Page 1 of 1
Two questions, shopping cart, and view source.
Posted: Wed Feb 15, 2006 7:25 pm
by kyoru
take a look at this great shopping cart tutorial...
http://www.phpwebcommerce.com/php-mysql ... torial.php
i plan i using it to hlep make a shopping card for my site and so far it has been great, hoever I can't figure out how a customers temp. shopping card is recored, is it stored in the data base (I think it is but its not detailed anywhere, if it is how is it recalled to a certain customer)?
another question i want to have a link to view the source of my index page of my website and be able to change and save it, what kind of functions would i look at to accomplish this?
*edit: oh yes i was looking at this one snippet of code that closes the page if its called directly (eg its function.php) anyone know how to code tha tone?
Thanks guys!
Posted: Thu Feb 16, 2006 12:32 am
by s.dot
a temporary shopping cart is most likely stored in the session. wherever you're in doubt that something is in the session you can do
in debugging mode of course, not on the live production site. If it is stored in the database, just loop through your table till you find what you want.
I'd suggest setting up an admin area so you can just type in what you're looking for and loop through records without having to recode a function each time.
As far as changing the source... i'm not quite sure what you mean. You can always view the source, change the source, save it with the same name as your original php file and save it locally. then reupload to the server (if it's remote).
Posted: Thu Feb 16, 2006 1:08 am
by matthijs
I didn't study all code but a quick view at the login system gives me a hint that it would be wise to thoroughly go through the code to make sure it is safe to use. The admin directory contains an index file which calls the checkUser() function which is a function in the functions.php file. That function checks the SESSION
Code: Select all
if (!isset($_SESSION['plaincart_user_id'])) {
header('Location: ' . WEB_ROOT . 'admin/login.php');
}
and redirects to the login page were the doLogin() is called (also in functions.php):
Code: Select all
function doLogin()
{
// if we found an error save the error message in this variable
global $errorMessage;
$userName = $_POST['txtUserName'];
$password = $_POST['txtPassword'];
// first, make sure the username & password are not empty
if ($userName == '') {
$errorMessage = 'You must enter your username';
} else if ($password == '') {
$errorMessage = 'You must enter the password';
} else {
$sql = "SELECT user_id
FROM tbl_user
WHERE user_name = '$userName' AND user_password = PASSWORD('$password')";
$result =& dbQuery($sql);
if (dbNumRows($result) == 1) {
$row =& dbFetchAssoc($result);
$_SESSION['plaincart_user_id'] = $row['user_id'];
$sql = "UPDATE tbl_user
SET user_last_login = NOW()
WHERE user_id = '{$row['user_id']}'";
dbQuery($sql);
if (isset($_SESSION['login_return_url'])) {
header('Location: ' . $_SESSION['login_return_url']);
} else {
header('Location: index.php');
}
} else {
$errorMessage = 'Wrong username or password';
}
}
}
I'm not sure but it seems like the script doesn't escape the $userName and $password and is depending on magic_quotes being on. You might want to check that out.