//how long the stuff in a shopping cart is stored
$CartTimeout=3600;
+//Authenticated web session timeout - how long an authenticated web session lasts
+// this should usually be a few hours (3600s per hour)
+$WebSessionTimeout=1800;
?>
\ No newline at end of file
{
global $db;
global $CartTimeout;
+
+ //prune cart table
+ $db->deleteRows("cart", "timeout < ".time());
+
if($id===false){
$db->beginTransaction();
while(1){
}
}
//create entry
- $db->insert("cart",array("cartid"=>$id,"timeout"=>(time()+$CartTimeout)));
+
+ $timeout = time()+$CartTimeout ;
+ print $timeout;
+ $db->insert("cart",array("cartid"=>$id,"timeout"=>$timeout,"shippingaddress"=>"test"));
$db->commitTransaction();
}else{
//check that cart exists
$ret=array();
//go through events
global $db;
- $res=$db->select("cart_ticket","*","where cartid=".$db->escapeString($this->cartid));
+ $res=$db->select("cart_ticket","*","cartid=".$db->escapeString($this->cartid));
if(count($res)>0)
foreach($res as $k=>$tc){
$evt=new Event($tc["eventid"]);
}
//vouchers are ok by default, just check amount
$itmcnt=count($res);
- $res=$db->select("cart_voucher","cvid","where cartid=".$db->escapeString($this->cartid));
+ $res=$db->select("cart_voucher", "cvid", "cartid=".$db->escapeString($this->cartid));
$itmcnt+=count($res);
//check that we have something to order
if($itmcnt<=0)
public function renewCart()
{
global $db;
- $db->update("cart",array("timeout"=>(time()+$CartTimeout)),"cartid=".$db->escapeInt($this->cartid));
+ if ($this->isValid()) {
+ $db->update("cart", array("timeout"=>(time()+$CartTimeout)), "cartid=".$db->escapeInt($this->cartid));
+ }
+ }
+
+ /**adds the shipping address to the cart*/
+ public function addShippingAddress($address)
+ {
+ global $db;
+ if ($this->isValid()) {
+ $db->update("cart", array("shippingaddress"=>$db->escapeString($address)), "cartid=".$db->escapeString($this->cartid));
+ }
+ }
+
+ /**returns the shipping address for the cart*/
+ public function getShippingAddress()
+ {
+ global $db;
+ if ($this->isValid()) {
+ $res = $db->select("cart", "shippingaddress", "cartid=".$db->escapeString($this->cartid));
+ if (count($res) > 0)
+ return $res[0]["shippingaddress"];
+ else
+ return false;
+ }
}
};
/**construct an empty customer; if $id is given it tries to pre-load from the database*/
public function __construct($id=false)
{
+ global $db;
+
$this->id=false;
if($id!==false){
if ($this->getByID($id)) {
return false;
}
+ /** returns the ID of the customer */
+ public function getID()
+ {
+ if($this->id===false)
+ return "";
+ else
+ return $this->id;
+ }
+
/** returns the name of the customer */
public function getName()
{
class LanguageManager
{
- private static $COOKIE_NAME = "ms_lang";
private static $instance;
private $lang;
private $config;
$this->templateFolder .= "/";
// check if cookie is set
- if (isset($_COOKIE[self::$COOKIE_NAME])) {
- $this->lang = $_COOKIE[self::$COOKIE_NAME];
+ if (isset($_COOKIE[COOKIE_LANGUAGE])) {
+ $this->lang = $_COOKIE[COOKIE_LANGUAGE];
} else {
$this->lang = substr($_SERVER["HTTP_ACCEPT_LANGUAGE"],0,2);
}
public function setLanguage($language)
{
$this->lang = $language;
- setcookie(self::$COOKIE_NAME, $language, 0);
+ setcookie(COOKIE_LANGUAGE, $language, 0);
$this->setLanguageConfig();
}
--- /dev/null
+<?
+/** creates a web session to authorize a customer */
+class Websession {
+
+ private $loggedin;
+ private $customerid;
+ private $sessionid;
+
+ public function __construct()
+ {
+ global $_COOKIE;
+ global $db;
+
+ //prune session table
+ $db->deleteRows("websession", "timeout < ".time());
+
+ //default:
+ $this->loggedin=false;
+ $this->customerid=null;
+
+ //check cookie
+ if(isset($_COOKIE[COOKIE_WEBSESSION])){
+ $res = $db->select("websession", "*", "sessionid=".$db->escapeString($_COOKIE[COOKIE_WEBSESSION]));
+ if (count($res) > 0){
+ $uid = $res[0]["customerid"];
+ $this->sessionid = $res[0]["sessionid"];
+
+ $customer = new Customer($uid);
+ if ($customer->exists()) {
+ $this->customerid = $customer->getID();
+ $this->loggedin = true;
+ } else
+ $this->destroySession();
+ }
+ }
+ }
+
+ /** checks if the customer is authorized */
+ public function isAuthorized()
+ {
+ return $this->loggedin;
+ }
+
+ /** returns the current customer */
+ public function getCustomer()
+ {
+ if ($this->loggedin)
+ return new Customer($this->customerid);
+ else
+ return false;
+ }
+
+ /** creates a new session for the customer */
+ public function createSession($customerId)
+ {
+ global $db;
+
+ $this->destroySession();
+
+ $customer = new Customer($customerId);
+
+ // only if customer exists, create session
+ if ($customer->exists()) {
+
+ //create session and set cookie
+ do{
+ $sessionid = getRandom(128);
+ $res = $db->select("websession", "*", "sessionid=".$db->escapeString($sessionid));
+ $again = count($res) > 0;
+ } while ($again);
+
+ $timeout=time()+$WebSessionTimeout;
+ $db->insert("websession", array("sessionid"=>$sessionid, "customerid"=>$customer->getID(), "timeout"=>$timeout));
+
+ setcookie(COOKIE_WEBSESSION, $sessionid, $timeout);
+
+ $this->loggedin = true;
+ $this->customerid = $customer->getID();
+ }
+ }
+
+ /** destroys the current session */
+ private function destroySession()
+ {
+ global $db;
+
+ if($this->loggedin){
+ $db->deleteRows("websession", "sessionid=".$db->escapeString($this->sessionid));
+ }
+ setcookie(COOKIE_WEBSESSION, "", 1);
+ }
+
+ /** logs the customer out */
+ public function logout()
+ {
+ $this->destroySession();
+ header("Location: index.php");
+ exit();
+ }
+};
+?>
\ No newline at end of file
$val.="NULL";
}
$ret.=$val.")";
+ print $ret;
return $ret;
}
//the cookie for this cart
"cartid" => array("string:32","primarykey"),
//when the cart expires
- "timeout" => array("int32","notnull")
+ "timeout" => array("int32","notnull"),
+ //shipping address during order process
+ "shippingaddress" => array("string")
);
//buying tickets
$this->scheme["cart_ticket"]=array(
"value" => array("int32","notnull")
);
+ //web sessions
+ $this->scheme["websession"]=array(
+ "sessionid" => array("string:64","primarykey"),
+ //customer
+ "customerid" => array("int32","notnull","foreignkey:customer:customerid"),
+ //unix timestamp at which to delete this session
+ // this needs to change to 64-bit int in 2038
+ "timeout"=>array("int32","notnull")
+ );
}
/**return the tables to be created in order*/
// +----------------------------------------------------------------------
//
-define("COOKIE_NAME", "ms_cartid");
+define("COOKIE_CART", "ms_cartid");
+define("COOKIE_WEBSESSION", "ms_websession");
+define("COOKIE_LANGUAGE", "ms_lang");
$lang = LanguageManager::singleton();
$error = ErrorManager::singleton();
include('./inc/classes/parser.php');
include('./inc/classes/config_manager.php');
include('./inc/classes/customer.php');
+include('./inc/classes/websession.php');
//load hash lib
include("./inc/machine/cauth_".$HashLib.".php");
$error = ErrorManager::singleton();
$lang = LanguageManager::singleton();
- $cart = new Cart($_COOKIE[COOKIE_NAME]);
+ $cart = new Cart($_COOKIE[COOKIE_CART]);
$p = new Parser("cart.html");
$error->add(i18n("No more tickets for this event available!"));
return;
} else {
- $cart = new Cart(addslashes($_COOKIE[COOKIE_NAME]));
+ $cart = new Cart($_COOKIE[COOKIE_CART]);
if (!$cart->isValid()) {
$cart = new Cart();
- setcookie(COOKIE_NAME, $cart->getCartId(), 0);
+ setcookie(COOKIE_CART, $cart->getCartId(), 0);
}
// check if event is already booked
function deleteEventFromCart()
{
if ($_GET["action"]=="deleteEvent") {
- $cart = new Cart(addslashes($_COOKIE[COOKIE_NAME]));
+ $cart = new Cart($_COOKIE[COOKIE_CART]);
// check if cart valid
if ($cart->isValid()) {
// get cart ticket
if (isset($_POST["ms_save"])) {
- $cart = new Cart(addslashes($_COOKIE[COOKIE_NAME]));
+ $cart = new Cart($_COOKIE[COOKIE_CART]);
// check if cart valid
if ($cart->isValid()) {
$customer = new Customer();
$customer->getByMail($_POST["ms_email"]);
if ($customer->authenticate($_POST["ms_password"])) {
+ // create web session
+ $session = new Websession();
+ $session->createSession($customer->getID());
// go to order overview
Header("Location: index.php?mode=userdata");
exit();
$customer->setContact($_POST["ms_custContact"]);
}
+ $session = new Websession();
+ $session->createSession($customer->getID());
+
// redirect to overview page
}
}
projects / web/konrad/smoke.git / commitdiff