This is a nightmare, comrades. PHPShop

    I will make a reservation. I have nothing to do with PHPShop, I do not compete with it and do not set the goal of stigmatizing someone.

    We were approached by a person who bought the Enterprise version of the PHPShop online store (2.1) and made a website on it. He needs some refinement of the store’s business logic, for which the authors requested an exorbitant amount. We got the code and started to watch.

    This is horror. I wrote the first 2 days of acquaintance with php and the web in general. Students with this code do not accept labs.


    Examples:
    1. It is
    inserted at the beginning of all php files: 2. defines.php 3. "Parsing" the settings \ n "; } 4. Update 5. The form is processed with register_globals
    require("../connect.php");
    @mysql_connect ("$host", "$user_db", "$pass_db")or @die("Невозможно подсоединиться к базе");
    mysql_select_db("$dbase")or @die("Невозможно подсоединиться к базе");
    require("../enter_to_admin.php");



    table_name="phpshop_categories"; # имя стола базы записей в базу
    table_name1="phpshop_orders"; # имя стола базы записей в базу
    table_name2="phpshop_products"; # имя стола базы записей в базу
    table_name3="phpshop_system"; # имя стола базы записей в базу



    if(@parse_ini_file("../../phpshop/inc/config.ini",1))
    $SysValue=parse_ini_file("../../phpshop/inc/config.ini",1);
    elseif(@parse_ini_file("../../../phpshop/inc/config.ini",1))
    $SysValue=parse_ini_file("../../../phpshop/inc/config.ini",1);
    elseif(@parse_ini_file("../../../../phpshop/inc/config.ini",1))
    $SysValue=parse_ini_file("../../../../phpshop/inc/config.ini",1);
    else $SysValue=@parse_ini_file("../../../../../phpshop/inc/config.ini",1);
    $sql="select * from ".$SysValue['base']['table_name28']." order by discount";
    $result=mysql_query($sql);
    while ($row = mysql_fetch_array($result))
    {
    $id=$row['id'];
    $name=$row['name'];
    $discount=$row['discount'];
    $sel="";
    if($n==$id) $sel="selected";
    @$dis.="




    $sql="UPDATE ".$SysValue['base']['table_name27']."
    SET
    login='$login_new',
    password='".base64_encode($password_new)."',
    mail='$mail_new',
    name='$name_new',
    company='$company_new',
    inn='$inn_new',
    tel='$tel_new',
    adres='$adres_new',
    enabled='$enabled_new',
    status='$status_new',
    kpp='$kpp_new',
    tel_code='$tel_code_new'
    where id='$userID'";



    if(@$productDELETE=="doIT")// Удаление
    {
    if(CheckedRules($UserStatus["shopusers"],1) == 1){
    $sql="delete from ".$SysValue['base']['table_name27']."
    where id='$userID'";
    $result=mysql_query($sql)or @die("Невозможно изменить запись");
    echo"

    ";
    }else $UserChek->BadUserFormaWindow();
    }


    The system requirements specify PHP4.
    It is written almost without the use of OOP.
    All that I saw is written in the form of porridge php, sql, html, js.
    Layout frankly goes to FF 3.
    Editing a user and creating a user are two files where% 60 of the code is duplicated.

    Is this a paid industrial product? Does it cost almost 12,000 per box? Was it proposed to our client to modify it on their own?
    By the way, on Habré the product is mentioned 4 times, and always in general positively: habrahabr.ru/search/?q=phpshop

    Also popular now: