?
Solved

PHP program - Question

Posted on 2013-06-18
11
Medium Priority
?
321 Views
Last Modified: 2013-06-19
Our web developer left and I am trying to make out some coding.  I am not very familar with PHP but understand someo f it.

There is codding used in our program that is something like this:

SendtoStep
or SendtoNextStep

See example...

            sendToNextStep();
        } //end if
        else {
            storeFormData();
            sendToStep("shipment");
        } //end else
0
Comment
Question by:Scott Johnston
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 2
  • 2
  • +1
11 Comments
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 39258091
You haven't really given us much to go on. At face value, it looks like you have some kind of wizard or workflow set up. If a certain set of conditions is met, then you advance the user to the next page of the workflow; if not, you send them to the "shipment" step.
0
 

Author Comment

by:Scott Johnston
ID: 39258094
That Iunderstand, I not sure what a STEP is in PHP.
I can give you a look at the entire coding if it will help?
0
 

Author Comment

by:Scott Johnston
ID: 39258099
Here is copy of the PHP program, I am trying to find out how it retrieve data from our shipping database in MYSQL.  It seems that it pull from specific tables and then build the shipping form onour webiste.  Currently I only have 2 options for shipping but our system will allow for more...Can you help to interpet the code?
I like to see how or what table in MYSQL data base it is using to build the shipping data from?
checkout.php
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 75

Assisted Solution

by:käµfm³d 👽
käµfm³d   👽 earned 501 total points
ID: 39258125
"Step" isn't a PHP thing. You have a process, and that process consists of steps. Your particular process is a checkout for an e-commerce page/site. I'd hazard a guess that you've bought something online before. What did you have to do in order to get that wonderful thing at your front door? You had to pick the item you wanted, add it to your cart, proceed to checkout, enter your billing information, enter your shipping information, confirm your payment, etc., etc. Those are all steps. Your PHP is intended to do the same thing--provide a series of steps to guide the user through the journey of purchasing something.

I think your shipping stuff is here in lines 6961 - 6970:

if($shipViaCode == "_NORATE")
        $shipDescription = "Order is on hold for shipping arrangements.";
    else {
        $cnx->execute("SELECT Description FROM ".$cnx->StoreDB.".FedExCodes WHERE ".
            "Code = '".$cnx->adjust($shipViaCode)."'");
        if($cnx->AffectedRows == 1) {
            $result = $cnx->getResults(1);
            $shipDescription = trim($result['Description']);
        } //end if
    } //end if

Open in new window


Also, you have a couple of lines like this:

 $cnx->execute("SELECT AES_DECRYPT(Password,'itpass') as 'DecPass' FROM ".
                            $cnx->StoreDB.".ITCustomerLogin WHERE ".
                            "Division = '".$cnx->adjust($account->Division)."' AND ".
                            "CustomerNumber = '".$cnx->adjust($account->CustomerNumber)."' LIMIT 1");

Open in new window


The use of AES_DECRYPT causes me to think that you are storing passwords using two-way encryption rather than a one-way hash. I'm sure I lost you there, but what I mean is that it seems as though your application can decrypt passwords stored on the database. This is bad. If someone were to compromise your server, it would be very easy for them to decrypt every users' password in your database. I'm sure you've heard the statistics that discuss how often reuse passwords across multiple sites/systems. Do your users a favor:  Hire someone professional to rework that bit of code and hash your users' passwords.

P.S.

If all that code is in one file, I hope you fired that guy!!!  That's a horrible piece of code to have to maintain  : (
0
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 498 total points
ID: 39258143
What kaufmed said.  This is a technically incompetent piece of programming and it screams out to be refactored, as does any script that is 8,000+ lines long.  Your choices are really twofold.  You can hire someone to help make sense of this mess or you can spend a couple of years learning enough about PHP and design patterns to do the work yourself.  If you decide to go with the latter approach, the learning resources in this article may help you get into PHP faster.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0
 
LVL 84

Expert Comment

by:Dave Baldwin
ID: 39258185
I have to agree with Ray and kaufmed.  And you can't hire me to change it.  Well maybe.  $2 per line...?  No, $5 per line.
0
 

Author Comment

by:Scott Johnston
ID: 39260000
Guys your comments are appreciated and I would agree.  In fact our Web developer is no lofger here and we (I) have to rtry and make sense of this mess.  (We are working up a new qwebsite using WordPress).
Kaufmed, thank your for pointing out the coding about the shiping description, what I am trying to understand in this code is how it decieds which shipping codes to pull and display on our web site.
The coding you listed above will extract the description for the code, but how did this code deciede which shipping description will be used?
Can you help?

PS the programmer who developed this code is no longer with us.  Thanks for pointing out his coding problems.
0
 

Author Comment

by:Scott Johnston
ID: 39260183
"Code = '".$cnx->adjust($shipViaCode)."'");

What is this line of coding doing?
My database has 10 different shipping methods available but when i process a test order I only see 2 options for shipping.  Maybe this is not the right file?
I only see option for shipping for:
FEDEXHOME
or
FEDSTD1DAY

We have other codes like FEDEXSTDPRIORITY, FEDEX2DAY, FEDEX3DAY.....

but nothing seems to control what is sent to the web site.

The url is /.......com/checkout.php?proc=shipment

Am I working with the correct file?
0
 
LVL 84

Accepted Solution

by:
Dave Baldwin earned 501 total points
ID: 39260284
"Code = '".$cnx->adjust($shipViaCode)."'");

This statement is putting data in a string for use by javascript and it is pulling it from a class using an index in the variable $shipViaCode.  To understand what is going on you have to research the $cnx class to see what it is doing and see what is assigned to $shipViaCode and then figure out what the javascript that uses this info does on the page.
0
 

Author Closing Comment

by:Scott Johnston
ID: 39260374
very good information from everybody.
THANK YOU
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39261305
Thanks for the points and best of luck with it!! ~Ray
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Originally, this post was published on Monitis Blog, you can check it here . In business circles, we sometimes hear that today is the “age of the customer.” And so it is. Thanks to the enormous advances over the past few years in consumer techno…
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question