Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

In admin area, you are automatically switch to the scound databse, when an other one logged in.


fin_anorak

Recommended Posts

Hi all

I have one shop with tow database on the same server. In the admin area you can choose, to which database you want to log in. For example:

DB1 is for American conditions
DB2 is for European conditions

When I’m logged in, in the admin area to e.g. DB1 everything works as expected.

Now, a second one logged in to the same database (DB1), I’m automatically swished to db2, without any message ore error message. I'm not logged off. I’m just suddenly notice that I’m on DB2. Absolutely wired.
 

Do I need different database credintals for each database?


Or a different STORE_SESSION?

Here are my both configure.php:

DB1:

<?php

  define('HTTP_SERVER', 'http://www.shop1.com');

  define('HTTPS_SERVER', 'http://www.shop1.com');

  define('ENABLE_SSL', false);

  define('HTTP_COOKIE_DOMAIN', '');

  define('HTTPS_COOKIE_DOMAIN', '');

  define('HTTP_COOKIE_PATH', '/catalog/admin');

  define('HTTPS_COOKIE_PATH', '/catalog/admin/');

  define('HTTP_CATALOG_SERVER', 'http://www.shop1.com');

  define('HTTPS_CATALOG_SERVER', 'http://www.shop1.com');

  define('ENABLE_SSL_CATALOG', 'false');

  define('DIR_FS_DOCUMENT_ROOT', '/var/customers/webs/web33/shop1/catalog/');

  define('DIR_WS_ADMIN', '/catalog/admin/');

  define('DIR_WS_HTTPS_ADMIN', '/catalog/admin/');

  define('DIR_FS_ADMIN', '/var/customers/webs/web33/shop1/catalog/admin/');

  define('DIR_WS_CATALOG', '/catalog/');

  define('DIR_WS_HTTPS_CATALOG', '/catalog/');

  define('DIR_FS_CATALOG', '/var/customers/webs/web33/shop1/catalog/');

  define('DIR_WS_IMAGES', 'images/');

  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

  define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

  define('DIR_WS_INCLUDES', 'includes/');

  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

  define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

  define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

  define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

  define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

  define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

  define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

  define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

 

  define('DB_SERVER', 'localhost');

  define('DB_SERVER_USERNAME', 'web33sql1');

  define('DB_SERVER_PASSWORD', '123456');

  define('DB_DATABASE', 'web33sql1'); //<-db1

  define('USE_PCONNECT', 'false');

  define('STORE_SESSIONS', 'mysql');

  define('CFG_TIME_ZONE', 'America/New_York');

?>

 

Db2:

<?php

  define('HTTP_SERVER', 'http://www.shop1.com');

  define('HTTPS_SERVER', 'http://www.shop1.com');

  define('ENABLE_SSL', false);

  define('HTTP_COOKIE_DOMAIN', '');

  define('HTTPS_COOKIE_DOMAIN', '');

  define('HTTP_COOKIE_PATH', '/catalog/admin');

  define('HTTPS_COOKIE_PATH', '/catalog/admin/');

  define('HTTP_CATALOG_SERVER', 'http://www.shop1.com');

  define('HTTPS_CATALOG_SERVER', 'http://www.shop1.com');

  define('ENABLE_SSL_CATALOG', 'false');

  define('DIR_FS_DOCUMENT_ROOT', '/var/customers/webs/web33/shop1/catalog/');

  define('DIR_WS_ADMIN', '/catalog/admin/');

  define('DIR_WS_HTTPS_ADMIN', '/catalog/admin/');

  define('DIR_FS_ADMIN', '/var/customers/webs/web33/shop1/catalog/admin/');

  define('DIR_WS_CATALOG', '/catalog/');

  define('DIR_WS_HTTPS_CATALOG', '/catalog/');

  define('DIR_FS_CATALOG', '/var/customers/webs/web33/shop1/catalog/');

  define('DIR_WS_IMAGES', 'images/');

  define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/');

  define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/');

  define('DIR_WS_INCLUDES', 'includes/');

  define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/');

  define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/');

  define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/');

  define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/');

  define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/');

  define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/');

  define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/');

  define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/');

  define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/');

  define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/');

  define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/');

  define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/');

  define('DB_SERVER', 'localhost');

  define('DB_SERVER_USERNAME', 'web33sql1');

  define('DB_SERVER_PASSWORD', '123456');

  define('DB_DATABASE', 'web33sql2'); //<-db2

  define('USE_PCONNECT', 'false');

  define('STORE_SESSIONS', 'mysql');

  define('CFG_TIME_ZONE', 'America/New_York');

?>

Thanks in advanced for any help

Link to comment
Share on other sites

Link to comment
Share on other sites

I have an option field. Write the result into a tmp file, and redirect then to the selected database in application_top.php according of the result in the option field.

Here are my index.php and application_top.php:

<?php
/*
  $Id$

  osCommerce, Open Source E-Commerce Solutions
  http://www.oscommerce.com

  Copyright (c) 2010 osCommerce

  Released under the GNU General Public License
*/

//Check if OK button is clicked
if (isset($_POST['submit']) || (isset($_COOKIE['osCAdminID']))){
  if(!empty($_POST['DB'])) {
        $content = json_encode($_POST['DB']);
        file_put_contents('tmp/db.tmp', $content); //write the result of the option field for later use in application_top.php
  }
 
  require('includes/application_top.php');

  $languages = tep_get_languages();
  $languages_array = array();
  $languages_selected = DEFAULT_LANGUAGE;
  for ($i = 0, $n = sizeof($languages); $i < $n; $i++) {
    $languages_array[] = array('id' => $languages[$i]['code'],
                               'text' => $languages[$i]['name']);
    if ($languages[$i]['directory'] == $language) {
      $languages_selected = $languages[$i]['code'];
    }
  }

  require(DIR_WS_INCLUDES . 'template_top.php');
?>

    <table border="0" width="100%" cellspacing="0" cellpadding="2">
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="2" height="40">
          <tr>
            <td class="pageHeading"><?php echo STORE_NAME; ?></td>

<?php
  if (sizeof($languages_array) > 1) {
?>

            <td class="pageHeading" align="right"><?php echo tep_draw_form('adminlanguage', FILENAME_DEFAULT, '', 'get') . tep_draw_pull_down_menu('language', $languages_array, $languages_selected, 'onchange="this.form.submit();"') . tep_hide_session_id() . '</form>'; ?></td>

<?php
  }
?>

          </tr>
        </table></td>
      </tr>
      <tr>
        <td><table border="0" width="100%" cellspacing="0" cellpadding="2">
<?php
  if ( defined('MODULE_ADMIN_DASHBOARD_INSTALLED') && tep_not_null(MODULE_ADMIN_DASHBOARD_INSTALLED) ) {
    $adm_array = explode(';', MODULE_ADMIN_DASHBOARD_INSTALLED);

    $col = 0;

    for ( $i=0, $n=sizeof($adm_array); $i<$n; $i++ ) {
      $adm = $adm_array[$i];

      $class = substr($adm, 0, strrpos($adm, '.'));

      if ( !class_exists($class) ) {
        include(DIR_WS_LANGUAGES . $language . '/modules/dashboard/' . $adm);
        include(DIR_WS_MODULES . 'dashboard/' . $class . '.php');
      }

      $ad = new $class();

      if ( $ad->isEnabled() ) {
        if ($col < 1) {
          echo '          <tr>' . "\n";
        }

        $col++;

        if ($col <= 2) {
          echo '            <td width="50%" valign="top">' . "\n";
        }

        echo $ad->getOutput();

        if ($col <= 2) {
          echo '            </td>' . "\n";
        }

        if ( !isset($adm_array[$i+1]) || ($col == 2) ) {
          if ( !isset($adm_array[$i+1]) && ($col == 1) ) {
            echo '            <td width="50%" valign="top">&nbsp;</td>' . "\n";
          }

          $col = 0;

          echo '  </tr>' . "\n";
        }
      }
    }
  }
?>
        </table></td>
      </tr>
    </table>

<?php
  require(DIR_WS_INCLUDES . 'template_bottom.php');
  require(DIR_WS_INCLUDES . 'application_bottom.php');
?>

<?php
exit;
 } // End of  database check ****if (isset($_POST['submitDB']))***
?>

<style>
#chooseDB{
    width: 150px;
}

#DB{
    width: 150px;
    margin: 0 auto;
    padding-top: 200px;
}
</style>

<form action='' method="POST" id="DB">
    Select a database:<br>
    <select name="DB" id="chooseDB">
        <option value="us">US</option>
        <option value="global">Global</option>
    </select>
    <br><br>
    <input id="submit" type="submit" name="submit" value="Ok">
</form>
</body></html>


And here the application_top.php snippet:

// Get database from the tmp file
  $countrycode = json_decode(file_get_contents('tmp/db.tmp'), TRUE);
  //Check if a databes has been selected.
  if(!$countrycode){
    echo("No database selected!");
    exit;
  }

// load server configuration parameters
  if (file_exists('includes/local/database/' . $countrycode . '/configure.php')) { // for developers
    include('includes/local/database/' . $countrycode . '/configure.php');
  } else {
    include('includes/database/' . $countrycode . '/configure.php');
  }

Link to comment
Share on other sites

I'm not sure what the problem produces, but anyway you are using one and the same tmp file for all users it seems, or am I wrong.

Maybe it would be better to store the selected database ($countrycode) in a session parameter. Sessions are unique for each user.

Link to comment
Share on other sites

Any time you change a file on the server, as a result of a user doing something, that will affect all users. The tmp file isn't private. As @raiwa suggested, you might need to put something in the session database instead.

Link to comment
Share on other sites

Tank’s Guys for your interesting response, I understand.

Storing this information in a Session param, is what I initially want to do. But during the logon process this information are gonna lost.

How can I approach this problem correctly?

How can I store something in a session, so that the information are persistent?

Thanks in advanced

Link to comment
Share on other sites

If you need something about a user stored permanently, and be available across sessions (sign ons), I think you will have to add a field or two to the member information table, and add code to update and query that on a per-user basis. In your case, it would be a member geography field. Take a look to see if there are any add-ons for custom data fields (or customer geography fields) for members/customers. That might take care of most of the work for you. If all you need is the country, to determine which database, you might already have the country available in the member/customer address data. Of course, this is a core change and will vary by osC version, so you'll be on your own for maintaining it.

Link to comment
Share on other sites

 

Hi Phil

thank you for the post, but this doesn't help me.

I need this information from the option field to access exactly these databases you mentioned. The administrator can choose, which databases he want to administrate.


I need a possibility to save this informations temporarily, so that they are available during the logon process in the admin area.

Cookies are not possible, because these values are just available after a reload of the page.


Session is not possible because they destroy and recreate them during the logon process.

So What's left?

Link to comment
Share on other sites

Let's back up here and take a fresh look. As I understand it, you can have two or more administrator sessions active at one time? This database selection you want to do is only for administrators, and not customers? This is not information that needs to be preserved from login to login, but is active only for this one session (login), across multiple pages?

Could you do something like this: say, your admin ID is myAdmin. Sign on with myAdmin_E or myAdmin_A, with special code added to the login routine to look for just those two cases. Strip off the suffix and sign on normally, with the appropriate configure files selected. Regular users (customers) would use the normal configure.php files, while myAdmin would use configure_E.php and configure_A.php. I haven't looked at the code, but I'm assuming that the database isn't opened until after the ID and password have been received. If the database has already been opened at this point (it may well be), you'll have to do something different. Could you look for a Query String such as &dbselect=A and use it ($_REQUEST['dbselect'], if set) to pick your database to open (configure_A.php and configure_E.php again)? You would probably have to add some custom code to pass this Query String on to the next call, via tep_href_link(). Not elegant, but it could work. There may already be a provision for passing on arbitrary Query String entries.

Before going through all this trouble, stop and consider whether having multiple databases is the best approach to whatever problem you're trying to solve. Is there a better way, such as using one database with some new tables? Is there so much difference between 'A' and 'E' that it's worth two databases, or is it just a few tables that are different? Someone must have already solved a problem something like this -- be sure to check the add-ons to see if there's anything similar.

Link to comment
Share on other sites

  • 2 weeks later...

It seems to be working now.

Doing it via a database table did not the trick. It feels a little bit like “What was first: The chicken or the egg”. After each page redirection all Session variables - even the database connection - are lost.

I resolved this problem by passing the countrycode variable via the URL.

Adding a lit bit code to the “HTML href link wrapper function” did the trick:

    if ( strpos($link, '?') !== false ) {

      $link .= '&DB='. $countrycode;

    }else{

      $link .= '?DB='. $countrycode;

    }

    return $link;

This way the countrycode value is application-wide available.

Thanks again.

Link to comment
Share on other sites

So long as random users adding "DB=cc" to the query string are ignored (admin users only?), that should be reasonably safe. You want to be careful not to put something in the URL that bad actors can use to cause trouble.

Link to comment
Share on other sites

It sounds like it should be secure enough, but without examining the code I'm not going to make a definitive statement. My warning was a general one about putting shortcuts and convenience features in that could be abused by users, especially in a URL Query String (GET data). The canonical example of that is passing an item price back from a form via GET data, and someone can change the price of that diamond ring from $15000 to $1.50 simply by modifying the URL in the browser address line. You have to anticipate every place that someone might try to insert or modify data (where they shouldn't be doing this).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...