Take out Sessions from PHP script

Hello, i've got a small application that is implemented into a shop system, this allows the customer to pay with something called "Ukash vouchers", that script only works if the user is logged into the shop, now i want to use that script for something else and want to get rid of the sessions so the user doesn't have to be logged into anything and can just use the script.

I want to keep all the functionality to write into MySQL

This is the script:


<?php
if(!empty($_SESSION[$session_prefix."user"]))
{
//Functions
function middlestring($string,$start,$stop){
$pos = strpos($string,$start)+strlen($start);
$retstr = substr($string,$pos);
$pos = strpos($retstr,$stop);
$retstr = substr($retstr,0,$pos);
return $retstr;
}

function curl_get($url, $head, $cook, $ssl){
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"); 
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,$ssl);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,$ssl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, $head);
if($cook == 1) curl_setopt($ch, CURLOPT_COOKIE, $_SESSION["cookies"]);
return curl_exec($ch);
}

function curl_post($url, $datas, $cook, $ssl){
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_POST,1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $datas);
curl_setopt($ch, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14"); 
if($cook == 1) curl_setopt($ch, CURLOPT_COOKIE, $_SESSION["cookies"]);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER,$ssl);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST,$ssl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HEADER, 1);
return curl_exec($ch);
}

function getcookies($text, $startstr, $endstr){
$start = strpos($text, $startstr);
$end = strpos($text, $endstr);
$parts = split("Set-Cookie: ",substr($text, $start, $end-$start));
$cookies = '';
foreach ($parts as $co)
    {
    $cd = split(";",$co);
    if (!empty($cd[0]))
		{
		if(strpos($cd[0], "deleted"))
			{}
		else
		$cookies .= $cd[0].';';
		}
    }
return $cookies;
}

$mail = $ukuser;
$pass = $ukpw;
$code = $_REQUEST["code"];
$wert = $_REQUEST["guthaben"];
$captcha = $_REQUEST["captcha"];

if(empty($captcha))
{
$text = curl_get('http://www.ukash.com/global/en/login.aspx', 1, 0, 1);
$_SESSION["viewstate"] = urlencode(middlestring($text, '__VIEWSTATE" value="', '" />'));
$text = curl_post('http://www.ukash.com/global/en/login.aspx', '__EVENTTARGET=ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpMainHolder%24loginCentral_10%24loginButton&__EVENTARGUMENT=&__VIEWSTATE='.$_SESSION["viewstate"].'&sIFR_replacement_0=&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpMainHolder%24loginCentral_10%24txtEmail='.$mail.'&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpMainHolder%24loginCentral_10%24txtPassword='.$pass.'&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpMainHolder%24loginRegForm_11%24txtR1FirstName=&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpMainHolder%24loginRegForm_11%24txtR1LastName=&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpMainHolder%24loginRegForm_11%24txtR1Email=&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpMainHolder%24loginRegForm_11%24ddlDOBday=01&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpMainHolder%24loginRegForm_11%24ddlDOBmonth=01&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpMainHolder%24loginRegForm_11%24ddlDOByear=1980&%23=%2Fservices%2FlocaleRedirector.aspx%3FnodeId%3D156095%26languageCode%3Den&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpSideHolder%24sideRegisterLogin_15%24txtR1FirstName=&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpSideHolder%24sideRegisterLogin_15%24txtR1LastName=&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpSideHolder%24sideRegisterLogin_15%24txtR1Email=&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpSideHolder%24sideRegisterLogin_15%24ddlDOBday=01&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpSideHolder%24sideRegisterLogin_15%24ddlDOBmonth=01&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24cpSideHolder%24sideRegisterLogin_15%24ddlDOByear=1980&ctl00%24ctl00%24ctl00%24ContentPlaceHolderDefault%24footerTellAFriend_23%24txtStFemail=&__SCROLLPOSITIONX=0&__SCROLLPOSITIONY=0', 0, 1);
$_SESSION["cookies"] = getcookies($text, 'Set-Cookie:', 'Cache-Control: ');
$text = curl_get('http://www.ukash.com/global/en/my-ukash.aspx', 1, 1, 1);
if(strpos($text, 'My Used Codes'))
	{
	$text = curl_get('https://direct.ukash.com/de/tools/combine/logic/step1.aspx?email=&culture=de&country=de&lang=de', 1, 1, 0);
	$_SESSION["cookies"] .= 'ASP.NET_SessionId='.middlestring($text, 'Set-Cookie: ASP.NET_SessionId=', ' path=/; HttpOnly');
	$_SESSION["event"] = urlencode(middlestring($text, 'EVENTVALIDATION" value="', '" />'));
	$_SESSION["viewstate"] = urlencode(middlestring($text, 'VIEWSTATE" value="', '" />'));
	$text = curl_get('https://direct.ukash.com/de/tools/combine/utils/PhishingImage.aspx', 0, 1, 0);
	echo '<form action="" method="post">
		  <table id="items">
		  <tr><td>'.$uka1lng.'</td><td><input type="text" name="code"></td></tr>
		  <tr><td>'.$uka2lng.'</td><td><input type="text" name="guthaben"></td></tr>
		  <tr><td><img src="data:image/jpg;base64,'.base64_encode($text).'"></td><td><input type="text" name="captcha"></td></tr>
		  <tr><td></td><td><input type="submit" value="'.$uka3lng.'"></td></tr>
		  </table>
		  </form><br>
		  <font color="red">'.$uka4lng.'</font>'.$uka5lng.'<br>'.$uka6lng;
	}
else
	$ukerror = $uka7lng;
}
else
	{
	if($wert < 10)
		$ukerror = $uka8lng;
	else
	{
	$text = curl_post('https://direct.ukash.com/de/tools/combine/logic/step1.aspx', '__VIEWSTATE='.$_SESSION["viewstate"].'&__EVENTVALIDATION='.$_SESSION["event"].'&tbxVoucherNo1='.$code.'&tbxVoucherVal1='.$wert.'&tbxVoucherNo2='.$code.'&tbxVoucherVal2=0&tbxVoucherNo3=&tbxVoucherVal3=&tbxVoucherNo4=&tbxVoucherVal4=&tbxVoucherNo5=&tbxVoucherVal5=&tbxVoucherNo6=&tbxVoucherVal6=&tbxVoucherNo7=&tbxVoucherVal7=&tbxVoucherNo8=&tbxVoucherVal8=&tbxVoucherNo9=&tbxVoucherVal9=&tbxVoucherNo10=&tbxVoucherVal10=&tbxBaseCurrency=EUR&tbxVerContent='.$captcha.'&chkTerms=on&btnConsolidate=', 1, 0);
	if(strpos($text, 'stimmt nicht mit dem Systemcode'))
		$ukerror = $uka9lng;
	else
		{
		$text = curl_get('https://direct.ukash.com/de/tools/combine/logic/step2.aspx?lang=de', 1, 1, 0);
		$_SESSION["viewstate"] = urlencode(middlestring($text, 'VIEWSTATE" value="', '" />'));
		$_SESSION["event"] = urlencode(middlestring($text, 'EVENTVALIDATION" value="', '" />'));
		if(strpos($text, 'Ihre Ukash Referenznummer'))
			{
			$text = curl_post('https://direct.ukash.com/de/tools/combine/logic/step2.aspx?lang=de', '__VIEWSTATE='.$_SESSION["viewstate"].'&__EVENTVALIDATION='.$_SESSION["event"].'&btnProceed=', 1, 0);
			$text = curl_get('https://direct.ukash.com/de/tools/combine/logic/Step4.aspx', 1, 1, 0);
			
			$newukash = middlestring($text, 'span id="lblVoucherDetailValue"', '</table>');
			$newukash = middlestring($newukash, '<tr><td>', '</td></tr>');
			$newukash = split('</td><td>', $newukash);
			
			$newcode = $newukash[0];
			$ukguthaben = $newukash[2];
			
			$user = mysql_fetch_array(mysql_query('SELECT * FROM users WHERE username="'.$_SESSION[$session_prefix."user"].'"'));
			$geld = floor($user["guthaben"] + $ukguthaben);
			mysql_query('UPDATE users SET guthaben="'.$geld.'" WHERE username="'.$_SESSION[$session_prefix."user"].'"');
			mysql_query('INSERT into ukash (user, code1, code2, value) VALUES ("'.$_SESSION[$session_prefix."user"].'", '.$newcode.', 0, '.$ukguthaben.')');

			echo floor($ukguthaben).' '.$guthaben.$uka10lng;
			
			}
		else
		$ukerror = $uka11lng;
		}
	}
	}
echo $ukerror;
}
else
echo'<font color="red">'.$uka12lng.'</font>';
?>

Open in new window

RhcarminckeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RhcarminckeAuthor Commented:
Alternatively, is there a way to create a session upon opening the page, without the need to use some login form ? So i could use the same user for everyone and the script would work again.
0
kdotkannanCommented:

You can add a user name for the session by simply adding a line before your code.

$_SESSION['user'] = "username" ; // add this code before your existing code.
//your code follows
if(!empty($_SESSION[$session_prefix."user"]))
{
//Functions

But you have many other information from the session, if it is empty the your code may not work as expected.

You can try with adding the one line that I have given above. In later stage you have code to read and update db with session user. So make sure that you use proper name.  

kannan
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RhcarminckeAuthor Commented:
Hello, Thanks for your input, but that didn't let me be logged in, this is the index page, i think it has to be defined there:

<?php
include('./inc/config.php');
include('./inc/functions.php');
include('./lang/'.$language.'.lng');
$id = addslashes($_REQUEST["id"]);
$user = addslashes($_REQUEST["username"]);
$pass = addslashes($_REQUEST["password"]);
$language = strtolower($language);
if(empty($id)) $id =1;
$file = mysql_query('SELECT * FROM navi_'.$language.' WHERE id="'.$id.'"');
if(mysql_num_rows($file)>0)
$file = mysql_fetch_array($file);
else
$file = mysql_fetch_array(mysql_query('SELECT * FROM navi_'.$language.' WHERE id="404"'));

if(!empty($user) AND !empty($pass))
{$query = mysql_query('SELECT * FROM users WHERE username="'.$user.'" AND pass="'.md6($pass).'"');
if(mysql_num_rows($query) == 1) {$_SESSION[$session_prefix."user"] = ucfirst($user); echo'<meta http-equiv="refresh" content="0; url=index.php?id=8">';}
else $error = 'Username oder Passwort ist falsch.';}

include('./designe/'.$designe.'/head.tpl');
include('./designe/'.$designe.'/navi.php');
include('./designe/'.$designe.'/middle.tpl');

	if(file_exists('./pages/'.$file["file"]))
	{echo'<h1>'.ucfirst($file["title"]).'</h1>';
	include('./pages/'.$file["file"]);}
	if(!empty($error)) echo '<font color="red">'.$error.'</font>'; 
	
include('./designe/'.$designe.'/foot.tpl');	
?>

Open in new window


So lets say username is hans, password is hans, and hans id is 122, what would i have to add to make every user that visits the page be automatically logged in as "hans" ?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP

From novice to tech pro — start learning today.