error_reporting(E_ERROR | E_WARNING | E_PARSE);
require("inc.db.php");
$sql=mysql_query("select * from js_sitesetting where SettingID='1'") or die("sql1: ".mysql_error());
$numrows=mysql_num_rows($sql);
$r=mysql_fetch_array($sql);
$WSettingID=$r["SettingID"];
$WUID=$r["UID"];
$WstrEmail=$r["strEmail"];
$WstrCCEmail=$r["strCCEmail"];
$WstrWebsite=$r["strWebsite"];
$WstrStatus=$r["strStatus"];
$WstrRedirectAddress=$r["strRedirectAddress"];
$WstrOfflineMessage=$r["strOfflineMessage"];
$WSEOTitle=$r["SEOTitle"];
$WSEOKeywords=$r["SEOKeywords"];
$WSEODescription=$r["SEODescription"];
$WstrGoogleTag=$r["strGoogleTag"];
$WstrCopyright=$r["strCopyright"];
$WSiteTemplate=$r["SiteTemplate"];
$WSiteLogo=$r["SiteLogo"];
$WebsiteID=$r["WebsiteID"];
$WebsiteCountry=$r["WebsiteCountry"];
$WSitePerson=$r["SitePerson"];
$WSiteCompany=$r["SiteCompany"];
if ($WstrStatus=='0')
{
if ($WstrRedirectAddress)
{
if ($WstrOfflineMessage)
{
?>
}
?>
exit();
}
else
{
?>
exit();
}
}
/************************Currency Convertion*******************************************/
session_start ();
$userid=$_SESSION['userid'];
//find the default currency
$sql_findde=mysql_query("select CurrID, SymbolLeft, value from js_store_currency where isDefault=1 limit 0, 1") or die("sql2: ".mysql_error());
$numrows_findde=mysql_num_rows($sql_findde);
if ($numrows_findde>0)
{
$r_findde=mysql_fetch_array($sql_findde);
$CurrID_findde=$r_findde["CurrID"];
$SymbolLeft_findde=$r_findde["SymbolLeft"];
$value_findde=$r_findde["value"];
}
$currencyid_tmp = $_POST['curr_default'];
if($currencyid_tmp=="")
{
/*
{
if (!session_is_registered ("currencyid"))
{
$_SESSION['currencyid'] = $CurrID_findde;
session_register ("currencyid");
}
}
else
{
$_SESSION['currencyid'] = $_POST['curr_default'];
session_register ("currencyid");
}
//$currencyid_tmp=$_SESSION['currencyid'];
*/}
$currencyid_tmp= $CurrID_findde;
$sql_curr=mysql_query("select * from js_store_currency where CurrID='$currencyid_tmp' limit 0, 1") or die("sql3: ".mysql_error());
$numrows_curr=mysql_num_rows($sql_curr);
if ($numrows_curr>0)
{
while($r_curr=mysql_fetch_array($sql_curr))
{
$strName_curr=$r_curr["strName"];
$strCode_curr=$r_curr["strCode"];
$SymbolLeft_curr=$r_curr["SymbolLeft"];
$value_curr=$r_curr["value"];
}
}
$crr_symb=$SymbolLeft_curr;
$crr_rate=$value_curr;
$crrdef_symb=$SymbolLeft_findde;
$crrdef_rate=$value_findde;
function currConvert($c, $rate)
{
$price_tmp = $c;
$price_display = $price_tmp * $rate;
$price_display = number_format($price_display, 2, '.', ',');
return $price_display;
}
function displayDiscount($sign, $price_ori)
{
$price_display_tmp = $price_ori * 0.7;
$price_display_tmp = number_format($price_display_tmp, 2, '.', '');
$price_display="$sign"."$price_ori "."$sign"."$price_display_tmp";
return $price_display;
}
/****************************************************************************************/
/************************Shopping Cart Session*******************************************/
if (!isset($_SESSION["cartvisitor"]))
{
$_SESSION['cartvisitor'] = time();
!isset($_SESSION["cartvisitor"]);
}
$cartvisitor_tmp = $_SESSION['cartvisitor'];
/****************************************************************************************/
/************************Store Setting*******************************************/
$sql_ss =mysql_query("select ProductPerRow, ProductSort, ProductSort2, ProductImgMW, ProductImgMH, ProductTotalDisplay from js_storesetting where SettingID=1") or die("sql4: ".mysql_error());
$r_ss=mysql_fetch_array($sql_ss);
$ProductPerRow=$r_ss['ProductPerRow'];
$ProductSort=$r_ss['ProductSort'];
$ProductSort2=$r_ss['ProductSort2'];
$ProductImgMW=$r_ss['ProductImgMW']+15;
$ProductImgMH=$r_ss['ProductImgMH']+15;
$ProductTotalDisplay=$r_ss['ProductTotalDisplay'];
switch($ProductSort)
{
case Title: $ProductSort_tmp="ItemName"; break;
case Price: $ProductSort_tmp="ItemCost"; break;
case Date: $ProductSort_tmp="strAddDate"; break;
default: $ProductSort_tmp="ItemName"; break;
}
/****************************************************************************************/
/****************************visitor count**************************/
$ipaddress = $_SERVER['REMOTE_ADDR'];
$now=date("Y-m-d");
$sql_visitor=mysql_query("select ip,date from tce_visitor where ip='$ipaddress' and date like '%$now%'") or die(mysql_error());
$count_ip=mysql_num_rows($sql_visitor);
if($count_ip != 1)
{
mysql_query("insert into tce_visitor(ip,date) values ('$ipaddress',now())") or die("sql5: ".mysql_error());
$now1=date("Y-m-d");
$sql_visit=mysql_query("select ip,date from tce_visitor where date like '%$now1%'") or die("sql6: ".mysql_error());
$numrows=mysql_num_rows($sql_visit);
$visitorToday=$numrows;
mysql_query("update tce_visitor_count set todayVisitor='$visitorToday',date=now()") or die("sql7: ".mysql_error());
}//if($count_ip != 1)
/****************************************************************************************/
?>
//breadcrum
function getPageName($cat,$lang){
$sql_catsel=mysql_query("select strName from js_cms where intID='$cat' and isUp='1' order by strOrder, strName") or die(mysql_error());
$numrows_catsel=mysql_num_rows($sql_catsel);
$langid_tmp = $_SESSION['langid'];
if($numrows_catsel!=0)
{
while($r_catsel=mysql_fetch_array($sql_catsel))
{
$name_catsel=stripslashes($r_catsel["strName"]);
//multilanguage
$sql_catsel2=mysql_query("select strName from js_cms_content where MotherID='$cat' and LangID='$lang'") or die(mysql_error());
$numrows_catsel2=mysql_num_rows($sql_catsel2);
if($numrows_catsel>0)
{
$r_catsel2=mysql_fetch_array($sql_catsel2);
$name_catsel2=stripslashes($r_catsel2["strName"]);
}
if($name_catsel2)
$product_title=$name_catsel2;
else
$product_title=$name_catsel;
}
}
return $product_title;
}
function getPageParentID($cat){
$sql_catsel=mysql_query("select MotherID from js_cms where intID='$cat' and isUp='1' order by strOrder, strName") or die(mysql_error());
$numrows_catsel=mysql_num_rows($sql_catsel);
if($numrows_catsel!=0)
{
while($r_catsel=mysql_fetch_array($sql_catsel))
{
$mother=$r_catsel["MotherID"];
}
}
return $mother;
}
function getCategoryName($cat,$lang){
$sql_catsel=mysql_query("select strName from js_store_products_category where intID='$cat' and isUp='1' order by strOrder, strName limit 0,1") or die(mysql_error());
$numrows_catsel=mysql_num_rows($sql_catsel);
if($numrows_catsel!=0)
{
while($r_catsel=mysql_fetch_array($sql_catsel))
{
$name_catsel=$r_catsel["strName"];
//multilanguage
$sql_catsel2=mysql_query("select strName from js_store_products_category_content where MotherID='$cat' and LangID='$lang'") or die(mysql_error());
$numrows_catsel2=mysql_num_rows($sql_catsel2);
if($numrows_catsel>0)
{
$r_catsel2=mysql_fetch_array($sql_catsel2);
$name_catsel2=$r_catsel2["strName"];
}
if($name_catsel2)
$product_title=$name_catsel2;
else
$product_title=$name_catsel;
}
}
return $product_title;
}
function getCategoryParentID($cat){
$sql_catsel=mysql_query("select MotherID from js_store_products_category where intID='$cat' and isUp='1' order by strOrder, strName limit 0,1") or die(mysql_error());
$numrows_catsel=mysql_num_rows($sql_catsel);
if($numrows_catsel!=0)
{
while($r_catsel=mysql_fetch_array($sql_catsel))
{
$mother=$r_catsel["MotherID"];
}
}
return $mother;
}
//end breadcrum
function jscheck_input($name)
{
$temp="";
if ($_SERVER['REQUEST_METHOD'] == 'GET')
{
$temp=strip_tags($_GET[$name]);
}
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
$temp=strip_tags($_POST[$name]);
}
//replace string
$temp=str_replace("&","&",$temp);
$temp=str_replace("<","<",$temp);
$temp=str_replace(">",">",$temp);
$temp=str_replace("#","#",$temp);
$temp=str_replace("(","(",$temp);
$temp=str_replace(")",")",$temp);
$temp=str_replace("\"",""",$temp);
$temp=str_replace("'","’",$temp);
return $temp;
}
function jscheck_numberic($value)
{
if (is_numeric($value))
return $value;
else
return "0";
}
function jscheck_uid($value)
{
if (preg_match("/[A-Za-z0-9]{8,40}$/", $value))
return $value;
else
return "0";
}
function jscheck_key($value)
{
if (preg_match("/[A-Za-z0-9]{8,40}$/", $value))
return trim($value);
else
return "0";
}
function jscheck_email($email)
{
// First, we check that there's one @ symbol, and that the lengths are right
if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email))
{
return false; // Email invalid because wrong number of characters in one section, or wrong number of @ symbols.
}
// Split it into sections to make life easier
$email_array = explode("@", $email);
$local_array = explode(".", $email_array[0]);
for ($i = 0; $i < sizeof($local_array); $i++)
{
if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i]))
{
return false;
}
}
if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1]))
{ // Check if domain is IP. If not, it should be valid domain name
$domain_array = explode(".", $email_array[1]);
if (sizeof($domain_array) < 2)
{
return false; // Not enough parts to domain
}
for ($i = 0; $i < sizeof($domain_array); $i++)
{
if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i]))
{
return false;
}
}
}
return true;
}
function displaySelected($val_a,$val_b)
{
if($val_a==$val_b){
return "selected=\"selected\"";
}else{
return "";
}
}
function sendErrNotification($name, $error, $redirect = true)
{
//email to webmaster
$curhost=$_SERVER['HTTP_HOST'];
$curlocation=$_SERVER['REQUEST_URI'];
$curip=$_SERVER['REMOTE_ADDR'];
$curtime=date("Y-m-d H:i:s");
$wmnotice ="A sql error, [".$name."][".$error."], \n\nhad occured at [".$curhost.$curlocation."]. \n\n";
$wmnotice.="Accessed through [".$curhost."] ,\n\nfrom [".$curip."] at [".$curtime."]";
mail("log@justsimple.com.my","SQL Error on Simple!CMS Website - [".$curhost."]",$wmnotice,"From: log@justsimple.com.my");
if($redirect)
{
//redirect to home page
ob_start();
header("Location: http://".$curhost);
ob_flush();
}
else
{
//display message
return "Temporarily Unavailable.";
}
}
function convertToURL($name)
{
$temp=$name;
$temp=str_replace(" ","+",$temp);
$temp=str_replace("&","and",$temp);
$temp=str_replace("\"","",$temp);
$temp=str_replace("/","_",$temp);
$temp=str_replace("'","",$temp);
$temp=str_replace(".","",$temp);
$temp=str_replace(",","",$temp);
return $temp;
}
/*************************************************/
//for data encrytion
function get_rnd_iv($iv_len)
{
$iv = '';
while ($iv_len-- > 0)
{
$iv .= chr(mt_rand() & 0xff);
}
return $iv;
}
function md5_encrypt($plain_text, $password, $iv_len = 16)
{
$plain_text .= "\x13";
$n = strlen($plain_text);
if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16));
$i = 0;
$enc_text = get_rnd_iv($iv_len);
$iv = substr($password ^ $enc_text, 0, 512);
while ($i < $n) {
$block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv));
$enc_text .= $block;
$iv = substr($block . $iv, 0, 512) ^ $password;
$i += 16;
}
return base64_encode($enc_text);
}
function md5_decrypt($enc_text, $iv_len = 16)
{
$password = 'aitai xiang lian 520';
$enc_text = base64_decode($enc_text);
$n = strlen($enc_text);
$i = $iv_len;
$plain_text = '';
$iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512);
while ($i < $n) {
$block = substr($enc_text, $i, 16);
$plain_text .= $block ^ pack('H*', md5($iv));
$iv = substr($block . $iv, 0, 512) ^ $password;
$i += 16;
}
return preg_replace('/\\x13\\x00*$/', '', $plain_text);
}
/**********************************************************************************/
$level=jscheck_input('level'); $level=jscheck_numberic($level);
$id=jscheck_input('id'); $id=jscheck_numberic($id);
$tc=jscheck_input('tc'); $tc=jscheck_numberic($tc);
$langid_tmp=jscheck_input('lang'); $langid_tmp=jscheck_numberic($langid_tmp);
require "inc.db.php";
//find the id for the default language
$sql_fd=mysql_query("select LangID from tce_lang where isDefault='1' limit 0,1") or die("sql9: ".mysql_error());
$numrows_fd=mysql_num_rows($sql_fd);
if($numrows_fd>0)
{
while($r_fd=mysql_fetch_array($sql_fd))
{
$defaultlangid=$r_fd["LangID"];
}
}
if(!$langid_tmp)
{
!isset($_SESSION["langid"])=="";
if (!isset($_SESSION["langid"]))
{
!isset($_SESSION["langid"]);
$_SESSION['langid'] = $defaultlangid;
}
}
else
{
!isset($_SESSION["langid"]);
$_SESSION['langid'] = jscheck_numberic($_REQUEST['lang']);
}
$langid_tmp = $_SESSION['langid'];
switch ($langid_tmp)
{
case 6: include( 'lang/lang.cn_sim.php' );break;
case 5: include( 'lang/lang.bm.php' );break;
case 7: include( 'lang/lang.jp.php' );break;
default: include( 'lang/lang.eng.php' );break;
}
/****************************find home page**************************/
$checkid="";
if(!$id)
{
//$sql_id=mysql_query("select intID from js_cms order by strOrder, intID") or die("sql10: ".mysql_error());
$sql_id=mysql_query("select intID from js_cms where MotherID=0 and isUp=1 and isDeleted=0 order by strOrder, intID") or die("sql10: ".mysql_error());
$result_id=mysql_fetch_array($sql_id);
$id=$result_id["intID"];
$checkid=1;
}
/****************************************************************************************/
$pagename=jscheck_input('pagename');//echo "";
// $pagename=str_replace('__','/',$pagename);
// $pagename=str_replace('-','/',$pagename);
$pagename=str_replace('_',' ',$pagename);
$pagename=str_replace('(','(',$pagename);
$pagename=str_replace(')',')',$pagename);$pagename=str_replace('^','&',$pagename);
if($pagename=="")
$pagename="home";
/****************************get all content**************************/
//$sql_cms=mysql_query("select * from js_cms where REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(LCASE(strName), ' ','_'), ',',''), '/','_'), '.',''), '(',''), ')',''), '(',''), ')',''), '''',''), '_',' ')='$pagename' and isUp='1' and isDeleted='0'") or die("sql11: ".mysql_error());
$sql_cms=mysql_query("select * from js_cms where strName='$pagename' and isUp='1' and isDeleted='0'") or die("sql11: ".mysql_error());
$result_cms=mysql_fetch_array($sql_cms);
$cms_id=$result_cms["intID"];
$cms_title=$result_cms["strName"];
$cms_exclude=$result_cms["strExclude"];
$cms_layout=$result_cms["strLayout"];
if($cms_id)
{
$sql_cms_content=mysql_query("select strName, strAlias, strPic, content, strURL, SEOTitle, SEOKeywords, SEODescription from js_cms_content where MotherID='$cms_id' and isUp='1' and LangID='1'") or die("sql12: ".mysql_error());
$r1_top=mysql_fetch_array($sql_cms_content);
$con_title=stripslashes($r1_top["strName"]);
$con_alias=stripslashes($r1_top["strAlias"]);
$con_url=$r1_top["strURL"];
$con_banner=$r1_top["strPic"];
$con_content=stripslashes($r1_top["content"]);
$con_seotitle=$r1_top["SEOTitle"];
$con_seokeywords=$r1_top["SEOKeywords"];
$con_seodesc=$r1_top["SEODescription"];
}
else
{
//echo "";
$sql_cms_content=mysql_query("select strName, strAlias, strPic, content, strURL, SEOTitle, SEOKeywords, SEODescription from js_cms_content where strURL='$pagename' and isUp='1' and LangID='1'") or die("sql12: ".mysql_error());
$r1_top=mysql_fetch_array($sql_cms_content);
$con_title=stripslashes($r1_top["strName"]);
$con_alias=stripslashes($r1_top["strAlias"]);
$con_url=$r1_top["strURL"];
$con_banner=$r1_top["strPic"];
$con_content=stripslashes($r1_top["content"]);
$con_seotitle=$r1_top["SEOTitle"];
$con_seokeywords=$r1_top["SEOKeywords"];
$con_seodesc=$r1_top["SEODescription"];
}
@mysql_close($conn);
?>