Re: [PHP] cookies and carts
Allen McCabe schreef:
I have a shopping cart type system set up which keeps track of the cart
contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is
equal to the quantity, so the name/value pair is all the information I need.
But sessions are unreliable on the free server I am currently using for this
website (not my choice), so I had start using cookies because users were
being sporadically logged out, sometimes just on a page refresh.
I want to find a way to set a cookie to remember the cart items as well, and
I thought setting a cookie for each item/quantity pair was the way to go
until I started trying to figure out how to unset all those cookies if the
user empties their cart.
Is there any way to set cookies with an array for the name? Intead of
$_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the
SESSION?
1. use one cookie for this (and other data)
2. DO NOT USE serialize()/unserialize() to pack/extract the data
using unserialize() opens you up to alsorts of potential hacks (IMHO), keep the
data
structure simple and revalidate it's entire contents everytime you read it in
(assuming your article ids are INTs, all the data should be [valid] INTs -
anything
else and the cookie should be deleted).
here is some code to play with: (written directly in my email client, no
garantees is
parses or works as is)
?php
function buildCookieCartStr(array $data)
{
$out = array();
foreach ($data as $artId = $quant)
$out[] = $artId.':'.$quant;
return join('|', $out);
}
function parseCookieCartStr($s)
{
$data = array();
$items = explode('|', $s);
if (!is_array($items))
return killCookieCart();
if (count($items)) foreach ($items as $item) {
$item = explode(':', $item);
if (is_array($item) || count($item) !== 2)
return killCookieCart();
foreach ($item as $v)
if (!$v || ($v != (int)$v))
return killCookieCart();
if (!isValidArtId($item[0]) || ($item[1] 1)
return killCookieCart();
if (isset($data[ $item[0] ]))
return killCookieCart();
$data[ $item[0] ] = $item[1];
}
return $data;
}
function killCookieCart()
{
// TODO: delete cookie
}
function isValidArtId($id)
{
return true; // TODO: valid article id
}
?
you can secure your code further by using the filter extension in combination
with a regexp filter in order to retrieve the cookie data from the request,
here's a regexp that matches only non empty strings with digit, colon and pipe
chars:
#^[\d:\|]+$#
PS - hello again list.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cookies and carts
Allen McCabe wrote:
I have a shopping cart type system set up which keeps track of the cart
contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is
equal to the quantity, so the name/value pair is all the information I need.
But sessions are unreliable on the free server I am currently using for this
website (not my choice), so I had start using cookies because users were
being sporadically logged out, sometimes just on a page refresh.
Have access to a database?
If yes, then run your own session management in the database.
This is what I use.
You don't want to use APC on a multiuser system, but this works without
APC as well.
?php
//require_once(sessions_apc.php);
//$sess = new SessionManager($mdb2);
//session_start();
// from :
// http://www.devshed.com/c/a/PHP/Storing-PHP-Sessions-in-a-Database/
// Rich Smith - 2007-05-02
//
// Modified by mpet...@mac.com to use mdb2 w/ prepared statements
// and attempt to use caching
class SessionManager {
public $sesstable = 'new_sessions';
private $life_time;
private $mdb2;
// CHANGE THE SALT BEFORE USING
private $apcSalt = '2d8lyds45a@0KLybafz';
private $apcMaxLife = 1500; // delete from cache after that many seconds
// even if session still active
function SessionManager($mdb2) {
// constructor function
// Read the maxlifetime setting from PHP
$this-life_time = get_cfg_var(session.gc_maxlifetime);
$this-mdb2 = $mdb2;
// Register this object as the session handler
session_set_save_handler(
array( $this, open ),
array( $this, close ),
array( $this, read ),
array( $this, write),
array( $this, destroy),
array( $this, gc )
);
}
function open($save_path,$session_name) {
global $sess_save_path;
$sess_save_path = $save_path;
// Don't need to do anything. Just return TRUE.
return true;
}
function close() {
return true;
}
function read($id) {
// Set empty result
$data = '';
$myreturn = $this-wrap_fetch($id);
if (! $myreturn) {
// Fetch session data from the selected database
$time = time();
$types = Array('text','integer');
$q = 'SELECT session_data FROM ' . $this-sesstable . ' WHERE
session_id=? AND expires ?';
$sql = $this-mdb2-prepare($q,$types,MDB2_PREPARE_RESULT);
// if(PEAR::isError($sql)) {
// die('Failed to make prepared 58: ' . $sql-getMessage() .
', ' . $sql-getDebugInfo());
// }
$args = Array($id,$time);
$rs = $sql-execute($args);
// if(PEAR::isError($rs)) {
// die('Failed to issue query 63: ' . $rs-getMessage() . ',
' . $rs-getDebugInfo());
// }
if ($rs-numRows() 0) {
$row = $rs-fetchRow(MDB2_FETCHMODE_OBJECT);
$myreturn = $row-session_data;
} else {
$myreturn = '';
}
}
return $myreturn;
}
function write($id,$data) {
// Build query
$time = time() + $this-life_time;
// see if a session exists
$sessTest = wrap_fetch($id);
if (! $sessTest) {
$types = Array('text');
$q = 'SELECT COUNT(session_id) from ' . $this-sesstable . '
WHERE session_id=?';
$sql = $this-mdb2-prepare($q,$types,MDB2_PREPARE_RESULT);
//if (PEAR::isError($sql)) {
// die('Failed to make prepared 86: ' . $sql-getMessage() .
', ' . $sql-getDebugInfo());
// }
$args = Array($id);
$rs = $sql-execute($args);
//if(PEAR::isError($rs)) {
// die('Failed to issue query 91: ' . $rs-getMessage() . ', '
. $rs-getDebugInfo());
// }
$row = $rs-fetchRow(MDB2_FETCHMODE_ORDERED);
$count = $row[0];
} else {
$count = 1;
}
if ($count 0) {
// update the session
$types = Array('text','integer','text');
$q = 'UPDATE ' . $this-sesstable . ' SET session_data=?,
expires=? WHERE session_id=?';
$args = Array($data,$time,$id);
} else {
$types = Array('text','text','integer');
$q = 'INSERT INTO ' . $this-sesstable . '
(session_id,session_data,expires) VALUES (?,?,?)';
$args = Array($id,$data,$time);
}
$sql = $this-mdb2-prepare($q,$types,MDB2_PREPARE_MANIP);
//if(PEAR::isError($sql)) {
// die('Failed to make prepared 111: ' . $sql-getMessage() .
', ' . $sql-getDebugInfo());
// }
$rs = $sql-execute($args);
//if(PEAR::isError($rs)) {
// die('Failed to issue query 115: ' . $rs-getMessage() . ', '
. $rs-getDebugInfo());
// }
$this-wrap_store($id,$data);
return TRUE;
}
function destroy($id) {
// Build query
$this-wrap_delete($id);
$types = Array('text');
$args = Array($id);
[PHP] cookies and carts
I have a shopping cart type system set up which keeps track of the cart contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is equal to the quantity, so the name/value pair is all the information I need. But sessions are unreliable on the free server I am currently using for this website (not my choice), so I had start using cookies because users were being sporadically logged out, sometimes just on a page refresh. I want to find a way to set a cookie to remember the cart items as well, and I thought setting a cookie for each item/quantity pair was the way to go until I started trying to figure out how to unset all those cookies if the user empties their cart. Is there any way to set cookies with an array for the name? Intead of $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the SESSION?
Re: [PHP] cookies and carts
On Mon, 2009-12-07 at 14:39 -0800, Allen McCabe wrote: I have a shopping cart type system set up which keeps track of the cart contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is equal to the quantity, so the name/value pair is all the information I need. But sessions are unreliable on the free server I am currently using for this website (not my choice), so I had start using cookies because users were being sporadically logged out, sometimes just on a page refresh. I want to find a way to set a cookie to remember the cart items as well, and I thought setting a cookie for each item/quantity pair was the way to go until I started trying to figure out how to unset all those cookies if the user empties their cart. Is there any way to set cookies with an array for the name? Intead of $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the SESSION? What about storing a unique ID in the cookie, and matching it up with information for that user in a database. It's sort of simulating a sessions, but without the session handler getting involved, which looks slightly messed up from what you've said. Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] cookies and carts
On Dec 7, 2009, at 4:39 PM, Allen McCabe wrote: I have a shopping cart type system set up which keeps track of the cart contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is equal to the quantity, so the name/value pair is all the information I need. But sessions are unreliable on the free server I am currently using for this website (not my choice), so I had start using cookies because users were being sporadically logged out, sometimes just on a page refresh. I want to find a way to set a cookie to remember the cart items as well, and I thought setting a cookie for each item/quantity pair was the way to go until I started trying to figure out how to unset all those cookies if the user empties their cart. Is there any way to set cookies with an array for the name? Intead of $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the SESSION? Don't do it this way. At some point (don't know if it's still true), IE had a limit of 20 cookies per domain - this includes cookie arrays. The proper way to do this would be to hold some sort of key in a cookie: user_cart = 'some unique value for this user' Then, in your PHP code, grab the value of $_COOKIE['user_cart'] to reference data in a database. Then, you pull the information from the database with this unique key and use it to display the appropriate items. This is the most secure way to do it (with the proper security measures ;) and it doesn't put 100's of needless cookies on the user's machine. Hope this helps. ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cookies and carts
On Dec 7, 2009, at 4:40 PM, Ashley Sheridan wrote: On Mon, 2009-12-07 at 14:39 -0800, Allen McCabe wrote: I have a shopping cart type system set up which keeps track of the cart contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is equal to the quantity, so the name/value pair is all the information I need. But sessions are unreliable on the free server I am currently using for this website (not my choice), so I had start using cookies because users were being sporadically logged out, sometimes just on a page refresh. I want to find a way to set a cookie to remember the cart items as well, and I thought setting a cookie for each item/quantity pair was the way to go until I started trying to figure out how to unset all those cookies if the user empties their cart. Is there any way to set cookies with an array for the name? Intead of $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the SESSION? What about storing a unique ID in the cookie, and matching it up with information for that user in a database. It's sort of simulating a sessions, but without the session handler getting involved, which looks slightly messed up from what you've said. Thanks, Ash http://www.ashleysheridan.co.uk Blast your speedier typing!! =P ~Philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] cookies and carts
On Mon, 2009-12-07 at 16:48 -0600, Philip Thompson wrote: On Dec 7, 2009, at 4:40 PM, Ashley Sheridan wrote: On Mon, 2009-12-07 at 14:39 -0800, Allen McCabe wrote: I have a shopping cart type system set up which keeps track of the cart contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is equal to the quantity, so the name/value pair is all the information I need. But sessions are unreliable on the free server I am currently using for this website (not my choice), so I had start using cookies because users were being sporadically logged out, sometimes just on a page refresh. I want to find a way to set a cookie to remember the cart items as well, and I thought setting a cookie for each item/quantity pair was the way to go until I started trying to figure out how to unset all those cookies if the user empties their cart. Is there any way to set cookies with an array for the name? Intead of $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the SESSION? What about storing a unique ID in the cookie, and matching it up with information for that user in a database. It's sort of simulating a sessions, but without the session handler getting involved, which looks slightly messed up from what you've said. Thanks, Ash http://www.ashleysheridan.co.uk Blast your speedier typing!! =P ~Philip By the power of Kenco! Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] cookies and carts
On Dec 7, 2009, at 4:46 PM, Ashley Sheridan wrote: On Mon, 2009-12-07 at 16:48 -0600, Philip Thompson wrote: On Dec 7, 2009, at 4:40 PM, Ashley Sheridan wrote: On Mon, 2009-12-07 at 14:39 -0800, Allen McCabe wrote: I have a shopping cart type system set up which keeps track of the cart contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is equal to the quantity, so the name/value pair is all the information I need. But sessions are unreliable on the free server I am currently using for this website (not my choice), so I had start using cookies because users were being sporadically logged out, sometimes just on a page refresh. I want to find a way to set a cookie to remember the cart items as well, and I thought setting a cookie for each item/quantity pair was the way to go until I started trying to figure out how to unset all those cookies if the user empties their cart. Is there any way to set cookies with an array for the name? Intead of $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the SESSION? What about storing a unique ID in the cookie, and matching it up with information for that user in a database. It's sort of simulating a sessions, but without the session handler getting involved, which looks slightly messed up from what you've said. Thanks, Ash http://www.ashleysheridan.co.uk Blast your speedier typing!! =P ~Philip By the power of Kenco! Thanks, Ash http://www.ashleysheridan.co.uk I hope you don't kiss your mother with that mouth!!
Re: [PHP] cookies and carts
On Mon, 2009-12-07 at 16:53 -0600, Philip Thompson wrote: On Dec 7, 2009, at 4:46 PM, Ashley Sheridan wrote: On Mon, 2009-12-07 at 16:48 -0600, Philip Thompson wrote: On Dec 7, 2009, at 4:40 PM, Ashley Sheridan wrote: On Mon, 2009-12-07 at 14:39 -0800, Allen McCabe wrote: I have a shopping cart type system set up which keeps track of the cart contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is equal to the quantity, so the name/value pair is all the information I need. But sessions are unreliable on the free server I am currently using for this website (not my choice), so I had start using cookies because users were being sporadically logged out, sometimes just on a page refresh. I want to find a way to set a cookie to remember the cart items as well, and I thought setting a cookie for each item/quantity pair was the way to go until I started trying to figure out how to unset all those cookies if the user empties their cart. Is there any way to set cookies with an array for the name? Intead of $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the SESSION? What about storing a unique ID in the cookie, and matching it up with information for that user in a database. It's sort of simulating a sessions, but without the session handler getting involved, which looks slightly messed up from what you've said. Thanks, Ash http://www.ashleysheridan.co.uk Blast your speedier typing!! =P ~Philip By the power of Kenco! Thanks, Ash http://www.ashleysheridan.co.uk I hope you don't kiss your mother with that mouth!! Not a coffee man? :p Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] cookies and carts
On Mon, Dec 07, 2009 at 02:39:28PM -0800, Allen McCabe wrote: I have a shopping cart type system set up which keeps track of the cart contents using a SESSION variable, where $_SESSION['cart'][$item_id'] is equal to the quantity, so the name/value pair is all the information I need. But sessions are unreliable on the free server I am currently using for this website (not my choice), so I had start using cookies because users were being sporadically logged out, sometimes just on a page refresh. I want to find a way to set a cookie to remember the cart items as well, and I thought setting a cookie for each item/quantity pair was the way to go until I started trying to figure out how to unset all those cookies if the user empties their cart. Is there any way to set cookies with an array for the name? Intead of $_COOKIE['item_number'] have $_COOKIE['cart']['item_number'] like I have the SESSION? First, don't use multiple cookies; already covered elsewhere. Second, you can serialize/unserialize array data and store it compactly in a cookie. See the serialize() and unserialize() functions on php.net. Paul -- Paul M. Foster -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
