My client wanted to be able to deliver pdf reports to customer registered in ZC, so I created an admin screen that allows them to upload the documents to the server and associate them with an account. This is all working great. Problem is, the customer wants the files to be confidential, so I cooked up a simple script to read the files from a publicly inaccessible folder. It works nicely, except that I need for this scrip to be able to read $_SESSION['customer_id'] from the session variables so that I can do a quick check in the database that the requested report belongs to the customer. I don't want to pass the session value by $_GET as a link parameter so that links can't be forged - I want this script to read the value right out of the session. This will also prevent non-logged in users from getting anywhere.
So, after that long description, how can I get access to the Zen session? I have been able to get the query factory object by including config.php, init_database.php and class.base.php. Can I include something else to initiate the zen cart session?
Thanks,
Frank
Bookmarks