0) { $r_findde=mysql_fetch_array($sql_findde); $CurrID_findde=$r_findde["CurrID"]; $SymbolLeft_findde=$r_findde["SymbolLeft"]; $value_findde=$r_findde["value"]; } $currencyid_tmp = $_POST['curr_default']; if($currencyid_tmp=="") { /* { if (!session_is_registered ("currencyid")) { $_SESSION['currencyid'] = $CurrID_findde; session_register ("currencyid"); } } else { $_SESSION['currencyid'] = $_POST['curr_default']; session_register ("currencyid"); } //$currencyid_tmp=$_SESSION['currencyid']; */} $currencyid_tmp= $CurrID_findde; $sql_curr=mysql_query("select * from js_store_currency where CurrID='$currencyid_tmp' limit 0, 1") or die("sql3: ".mysql_error()); $numrows_curr=mysql_num_rows($sql_curr); if ($numrows_curr>0) { while($r_curr=mysql_fetch_array($sql_curr)) { $strName_curr=$r_curr["strName"]; $strCode_curr=$r_curr["strCode"]; $SymbolLeft_curr=$r_curr["SymbolLeft"]; $value_curr=$r_curr["value"]; } } $crr_symb=$SymbolLeft_curr; $crr_rate=$value_curr; $crrdef_symb=$SymbolLeft_findde; $crrdef_rate=$value_findde; function currConvert($c, $rate) { $price_tmp = $c; $price_display = $price_tmp * $rate; $price_display = number_format($price_display, 2, '.', ','); return $price_display; } function displayDiscount($sign, $price_ori) { $price_display_tmp = $price_ori * 0.7; $price_display_tmp = number_format($price_display_tmp, 2, '.', ''); $price_display="$sign"."$price_ori "."$sign"."$price_display_tmp"; return $price_display; } /****************************************************************************************/ /************************Shopping Cart Session*******************************************/ if (!isset($_SESSION["cartvisitor"])) { $_SESSION['cartvisitor'] = time(); !isset($_SESSION["cartvisitor"]); } $cartvisitor_tmp = $_SESSION['cartvisitor']; /****************************************************************************************/ /************************Store Setting*******************************************/ $sql_ss =mysql_query("select ProductPerRow, ProductSort, ProductSort2, ProductImgMW, ProductImgMH, ProductTotalDisplay from js_storesetting where SettingID=1") or die("sql4: ".mysql_error()); $r_ss=mysql_fetch_array($sql_ss); $ProductPerRow=$r_ss['ProductPerRow']; $ProductSort=$r_ss['ProductSort']; $ProductSort2=$r_ss['ProductSort2']; $ProductImgMW=$r_ss['ProductImgMW']+15; $ProductImgMH=$r_ss['ProductImgMH']+15; $ProductTotalDisplay=$r_ss['ProductTotalDisplay']; switch($ProductSort) { case Title: $ProductSort_tmp="ItemName"; break; case Price: $ProductSort_tmp="ItemCost"; break; case Date: $ProductSort_tmp="strAddDate"; break; default: $ProductSort_tmp="ItemName"; break; } /****************************************************************************************/ /****************************visitor count**************************/ $ipaddress = $_SERVER['REMOTE_ADDR']; $now=date("Y-m-d"); $sql_visitor=mysql_query("select ip,date from tce_visitor where ip='$ipaddress' and date like '%$now%'") or die(mysql_error()); $count_ip=mysql_num_rows($sql_visitor); if($count_ip != 1) { mysql_query("insert into tce_visitor(ip,date) values ('$ipaddress',now())") or die("sql5: ".mysql_error()); $now1=date("Y-m-d"); $sql_visit=mysql_query("select ip,date from tce_visitor where date like '%$now1%'") or die("sql6: ".mysql_error()); $numrows=mysql_num_rows($sql_visit); $visitorToday=$numrows; mysql_query("update tce_visitor_count set todayVisitor='$visitorToday',date=now()") or die("sql7: ".mysql_error()); }//if($count_ip != 1) /****************************************************************************************/ ?>0) { $r_catsel2=mysql_fetch_array($sql_catsel2); $name_catsel2=stripslashes($r_catsel2["strName"]); } if($name_catsel2) $product_title=$name_catsel2; else $product_title=$name_catsel; } } return $product_title; } function getPageParentID($cat){ $sql_catsel=mysql_query("select MotherID from js_cms where intID='$cat' and isUp='1' order by strOrder, strName") or die(mysql_error()); $numrows_catsel=mysql_num_rows($sql_catsel); if($numrows_catsel!=0) { while($r_catsel=mysql_fetch_array($sql_catsel)) { $mother=$r_catsel["MotherID"]; } } return $mother; } function getCategoryName($cat,$lang){ $sql_catsel=mysql_query("select strName from js_store_products_category where intID='$cat' and isUp='1' order by strOrder, strName limit 0,1") or die(mysql_error()); $numrows_catsel=mysql_num_rows($sql_catsel); if($numrows_catsel!=0) { while($r_catsel=mysql_fetch_array($sql_catsel)) { $name_catsel=$r_catsel["strName"]; //multilanguage $sql_catsel2=mysql_query("select strName from js_store_products_category_content where MotherID='$cat' and LangID='$lang'") or die(mysql_error()); $numrows_catsel2=mysql_num_rows($sql_catsel2); if($numrows_catsel>0) { $r_catsel2=mysql_fetch_array($sql_catsel2); $name_catsel2=$r_catsel2["strName"]; } if($name_catsel2) $product_title=$name_catsel2; else $product_title=$name_catsel; } } return $product_title; } function getCategoryParentID($cat){ $sql_catsel=mysql_query("select MotherID from js_store_products_category where intID='$cat' and isUp='1' order by strOrder, strName limit 0,1") or die(mysql_error()); $numrows_catsel=mysql_num_rows($sql_catsel); if($numrows_catsel!=0) { while($r_catsel=mysql_fetch_array($sql_catsel)) { $mother=$r_catsel["MotherID"]; } } return $mother; } //end breadcrum function jscheck_input($name) { $temp=""; if ($_SERVER['REQUEST_METHOD'] == 'GET') { $temp=strip_tags($_GET[$name]); } if ($_SERVER['REQUEST_METHOD'] == 'POST') { $temp=strip_tags($_POST[$name]); } //replace string $temp=str_replace("&","&",$temp); $temp=str_replace("<","<",$temp); $temp=str_replace(">",">",$temp); $temp=str_replace("#","#",$temp); $temp=str_replace("(","(",$temp); $temp=str_replace(")",")",$temp); $temp=str_replace("\"",""",$temp); $temp=str_replace("'","’",$temp); return $temp; } function jscheck_numberic($value) { if (is_numeric($value)) return $value; else return "0"; } function jscheck_uid($value) { if (preg_match("/[A-Za-z0-9]{8,40}$/", $value)) return $value; else return "0"; } function jscheck_key($value) { if (preg_match("/[A-Za-z0-9]{8,40}$/", $value)) return trim($value); else return "0"; } function jscheck_email($email) { // First, we check that there's one @ symbol, and that the lengths are right if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { return false; // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. } // Split it into sections to make life easier $email_array = explode("@", $email); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~\.-]{0,63})|(\"[^(\\|\")]{0,62}\"))$", $local_array[$i])) { return false; } } if (!ereg("^\[?[0-9\.]+\]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$", $domain_array[$i])) { return false; } } } return true; } function displaySelected($val_a,$val_b) { if($val_a==$val_b){ return "selected=\"selected\""; }else{ return ""; } } function sendErrNotification($name, $error, $redirect = true) { //email to webmaster $curhost=$_SERVER['HTTP_HOST']; $curlocation=$_SERVER['REQUEST_URI']; $curip=$_SERVER['REMOTE_ADDR']; $curtime=date("Y-m-d H:i:s"); $wmnotice ="A sql error, [".$name."][".$error."], \n\nhad occured at [".$curhost.$curlocation."]. \n\n"; $wmnotice.="Accessed through [".$curhost."] ,\n\nfrom [".$curip."] at [".$curtime."]"; mail("log@justsimple.com.my","SQL Error on Simple!CMS Website - [".$curhost."]",$wmnotice,"From: log@justsimple.com.my"); if($redirect) { //redirect to home page ob_start(); header("Location: http://".$curhost); ob_flush(); } else { //display message return "Temporarily Unavailable."; } } function convertToURL($name) { $temp=$name; $temp=str_replace(" ","+",$temp); $temp=str_replace("&","and",$temp); $temp=str_replace("\"","",$temp); $temp=str_replace("/","_",$temp); $temp=str_replace("'","",$temp); $temp=str_replace(".","",$temp); $temp=str_replace(",","",$temp); return $temp; } /*************************************************/ //for data encrytion function get_rnd_iv($iv_len) { $iv = ''; while ($iv_len-- > 0) { $iv .= chr(mt_rand() & 0xff); } return $iv; } function md5_encrypt($plain_text, $password, $iv_len = 16) { $plain_text .= "\x13"; $n = strlen($plain_text); if ($n % 16) $plain_text .= str_repeat("\0", 16 - ($n % 16)); $i = 0; $enc_text = get_rnd_iv($iv_len); $iv = substr($password ^ $enc_text, 0, 512); while ($i < $n) { $block = substr($plain_text, $i, 16) ^ pack('H*', md5($iv)); $enc_text .= $block; $iv = substr($block . $iv, 0, 512) ^ $password; $i += 16; } return base64_encode($enc_text); } function md5_decrypt($enc_text, $iv_len = 16) { $password = 'aitai xiang lian 520'; $enc_text = base64_decode($enc_text); $n = strlen($enc_text); $i = $iv_len; $plain_text = ''; $iv = substr($password ^ substr($enc_text, 0, $iv_len), 0, 512); while ($i < $n) { $block = substr($enc_text, $i, 16); $plain_text .= $block ^ pack('H*', md5($iv)); $iv = substr($block . $iv, 0, 512) ^ $password; $i += 16; } return preg_replace('/\\x13\\x00*$/', '', $plain_text); } /**********************************************************************************/ $level=jscheck_input('level'); $level=jscheck_numberic($level); $id=jscheck_input('id'); $id=jscheck_numberic($id); $tc=jscheck_input('tc'); $tc=jscheck_numberic($tc); $langid_tmp=jscheck_input('lang'); $langid_tmp=jscheck_numberic($langid_tmp); require "inc.db.php"; //find the id for the default language $sql_fd=mysql_query("select LangID from tce_lang where isDefault='1' limit 0,1") or die("sql9: ".mysql_error()); $numrows_fd=mysql_num_rows($sql_fd); if($numrows_fd>0) { while($r_fd=mysql_fetch_array($sql_fd)) { $defaultlangid=$r_fd["LangID"]; } } if(!$langid_tmp) { !isset($_SESSION["langid"])==""; if (!isset($_SESSION["langid"])) { !isset($_SESSION["langid"]); $_SESSION['langid'] = $defaultlangid; } } else { !isset($_SESSION["langid"]); $_SESSION['langid'] = jscheck_numberic($_REQUEST['lang']); } $langid_tmp = $_SESSION['langid']; switch ($langid_tmp) { case 6: include( 'lang/lang.cn_sim.php' );break; case 5: include( 'lang/lang.bm.php' );break; case 7: include( 'lang/lang.jp.php' );break; default: include( 'lang/lang.eng.php' );break; } /****************************find home page**************************/ $checkid=""; if(!$id) { //$sql_id=mysql_query("select intID from js_cms order by strOrder, intID") or die("sql10: ".mysql_error()); $sql_id=mysql_query("select intID from js_cms where MotherID=0 and isUp=1 and isDeleted=0 order by strOrder, intID") or die("sql10: ".mysql_error()); $result_id=mysql_fetch_array($sql_id); $id=$result_id["intID"]; $checkid=1; } /****************************************************************************************/ $pagename=jscheck_input('pagename');//echo ""; // $pagename=str_replace('__','/',$pagename); // $pagename=str_replace('-','/',$pagename); $pagename=str_replace('_',' ',$pagename); $pagename=str_replace('(','(',$pagename); $pagename=str_replace(')',')',$pagename);$pagename=str_replace('^','&',$pagename); if($pagename=="") $pagename="home"; /****************************get all content**************************/ //$sql_cms=mysql_query("select * from js_cms where REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(REPLACE(LCASE(strName), ' ','_'), ',',''), '/','_'), '.',''), '(',''), ')',''), '(',''), ')',''), '''',''), '_',' ')='$pagename' and isUp='1' and isDeleted='0'") or die("sql11: ".mysql_error()); $sql_cms=mysql_query("select * from js_cms where strName='$pagename' and isUp='1' and isDeleted='0'") or die("sql11: ".mysql_error()); $result_cms=mysql_fetch_array($sql_cms); $cms_id=$result_cms["intID"]; $cms_title=$result_cms["strName"]; $cms_exclude=$result_cms["strExclude"]; $cms_layout=$result_cms["strLayout"]; if($cms_id) { $sql_cms_content=mysql_query("select strName, strAlias, strPic, content, strURL, SEOTitle, SEOKeywords, SEODescription from js_cms_content where MotherID='$cms_id' and isUp='1' and LangID='1'") or die("sql12: ".mysql_error()); $r1_top=mysql_fetch_array($sql_cms_content); $con_title=stripslashes($r1_top["strName"]); $con_alias=stripslashes($r1_top["strAlias"]); $con_url=$r1_top["strURL"]; $con_banner=$r1_top["strPic"]; $con_content=stripslashes($r1_top["content"]); $con_seotitle=$r1_top["SEOTitle"]; $con_seokeywords=$r1_top["SEOKeywords"]; $con_seodesc=$r1_top["SEODescription"]; } else { //echo ""; $sql_cms_content=mysql_query("select strName, strAlias, strPic, content, strURL, SEOTitle, SEOKeywords, SEODescription from js_cms_content where strURL='$pagename' and isUp='1' and LangID='1'") or die("sql12: ".mysql_error()); $r1_top=mysql_fetch_array($sql_cms_content); $con_title=stripslashes($r1_top["strName"]); $con_alias=stripslashes($r1_top["strAlias"]); $con_url=$r1_top["strURL"]; $con_banner=$r1_top["strPic"]; $con_content=stripslashes($r1_top["content"]); $con_seotitle=$r1_top["SEOTitle"]; $con_seokeywords=$r1_top["SEOKeywords"]; $con_seodesc=$r1_top["SEODescription"]; } @mysql_close($conn); ?>