Solved

PHP program - Question

Posted on 2013-06-18
11
303 Views
Last Modified: 2013-06-19
Our web developer left and I am trying to make out some coding.  I am not very familar with PHP but understand someo f it.

There is codding used in our program that is something like this:

SendtoStep
or SendtoNextStep

See example...

            sendToNextStep();
        } //end if
        else {
            storeFormData();
            sendToStep("shipment");
        } //end else
0
Comment
Question by:Scott Johnston
  • 5
  • 2
  • 2
  • +1
11 Comments
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 39258091
You haven't really given us much to go on. At face value, it looks like you have some kind of wizard or workflow set up. If a certain set of conditions is met, then you advance the user to the next page of the workflow; if not, you send them to the "shipment" step.
0
 

Author Comment

by:Scott Johnston
ID: 39258094
That Iunderstand, I not sure what a STEP is in PHP.
I can give you a look at the entire coding if it will help?
0
 

Author Comment

by:Scott Johnston
ID: 39258099
Here is copy of the PHP program, I am trying to find out how it retrieve data from our shipping database in MYSQL.  It seems that it pull from specific tables and then build the shipping form onour webiste.  Currently I only have 2 options for shipping but our system will allow for more...Can you help to interpet the code?
I like to see how or what table in MYSQL data base it is using to build the shipping data from?
checkout.php
0
 
LVL 75

Assisted Solution

by:käµfm³d 👽
käµfm³d   👽 earned 167 total points
ID: 39258125
"Step" isn't a PHP thing. You have a process, and that process consists of steps. Your particular process is a checkout for an e-commerce page/site. I'd hazard a guess that you've bought something online before. What did you have to do in order to get that wonderful thing at your front door? You had to pick the item you wanted, add it to your cart, proceed to checkout, enter your billing information, enter your shipping information, confirm your payment, etc., etc. Those are all steps. Your PHP is intended to do the same thing--provide a series of steps to guide the user through the journey of purchasing something.

I think your shipping stuff is here in lines 6961 - 6970:

if($shipViaCode == "_NORATE")
        $shipDescription = "Order is on hold for shipping arrangements.";
    else {
        $cnx->execute("SELECT Description FROM ".$cnx->StoreDB.".FedExCodes WHERE ".
            "Code = '".$cnx->adjust($shipViaCode)."'");
        if($cnx->AffectedRows == 1) {
            $result = $cnx->getResults(1);
            $shipDescription = trim($result['Description']);
        } //end if
    } //end if

Open in new window


Also, you have a couple of lines like this:

 $cnx->execute("SELECT AES_DECRYPT(Password,'itpass') as 'DecPass' FROM ".
                            $cnx->StoreDB.".ITCustomerLogin WHERE ".
                            "Division = '".$cnx->adjust($account->Division)."' AND ".
                            "CustomerNumber = '".$cnx->adjust($account->CustomerNumber)."' LIMIT 1");

Open in new window


The use of AES_DECRYPT causes me to think that you are storing passwords using two-way encryption rather than a one-way hash. I'm sure I lost you there, but what I mean is that it seems as though your application can decrypt passwords stored on the database. This is bad. If someone were to compromise your server, it would be very easy for them to decrypt every users' password in your database. I'm sure you've heard the statistics that discuss how often reuse passwords across multiple sites/systems. Do your users a favor:  Hire someone professional to rework that bit of code and hash your users' passwords.

P.S.

If all that code is in one file, I hope you fired that guy!!!  That's a horrible piece of code to have to maintain  : (
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 166 total points
ID: 39258143
What kaufmed said.  This is a technically incompetent piece of programming and it screams out to be refactored, as does any script that is 8,000+ lines long.  Your choices are really twofold.  You can hire someone to help make sense of this mess or you can spend a couple of years learning enough about PHP and design patterns to do the work yourself.  If you decide to go with the latter approach, the learning resources in this article may help you get into PHP faster.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 83

Expert Comment

by:Dave Baldwin
ID: 39258185
I have to agree with Ray and kaufmed.  And you can't hire me to change it.  Well maybe.  $2 per line...?  No, $5 per line.
0
 

Author Comment

by:Scott Johnston
ID: 39260000
Guys your comments are appreciated and I would agree.  In fact our Web developer is no lofger here and we (I) have to rtry and make sense of this mess.  (We are working up a new qwebsite using WordPress).
Kaufmed, thank your for pointing out the coding about the shiping description, what I am trying to understand in this code is how it decieds which shipping codes to pull and display on our web site.
The coding you listed above will extract the description for the code, but how did this code deciede which shipping description will be used?
Can you help?

PS the programmer who developed this code is no longer with us.  Thanks for pointing out his coding problems.
0
 

Author Comment

by:Scott Johnston
ID: 39260183
"Code = '".$cnx->adjust($shipViaCode)."'");

What is this line of coding doing?
My database has 10 different shipping methods available but when i process a test order I only see 2 options for shipping.  Maybe this is not the right file?
I only see option for shipping for:
FEDEXHOME
or
FEDSTD1DAY

We have other codes like FEDEXSTDPRIORITY, FEDEX2DAY, FEDEX3DAY.....

but nothing seems to control what is sent to the web site.

The url is /.......com/checkout.php?proc=shipment

Am I working with the correct file?
0
 
LVL 83

Accepted Solution

by:
Dave Baldwin earned 167 total points
ID: 39260284
"Code = '".$cnx->adjust($shipViaCode)."'");

This statement is putting data in a string for use by javascript and it is pulling it from a class using an index in the variable $shipViaCode.  To understand what is going on you have to research the $cnx class to see what it is doing and see what is assigned to $shipViaCode and then figure out what the javascript that uses this info does on the page.
0
 

Author Closing Comment

by:Scott Johnston
ID: 39260374
very good information from everybody.
THANK YOU
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39261305
Thanks for the points and best of luck with it!! ~Ray
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to count occurrences of each item in an array.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now