Shopping Cart menu as a sidebox outside Zen-Cart -security

[fl33140]

I have used the 'Show SideBox on External Page, ' solution from DrByte's post to show the shopping cart and log in menu on my main directory a level above where ZC is installed. Will this cause any security issues??, I am not sure if this will work with SSL?

[kobra]

I think that this will function correctly as selecting login will move you to the ZC side of things. This assumes that your Certificate is issued to your_site.com and not your_site.com/store

[fl33140]

Thanks for the reply. Good point to remember, I will check with my hosting company, I assume they would issue the certificate to my root domain. The sidebox file I created is basically a piece of code from tpl_main_page, navMain section. I had a related question about sideboxes on external pages, when the system is down for maintenance, the file that calls the sidebox doesn't go past require(application_top), is there a way to check for "down for maintenance" , to test before arriving at the require statement above? Thanks again!

[kobra]

Have you tried this?

To my recollection., application top is called for all cart pages to load

[fl33140]

The external sidebox works just fine. When ZC is down_for_maintenance, on my main site (a level above ZC) the external sidebox section simply is not get written out, here is how it looks:

PHP Code:

<?php 
/** 
 * Load common library stuff  
 */

   require('includes/application_top.php');
   $language_page_directory = DIR_WS_LANGUAGES . $_SESSION['language'] . '/'; 
?>

<?php
if (!isset($flag_disable_header) || !$flag_disable_header)  { ?>
<div id="navMainWrapper">
<div id="navMain">
    <ul class="back">
    <!--<li><?php echo '<a href="' . HTTP_SERVER . DIR_WS_CATALOG . '">'; ?><?php echo HEADER_TITLE_CATALOG; ?></a></li>-->
<?php if ($_SESSION['customer_id']) { ?>
    <li><a href="<?php echo zen_href_link(FILENAME_LOGOFF, '', 'SSL'); ?>"><?php echo HEADER_TITLE_LOGOFF; ?></a></li>
    <li><a href="<?php echo zen_href_link(FILENAME_ACCOUNT, '', 'SSL'); ?>"><?php echo HEADER_TITLE_MY_ACCOUNT; ?></a></li>
<?php
      } else {
        if (STORE_STATUS == '0') {
?>
    <li><a href="<?php echo zen_href_link(FILENAME_LOGIN, '', 'SSL'); ?>"><?php echo HEADER_TITLE_LOGIN; ?></a></li>
<?php } } ?>

<?php if ($_SESSION['cart']->count_contents() != 0) { ?>
    <li><a href="<?php echo zen_href_link(FILENAME_SHOPPING_CART, '', 'NONSSL'); ?>"><?php echo HEADER_TITLE_CART_CONTENTS; ?></a></li>
    <li><a href="<?php echo zen_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'); ?>"><?php echo HEADER_TITLE_CHECKOUT; ?></a></li>
<?php }?>
</ul>
</div>
<div id="navMainSearch"><?php require(DIR_WS_MODULES . 'sideboxes/search_header.php'); ?></div>
<br class="clearBoth" />
</div>

<?php }
/** 
 * Load general code which runs before page closes 
 */ 
  
 require(DIR_WS_INCLUDES . 'application_bottom.php'); 
?>

[DrByte]

I'm not sure I'm understanding fully.

If it *is* down for maintenance, what do you want to happen ?

Normally, if it's down for maint, then you probably don't want it displaying any Zen Cart content.

If you wish to manually detect whether the site is down for maintenance, you'll need to let it launch application_top and then read the value of the DOWN_FOR_MAINTENANCE constant.

If you're trying to control display of the Zen Cart content via this external sidebox code, then you'll need to call the code, and let the code control the output, rather than wrapping the code inside output that you wouldn't want if the site is down for maintenance.

How often do you take your site down for maintenance anyway?

[babygekko]

Hmm... Interesting. I tried doing the same like fl33140 but my Joomla/Zencart is not showing the cart content. Any hint?

Directory:
/html --> Joomla
/catalog --> Zencart

So what I did was from the Joomla side, I just wrote:

PHP Code:

<?php include "http://myserver.com/catalog/single_sidebox.php" ?>

But it wasn't showing the shopping cart. If it was another module - ie: category sidebox, it will show. Just the shopping cart that's not showing .... :-(

Can you help?

PHP Code:

<?php
/**
 * single_sidebox.php used to display a Zen Cart sidebox on some external resource
 *
 * @package general
 * @copyright Copyright 2003-2006 Zen Cart Development Team
 * @copyright Portions Copyright 2003 osCommerce
 * @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
 * @version $Id: single_sidebox.php based on index.php 2942 2006-02-02 04:41:23Z drbyte $
 */
/**
 * Load common library stuff 
 */
  require('includes/application_top.php');


 
 /**
  *   PLEASE ENTER THE NAME OF THE SIDEBOX YOU WANT TO CALL HERE:
  */
$sidebox_name = 'shopping_cart.php';

//which sidebox template to use:
$column_box_default='tpl_box_default_left.php';
$column_width = BOX_WIDTH_LEFT;


/**
 * Load required functions and processing to generate the sidebox:
 */
  $language_page_directory = DIR_WS_LANGUAGES . $_SESSION['language'] . '/';
  $box_id = zen_get_box_id($sidebox_name);

  if ( file_exists(DIR_WS_MODULES . 'sideboxes/' . $template_dir . '/' . $sidebox_name) ) {
    require(DIR_WS_MODULES . 'sideboxes/' . $template_dir . '/' . $sidebox_name);
  } else {
    require(DIR_WS_MODULES . 'sideboxes/' . $sidebox_name);
  }

/**
 * Load general code which runs before page closes
 */
  require(DIR_WS_INCLUDES . 'application_bottom.php'); 

?>

[fl33140]

DrByte, to be honest, I don't think that my site will be down too often. I want to back up the database daily, I don't know the recommended backup procedure and how to automate backup. I am assuming for a clean backup nobody should be in the middle of a transaction, so I need to down the site for maintenance.

Since I expect people from all time zones, I want to inform them right from the homepage that the store area is under maintenance, so they don't wonder where the 'log in' link on the top of the page went. With all the things that goes on the web anything that makes the visitors feel secure is helpful.

I tried your suggestion as follows, but when the site is down there is no output to my homepage from this code:

PHP Code:

   require('includes/application_top.php');
   $language_page_directory = DIR_WS_LANGUAGES . $_SESSION['language'] . '/'; 
   if (DOWN_FOR_MAINTENANCE) { echo '<div id="navMainWrapper"><div id="navMain"><h1>Store Area is under Maintenance</h1></div></div>'; exit; } 


Thanks!

[DrByte]

Let's try something radically outside the box ...

1. create a new file named /includes/local/configureDFM.php
put the following in it:

Code:

<?php define('DOWN_FOR_MAINTENANCE', 'true');

2. Tell your automated backup script to rename the configureDFM.php file to 'configure.php'

This will cause:
a. The store to be down for maintenance; and
b. The existence of a site-wide readable flag that can be used to trigger other things.

Now ....

3. Modify your non-ZC pages to simply check for the existence of a file named /includes/local/configure.php and if so, treat it as though the site is down for maintenance ... without having to run the external sidebox code at all.

You could add a further check by reading the file and checking whether the down-for-maintenance line is contained in it or not ... just in case you (very unlikely) use the file for something else.

[kobra]

To chime in here:

This is an issue that has been a sticking point for others also....backing up - but insuring that someone is not in mid transaction when you do it or take site down for maintenance.

You can write a cron.php file that is called by the cron you would setup for this and checks for sessions active (a truly busy site might never have no sessions active owing to the life of the session), with an if else that if a session is live then re-check every minute else place site on maint mode run backup and bring the site back online. Over simplified explanation but should get the idea across.