Solved

PHP program - Question

Posted on 2013-06-18
11
310 Views
Last Modified: 2013-06-19
Our web developer left and I am trying to make out some coding.  I am not very familar with PHP but understand someo f it.

There is codding used in our program that is something like this:

SendtoStep
or SendtoNextStep

See example...

            sendToNextStep();
        } //end if
        else {
            storeFormData();
            sendToStep("shipment");
        } //end else
0
Comment
Question by:Scott Johnston
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
11 Comments
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 39258091
You haven't really given us much to go on. At face value, it looks like you have some kind of wizard or workflow set up. If a certain set of conditions is met, then you advance the user to the next page of the workflow; if not, you send them to the "shipment" step.
0
 

Author Comment

by:Scott Johnston
ID: 39258094
That Iunderstand, I not sure what a STEP is in PHP.
I can give you a look at the entire coding if it will help?
0
 

Author Comment

by:Scott Johnston
ID: 39258099
Here is copy of the PHP program, I am trying to find out how it retrieve data from our shipping database in MYSQL.  It seems that it pull from specific tables and then build the shipping form onour webiste.  Currently I only have 2 options for shipping but our system will allow for more...Can you help to interpet the code?
I like to see how or what table in MYSQL data base it is using to build the shipping data from?
checkout.php
0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 
LVL 75

Assisted Solution

by:käµfm³d 👽
käµfm³d   👽 earned 167 total points
ID: 39258125
"Step" isn't a PHP thing. You have a process, and that process consists of steps. Your particular process is a checkout for an e-commerce page/site. I'd hazard a guess that you've bought something online before. What did you have to do in order to get that wonderful thing at your front door? You had to pick the item you wanted, add it to your cart, proceed to checkout, enter your billing information, enter your shipping information, confirm your payment, etc., etc. Those are all steps. Your PHP is intended to do the same thing--provide a series of steps to guide the user through the journey of purchasing something.

I think your shipping stuff is here in lines 6961 - 6970:

if($shipViaCode == "_NORATE")
        $shipDescription = "Order is on hold for shipping arrangements.";
    else {
        $cnx->execute("SELECT Description FROM ".$cnx->StoreDB.".FedExCodes WHERE ".
            "Code = '".$cnx->adjust($shipViaCode)."'");
        if($cnx->AffectedRows == 1) {
            $result = $cnx->getResults(1);
            $shipDescription = trim($result['Description']);
        } //end if
    } //end if

Open in new window


Also, you have a couple of lines like this:

 $cnx->execute("SELECT AES_DECRYPT(Password,'itpass') as 'DecPass' FROM ".
                            $cnx->StoreDB.".ITCustomerLogin WHERE ".
                            "Division = '".$cnx->adjust($account->Division)."' AND ".
                            "CustomerNumber = '".$cnx->adjust($account->CustomerNumber)."' LIMIT 1");

Open in new window


The use of AES_DECRYPT causes me to think that you are storing passwords using two-way encryption rather than a one-way hash. I'm sure I lost you there, but what I mean is that it seems as though your application can decrypt passwords stored on the database. This is bad. If someone were to compromise your server, it would be very easy for them to decrypt every users' password in your database. I'm sure you've heard the statistics that discuss how often reuse passwords across multiple sites/systems. Do your users a favor:  Hire someone professional to rework that bit of code and hash your users' passwords.

P.S.

If all that code is in one file, I hope you fired that guy!!!  That's a horrible piece of code to have to maintain  : (
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 166 total points
ID: 39258143
What kaufmed said.  This is a technically incompetent piece of programming and it screams out to be refactored, as does any script that is 8,000+ lines long.  Your choices are really twofold.  You can hire someone to help make sense of this mess or you can spend a couple of years learning enough about PHP and design patterns to do the work yourself.  If you decide to go with the latter approach, the learning resources in this article may help you get into PHP faster.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0
 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39258185
I have to agree with Ray and kaufmed.  And you can't hire me to change it.  Well maybe.  $2 per line...?  No, $5 per line.
0
 

Author Comment

by:Scott Johnston
ID: 39260000
Guys your comments are appreciated and I would agree.  In fact our Web developer is no lofger here and we (I) have to rtry and make sense of this mess.  (We are working up a new qwebsite using WordPress).
Kaufmed, thank your for pointing out the coding about the shiping description, what I am trying to understand in this code is how it decieds which shipping codes to pull and display on our web site.
The coding you listed above will extract the description for the code, but how did this code deciede which shipping description will be used?
Can you help?

PS the programmer who developed this code is no longer with us.  Thanks for pointing out his coding problems.
0
 

Author Comment

by:Scott Johnston
ID: 39260183
"Code = '".$cnx->adjust($shipViaCode)."'");

What is this line of coding doing?
My database has 10 different shipping methods available but when i process a test order I only see 2 options for shipping.  Maybe this is not the right file?
I only see option for shipping for:
FEDEXHOME
or
FEDSTD1DAY

We have other codes like FEDEXSTDPRIORITY, FEDEX2DAY, FEDEX3DAY.....

but nothing seems to control what is sent to the web site.

The url is /.......com/checkout.php?proc=shipment

Am I working with the correct file?
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 167 total points
ID: 39260284
"Code = '".$cnx->adjust($shipViaCode)."'");

This statement is putting data in a string for use by javascript and it is pulling it from a class using an index in the variable $shipViaCode.  To understand what is going on you have to research the $cnx class to see what it is doing and see what is assigned to $shipViaCode and then figure out what the javascript that uses this info does on the page.
0
 

Author Closing Comment

by:Scott Johnston
ID: 39260374
very good information from everybody.
THANK YOU
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39261305
Thanks for the points and best of luck with it!! ~Ray
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This article discusses four methods for overlaying images in a container on a web page
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question