Page 1 of 3 123 LastLast
Results 1 to 10 of 26
  1. #1
    Join Date
    Apr 2008
    Posts
    31
    Plugin Contributions
    0

    Default My idea for accessing zen cart sessions outside of zen...

    Hi

    I know allot of people have been asking how to mainly access $_SESSION['customer_id'] from outside zen cart.

    I also have posted a few times asking until it dawned on me, perhaps i could use SOAP to get the session data i need. I finally got the system working and would like to share my code with you guys and perhaps get some feedback??

    Ok first off we need to download "NuSOAP" and extract the files into the following folder structure:

    ZEN_CART_ROOT/nusoap/lib/FILES_HERE

    Create the following file:

    ZEN_CAR_ROOT/session_get.php

    Within session_get.php the following code:

    Code:
    <?php
    // Include application top
    include_once ( "includes/application_top.php" );
    
    
    function get_session( $var ){
    
    	return ( settype ( $_SESSION['customer_id'], "string" ) );
    }
    
    // Load up nusoap library
    require_once('nusoap/lib/nusoap.php');
    
    // Create soap object
    $Soap_Obj = new soap_server();
    
    // COnfigure WSDL
    $Soap_Obj->configureWSDL ( "session_get", "urn:session_get" );
    
    // Register callback function
    $Soap_Obj->register('get_session',
    		array ( "var" => 'xsd:string'),
    		array ( "return" => 'xsd:string'),
    		'urn:session_get',
    		'urn:session_get#get_session',
    		'rpc',
    		'encoded',
    		'Returns Zen Cart Session Var'
    	
    		);
    
    // Wait for response
    $Soap_Obj->service($HTTP_RAW_POST_DATA);
    
    
    ?>
    Now from the script you want to get the data to , for example the "customer_id" you use the following code:

    Code:
    <?php
    // Load up nu_soap
    require_once('ZEN_CART_ROOT/nusoap/lib/nusoap.php');
    
    
    //now we must create a soapclient object
    $soapclient = new nusoap_client('http://YOURDOMAIN.COM/ZEN_CART_ROOT/session_get.php?wsdl',true);
    
    // Call get session variable function from server
    $result = $soapclient->call ( "get_session", array ( "var" => "customer_id" ) );
    
    
    if ( $client->fault ) {
    
    	echo "<h2>Fault</h2><pre>";
    	print_r ( $result );
    	echo "</pre>";
    
    } else {
    	// trap error
    	$err = $soapclient->getError();
    
    	if ( $err ) {
    
    		echo "<h2>Error</h2><pre>" . $err . "</pre>";
    		print_r ( $result );
    		echo "</pre>";
    
    	} else {
    
    		echo "<h2>Result</h2><pre>";
    		echo $result;
    		echo "</pre>";
    		
    	}
    
    }	
    ?>
    This piece of code is where we choose what variables to return:

    Code:
    // Call get session variable function from server
    $result = $soapclient->call ( "get_session", array ( "var" => "customer_id" ) );
    Hope this helps people!

  2. #2
    Join Date
    Apr 2008
    Posts
    31
    Plugin Contributions
    0

    Default Re: Anyone wanting to access zen cart sessions outside of zen...i have a solution!

    This has a small bug im trying to fix right now

  3. #3
    Join Date
    Apr 2008
    Posts
    31
    Plugin Contributions
    0

    Default Re: Anyone wanting to access zen cart sessions outside of zen...i have a solution!

    Iv just realised that with SOAP you cannot handle SESSIONS without actually changing a bunch of code on zen carts login and session handling code.

    The best way iv found is write a small php script like this

    Code:
    <?php
    
    // Include application top
    include_once ( "includes/application_top.php" );
    
    // Get the var we want
    $var = $_GET['var'];
    
    echo $_SESSION[$var];
    
    ?>
    Place it in the zen cart root folder.

    Then send over the variable you want using AJAX like this:

    URL = ZEN_CART_ROOT/script_to_get_session.php?var=customer_id

    This will then return the current logged in customer id to your javascript

  4. #4
    Join Date
    Jan 2004
    Posts
    66,407
    Blog Entries
    7
    Plugin Contributions
    81

    Default Re: Anyone wanting to access zen cart sessions outside of zen...i have a solution!

    I hope you're planning to do a complete security audit of your custom code at some point, to close all the holes that creates ...
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  5. #5
    Join Date
    Apr 2008
    Posts
    31
    Plugin Contributions
    0

    Default Re: My idea for accessing zen cart sessions outside of zen...

    hi

    can you point out security holes that you notice already and ill fix them up

  6. #6
    Join Date
    Apr 2008
    Posts
    31
    Plugin Contributions
    0

    Default Re: My idea for accessing zen cart sessions outside of zen...

    in fact i think i may have an idea to use the SOAP client and server with a new database table and the zen cart $_COOKIE['zenid']

    If I modify the login of zen cart i#to insert info into a custom db table such as session_id, session and timeout i can actually pass the zen sesison id to the soap server and check the database for a) that session id exists b) that session hasnt timed out. If the timeout is set the same as the zen cart one it should work ok

    also edit the logout routine to delete the session info from the custom table.

    any ideas on this?

  7. #7
    Join Date
    May 2008
    Posts
    19
    Plugin Contributions
    0

    Default Re: My idea for accessing zen cart sessions outside of zen...

    glenelkins...

    Please don't take this as being antagonistic (I know people over here LOVE to threadcrap just so they can get a dig at someone thinking outside the box), but what will you be using this information for? I'm sure it's far beyond my own needs, but I'm always interested to see what others are doing.

  8. #8
    Join Date
    Jan 2004
    Posts
    66,407
    Blog Entries
    7
    Plugin Contributions
    81

    Default Re: My idea for accessing zen cart sessions outside of zen...

    Quote Originally Posted by glenelkins View Post
    hi

    can you point out security holes that you notice already and ill fix them up
    My point was ... Calling something like /script_to_get_session.php?var=whatever to get the contents of ANY session var without validating who/what is making that request could easily disclose information that has no business being shared outside.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  9. #9
    Join Date
    Apr 2008
    Posts
    31
    Plugin Contributions
    0

    Default Re: My idea for accessing zen cart sessions outside of zen...

    A Hot Mess... I cannot really tell you what this is used for its a confidential piece of work im doing ....at work lol. I work for a media company as a web developer and basically have been looking for a way to link Textpattern to Zen Carts login

    I know allot of people have been trying to share session information outside zen cart. And iv been working to find a solution, the two main ways forward i see is AJAX or SOAP... the SOAP will be the best method if i can pass the session ID over!

    DrByte...the vailidation is done on the textpattern side in this case!

  10. #10
    Join Date
    Apr 2008
    Posts
    31
    Plugin Contributions
    0

    Default Re: My idea for accessing zen cart sessions outside of zen...

    The main thing is i cannot understand what zen cart does to stop session working outside of itself. Iv looked over the code and appart from a load of checks it does the sessions work just like any normal program..... and nobody seems to know why it does this.

    Iv even tried loading up the same session name and ID in external applications, it still wont work. Pain in the ######!


    Heres a question, how does Zen Cart actually control which pages are restricted access? There may be an option to completely re-do their silly login ( i say silly, its silly from a dev point of view, its not very versitile considering its open source )

 

 
Page 1 of 3 123 LastLast

Similar Threads

  1. Using zen cart sessions outside of zen cart
    By rasher in forum General Questions
    Replies: 0
    Last Post: 29 Jul 2009, 08:22 PM
  2. A pretty weird problem while accessing session outside of zen
    By yellow1912 in forum Contribution-Writing Guidelines
    Replies: 2
    Last Post: 1 Jul 2009, 02:44 AM
  3. Use Zen Variables outside Zen Cart
    By renkforce in forum General Questions
    Replies: 0
    Last Post: 4 Mar 2009, 07:12 PM
  4. Zen Cart Idea/Question
    By SOCiETi in forum General Questions
    Replies: 0
    Last Post: 28 Aug 2007, 07:56 PM
  5. Replies: 4
    Last Post: 30 Oct 2006, 12:59 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg
Zen-Cart, Internet Selling Services, Klamath Falls, OR