcrum
function jscheck_input($name)
{
    $temp="";
	
	if ($_SERVER['REQUEST_METHOD'] == 'GET')
	{
        $temp=strip_tags($_GET[$name]);
	}
	
    if ($_SERVER['REQUEST_METHOD'] == 'POST')
	{
        $temp=strip_tags($_POST[$name]);
	}
		
	//replace string
	$temp=str_replace("&","&amp;",$temp);
	$temp=str_replace("<","&lt;",$temp);
	$temp=str_replace(">","&gt;",$temp);
	$temp=str_replace("#","&#35;",$temp);
	$temp=str_replace("(","&#40;",$temp);
	$temp=str_replace(")","&#41;",$temp);
	$temp=str_replace("\"","&quot;",$temp);
	$temp=str_replace("'","&rsquo;",$temp);
	
	return $temp;
}

function jscheck_numberic($value)
{
	if (is_numeric($value))
		return $value;
	else
		return "0";
}

function jscheck_uid($value)
{
	if (preg_match("/[A-Za-z0-9]{8,40}$/", $value))
		return $value;
	else
		return "0";
}

function jscheck_key($value)
{
	if (preg_match("/[A-Za-z0-9]{8,40}$/", $value))
		return trim($value);
	else
		return "0";
}

function jscheck_email($email) 
{
	// First, we check that there's one @ symbol, and that the lengths are right
	if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) 
	{
		return false;	// Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
	}
	
	// Split it into sections to make life easier
	$email_array = explode("@", $email);
	$local_array = explode(".", $email_array[0]);
	for ($i = 0; $i < sizeof($local_array); $i++) 
	{
		if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) 
		{
			return false;
		}
	}
	
	if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) 
	{ // Check if domain is IP. If not, it should be valid domain name
		$domain_array = explode(".", $email_array[1]);
		
		if (sizeof($domain_array) < 2) 
		{
			return false; // Not enough parts to domain
		}
		
		for ($i = 0; $i < sizeof($domain_array); $i++) 
		{
			if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) 
			{
				return false;
			}
		}
	}
	return true;
}

function displaySelected($val_a,$val_b)
{
	if($val_a==$val_b){
		return "selected=\"selected\"";
	}else{
		return "";
	}
}

function sendErrNotification($name, $error, $redirect = true)
{
	//email to webmaster
	$curhost=$_SERVER['HTTP_HOST'];
	$curlocation=$_SERVER['REQUEST_URI'];
	$curip=$_SERVER['REMOTE_ADDR'];
	$curtime=date("Y-m-d H:i:s");
	$wmnotice ="A sql error, [".$name."][".$error."], \n\nhad occured at [".$curhost.$curlocation."]. \n\n";
	$wmnotice.="Accessed through [".$curhost."] ,\n\nfrom [".$curip."] at [".$curtime."]";
	mail("log@justsimple.com.my","SQL Error on Simple!CMS Website - [".$curhost."]",$wmnotice,"From: log@justsimple.com.my");
	
	if($redirect)
	{
		//redirect to home page
		ob_start();
		header("Location: http://".$curhost);
		ob_flush();
	}
	else
	{
		//display message
		return "Temporarily Unavailable.";
	}
}

function convertToURL($name)
{
	$temp=$name;
	$temp=str_replace(" ","+",$temp);
	$temp=str_replace("&","and",$temp);
	$temp=str_replace("\"","",$temp);
	$temp=str_replace("/","_",$temp);
	$temp=str_replace("'","",$temp);
	$temp=str_replace(".","",$temp);
	$temp=str_replace(",","",$temp);
	return $temp;
}


/*************************************************/
//for data encrytion
function get_rnd_iv($iv_len)
{
   $iv = '';
   while ($iv_len-- > 0) 
   {
       $iv .= chr(mt_rand() & 0xff);
   }
   return $iv;
}

function md5_encrypt($plain_text, $password, $iv_len = 16)
{
   $plain_text .= "\x13";
   $n = strlen($plain_text);
   if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16));
   $i = 0;
   $enc_text = get_rnd_iv($iv_len);
   $iv = substr($password ^ $enc_text, 0, 512);
   while ($i < $n) {
       $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv));
       $enc_text .= $block;
       $iv = substr($block . $iv, 0, 512) ^ $password;
       $i += 16;
   }
   return base64_encode($enc_text);
}

function md5_decrypt($enc_text, $iv_len = 16)
{
   $password = 'aitai xiang lian 520';
   
   $enc_text = base64_decode($enc_text);
   $n = strlen($enc_text);
   $i = $iv_len;
   $plain_text = '';
   $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512);
   while ($i < $n) {
       $block = substr($enc_text, $i, 16);
       $plain_text .= $block ^ pack('H*', md5($iv));
       $iv = substr($block . $iv, 0, 512) ^ $password;
       $i += 16;
   }
   return preg_replace('/\\x13\\x00*$/', '', $plain_text);
}

/**********************************************************************************/
$level=jscheck_input('level'); $level=jscheck_numberic($level);
$id=jscheck_input('id'); $id=jscheck_numberic($id);
$tc=jscheck_input('tc'); $tc=jscheck_numberic($tc);
$langid_tmp=jscheck_input('lang'); $langid_tmp=jscheck_numberic($langid_tmp);

require "inc.db.php";

//find the id for the default language
$sql_fd=mysql_query("select LangID from tce_lang where isDefault='1' limit 0,1") or die("sql9: ".mysql_error());
$numrows_fd=mysql_num_rows($sql_fd);

if($numrows_fd>0)
{
	while($r_fd=mysql_fetch_array($sql_fd))
	{
		$defaultlangid=$r_fd["LangID"];
	}
}

if(!$langid_tmp)
{
	!isset($_SESSION["langid"])=="";
	
	if (!isset($_SESSION["langid"]))
	{
		!isset($_SESSION["langid"]);
		$_SESSION['langid'] = $defaultlangid;
	}
}
else
{
	!isset($_SESSION["langid"]);
	$_SESSION['langid'] = jscheck_numberic($_REQUEST['lang']);
}

$langid_tmp = $_SESSION['langid'];

switch ($langid_tmp)
{
	case 6: include( 'lang/lang.cn_sim.php' );break;
	case 5: include( 'lang/lang.bm.php' );break;
	case 7: include( 'lang/lang.jp.php' );break;
	default: include( 'lang/lang.eng.php' );break;
}

/****************************find home page**************************/
$checkid="";
if(!$id)
{
	//$sql_id=mysql_query("select intID from js_cms order by strOrder, intID") or die("sql10: ".mysql_error());
	$sql_id=mysql_query("select intID from js_cms where MotherID=0 and isUp=1 and isDeleted=0 order by strOrder, intID") or die("sql10: ".mysql_error());
	$result_id=mysql_fetch_array($sql_id);
	
	$id=$result_id["intID"];
	
	$checkid=1;
}
/****************************************************************************************/
$pagename=jscheck_input('pagename');//echo "<script>alert(\"$pagename\");</script>";
// $pagename=str_replace('__','/',$pagename);
// $pagename=str_replace('-','/',$pagename);

$pagename=str_replace('_',' ',$pagename);
$pagename=str_replace('&#40;','(',$pagename);
$pagename=str_replace('&#41;',')',$pagename);$pagename=str_replace('^','&',$pagename);
if($pagename=="")
$pagename="home";

/****************************get all content**************************/
//$sql_cms=mysql_query("select * from js_cms where REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(LCASE(strName), ' ','_'), ',',''), '/','_'), '.',''), '&#40;',''), '&#41;',''), '(',''), ')',''), '''',''), '_',' ')='$pagename' and isUp='1' and isDeleted='0'") or die("sql11: ".mysql_error());
$sql_cms=mysql_query("select * from js_cms where strName='$pagename' and isUp='1' and isDeleted='0'") or die("sql11: ".mysql_error());
$result_cms=mysql_fetch_array($sql_cms);

$cms_id=$result_cms["intID"];
$cms_title=$result_cms["strName"];
$cms_exclude=$result_cms["strExclude"];
$cms_layout=$result_cms["strLayout"];

if($cms_id)
{

$sql_cms_content=mysql_query("select strName, strAlias, strPic, content, strURL, SEOTitle, SEOKeywords, SEODescription from js_cms_content where MotherID='$cms_id' and isUp='1' and LangID='1'") or die("sql12: ".mysql_error());
$r1_top=mysql_fetch_array($sql_cms_content);
$con_title=stripslashes($r1_top["strName"]);
$con_alias=stripslashes($r1_top["strAlias"]);
$con_url=$r1_top["strURL"];
$con_banner=$r1_top["strPic"];
$con_content=stripslashes($r1_top["content"]);
$con_seotitle=$r1_top["SEOTitle"];
$con_seokeywords=$r1_top["SEOKeywords"];
$con_seodesc=$r1_top["SEODescription"];
}
else
{
//echo "<script>alert('$cms_id');</script>";
$sql_cms_content=mysql_query("select strName, strAlias, strPic, content, strURL, SEOTitle, SEOKeywords, SEODescription from js_cms_content where strURL='$pagename' and isUp='1' and LangID='1'") or die("sql12: ".mysql_error());
$r1_top=mysql_fetch_array($sql_cms_content);
$con_title=stripslashes($r1_top["strName"]);
$con_alias=stripslashes($r1_top["strAlias"]);
$con_url=$r1_top["strURL"];
$con_banner=$r1_top["strPic"];
$con_content=stripslashes($r1_top["content"]);
$con_seotitle=$r1_top["SEOTitle"];
$con_seokeywords=$r1_top["SEOKeywords"];
$con_seodesc=$r1_top["SEODescription"];

}


@mysql_close($conn);
?><?
error_reporting(E_ERROR | E_WARNING | E_PARSE);

require("inc.db.php");
$sql=mysql_query("select * from js_sitesetting where SettingID='1'") or die("sql1: ".mysql_error());
$numrows=mysql_num_rows($sql);

$r=mysql_fetch_array($sql);

$WSettingID=$r["SettingID"];
$WUID=$r["UID"];
$WstrEmail=$r["strEmail"];
$WstrCCEmail=$r["strCCEmail"];
$WstrWebsite=$r["strWebsite"];
$WstrStatus=$r["strStatus"];
$WstrRedirectAddress=$r["strRedirectAddress"];
$WstrOfflineMessage=$r["strOfflineMessage"];
$WSEOTitle=$r["SEOTitle"];
$WSEOKeywords=$r["SEOKeywords"];
$WSEODescription=$r["SEODescription"];
$WstrGoogleTag=$r["strGoogleTag"];
$WstrCopyright=$r["strCopyright"];

$WSiteTemplate=$r["SiteTemplate"];
$WSiteLogo=$r["SiteLogo"];

$WebsiteID=$r["WebsiteID"];
$WebsiteCountry=$r["WebsiteCountry"];
$WSitePerson=$r["SitePerson"];
$WSiteCompany=$r["SiteCompany"];
	
if ($WstrStatus=='0')
{
	if ($WstrRedirectAddress)
	{
		if ($WstrOfflineMessage)
		{
		?>
			<script type="text/javascript">
				alert("");
			</script>
		<?
		}
		?>
			<script type="text/javascript">
				window.location = ""
			</script>
		<?
		exit();
	}
	else 
	{
		?>
			<script type="text/javascript">
				window.location = "offline.php"
			</script>
		<?
		exit();
	}
}


/************************Currency Convertion*******************************************/
session_start ();

$userid=$_SESSION['userid'];

//find the default currency
$sql_findde=mysql_query("select CurrID, SymbolLeft, value from js_store_currency where isDefault=1 limit 0, 1") or die("sql2: ".mysql_error());
$numrows_findde=mysql_num_rows($sql_findde);

if ($numrows_findde>0)
{
	$r_findde=mysql_fetch_array($sql_findde);

	$CurrID_findde=$r_findde["CurrID"];
	$SymbolLeft_findde=$r_findde["SymbolLeft"];
	$value_findde=$r_findde["value"];
}

$currencyid_tmp = $_POST['curr_default'];

if($currencyid_tmp=="")
{
/*
	{
	if (!session_is_registered ("currencyid"))
	{
		$_SESSION['currencyid'] = $CurrID_findde;
		session_register ("currencyid");
	}
}
else
{
	$_SESSION['currencyid'] = $_POST['curr_default'];
	session_register ("currencyid");
}

//$currencyid_tmp=$_SESSION['currencyid'];

*/}
$currencyid_tmp= $CurrID_findde;

$sql_curr=mysql_query("select * from js_store_currency where CurrID='$currencyid_tmp' limit 0, 1") or die("sql3: ".mysql_error());
$numrows_curr=mysql_num_rows($sql_curr);

if ($numrows_curr>0)
{
	while($r_curr=mysql_fetch_array($sql_curr))
	{
		$strName_curr=$r_curr["strName"];
		$strCode_curr=$r_curr["strCode"];
		$SymbolLeft_curr=$r_curr["SymbolLeft"];
		$value_curr=$r_curr["value"];
	}
}

$crr_symb=$SymbolLeft_curr;
$crr_rate=$value_curr;

$crrdef_symb=$SymbolLeft_findde;
$crrdef_rate=$value_findde;

function currConvert($c, $rate)
{
	$price_tmp = $c;
	$price_display = $price_tmp * $rate;
	$price_display = number_format($price_display, 2, '.', ',');
	
	return $price_display;
}

function displayDiscount($sign, $price_ori)
{
	$price_display_tmp = $price_ori * 0.7;
	$price_display_tmp = number_format($price_display_tmp, 2, '.', '');
	
	$price_display="<s>$sign"."$price_ori</s> "."<b>$sign"."$price_display_tmp</b>";
	return $price_display;
}
/****************************************************************************************/

/************************Shopping Cart Session*******************************************/

if (!isset($_SESSION["cartvisitor"]))
{
	$_SESSION['cartvisitor'] = time();
	!isset($_SESSION["cartvisitor"]);
}
$cartvisitor_tmp = $_SESSION['cartvisitor'];

/****************************************************************************************/

/************************Store Setting*******************************************/
$sql_ss =mysql_query("select ProductPerRow, ProductSort, ProductSort2, ProductImgMW, ProductImgMH, ProductTotalDisplay from js_storesetting where SettingID=1") or die("sql4: ".mysql_error());
$r_ss=mysql_fetch_array($sql_ss);

$ProductPerRow=$r_ss['ProductPerRow'];
$ProductSort=$r_ss['ProductSort'];
$ProductSort2=$r_ss['ProductSort2'];
$ProductImgMW=$r_ss['ProductImgMW']+15;
$ProductImgMH=$r_ss['ProductImgMH']+15;
$ProductTotalDisplay=$r_ss['ProductTotalDisplay'];

switch($ProductSort)
{
	case Title: $ProductSort_tmp="ItemName"; break;
	case Price: $ProductSort_tmp="ItemCost"; break;
	case Date: $ProductSort_tmp="strAddDate"; break;
	default: $ProductSort_tmp="ItemName"; break;
}
/****************************************************************************************/

/****************************visitor count**************************/
$ipaddress = $_SERVER['REMOTE_ADDR'];
$now=date("Y-m-d");

$sql_visitor=mysql_query("select ip,date from tce_visitor where ip='$ipaddress' and date like '%$now%'") or die(mysql_error());
$count_ip=mysql_num_rows($sql_visitor);

if($count_ip != 1)
{
	mysql_query("insert into tce_visitor(ip,date) values ('$ipaddress',now())") or die("sql5: ".mysql_error());
			
	$now1=date("Y-m-d");
	$sql_visit=mysql_query("select ip,date from tce_visitor where date like '%$now1%'") or die("sql6: ".mysql_error());
	$numrows=mysql_num_rows($sql_visit);
					
	$visitorToday=$numrows;
					
	mysql_query("update tce_visitor_count set todayVisitor='$visitorToday',date=now()") or die("sql7: ".mysql_error());

}//if($count_ip != 1)
/****************************************************************************************/
?>