Creating an eShop Application : Level 2

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
User avatar
Sindarin
Forum Regular
Posts: 521
Joined: Tue Sep 25, 2007 8:36 am
Location: Greece

Creating an eShop Application : Level 2

Post by Sindarin »

So I started creating an e-shop application because I finally want to learn how to do it, I am guessing I am gonna take up a project like this real soon.
My code is so far is error free, I've managed to grasp the concept.

So far the shop stores data in cookies. After visiting some ecommerce sites, I noticed that's the way they do it as well however they all seemed to have problems when cookies are disabled. So I added a code to check if cookies are disabled and I will probably use that to redirect the user in a customer registration page so I can store his items in a mysql database, server side using his account.

One problem I am having though is that I want to try out implementing Paypal checkout and Google checkout as payment methods. Like I said my cart items are currently stored as cookies on the user's browser. The cookie format is as follows:

2_5

this means 2 is the product id and 5 is the quantity while _ is the delimiter,

So, will I have to modify my cookie format for it to work across Paypal and Google? Do these services use cookies?
Am I doing something wrong in the first place and I must do it somehow else?

Here's my code for the whole thing:

Code: Select all

<?php
 
ob_start();
require_once('database-connect.php');
 
//check if cookie support is on after each purchase
if ($_GET['check_cookies']==1)
{
if (isset($_COOKIE['is_cookie_enabled']))
{}else{
echo "Cookies were rejected! Please enable cookies in your browser, in order to store items in your cart!";
}
}
 
echo "<h2>Shopping Cart</h2>
<img src='cart.png' alt='Your cart' border='0' /> Cart Items:<br/>";
 
/*LIST PRODUCTS IN CART*/
$cookievalue=0;
if (isset($_COOKIE['cart']))
{
$total_cost=0;
$total_shipping_cost=0;
foreach ($_COOKIE['cart'] as $cookievalue) 
{
$cart_array = explode("_", $cookievalue);
$get_id=$cart_array[0];
$get_quantity=$cart_array[1];
 
$get_id=mysql_real_escape_string($get_id,$db_connection);
$prod_query="SELECT * FROM products WHERE row_id='$get_id'";
$prod_result = mysql_query($prod_query) or die('Error: ' . mysql_error());
while($row = mysql_fetch_array($prod_result))
{
$get_id=$row['row_id'];
$get_title=$row['row_title'];
$get_price=$row['row_price'];
$get_shipping_cost=$row['row_shipping_cost'];
 
$get_price=$get_price*$get_quantity;
$get_shipping_cost=$get_shipping_cost*$get_quantity;
 
$total_cost=$total_cost+$get_price;
$total_shipping_cost=$total_shipping_cost+$get_shipping_cost;
$total_checkout_cost=$total_cost+$total_shipping_cost;
$i=$i+1;
 
echo "$get_title x<strong>$get_quantity</strong> | $get_price &euro; | Shipping: $get_shipping_cost &euro; | <img src='cart_remove.png' alt='Your cart' border='0' /><a href='index.php?action=removeitem&id=$get_id'>Remove</a><br/>";
}
 
}
echo "<br/>
<a href='index.php?action=removeall' onclick='javascript&#058;if (confirm(\"Do you really want to clear your shopping cart?\")){return true;}else{return false;}'>Empty Cart</a><br/>
<em>Total Cost</em>: $total_cost &euro;<br/>
<em>Total Shipping Cost</em>: $total_shipping_cost &euro;<br/>
<strong>Final Total</strong>: $total_checkout_cost &euro;<br/>
<a href='index.php?action=checkout'>CheckOut</a>";
}
else
{
echo "There are no items in your shopping cart!<br/>";
} 
 
 
echo "<br/><br/>";
 
/* LIST eShop products */
$prod_query="SELECT * FROM products";
$prod_result = mysql_query($prod_query) or die('Error: ' . mysql_error());
while($row = mysql_fetch_array($prod_result))
{
        $get_id=$row['row_id'];
        $get_title=$row['row_title'];
        $get_price=$row['row_price'];
        $get_description=$row['row_description'];
        $get_shipping_cost=$row['row_shipping_cost'];
        
        echo "<strong>$get_title</strong>, Price: $get_price &euro; | Shipping: $get_shipping_cost &euro; | <form name='form$get_id' id='form$get_id' style='display:inline;' method='get' action='index.php'>
        Quantity: <input type='text' name='quantity' value='1' style='width:32px;' /> 
        <input type='hidden' name='action' value='addtocart' />
        <input type='hidden' name='id' value='$get_id' />
        <input type='hidden' name='title' value='$get_title'/>
        <img src='cart_add.png' alt='Your cart' border='0' /> <input type='submit'  value='Add to cart' /></form><br/>
        
        $get_description
        <br/>--------<br/>";
        
        
}
 
//add an item
if ($_GET['action']=='addtocart')
{
if (isset($_GET['id']))
{
$id=strip_tags($_GET['id']);
$title=strip_tags($_GET['title']);
$quantity=strip_tags($_GET['quantity']);
 
foreach ($_COOKIE['cart'] as $cookievalue) 
{
$cart_array = explode("_", $cookievalue);
$get_id=$cart_array[0];
if ($get_id==$id)
{
$get_quantity=$cart_array[1];
$quantity=$get_quantity+$quantity;
}
}
//cookie format productid_quantity
setcookie("cart[$id]", $id.'_'.$quantity,time()+60*60*24*365);
setcookie('is_cookie_enabled', 1);
header('Location: index.php?check_cookies=1');
exit;
}
}
 
//remove an item
if ($_GET['action']=='removeitem')
{
$id=strip_tags($_GET['id']);
setcookie("cart[$id]",$id,time()-200);
header('Location: index.php?check_cookies=1');
exit;
}
 
//remove all items - empty cart
if ($_GET['action']=='removeall' && isset($_COOKIE['cart']))
{
foreach ($_COOKIE['cart'] as $cookievalue) 
{
$cart_array = explode("_", $cookievalue);
$get_id=$cart_array[0];
$get_quantity=$cart_array[1];
setcookie("cart[".$cart_array[0]."]",$cart_array[1],time()-200);
}
header('Location: index.php?check_cookies=1');
exit;
}
 
ob_end_flush();
 
?>
blueyon
Forum Commoner
Posts: 76
Joined: Tue Oct 30, 2007 9:53 am

Re: Creating an eShop Application : Level 2

Post by blueyon »

I would look around and see how others have set theirs out.

is your going to use OOP or just procedural?
alex.barylski
DevNet Evangelist
Posts: 6267
Joined: Tue Dec 21, 2004 5:00 pm
Location: Winnipeg

Re: Creating an eShop Application : Level 2

Post by alex.barylski »

I'd check out Open Cart...it's actually well done...looks impressive at the interface...and the code...is about as KISS as anything I've seen in the open source market.

Good job blueyon :)
User avatar
Sindarin
Forum Regular
Posts: 521
Joined: Tue Sep 25, 2007 8:36 am
Location: Greece

Re: Creating an eShop Application : Level 2

Post by Sindarin »

I can't understand the concept of OOP too well, it's not ready for me yet. So I'm just going procedural. The reason I am not using a ready solution is that I need it to be as simple as possible (no modules etc I don't need), have full power over the code so I can reuse it and detect bugs fast and finally I want to expand my knowledge.

Your code for opencart uses a lot of OOP, although I've done some conversions of classes using OOP to procedural in order to use them easily. However I will take a look, it looks simpler than others like PrestaShop or Magento.

I have the question though: how do you update your currency conversions? Do you have to do it yourself?
User avatar
allspiritseve
DevNet Resident
Posts: 1174
Joined: Thu Mar 06, 2008 8:23 am
Location: Ann Arbor, MI (USA)

Re: Creating an eShop Application : Level 2

Post by allspiritseve »

Sindarin wrote:One problem I am having though is that I want to try out implementing Paypal checkout and Google checkout as payment methods. Like I said my cart items are currently stored as cookies on the user's browser. The cookie format is as follows: 2_5 this means 2 is the product id and 5 is the quantity while _ is the delimiter,
This seems really inefficient to me. Why don't you have two tables in your database, one for carts and one for cart_items. When the user first comes, set a cookie with the id of his cart in the database. For every new product you add to a cart, insert into the cart_items table. That way, you only have to work with one cookie, and you aren't limited in the amount of data you can store for any given cart item. For example, you may want options such as size or color that are priced differently, though it might be the same product... you would need a way to specify those.
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Creating an eShop Application : Level 2

Post by Christopher »

I like the idea of allowing the Cart to be saved either in the Session or a Database. There are many sites where Session based carts are fine and they are much easier to deals with and perform better. But some sites need the Cart to be associated with a user account and maintained between sessions.
(#10850)
blueyon
Forum Commoner
Posts: 76
Joined: Tue Oct 30, 2007 9:53 am

Re: Creating an eShop Application : Level 2

Post by blueyon »

THe code for updating currencies is this:

Code: Select all

 
        $query = $this->db->query("SELECT * FROM " . DB_PREFIX . "currency WHERE code != '" . $this->db->escape($this->config->get('config_currency')) . "' AND date_modified > '" . date(strtotime('-1 day')) . "'");
        
        foreach ($query->rows as $result) {
            $value = file_get_contents('http://quote.yahoo.com/d/quotes.csv?f=l1&s=' . $this->config->get('config_currency') . $result['code'] . '=X', 'r');
            
            $this->db->query("UPDATE " . DB_PREFIX . "currency SET value = '" . (float)$value . "', date_modified = NOW() WHERE currency_id = '" . (int)$result['currency_id'] . "'");
        }
        
        $this->cache->delete('currency');
 
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Creating an eShop Application : Level 2

Post by kaisellgren »

@Sindarin: FYI, the line 48 is directly vulnerable to XSS attacks through $get_quantity.
User avatar
Sindarin
Forum Regular
Posts: 521
Joined: Tue Sep 25, 2007 8:36 am
Location: Greece

Re: Creating an eShop Application : Level 2

Post by Sindarin »

blueyon wrote:THe code for updating currencies is this:

Code: Select all

 
        $query = $this->db->query("SELECT * FROM " . DB_PREFIX . "currency WHERE code != '" . $this->db->escape($this->config->get('config_currency')) . "' AND date_modified > '" . date(strtotime('-1 day')) . "'");
        
        foreach ($query->rows as $result) {
            $value = file_get_contents('http://quote.yahoo.com/d/quotes.csv?f=l1&s=' . $this->config->get('config_currency') . $result['code'] . '=X', 'r');
            
            $this->db->query("UPDATE " . DB_PREFIX . "currency SET value = '" . (float)$value . "', date_modified = NOW() WHERE currency_id = '" . (int)$result['currency_id'] . "'");
        }
        
        $this->cache->delete('currency');
 
OMG OOP! 8O So you get the currency from Yahoo. Are there any fees for this?
@Sindarin: FYI, the line 48 is directly vulnerable to XSS attacks through $get_quantity.
Ah thanks I noticed. I forgot I had to striptag any user input plus cookies as they can be modified.
Post Reply