Check external session before store loads

[DrByte]

There are lots more questions beyond those, that still need consideration. This whole issue is way larger than those few small things, and there's far too little detail about what you're ultimately trying to do here for me to give any answers suitable for use on a live site.

[urgentprog]

There are lots more questions beyond those, that still need consideration. This whole issue is way larger than those few small things, and there's far too little detail about what you're ultimately trying to do here for me to give any answers suitable for use on a live site.

I want to limit zencart access to only users currently logged into kohana. I am using zencart 1.3.9 and php 5.2.10.

Could you please tell me what are the larger issues you see?

[urgentprog]

There are lots more questions beyond those, that still need consideration. This whole issue is way larger than those few small things, and there's far too little detail about what you're ultimately trying to do here for me to give any answers suitable for use on a live site.

Could you please suggest resources on what else would need access to zen cart which could be blocked?

[DrByte]

What exactly are you trying to accomplish here? Why are you talking about cron jobs and authorize.net and curl and fopen and file_get_contents from outside Zen Cart?
When you start talking about triggering payment systems from code running outside the store's code base, you raise zillions of security flags, and so on.

Without having a solid understanding of what you're wanting to end up with, more specifically the bigger picture of the business issues you're trying to solve here and the detailed list of end-results you're targeting, I've very reluctant to send you off with technical information that could result in you creating security problems on your site.

And, is this *your* site? Or merely some site you've been contracted to do some custom work for?

[urgentprog]

What exactly are you trying to accomplish here? Why are you talking about cron jobs and authorize.net and curl and fopen and file_get_contents from outside Zen Cart?
When you start talking about triggering payment systems from code running outside the store's code base, you raise zillions of security flags, and so on.

Without having a solid understanding of what you're wanting to end up with, more specifically the bigger picture of the business issues you're trying to solve here and the detailed list of end-results you're targeting, I've very reluctant to send you off with technical information that could result in you creating security problems on your site.

And, is this *your* site? Or merely some site you've been contracted to do some custom work for?

It is for a contract. The client required an extensive list of zen cart modules to use with an existing script.

The curl, fopen and file_get_contents was in reference to checking a kohana script on the same server but external to zencart, and allowing access to zen cart only if the user is logged into kohana. I am looking at setting an AES token in a cookie and a mysql record for each kohana request and checking it before each zen cart request to avoid interfering with the zen cart session.

For cron, I am using this cim module for recurring payments.

http://www.zen-cart.com/forum/showthread.php?t=112719

I am allowing access to it only by command line by checking php_sapi_name() and a php token variable defined in the kohana script set only if the conditions for a recurring payment exists.

[DrByte]

... and a mysql record for each kohana request and checking it before each zen cart request to avoid interfering with the zen cart session.

I suspect that's probably the most appropriate approach. Use the database as the determiner, and write code on both ends to set/check the database for validation both ways.