Forum Moderators: coopster
I am trying to hack into the code on a shopping cart script I bought (phpcart):
I am trying to get the script to retain the cart contents if a visitor adds products to the cart then decides they want to finish shopping another day.
I have NO idea how to do this, I found a post on their message board, but the board isnt very active and I cant get a reply.
They told me this much:
phpCart uses PHP Sessions to track visitors. It then stores only one piece of information about the visitor in the session, a unique id. This unique id is called sessionid but had no relationship to an actual php session.If you look at the top of phpcart.php you'll see the following:
session_start();
$sessionid = $_SESSION["sessionid"];
if ($sessionid == ""){
$sessionid = md5 (uniqid(rand()));
session_register(sessionid);
}If you modify this to store the $sessionid in a cookie and then also check to see if the cookie exists you can preserve the unique id between visits.
I'll leave the rest up to you for know.
Any help would be GREATLY appreciated :)
[edited by: coopster at 9:15 pm (utc) on May 24, 2006]
[edit reason] removed url per TOS [webmasterworld.com] [/edit]
if ($sessionid == ""){
if(isset($_COOKIE['cookiename']) &&!empty($_COOKIE['cookiename'])) {
$sessionid = $_COOKIE['cookiename'];
}
else {
$sessionid = md5 (uniqid(rand()));
}
session_register(sessionid);
}
But you still need to store the cookie before you can use this script.
If you want the user to add products to their cart, then leave the website and continue shopping another days, you could as said in the forum use cookies by storing info in cookies.
Note that most website prefer to store basic info in cookies and sessions, basic info being the userid or username and its hashed password. From what I understand below, they do not even store these datas in the sessions.
When they tell you that only one piece of information about the visitor in the session, a unique id, is stored, I guess they must update this sessionid number in the user database after he has been logged in.
Another simple method would be to keep session tracking (instead of using cookies and change all their script) and to insert products datas in a database. I drop an example so that you get the idea.
*************************************
ORDER_ID \ USER_ID \ PRODUCTS \ FINAL
1/ Order_id being the index
2/ User_id being the id of the user
3/ Products being the products chosen by the user (work out for a special format and use explode/implode to use array())
e.g. array(102-2, 10-3) means products 102, qty 2
or array(p102qty2, p10qty3), etc.
4/ Final is true or false. True means the order has been completed, false means it is still pending
**********************************
Then, when the user is logged, you just retrieve the data from the database.
If it is really too complicated for you, then pay a guy for doing the job (see in their forum)...
My 2cents
I found where in the script / how it stores the info:
// Add product to cart
if ($_REQUEST["action"]=="add") {
$row = 1;
$fp = fopen ("./sessions/".$sessionid.".dat", "a+");
rewind($fp);
$coupon = fgetcsv ($fp, 50);
$coupon = $coupon[0];
if ($noduplicates == "Y"){
while ($data = fgetcsv ($fp, 500)) {
$row++;
if ($data[0] == $_REQUEST["id"] && $noduplicates = "Y") {
?>
<center><font size="<? echo $fontSize+1;?>" face="<? echo $font;?>" color="<? echo $TextColor;?>"><b><? echo $ProductInBasket;?></b></font></center><?
break;
}
}
}
