Replace session function calls and globals

This also uses the loginRequired pipeline.  Done at the same time
as that replaces a use of the $navigation global.

account.php

@@ -12,10 +12,7 @@
 
   require 'includes/application_top.php';
 
-  if (!isset($_SESSION['customer_id'])) {
-    $navigation->set_snapshot();
-    tep_redirect(tep_href_link('login.php', '', 'SSL'));
-  }
+  $OSCOM_Hooks->register_pipeline('loginRequired');
 
   require "includes/languages/$language/account.php";
 

account_edit.php

@@ -12,10 +12,7 @@
 
   require 'includes/application_top.php';
 
-  if (!isset($_SESSION['customer_id'])) {
-    $navigation->set_snapshot();
-    tep_redirect(tep_href_link('login.php', '', 'SSL'));
-  }
+  $OSCOM_Hooks->register_pipeline('loginRequired');
 
   $message_stack_area = 'account_edit';
 // needs to be included earlier to set the success message in the messageStack

account_history.php

@@ -12,10 +12,7 @@
 
   require 'includes/application_top.php';
 
-  if (!isset($_SESSION['customer_id'])) {
-    $navigation->set_snapshot();
-    tep_redirect(tep_href_link('login.php', '', 'SSL'));
-  }
+  $OSCOM_Hooks->register_pipeline('loginRequired');
 
   require "includes/languages/$language/account_history.php";
 
@@ -37,7 +34,7 @@
  WHERE ot.class = 'ot_total' AND s.public_flag = 1 AND s.language_id = %d AND o.customers_id = %d
  ORDER BY orders_id DESC
 EOSQL
-      , (int)$languages_id, (int)$customer_id);
+      , (int)$_SESSION['languages_id'], (int)$_SESSION['customer_id']);
     $history_split = new splitPageResults($history_query_raw, MAX_DISPLAY_ORDER_HISTORY);
     $history_query = tep_db_query($history_split->sql_query);
 ?>

account_history_info.php

@@ -12,10 +12,7 @@
 
   require 'includes/application_top.php';
 
-  if (!isset($_SESSION['customer_id'])) {
-    $navigation->set_snapshot();
-    tep_redirect(tep_href_link('login.php', '', 'SSL'));
-  }
+  $OSCOM_Hooks->register_pipeline('loginRequired');
 
   if (!is_numeric($_GET['order_id'] ?? null)) {
     tep_redirect(tep_href_link('account_history.php', '', 'SSL'));

account_newsletters.php

@@ -12,10 +12,7 @@
 
   require 'includes/application_top.php';
 
-  if (!isset($_SESSION['customer_id'])) {
-    $navigation->set_snapshot();
-    tep_redirect(tep_href_link('login.php', '', 'SSL'));
-  }
+  $OSCOM_Hooks->register_pipeline('loginRequired');
 
   if (!$customer_data->has(['newsletter'])) {
     tep_redirect(tep_href_link('account.php', '', 'SSL'));
@@ -24,8 +21,8 @@
 // needs to be included earlier to set the success message in the messageStack
   require "includes/languages/$language/account_newsletters.php";
 
-  $customer_data->build_read(['newsletter'], 'customers', ['id' => (int)$customer_id]);
-  $newsletter_query = tep_db_query($customer_data->build_read(['newsletter'], 'customers', ['id' => (int)$customer_id]));
+  $customer_data->build_read(['newsletter'], 'customers', ['id' => (int)$_SESSION['customer_id']]);
+  $newsletter_query = tep_db_query($customer_data->build_read(['newsletter'], 'customers', ['id' => (int)$_SESSION['customer_id']]));
   $newsletter = tep_db_fetch_array($newsletter_query);
 
   if (tep_validate_form_action_is('process')) {
@@ -37,7 +34,7 @@
 
     $saved_newsletter = $customer_data->get('newsletter', $newsletter);
     if ($newsletter_general != $saved_newsletter) {
-      $customer_data->update(['newsletter' => (int)(('1' == $saved_newsletter) ? 0 : 1)], ['id' => (int)$customer_id]);
+      $customer_data->update(['newsletter' => (int)(('1' == $saved_newsletter) ? 0 : 1)], ['id' => (int)$_SESSION['customer_id']]);
     }
 
     $messageStack->add_session('account', SUCCESS_NEWSLETTER_UPDATED, 'success');

account_notifications.php

@@ -12,15 +12,12 @@
 
   require 'includes/application_top.php';
 
-  if (!isset($_SESSION['customer_id'])) {
-    $navigation->set_snapshot();
-    tep_redirect(tep_href_link('login.php', '', 'SSL'));
-  }
+  $OSCOM_Hooks->register_pipeline('loginRequired');
 
 // needs to be included earlier to set the success message in the messageStack
   require "includes/languages/$language/account_notifications.php";
 
-  $global_query = tep_db_query("SELECT global_product_notifications FROM customers_info WHERE customers_info_id = " . (int)$customer_id);
+  $global_query = tep_db_query("SELECT global_product_notifications FROM customers_info WHERE customers_info_id = " . (int)$_SESSION['customer_id']);
   $global = tep_db_fetch_array($global_query);
 
   if (tep_validate_form_action_is('process')) {
@@ -33,7 +30,7 @@
     if ($product_global != $global['global_product_notifications']) {
       $product_global = (($global['global_product_notifications'] == '1') ? '0' : '1');
 
-      tep_db_query("UPDATE customers_info SET global_product_notifications = '" . (int)$product_global . "' WHERE customers_info_id = " . (int)$customer_id);
+      tep_db_query("UPDATE customers_info SET global_product_notifications = '" . (int)$product_global . "' WHERE customers_info_id = " . (int)$_SESSION['customer_id']);
     } elseif (!empty($_POST['products'])) {
       $products_parsed = [];
       foreach ((array)$_POST['products'] as $value) {
@@ -43,19 +40,19 @@
       }
 
       if (count($products_parsed) > 0) {
-        $check_query = tep_db_query("SELECT COUNT(*) AS total FROM products_notifications WHERE customers_id = " . (int)$customer_id . " AND products_id NOT IN (" . implode(',', $products_parsed) . ")");
+        $check_query = tep_db_query("SELECT COUNT(*) AS total FROM products_notifications WHERE customers_id = " . (int)$_SESSION['customer_id'] . " AND products_id NOT IN (" . implode(',', $products_parsed) . ")");
         $check = tep_db_fetch_array($check_query);
 
         if ($check['total'] > 0) {
-          tep_db_query("DELETE FROM products_notifications WHERE customers_id = " . (int)$customer_id . " AND products_id NOT IN (" . implode(',', $products_parsed) . ")");
+          tep_db_query("DELETE FROM products_notifications WHERE customers_id = " . (int)$_SESSION['customer_id'] . " AND products_id NOT IN (" . implode(',', $products_parsed) . ")");
         }
       }
     } else {
-      $check_query = tep_db_query("SELECT COUNT(*) AS total FROM products_notifications WHERE customers_id = " . (int)$customer_id);
+      $check_query = tep_db_query("SELECT COUNT(*) AS total FROM products_notifications WHERE customers_id = " . (int)$_SESSION['customer_id']);
       $check = tep_db_fetch_array($check_query);
 
       if ($check['total'] > 0) {
-        tep_db_query("DELETE FROM products_notifications WHERE customers_id = " . (int)$customer_id);
+        tep_db_query("DELETE FROM products_notifications WHERE customers_id = " . (int)$_SESSION['customer_id']);
       }
     }
 
@@ -93,7 +90,7 @@
 
 <?php
   if ($global['global_product_notifications'] != '1') {
-    $products_check_query = tep_db_query("SELECT COUNT(*) AS total FROM products_notifications WHERE customers_id = " . (int)$customer_id);
+    $products_check_query = tep_db_query("SELECT COUNT(*) AS total FROM products_notifications WHERE customers_id = " . (int)$_SESSION['customer_id']);
     $products_check = tep_db_fetch_array($products_check_query);
     if ($products_check['total'] > 0) {
 ?>
@@ -105,7 +102,7 @@
       <div class="col-form-label col-sm-4 text-left text-sm-right"><?php echo MY_NOTIFICATIONS_TITLE; ?></div>
       <div class="col-sm-8">
         <?php
-        $products_query = tep_db_query("SELECT pd.products_id, pd.products_name FROM products_description pd, products_notifications pn WHERE pn.customers_id = " . (int)$customer_id . " AND pn.products_id = pd.products_id AND pd.language_id = " . (int)$languages_id . " ORDER BY pd.products_name");
+        $products_query = tep_db_query("SELECT pd.products_id, pd.products_name FROM products_description pd, products_notifications pn WHERE pn.customers_id = " . (int)$_SESSION['customer_id'] . " AND pn.products_id = pd.products_id AND pd.language_id = " . (int)$_SESSION['languages_id'] . " ORDER BY pd.products_name");
         while ($products = tep_db_fetch_array($products_query)) {
           echo '<div class="custom-control custom-switch">';
             echo tep_draw_checkbox_field('products[]', $products['products_id'], true, 'class="custom-control-input" id="input_' . $products['products_id'] . 'Notification"');

account_password.php

@@ -12,10 +12,7 @@
 
   require 'includes/application_top.php';
 
-  if (!isset($_SESSION['customer_id'])) {
-    $navigation->set_snapshot();
-    tep_redirect(tep_href_link('login.php', '', 'SSL'));
-  }
+  $OSCOM_Hooks->register_pipeline('loginRequired');
 
   // if password is not enabled, then no reason to be on this page
   if (!$customer_data->has(['password'])) {

address_book.php

@@ -12,10 +12,7 @@
 
   require 'includes/application_top.php';
 
-  if (!isset($_SESSION['customer_id'])) {
-    $navigation->set_snapshot();
-    tep_redirect(tep_href_link('login.php', '', 'SSL'));
-  }
+  $OSCOM_Hooks->register_pipeline('loginRequired');
 
   require "includes/languages/$language/address_book.php";
 

address_book_process.php

@@ -12,10 +12,7 @@
 
   require 'includes/application_top.php';
 
-  if (!isset($_SESSION['customer_id'])) {
-    $navigation->set_snapshot();
-    tep_redirect(tep_href_link('login.php', '', 'SSL'));
-  }
+  $OSCOM_Hooks->register_pipeline('loginRequired');
 
   $message_stack_area = 'addressbook';
 

checkout_confirmation.php

@@ -11,23 +11,18 @@
 */
 
   require 'includes/application_top.php';
-
-  $OSCOM_Hooks->register_pipeline('progress');
 
 // if the customer is not logged on, redirect them to the login page
-  if (!isset($_SESSION['customer_id'])) {
-    $navigation->set_snapshot(['mode' => 'SSL', 'page' => 'checkout_payment.php']);
-    tep_redirect(tep_href_link('login.php', '', 'SSL'));
-  }
+  $OSCOM_Hooks->register_pipeline('loginRequired');
 
 // if there is nothing in the customers cart, redirect them to the shopping cart page
-  if ($cart->count_contents() < 1) {
+  if ($_SESSION['cart']->count_contents() < 1) {
     tep_redirect(tep_href_link('shopping_cart.php'));
   }
 
 // avoid hack attempts during the checkout procedure by checking the internal cartID
-  if (isset($cart->cartID) && isset($_SESSION['cartID'])) {
-    if ($cart->cartID != $cartID) {
+  if (isset($_SESSION['cart']->cartID, $_SESSION['cartID'])) {
+    if ($_SESSION['cart']->cartID != $_SESSION['cartID']) {
       tep_redirect(tep_href_link('checkout_shipping.php', '', 'SSL'));
     }
   }
@@ -37,30 +32,29 @@
     tep_redirect(tep_href_link('checkout_shipping.php', '', 'SSL'));
   }
 
-  if (isset($_POST['payment'])) {
-    $payment = $_POST['payment'];
-  }
+  $OSCOM_Hooks->register_pipeline('progress');
 
-  if (!isset($_SESSION['payment'])) {
-    tep_session_register('payment');
+  if (isset($_POST['payment'])) {
+    $_SESSION['payment'] = $_POST['payment'];
+  } elseif (!array_key_exists('payment', $_SESSION)) {
+    $_SESSION['payment'] = null;
   }
 
-  if (!isset($_SESSION['comments'])) {
-    tep_session_register('comments');
-  }
 
   if (isset($_POST['comments']) && tep_not_null($_POST['comments'])) {
-    $comments = tep_db_prepare_input($_POST['comments']);
+    $_SESSION['comments'] = tep_db_prepare_input($_POST['comments']);
+  } elseif (!array_key_exists('comments', $_SESSION)) {
+    $_SESSION['comments'] = null;
   }
 
 // load the selected payment module
-  $payment_modules = new payment($payment);
+  $payment_modules = new payment($_SESSION['payment']);
 
   $order = new order();
 
   $payment_modules->update_status();
 
-  if ( ($payment_modules->selected_module != $payment) || ( is_array($payment_modules->modules) && (count($payment_modules->modules) > 1) && !is_object($$payment) ) || ($$payment->enabled == false) ) {
+  if ( ($payment_modules->selected_module != $_SESSION['payment']) || ( is_array($payment_modules->modules) && (count($payment_modules->modules) > 1) && !is_object(${$_SESSION['payment']}) ) || !${$_SESSION['payment']}->enabled ) {
     tep_redirect(tep_href_link('checkout_payment.php', 'error_message=' . urlencode(ERROR_NO_PAYMENT_MODULE_SELECTED), 'SSL'));
   }
 
@@ -84,7 +78,7 @@
     }
 
     // Out of Stock
-    if ( (STOCK_ALLOW_CHECKOUT != 'true') && ($any_out_of_stock == true) ) {
+    if ( (STOCK_ALLOW_CHECKOUT != 'true') && $any_out_of_stock ) {
       tep_redirect(tep_href_link('shopping_cart.php'));
     }
   }
@@ -104,7 +98,7 @@
     echo $messageStack->output('checkout_confirmation');
   }
 
-  $form_action_url = $$payment->form_action_url ?? tep_href_link('checkout_process.php', '', 'SSL');
+  $form_action_url = ${$_SESSION['payment']}->form_action_url ?? tep_href_link('checkout_process.php', '', 'SSL');
 
   echo tep_draw_form('checkout_confirmation', $form_action_url, 'post');
 ?>
@@ -148,7 +142,7 @@
         <ul class="list-group list-group-flush">
           <?php
           $address = $customer_data->get_module('address');
-          if ($sendto != false) {
+          if ($_SESSION['sendto']) {
             echo '<li class="list-group-item">';
               echo '<i class="fas fa-shipping-fast fa-fw fa-3x float-right text-black-50"></i>';
               echo '<h5 class="mb-0">' . HEADING_DELIVERY_ADDRESS . '<small><a class="font-weight-lighter ml-2" href="' . tep_href_link('checkout_shipping_address.php', '', 'SSL') . '">' . TEXT_EDIT . '</a></small></h5>';
@@ -229,7 +223,7 @@
         }
         ?>
       </div>
-  
+
       <div class="w-100"></div>
       <?php
     }