Link to home
Start Free TrialLog in
Avatar of CTru
CTru

asked on

OSCommerce & phpFox - Sessions and Cookies - Synched Logins

Hi All,

My project is to integrate phpFox & OSCommerce, both open source applications.

Am trying to implement an integration that does not have a dominant, or master side. That is without redirects, and does not use one or the other exclusively, to register or login or change information.

Each is presently in its own environment: phpFox in one folder, OSC in another, both folders in root.

Have already gotten most, if not all of the grunt work, and then some, done:
- Merged the user (phpFox) with customers and customers_info (OSC) database tables.
- Updated the necessary database column names in all files.
- Added queries to update one application while in the other (from either).
- Replaced password and verification process in OSC, with phpFox's.

What I presently have completed, is separate yet merged, and working. Meaning that when registering through the phpFox side, the OSC side is also registered (but not logged in); the customer then exists in OSC with the same registration information (i.e. email and password). And then can login from either side, phpFox or OSC. The same, visa versa (register in OSC & be registered in phpFox).

-------------------------------------------------------------

To complete this project, all that's left to do is to have both applications be able to start a session and set cookies for the other, at the same time they're starting and setting their own. Or, perhaps, share a session and cookies.

I am looking to end up being able to register or login from either, and then be registered and/or logged in transparently/seamlessly to the other.

-------------------------------------------------------------

I am hoping to be pointed in a direction. Looking for ideas or thoughts towards how I can go about it. Needing some help with this last part of my project.

Thanks for your time...
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
I am not an expert in either of those systems at all, but I can tell you a little about sessions and cookies.

Before I start, though... getting the two systems to use a common login may not be hard, but it will probably require modifying the way one or both recognizes the logged in clients.  What you want, in essence, is to take one of the registration and login sub-systems and use it for both systems.  This applies to the forms, scripts, and DB tables.  You might want to think about OAuth.

Cookies are HTTP headers set by the server and stored in the client "cookie jar".  The client browser sends the cookies to the server on subsequent visits.  In PHP, the cookies are found in $_COOKIE which is an associative array.  Please see the code snippet for a teaching example script that shows how to set and view a cookie.

Sessions work (almost always) through cookies.  The session id is a key to the session variables - these are stored in a temporary file on the server.  When you start a session, you send a cookie to the browser.  The information you put into the $_SESSION array is saved at the time of script termination (happens automatically) into the temporary file.  When the next page of the web site executes session_start(), the session cookie is accessed, and its session id is used to locate the $_SESSION values.

I have an article here about login and logout processing that may be helpful to you.
https://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Best regards, ~Ray
<?php // RAY_cookie_example.php

// RECEIVE FORM INPUT AND SET A COOKIE WITH THE NAME AND VALUES FROM THE FORM
// MAN PAGE: http://us.php.net/manual/en/function.setcookie.php
// TO SEE COOKIES IN FIREFOX, FOLLOW TOOLS => OPTIONS => PRIVACY => SHOW COOKIES

define('COOKIE_LIFE', 60*60*24); // A 24-HOUR DAY IN SECONDS ( = 86,400 )

if (!empty($_POST)) // IF THE FORM HAS BEEN POSTED
{

   // TIDY UP THE POST INPUT - CLEAN AND NOT MORE THAN 16 BYTES
   $name = substr(clean_string($_POST["name"]),0,16);
   $data = substr(clean_string($_POST["data"]),0,16);

   // BE SURE WE HAVE USEFUL INFORMATION
   if ( ($name == '') || ($data == '') ) die("MISSING INPUT: PLEASE <a href=\"$PHP_SELF\">TRY AGAIN</a>");


   // CHOOSE THE COOKIE NAME AND VALUE
   $cookie_name    = $name;
   $cookie_value   = $data;



   // ESTABLISH THE COOKIE LIFE - CHOOSE ONE OF THESE FOR THE COOKIE
   // USE THIS TO MAKE COOKIE EXPIRE AT END OF BROWSER LIFE
   $cookie_expires = 0;

   // USE THIS TO MAKE A PERSISTENT COOKIE - DEFINE COOKIE_LIFE IN SECONDS - date('Z') IS UTC OFFSET IN SECONDS
   $cookie_expires = time() + date('Z') + 30 * 60 * 60 * 24;



   // ESTABLISH THE COOKIE DOMAIN SCOPE - CHOOSE ONE OF THESE FOR THE COOKIE
   // MAKE THE COOKIE AVAILABLE TO ALL DIRECTORY PATHS IN THE WWW ROOT
   $cookie_path	= '/';

   // MAKE THE COOKIE AVAILABLE TO ALL SUBDOMAINS - DOMAIN NAME STARTS WITH DOT AND OMITS WWW (OR OTHER SUBDOMAINS).
   $x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
   $y = count($x);
   if ($y == 1) // MAYBE 'localhost'?
   {
      $cookie_domain = $x[0];
   }
   else // SOMETHING LIKE 'www2.atf70.whitehouse.gov'?
   {
   // USE THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN
      $cookie_domain = '.' . $x[$y-2] . '.' . $x[$y-1];
   }



   // MAKE THE COOKIE AVAILABLE TO HTTP, NOT JUST HTTPS
   $cookie_secure    = FALSE;



   // HIDE COOKIE FROM JAVASCRIPT (PHP 5.2+)
   $cookie_http      = TRUE;



   // SET THE COOKIE
   if (setcookie($cookie_name, $cookie_value, $cookie_expires, $cookie_path, $cookie_domain, $cookie_secure, $cookie_http))
   {
      echo "<br/>SUCCESS!  THE COOKIE HAS BEEN SET AND WILL BE AVAILABLE TO THE NEXT PAGE LOAD \n";
   }
   else
   {
      echo "<br/>FAILURE!  THE COOKIE WAS NOT SET AS EXPECTED \n";
   }



   // AT THIS POINT, THE COOKIE HAS BEEN SET, BUT IT IS _NOT_ AVAILABLE TO THIS SCRIPT.
   // THE COOKIE WILL NOT BE AVAILABLE TO OUR SERVER UNTIL THE NEXT SCRIPT!
   // THIS IS BECAUSE THE BROWSER SENDS THE COOKIE TO OUR SCRIPT BEFORE OUR SCRIPT STARTS RUNNING.
   // HOWEVER THE $_COOKIE ARRAY IS NOT IMMUTABLE, AND WE CAN ADD INFORMATION TO IT
   // IF WE WANT TO USE IT IN THIS SCRIPT.  THIS IS PROBABLY A BAD PROGRAMMING PRACTICE
   echo '<pre>$_COOKIE CONTAINS '; var_dump($_COOKIE); echo "</pre>\n";
   echo '<pre>$_POST CONTAINS ';   var_dump($_POST);   echo "</pre>\n";
   echo "<br/>THE COOKIE HAS BEEN SET WITH THESE VALUES: \n";
   echo "<br/>COOKIE NAME: $cookie_name \n";
   echo "<br/>COOKIE VALUE: $cookie_value \n";
   echo "<br/>COOKIE EXPIRES: $cookie_expires ";
   echo " == " . date('r') . "\n";
   echo "<br/>COOKIE PATH: $cookie_path \n";
   echo "<br/>COOKIE DOMAIN: $cookie_domain \n";
   echo "<br/>COOKIE SECURE: "; var_dump($cookie_secure); echo " \n";
   echo "<br/>COOKIE HTTP: ";   var_dump($cookie_http);   echo " \n";

   echo "<br/>";
   echo "<br/>TO SEE THE COOKIES, IF ANY, <a href=\"{$_SERVER['PHP_SELF']}\">CLICK HERE</a> \n";
   echo "<br/>";
}

// END OF SETTING THE COOKIE
?>


<form method="post">
COOKIE NAME: <input name="name" /><br/>
COOKIE DATA: <input name="data" /><br/>
<input type="submit" />
</form>


<?php
// SHOW THE COOKIE ARRAY, IF ANY
echo '<pre>$_COOKIE CONTAINS '; var_dump($_COOKIE); echo "</pre>\n";



// A FUNCTION TO FORCE A STRING TO CHARACTERS ONLY
function clean_string($string)
{
   return trim(preg_replace('/[^A-Z0-9_]/i', '', $string));
}

// SHOW THE SCRIPT CODE
// die(highlight_file(__FILE__, TRUE));

Open in new window

Avatar of CTru
CTru

ASKER

Hey Ray,

Thanks for having a look, and for the sample code, and the article, as well as the links from before.

I have some more reading to do. Then I'm guessing, some questions to formulate. Then "I'll be back!".   =)

"Build Your Own Database Driven Web Site Using PHP & MySQL, 4th Edition" looks very interesting! I think I will enjoy it as soon as I can work out getting a hold of it.

Carlos
ASKER CERTIFIED SOLUTION
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of lenamtl
lenamtl
Flag of Canada image
If you want to hire an excellent freelancer programmer check for Monika Mathé
http://www.monikamathe.com/
she is an OSC Expert, as her for a quote

I have hire her as freelancer in the past.
Avatar of CTru
CTru

ASKER

Hello,

I apologize for my lack of involvement here. I had a baby girl, and had to hire someone to get this done for me.

Ray, thanks for all your input, and information. You're one of the good guys of this world. I'm leaving EE for now.
Avatar of Ray Paseur
Ray Paseur
Flag of United States of America image
Thanks for the points and for your kind words, and CONGRATULATIONS! ~Ray