Tweet
nabend zusammen!
und zwar wollt ich euch mal fragen, ob's probleme geben könnte, eine userid mit md5() zu realisieren? die beim eingeloggt sein, zudem noch als cookie gespeichert wird?
und zwar geht's um phorSale, ein open source shop in php, der wohl damit probleme zu haben scheint und obige methode zur erzeugung einer uniqid verwendet. und zwar kann's passieren, das beim registriervorgang die daten eines bereits bestehenden users angezeigt werden (cookieprobleme können in diesem fall ausgeschlossen werden, da das problem bei usern mit unabhängigen rechnern auftaucht). hier der code, der datei common/shopper.functions.inc.php von phorSale, die das regelt:
und zwar wollt ich euch mal fragen, ob's probleme geben könnte, eine userid mit md5() zu realisieren? die beim eingeloggt sein, zudem noch als cookie gespeichert wird?
und zwar geht's um phorSale, ein open source shop in php, der wohl damit probleme zu haben scheint und obige methode zur erzeugung einer uniqid verwendet. und zwar kann's passieren, das beim registriervorgang die daten eines bereits bestehenden users angezeigt werden (cookieprobleme können in diesem fall ausgeschlossen werden, da das problem bei usern mit unabhängigen rechnern auftaucht). hier der code, der datei common/shopper.functions.inc.php von phorSale, die das regelt:
PHP-Code:
<?
/*
* phorSale - An eCommerce application for PHP and mySQL.
* Copyright (C) 2001 Michael Kmiec <mike@shifter.org>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
/*****
* This file includes a variety of shared shopper management functions.
*****/
// *****
// Generate unique shopper ID
function generateUniqueID()
{
$mikiDora = md5 ( uniqid( rand(),true ) );
return $mikiDora;
}
// *****
// Check to see if the user has a shopper ID cookie
function checkShopperID()
{
global $OS;
$retStr = "";
if( strlen( $eCommID ) <= 0 )
{
$theID = generateUniqueID();
setcookie ("eCommID", $theID, time() + 31536000 );
$retStr = $theID;
}
else
{
$retStr = $eCommID;
}
return $retStr;
}
// *****
// Check to see if this shopperID exists in the database
function shopperExists( $theShopper )
{
global $dbServer, $dbUser, $dbPassword, $dbDatabase;
global $shopperTable;
$retval = false;
// try to get shopper info from database
if ( ( $dbh = mysql_connect( $dbServer, $dbUser, $dbPassword )) > 0 )
{
$sql_query = "SELECT shopper_id FROM $shopperTable WHERE shopper_id = '$theShopper'";
$res = mysql_db_query($dbDatabase, $sql_query, $dbh);
$dbh = mysql_close();
}
if ( ( $res ) && ( mysql_num_rows( $res ) == 1 ) )
$retval = true;
return $retval;
}
// *****
// Get the shopper information out of the database
function getShopper( $theID )
{
global $dbServer, $dbUser, $dbPassword, $dbDatabase;
global $shopperTable;
if ( ( $dbh = mysql_connect( $dbServer, $dbUser, $dbPassword )) > 0 )
{
$sql_query = "SELECT
shopper_id AS id,
shopper_email AS email,
shopper_send_email AS opt_in,
shopper_ship_name AS sname,
shopper_ship_company AS scompany,
shopper_ship_phone AS sphone,
shopper_ship_fax AS sfax,
shopper_ship_addr_1 AS saddr_1,
shopper_ship_addr_2 AS saddr_2,
shopper_ship_city AS scity,
shopper_ship_state AS sstate,
shopper_ship_postal_code AS spostal_code,
shopper_ship_country AS scountry,
shopper_bill_name AS bname,
shopper_bill_company AS bcompany,
shopper_bill_phone AS bphone,
shopper_bill_fax AS bfax,
shopper_bill_addr_1 AS baddr_1,
shopper_bill_addr_2 AS baddr_2,
shopper_bill_city AS bcity,
shopper_bill_state AS bstate,
shopper_bill_postal_code AS bpostal_code,
shopper_bill_country AS bcountry
FROM
$shopperTable
WHERE
shopper_id = '$theID'";
//echo $sql_query;
//exit;
$res = mysql_db_query( $dbDatabase, $sql_query, $dbh );
$dbh = mysql_close();
}
if ( mysql_num_rows( $res ) == 0 )
return array();
else
{
// return the information from the database
// -----> NOTE: The following will not work if the version of PHP is less than 4.0.3. If this
// -----> is the case, use mysql_fetch_array( $res ) instead.
$shopper = mysql_fetch_assoc( $res );
return $shopper;
}
}
// *****
// When included elsewhere, automatically check for (and set) a local variable for use.
// NOTE: The include() must come before any headers or HTML sent to the client.
if ( !isSet( $eCommID ) )
$shopperID = checkShopperID();
else
{
if ( isSet( $neweCommID ) )
{
// echo $neweCommID." vorher - ";
setcookie ("eCommID", "", time() - 3600 );
setcookie ("eCommID", $neweCommID, time() + 31536000 );
// echo "nachher - ".$neweCommID;
$shopperID = $neweCommID;
}
else{
$shopperID = $eCommID;
// echo ">> ".$neweCommID;
}
}
?>
Kommentar