Last active
June 24, 2019 19:52
-
-
Save GlennPegden2/8ddaf907d4f6b428b6d963a22c6f6b9d to your computer and use it in GitHub Desktop.
ECT WP HACK
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
/* | |
* Plugin Name: ECommerceTemplates in WordPress | |
* Plugin URI: http://to_be_confirmed/ | |
* Description: Allows ECommerceTemplates to run inside WordPress | |
* Author: Glenn Pegden | |
* Version: 0.1 | |
* Author URI: http://glenn.pegden.com | |
* Licensse: To be confirmed (assume commercial for now) | |
* (c) Glenn Pegden (glenn@pegden.com) Oct 2010 | |
* | |
* Notes. Createddb.php has been moved into vs_admin, but ideally the whole DB side could do with some attention as it uses | |
* none-prefixed tables names, which could cause all kinds of nasty conflicts. | |
* | |
* No ECT files were harmed (or even edited) during the production of this theme. | |
* Note: This is either the cleverest thing I've ever written or possibly the most hackiest (probably both) | |
* | |
* TODO: Routine to create/update the .htaccess rules | |
* TODO: Routine to create dbs ? | |
* TODO: Image upload fails | |
*/ | |
add_action('init',array('ect', 'init')); | |
class ect { | |
public function __set($key,$val) { | |
$this->$key=$val; | |
} | |
public function __get($key) { | |
return $this->$key; | |
} | |
function __construct() { | |
global $codestr, $magicq; | |
$codestr='2952710692840328509902143349209039553396765'; | |
@set_magic_quotes_runtime(0); | |
$magicq = (get_magic_quotes_gpc()==1); | |
} | |
function install() { | |
//TODO: Call Setup DBs | |
// Create the pages for each template page | |
} | |
function init() { | |
session_cache_limiter('none'); | |
session_start(); | |
$uri = $_SERVER["REQUEST_URI"]; | |
if ((strtolower(substr($uri,0,30)) == '/wp-admin/admin.php?page=admin') && (strtolower($_GET['ect_page']) != 'login')){ | |
if(@$storesessionvalue=="") $storesessionvalue="virtualstore"; | |
if((@$_SESSION["loggedon"] != $storesessionvalue && trim(@$_COOKIE["WRITECKL"])=="") || @$disallowlogin==TRUE){ | |
if(@$_SERVER["HTTPS"] == "on" || @$_SERVER["SERVER_PORT"] == "443")$prot='https://';else $prot='http://'; | |
echo"Fail"; | |
header('Location: '.$prot.$_SERVER['HTTP_HOST'].'/wp-admin/admin.php?page=login'); | |
exit; | |
} | |
} | |
if ( !is_admin() ) { | |
wp_deregister_script( 'jquery' ); | |
wp_register_script( 'jquery', 'http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js'); | |
wp_enqueue_script( 'jquery' ); | |
wp_register_script('custom_script', get_bloginfo('template_directory') . '/js/jquery.innerfade.js',false,'1.0' ); | |
wp_enqueue_script('custom_script'); | |
add_filter( "the_content", array('ect','add_ect_content')); | |
} else { | |
add_action('admin_menu', array('ect', 'create_admin_menu')); | |
add_action('admin_init',array('ect', 'startAdminBuffer')); | |
add_action('shutdown',array('ect', 'endAdminBuffer')); | |
$ECTStyleUrl = plugins_url(). '/ECommerceTemplates/ECTadmin.css'; | |
wp_register_style('ECTStyleSheets', $ECTStyleUrl); | |
if (substr($_GET["page"],0,4) == "ect_") { | |
wp_enqueue_style( 'ECTStyleSheets'); | |
} | |
} | |
add_action('after_setup_theme', array('ect','install' )); | |
add_action('parse_query',array('ect', 'fix_query_vars')); | |
if ( function_exists( 'register_nav_menu' ) ) { | |
register_nav_menu( 'secondry', 'The Nav below the main window' ); | |
} | |
} | |
function startAdminBuffer() { | |
register_setting( 'ectpath', 'Path to Ecommerce Templates install' ); | |
ob_start(); // The output buffering allows the cookies in the included code to work | |
} | |
function endAdminBuffer() { | |
ob_end_flush(); | |
} | |
function add_ect_content($orig_content) { | |
global $catid,$tid,$xxNext,$xxPrev,$sectionurl,$explicitid,$explicitmanid,$catname; | |
global $alreadygotadmin,$splitUSZones,$adminLocale,$countryCurrency,$orcurrencyisosymbol,$useEuro,$storeurl,$stockManage,$useStockManagement,$adminProdsPerPage,$countryTax,$countryTaxRate,$delccafter,$handling,$handlingchargepercent,$adminCanPostUser,$packtogether,$origZip,$shipType,$adminIntShipping,$origCountry,$origCountryCode,$uspsUser,$uspsPw,$upsUser,$upsPw,$upsAccess,$fedexaccount,$fedexmeter,$adminUnits,$emailAddr,$sendEmail,$adminTweaks,$adminlanguages,$adminlangsettings,$currRate1,$currSymbol1,$currRate2,$currSymbol2,$currRate3,$currSymbol3,$currConvUser,$currConvPw,$currLastUpdate,$adminSecret; | |
global $codestr; | |
$pageinfo = get_page($GLOBALS['post']); | |
$page_name = $pageinfo->post_name; | |
$ectpath = get_option('ectpath'); | |
if (file_exists($ectpath . "vsadmin/inc/inc" . $page_name . ".php")) { | |
?> <div id="post-<?php the_ID(); ?>" <?php post_class(); ?>><script type='text/javascript' src='<?php bloginfo("template_url"); ?>/js/FixECTUrls.js'></script> <?php | |
$content .= "<div id='etc_include'>"; | |
$cdir = getcwd(); | |
chdir($ectpath); // Needed as ECT does relative includes | |
ob_start(); | |
include $ectpath . "vsadmin/db_conn_open.php" ; | |
include $ectpath . "vsadmin/inc/languagefile.php" ; | |
include $ectpath . "vsadmin/includes.php"; | |
include $ectpath . "vsadmin/inc/incfunctions.php"; | |
include $ectpath . "vsadmin/inc/inc" .$page_name . ".php"; | |
$ect_content = ob_get_contents(); | |
ob_end_clean(); | |
$content .= do_shortcode($ect_content); | |
chdir($cdir); | |
$content .= "</div>"; | |
$content .= $orig_content; | |
return $content; | |
} else { | |
return $content; | |
} | |
} | |
function create_admin_menu() { | |
include get_option('ectpath') . 'vsadmin/' . 'inc/languageadmin.php'; | |
add_menu_page('ECT Plugin', 'Eccommcerce Templates', 'administrator', 'ect_admin', array('ect','ShowAdminPage'),get_bloginfo( 'template_url' ). "/images/ect_icon.png"); | |
add_submenu_page('ect_admin', "Main Menu", "Main Menu", 'administrator', 'ect_admin', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLMain), ucwords($yyLLMain), 'administrator', 'ect_adminmain', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLOrds), ucwords($yyLLOrds), 'administrator', 'ect_adminorders', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLPass), ucwords($yyLLPass), 'administrator', 'ect_adminlogin', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLPayP), ucwords($yyLLPayP), 'administrator', 'ect_adminpayprov', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLAffl), ucwords($yyLLAffl), 'administrator', 'ect_adminaffil', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLClLo), ucwords($yyLLClLo), 'administrator', 'ect_adminclientlog', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLOrSt), ucwords($yyLLOrSt), 'administrator', 'ect_adminordstatus', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLProA), ucwords($yyLLProA), 'administrator', 'ect_adminprods', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLProO), ucwords($yyLLProO), 'administrator', 'ect_adminprodopts', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLCats), ucwords($yyLLCats), 'administrator', 'ect_admincats', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLDisc), ucwords($yyLLDisc), 'administrator', 'ect_admindiscounts', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLQuan), ucwords($yyLLQuan), 'administrator', 'ect_adminpricebreak', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLStat), ucwords($yyLLStat), 'administrator', 'ect_adminstate', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLCoun), ucwords($yyLLCoun), 'administrator', 'ect_admincountry', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLZone), ucwords($yyLLZone), 'administrator', 'ect_adminzones', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLShpM), ucwords($yyLLShpM), 'administrator', 'ect_adminuspsmeths', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', "Import Proucts", "Import Proucts", 'administrator', 'ect_upload', array('ect','ShowUploadPage')); | |
add_submenu_page('ect_admin', ucwords($yyLLAffP), ucwords($yyLLAffP), 'administrator', 'www.ecommercetemplates.com/affiliateinfo.asp', array('ect','Redir')); | |
add_submenu_page('ect_admin', ucwords($yyLLSubm), ucwords($yyLLSubm), 'administrator', 'www.ecommercetemplates.com/addsite.asp', array('ect','Redir')); | |
add_submenu_page('ect_admin', ucwords($yyLLForu), ucwords($yyLLForu), 'administrator', 'www.ecommercetemplates.com/support/default.asp', array('ect','Redir')); | |
add_submenu_page('ect_admin', "Login", "Login", 'administrator', 'ect_login', array('ect','ShowAdminPage')); | |
add_submenu_page('ect_admin', "WP Plugin Settings", "WP Plugin Settings", 'administrator', 'ect_config', array('ect','show_config_page')); | |
} | |
function show_config_page() { | |
settings_fields( 'settings-group' ); | |
if (!isset($_POST['saved'])) { | |
?> | |
<form method="post" action=""> | |
<table class="form-table"> | |
<tr valign="top"> | |
<th scope="row">Absolute path to the folder you have Ecommerce Templates installed in (including trailing /)</th> | |
<td><input type="text" name="ectpath" value="<?php echo get_option('ectpath'); ?>" style="width:75%" /></td> | |
</tr> | |
</table> | |
<input type="hidden" name="saved" value="saved"/> | |
<p class="submit"> | |
<input type="submit" class="button-primary" value="<?php _e('Save Changes') ?>" /> | |
</p> | |
</form> | |
<?php | |
} else | |
{ | |
update_option('ectpath', $_POST['ectpath']); | |
echo '<div class="wrap">'; | |
echo '<p>saved.</p>'; | |
echo '</div>'; | |
} | |
} | |
function ShowUploadPage() { | |
if (!isset($_POST['hasFile'])) { | |
?> | |
<form action="" method="post" enctype="multipart/form-data"> | |
<label for="file">Filename:</label> | |
<input type="file" name="file" id="file" /> | |
<br /> | |
<input type="hidden" name="hasFile" value="true" /> | |
<input type="submit" name="submit" value="Submit" /> | |
</form> | |
<?php | |
} else { | |
$fparts = pathinfo($_FILES["file"]["name"]); | |
if ((($_FILES["file"]["type"] == "text/csv") | |
|| ($_FILES["file"]["type"] == "text/comma-separated-values") | |
|| (($_FILES["file"]["type"] == "application/vnd.ms-excel") && ($fparts['extension'] == 'csv')) | |
)) | |
{ | |
if ($_FILES["file"]["error"] > 0) | |
{ | |
echo "Error: " . $_FILES["file"]["error"] . "<br />"; | |
} | |
else | |
{ | |
echo "Upload: " . $_FILES["file"]["name"] . "<br />"; | |
echo "Type: " . $_FILES["file"]["type"] . "<br />"; | |
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />"; | |
echo "Stored in: " . $_FILES["file"]["tmp_name"]; | |
$row = 1; | |
if (($handle = fopen($_FILES["file"]["tmp_name"], "r")) !== FALSE) { | |
while (($data = fgetcsv($handle, 1000, ",")) !== FALSE) { | |
print_r($data); | |
$num = count($data); | |
echo "<p> $num fields in line $row: <br /></p>\n"; | |
$row++; | |
for ($c=0; $c < $num; $c++) { | |
echo $data[$c] . "<br />\n"; | |
} | |
} | |
fclose($handle); | |
} | |
} | |
} else { | |
echo "File doesn't look like a csv (it says it's a " . $_FILES["file"]["type"] . " - " . $fparts['extention'] ." - " . $_FILES["file"]["name"] . " Please save your speadsheet as a CSV (comma separated varibales) file and try again"; | |
print_r($fparts); | |
} | |
} | |
} | |
function fix_query_vars($query) { | |
/* This routine undoes the work of renaming of ECT params so they don't conflict with WordPress ones */ | |
foreach ($_GET as $tvar => $tval) { | |
if (strtolower(substr($tvar,0,4)) == "ect_") { | |
$_GET[substr($tvar,4,strlen($tvar)-4)] = $tval; | |
} | |
} | |
foreach ($_POST as $tvar => $tval) { | |
if (strtolower(substr($tvar,0,4)) == "ect_") { | |
$_POST[substr($tvar,4,strlen($tvar)-4)] = $tval; | |
} | |
} | |
} | |
function replaceAdminCode($text) | |
{ | |
/* This routine converts ECT paths (mainly used in links) to ones we can pass to WordPress cleanly */ | |
/* NOTE: it ONLY impacts output, you can't modify source with it */ | |
$text = preg_replace('#.php\?#','.php&',$text); | |
$text = preg_replace('#admin(.*)\.php#', '/wp-admin/admin.php?page=ect_admin&ect_page=admin$1', $text); | |
$text = preg_replace('#id\=\"left(.?)\"#','id="left$1" style="display:none"', $text); | |
$text = preg_replace('#id\=\"header(.?)\"#','id="header$1" style="display:none"', $text); | |
$text = preg_replace('#login\.php#', '/wp-admin/admin.php?page=ect_login$1', $text); | |
return $text; | |
} | |
function refactorAdminIncludes($incfile) { | |
/* | |
* I'm going to hell for this ! | |
* | |
* It turns on buffering. Includes the original ECT code, does bunch of search and replace on the buffer and then flushes | |
*/ | |
$ect = new ect; | |
$ectpath = get_option('ectpath') . "vsadmin/"; | |
/* Globals. As the original code ran outside a function if any function rely on the being globals we have to set them here */ | |
global $rid; | |
if ($_GET["ect_page"] == "admincsv") { | |
global $csvarray,$valuesarray,$columnarray,$columncount,$isupdate,$isstockupdate,$keycolumn,$column_list,$successlines,$faillines,$pidnotfoundlines; | |
} elseif ($_GET["ect_page"] == "adminprods") { | |
global $allcatsa,$numcats,$thecat; | |
global $nobox,$scat,$stext,$stype,$sprice,$minprice,$yyNext,$yyPrev; | |
global $pImageArr, $pLargeImageArr, $pGiantImageArr; | |
global $yyPrEx1, $yyPrEx2; | |
global $bgcolor,$stockManage,$yyAssign,$yyModify,$yyRelate,$yyDelete,$numcoupons,$allcoupon,$rid,$numrid,$ridarr,$resultcounter,$useStockManagement,$stockbyoptions,$resultcounter,$pract; | |
global $yyPrId,$yyPrName,$yyDiscnt,$yyModify,$yyRelate,$yyDelete,$yyStck,$useStockManagement,$pract, | |
$yyPrPri,$yyWhoPri,$yyListPr,$yyStck,$yyDelete,$yyPrWght,$yyDisPro,$yyStatPg,$yyRecomd,$yyProdOr; | |
} | |
/* now the magic */ | |
ob_start(array('ect','replaceAdminCode')); | |
include $ectpath . $incfile; | |
ob_end_flush(); | |
} | |
function ShowAdminPage() { | |
$ectpath = get_option('ectpath') . "vsadmin/"; | |
$ect = new ect; | |
$ect->fix_query_vars(nul); // Amazed admin doesn't call parse_query (or the hooks dont work in admin pages) | |
if ($_GET["page"] == "" or is_null($_GET["page"]) or $_GET["ect_page"] == "login") { | |
$page_name = "login"; | |
} else { | |
if (strtolower(substr($_GET["page"],0,4)) == "ect_") { | |
$page_name = substr($_GET["page"],4,strlen($_GET["page"]) -4); | |
} else { | |
$page_name = $_GET["page"]; | |
} | |
if ($page_name == "admin_1" || $page_name == "admin_2" || $page_name == "admin_3") | |
$page_name = "admin"; | |
if (strtolower(substr($_GET["page"],strlen($_GET["page"]) -5,5)) == "?rid=") { | |
$page_name = substr($_GET["page"],0,strlen($_GET["page"]) -5); | |
} | |
if (strtolower(substr($_GET["page"],strlen($_GET["page"]) -4,4)) == "?pg=") { | |
$page_name = substr($_GET["page"],0,strlen($_GET["page"]) -4); | |
} | |
} | |
if(@$storesessionvalue=="") $storesessionvalue="virtualstore"; | |
$isprinter=FALSE; | |
global $bgcolor,$stockManage,$yyAssign,$yyModify,$yyRelate,$yyDelete,$numcoupons,$allcoupon,$rid,$numrid,$ridarr,$resultcounter,$useStockManagement,$stockbyoptions,$resultcounter,$pract; | |
if((@$_SESSION["loggedon"] != $storesessionvalue || @$disallowlogin==TRUE)&&($page_name != "login")){ | |
if(@$_SERVER["HTTPS"] == "on" || @$_SERVER["SERVER_PORT"] == "443")$prot='https://';else $prot='http://'; | |
echo "Please <a href='/wp-admin/admin.php?page=ect_login'>Login to ECT</a> first"; | |
} else { | |
echo "<div id='ect_admin_div'>"; | |
include get_option('ectpath') . 'vsadmin/' . 'inc/languageadmin.php'; | |
$ect->refactorAdminIncludes($page_name . '.php'); | |
echo "</div>"; | |
} | |
} | |
function Redir() { | |
echo "TODO " . $_GET["page"]; //TODO: Rewrirte a redirector | |
} | |
} | |
?> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment