Solved

PHP program - Question

Posted on 2013-06-18
11
302 Views
Last Modified: 2013-06-19
Our web developer left and I am trying to make out some coding.  I am not very familar with PHP but understand someo f it.

There is codding used in our program that is something like this:

SendtoStep
or SendtoNextStep

See example...

            sendToNextStep();
        } //end if
        else {
            storeFormData();
            sendToStep("shipment");
        } //end else
0
Comment
Question by:Scott Johnston
  • 5
  • 2
  • 2
  • +1
11 Comments
 
LVL 74

Expert Comment

by:käµfm³d 👽
ID: 39258091
You haven't really given us much to go on. At face value, it looks like you have some kind of wizard or workflow set up. If a certain set of conditions is met, then you advance the user to the next page of the workflow; if not, you send them to the "shipment" step.
0
 

Author Comment

by:Scott Johnston
ID: 39258094
That Iunderstand, I not sure what a STEP is in PHP.
I can give you a look at the entire coding if it will help?
0
 

Author Comment

by:Scott Johnston
ID: 39258099
Here is copy of the PHP program, I am trying to find out how it retrieve data from our shipping database in MYSQL.  It seems that it pull from specific tables and then build the shipping form onour webiste.  Currently I only have 2 options for shipping but our system will allow for more...Can you help to interpet the code?
I like to see how or what table in MYSQL data base it is using to build the shipping data from?
checkout.php
0
 
LVL 74

Assisted Solution

by:käµfm³d 👽
käµfm³d   👽 earned 167 total points
ID: 39258125
"Step" isn't a PHP thing. You have a process, and that process consists of steps. Your particular process is a checkout for an e-commerce page/site. I'd hazard a guess that you've bought something online before. What did you have to do in order to get that wonderful thing at your front door? You had to pick the item you wanted, add it to your cart, proceed to checkout, enter your billing information, enter your shipping information, confirm your payment, etc., etc. Those are all steps. Your PHP is intended to do the same thing--provide a series of steps to guide the user through the journey of purchasing something.

I think your shipping stuff is here in lines 6961 - 6970:

if($shipViaCode == "_NORATE")
        $shipDescription = "Order is on hold for shipping arrangements.";
    else {
        $cnx->execute("SELECT Description FROM ".$cnx->StoreDB.".FedExCodes WHERE ".
            "Code = '".$cnx->adjust($shipViaCode)."'");
        if($cnx->AffectedRows == 1) {
            $result = $cnx->getResults(1);
            $shipDescription = trim($result['Description']);
        } //end if
    } //end if

Open in new window


Also, you have a couple of lines like this:

 $cnx->execute("SELECT AES_DECRYPT(Password,'itpass') as 'DecPass' FROM ".
                            $cnx->StoreDB.".ITCustomerLogin WHERE ".
                            "Division = '".$cnx->adjust($account->Division)."' AND ".
                            "CustomerNumber = '".$cnx->adjust($account->CustomerNumber)."' LIMIT 1");

Open in new window


The use of AES_DECRYPT causes me to think that you are storing passwords using two-way encryption rather than a one-way hash. I'm sure I lost you there, but what I mean is that it seems as though your application can decrypt passwords stored on the database. This is bad. If someone were to compromise your server, it would be very easy for them to decrypt every users' password in your database. I'm sure you've heard the statistics that discuss how often reuse passwords across multiple sites/systems. Do your users a favor:  Hire someone professional to rework that bit of code and hash your users' passwords.

P.S.

If all that code is in one file, I hope you fired that guy!!!  That's a horrible piece of code to have to maintain  : (
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 166 total points
ID: 39258143
What kaufmed said.  This is a technically incompetent piece of programming and it screams out to be refactored, as does any script that is 8,000+ lines long.  Your choices are really twofold.  You can hire someone to help make sense of this mess or you can spend a couple of years learning enough about PHP and design patterns to do the work yourself.  If you decide to go with the latter approach, the learning resources in this article may help you get into PHP faster.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11769-And-by-the-way-I-am-new-to-PHP.html
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 39258185
I have to agree with Ray and kaufmed.  And you can't hire me to change it.  Well maybe.  $2 per line...?  No, $5 per line.
0
 

Author Comment

by:Scott Johnston
ID: 39260000
Guys your comments are appreciated and I would agree.  In fact our Web developer is no lofger here and we (I) have to rtry and make sense of this mess.  (We are working up a new qwebsite using WordPress).
Kaufmed, thank your for pointing out the coding about the shiping description, what I am trying to understand in this code is how it decieds which shipping codes to pull and display on our web site.
The coding you listed above will extract the description for the code, but how did this code deciede which shipping description will be used?
Can you help?

PS the programmer who developed this code is no longer with us.  Thanks for pointing out his coding problems.
0
 

Author Comment

by:Scott Johnston
ID: 39260183
"Code = '".$cnx->adjust($shipViaCode)."'");

What is this line of coding doing?
My database has 10 different shipping methods available but when i process a test order I only see 2 options for shipping.  Maybe this is not the right file?
I only see option for shipping for:
FEDEXHOME
or
FEDSTD1DAY

We have other codes like FEDEXSTDPRIORITY, FEDEX2DAY, FEDEX3DAY.....

but nothing seems to control what is sent to the web site.

The url is /.......com/checkout.php?proc=shipment

Am I working with the correct file?
0
 
LVL 82

Accepted Solution

by:
Dave Baldwin earned 167 total points
ID: 39260284
"Code = '".$cnx->adjust($shipViaCode)."'");

This statement is putting data in a string for use by javascript and it is pulling it from a class using an index in the variable $shipViaCode.  To understand what is going on you have to research the $cnx class to see what it is doing and see what is assigned to $shipViaCode and then figure out what the javascript that uses this info does on the page.
0
 

Author Closing Comment

by:Scott Johnston
ID: 39260374
very good information from everybody.
THANK YOU
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39261305
Thanks for the points and best of luck with it!! ~Ray
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now