Password protected pages?

[dbltoe]

@Morrie
You wouldn't want to password protect the cart. Just set the cart so that users have to log in and be certified to shop.

[morrie14]

Yeah, I have the same situation..

My thought was just to add my accesscontrol.php include that I use for my 'members only' portal (which requires login for access) to the index.php of my zencart shop, which appears to work, but doesn't, for some reason. Maybe there is a proper place to stick such a script-include in the zen cart code?

My approach used php sessions to check for login, if not, access denied, please apply for credentials. If anyone knows how to get that to work, thenwe have a solution. (my assumption is that they are already logged in as a member in order to view the zen shop, no direct URL access is allowed).

Here is my (it's not mine, it came from Sitepoint's Kevin Yank) login code (it would be so nice to somehow marry this with the (superior) zencart user login module.

PHP Code:

<?php // accesscontrol.php
session_start();
include_once 'error-handler.php';
include_once 'db_connect.php';

$uid = isset($_POST['uid']) ? $_POST['uid'] : $_SESSION['uid'];
$pwd = isset($_POST['pwd']) ? $_POST['pwd'] : $_SESSION['pwd'];
$usertype = isset($_POST['usertype']) ? $_POST['usertype'] : $_SESSION['usertype'];
if(!isset($uid)) {
  ?>
  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title> Please Log In for Access </title>
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
  <body>
  <h1> Login Required </h1>
  <p>You must log in to access this area of the site. If you are
     not a registered user, <a href="signup.php">click here</a>
     to sign up for instant access!</p>
  <p><form method="post" action="<?=$_SERVER['PHP_SELF']?>">
    User ID: <input type="text" name="uid" size="8" /><br />
    Password: <input type="password" name="pwd" SIZE="8" /><br />
    <input type="submit" value="Log in" />
  </form></p>
  </body>
  </html>
  <?php
  exit;
}
$_SESSION['uid'] = $uid;
$_SESSION['pwd'] = $pwd;
dbConnect("members");
$sql = "SELECT usertype,userid,password,fullname FROM user WHERE userid = '$uid' AND password = '$pwd'";
$result = mysql_query($sql);
if (!$result) {
    error('A database error occurred while checking your '.
        'login details.\\nIf this error persists, please '.
        'contact webmaster.');
}
if (mysql_num_rows($result) == 0) {
  unset($_SESSION['uid']);
  unset($_SESSION['pwd']);
  ?>
  <!DOCTYPE html PUBLIC "-//W3C/DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  <html xmlns="http://www.w3.org/1999/xhtml">
  <head>
    <title> Access Denied </title>
    <meta http-equiv="Content-Type"
      content="text/html; charset=iso-8859-1" />
  </head>
  <body>
  <h1> Access Denied </h1>
  <p>Your user ID or password is incorrect, or you are not a
     registered user on this site. To try logging in again, click
     <a href="<?=$_SERVER['PHP_SELF']?>">here</a>. To register for instant
     access, click <a href="signup.php">here</a>.</p>
  </body>
  </html>
<?php
exit;
}
$username = mysql_result($result,0,'fullname');
$usertype = mysql_result($result,0,'usertype');
?>

If you make this into a .php file and include it in your index.php file of your zencart, you can see that it *almost* works.
For what it 's worth...Maybe someone knows why it doesn't? I think it's at least a solution (might not be the best one).

[Vger]

Just set the cart so that users have to log in and be certified to shop.

Which is one of the standard features of Zen Cart (already built in).

If you password protected the whole shop folder then:

1. No search engine listings - at all.
2. If any payment processor tries to post back data to your website it won't get through.

Vger