fin_anorak Posted December 16, 2017 Share Posted December 16, 2017 Hi all I have one shop with tow database on the same server. In the admin area you can choose, to which database you want to log in. For example: DB1 is for American conditions DB2 is for European conditions When I’m logged in, in the admin area to e.g. DB1 everything works as expected. Now, a second one logged in to the same database (DB1), I’m automatically swished to db2, without any message ore error message. I'm not logged off. I’m just suddenly notice that I’m on DB2. Absolutely wired. Do I need different database credintals for each database? Or a different STORE_SESSION? Here are my both configure.php: DB1: <?php define('HTTP_SERVER', 'http://www.shop1.com'); define('HTTPS_SERVER', 'http://www.shop1.com'); define('ENABLE_SSL', false); define('HTTP_COOKIE_DOMAIN', ''); define('HTTPS_COOKIE_DOMAIN', ''); define('HTTP_COOKIE_PATH', '/catalog/admin'); define('HTTPS_COOKIE_PATH', '/catalog/admin/'); define('HTTP_CATALOG_SERVER', 'http://www.shop1.com'); define('HTTPS_CATALOG_SERVER', 'http://www.shop1.com'); define('ENABLE_SSL_CATALOG', 'false'); define('DIR_FS_DOCUMENT_ROOT', '/var/customers/webs/web33/shop1/catalog/'); define('DIR_WS_ADMIN', '/catalog/admin/'); define('DIR_WS_HTTPS_ADMIN', '/catalog/admin/'); define('DIR_FS_ADMIN', '/var/customers/webs/web33/shop1/catalog/admin/'); define('DIR_WS_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_FS_CATALOG', '/var/customers/webs/web33/shop1/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); define('DB_SERVER', 'localhost'); define('DB_SERVER_USERNAME', 'web33sql1'); define('DB_SERVER_PASSWORD', '123456'); define('DB_DATABASE', 'web33sql1'); //<-db1 define('USE_PCONNECT', 'false'); define('STORE_SESSIONS', 'mysql'); define('CFG_TIME_ZONE', 'America/New_York'); ?> Db2: <?php define('HTTP_SERVER', 'http://www.shop1.com'); define('HTTPS_SERVER', 'http://www.shop1.com'); define('ENABLE_SSL', false); define('HTTP_COOKIE_DOMAIN', ''); define('HTTPS_COOKIE_DOMAIN', ''); define('HTTP_COOKIE_PATH', '/catalog/admin'); define('HTTPS_COOKIE_PATH', '/catalog/admin/'); define('HTTP_CATALOG_SERVER', 'http://www.shop1.com'); define('HTTPS_CATALOG_SERVER', 'http://www.shop1.com'); define('ENABLE_SSL_CATALOG', 'false'); define('DIR_FS_DOCUMENT_ROOT', '/var/customers/webs/web33/shop1/catalog/'); define('DIR_WS_ADMIN', '/catalog/admin/'); define('DIR_WS_HTTPS_ADMIN', '/catalog/admin/'); define('DIR_FS_ADMIN', '/var/customers/webs/web33/shop1/catalog/admin/'); define('DIR_WS_CATALOG', '/catalog/'); define('DIR_WS_HTTPS_CATALOG', '/catalog/'); define('DIR_FS_CATALOG', '/var/customers/webs/web33/shop1/catalog/'); define('DIR_WS_IMAGES', 'images/'); define('DIR_WS_ICONS', DIR_WS_IMAGES . 'icons/'); define('DIR_WS_CATALOG_IMAGES', DIR_WS_CATALOG . 'images/'); define('DIR_WS_INCLUDES', 'includes/'); define('DIR_WS_BOXES', DIR_WS_INCLUDES . 'boxes/'); define('DIR_WS_FUNCTIONS', DIR_WS_INCLUDES . 'functions/'); define('DIR_WS_CLASSES', DIR_WS_INCLUDES . 'classes/'); define('DIR_WS_MODULES', DIR_WS_INCLUDES . 'modules/'); define('DIR_WS_LANGUAGES', DIR_WS_INCLUDES . 'languages/'); define('DIR_WS_CATALOG_LANGUAGES', DIR_WS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_LANGUAGES', DIR_FS_CATALOG . 'includes/languages/'); define('DIR_FS_CATALOG_IMAGES', DIR_FS_CATALOG . 'images/'); define('DIR_FS_CATALOG_MODULES', DIR_FS_CATALOG . 'includes/modules/'); define('DIR_FS_BACKUP', DIR_FS_ADMIN . 'backups/'); define('DIR_FS_DOWNLOAD', DIR_FS_CATALOG . 'download/'); define('DIR_FS_DOWNLOAD_PUBLIC', DIR_FS_CATALOG . 'pub/'); define('DB_SERVER', 'localhost'); define('DB_SERVER_USERNAME', 'web33sql1'); define('DB_SERVER_PASSWORD', '123456'); define('DB_DATABASE', 'web33sql2'); //<-db2 define('USE_PCONNECT', 'false'); define('STORE_SESSIONS', 'mysql'); define('CFG_TIME_ZONE', 'America/New_York'); ?> Thanks in advanced for any help Link to comment Share on other sites More sharing options...
♥raiwa Posted December 17, 2017 Share Posted December 17, 2017 In which way do you choose the different config files. About Me: http://www.oscommerce.com/forums/user/249059-raiwa/ Need help? How To Get The Help You Need Is your version of osC up to date? You'll find the latest osC community version CE Phoenix here. Public Phoenix Change Log Cheat Set on Google Sheets Link to comment Share on other sites More sharing options...
fin_anorak Posted December 17, 2017 Author Share Posted December 17, 2017 I have an option field. Write the result into a tmp file, and redirect then to the selected database in application_top.php according of the result in the option field. Here are my index.php and application_top.php: <?php /* $Id$ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright (c) 2010 osCommerce Released under the GNU General Public License */ //Check if OK button is clicked if (isset($_POST['submit']) || (isset($_COOKIE['osCAdminID']))){ if(!empty($_POST['DB'])) { $content = json_encode($_POST['DB']); file_put_contents('tmp/db.tmp', $content); //write the result of the option field for later use in application_top.php } require('includes/application_top.php'); $languages = tep_get_languages(); $languages_array = array(); $languages_selected = DEFAULT_LANGUAGE; for ($i = 0, $n = sizeof($languages); $i < $n; $i++) { $languages_array[] = array('id' => $languages[$i]['code'], 'text' => $languages[$i]['name']); if ($languages[$i]['directory'] == $language) { $languages_selected = $languages[$i]['code']; } } require(DIR_WS_INCLUDES . 'template_top.php'); ?> <table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="2" height="40"> <tr> <td class="pageHeading"><?php echo STORE_NAME; ?></td> <?php if (sizeof($languages_array) > 1) { ?> <td class="pageHeading" align="right"><?php echo tep_draw_form('adminlanguage', FILENAME_DEFAULT, '', 'get') . tep_draw_pull_down_menu('language', $languages_array, $languages_selected, 'onchange="this.form.submit();"') . tep_hide_session_id() . '</form>'; ?></td> <?php } ?> </tr> </table></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <?php if ( defined('MODULE_ADMIN_DASHBOARD_INSTALLED') && tep_not_null(MODULE_ADMIN_DASHBOARD_INSTALLED) ) { $adm_array = explode(';', MODULE_ADMIN_DASHBOARD_INSTALLED); $col = 0; for ( $i=0, $n=sizeof($adm_array); $i<$n; $i++ ) { $adm = $adm_array[$i]; $class = substr($adm, 0, strrpos($adm, '.')); if ( !class_exists($class) ) { include(DIR_WS_LANGUAGES . $language . '/modules/dashboard/' . $adm); include(DIR_WS_MODULES . 'dashboard/' . $class . '.php'); } $ad = new $class(); if ( $ad->isEnabled() ) { if ($col < 1) { echo ' <tr>' . "\n"; } $col++; if ($col <= 2) { echo ' <td width="50%" valign="top">' . "\n"; } echo $ad->getOutput(); if ($col <= 2) { echo ' </td>' . "\n"; } if ( !isset($adm_array[$i+1]) || ($col == 2) ) { if ( !isset($adm_array[$i+1]) && ($col == 1) ) { echo ' <td width="50%" valign="top"> </td>' . "\n"; } $col = 0; echo ' </tr>' . "\n"; } } } } ?> </table></td> </tr> </table> <?php require(DIR_WS_INCLUDES . 'template_bottom.php'); require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> <?php exit; } // End of database check ****if (isset($_POST['submitDB']))*** ?> <style> #chooseDB{ width: 150px; } #DB{ width: 150px; margin: 0 auto; padding-top: 200px; } </style> <form action='' method="POST" id="DB"> Select a database:<br> <select name="DB" id="chooseDB"> <option value="us">US</option> <option value="global">Global</option> </select> <br><br> <input id="submit" type="submit" name="submit" value="Ok"> </form> </body></html> And here the application_top.php snippet: // Get database from the tmp file $countrycode = json_decode(file_get_contents('tmp/db.tmp'), TRUE); //Check if a databes has been selected. if(!$countrycode){ echo("No database selected!"); exit; } // load server configuration parameters if (file_exists('includes/local/database/' . $countrycode . '/configure.php')) { // for developers include('includes/local/database/' . $countrycode . '/configure.php'); } else { include('includes/database/' . $countrycode . '/configure.php'); } Link to comment Share on other sites More sharing options...
♥raiwa Posted December 17, 2017 Share Posted December 17, 2017 I'm not sure what the problem produces, but anyway you are using one and the same tmp file for all users it seems, or am I wrong. Maybe it would be better to store the selected database ($countrycode) in a session parameter. Sessions are unique for each user. About Me: http://www.oscommerce.com/forums/user/249059-raiwa/ Need help? How To Get The Help You Need Is your version of osC up to date? You'll find the latest osC community version CE Phoenix here. Public Phoenix Change Log Cheat Set on Google Sheets Link to comment Share on other sites More sharing options...
MrPhil Posted December 17, 2017 Share Posted December 17, 2017 Any time you change a file on the server, as a result of a user doing something, that will affect all users. The tmp file isn't private. As @raiwa suggested, you might need to put something in the session database instead. Link to comment Share on other sites More sharing options...
fin_anorak Posted December 18, 2017 Author Share Posted December 18, 2017 Tank’s Guys for your interesting response, I understand. Storing this information in a Session param, is what I initially want to do. But during the logon process this information are gonna lost. How can I approach this problem correctly? How can I store something in a session, so that the information are persistent? Thanks in advanced Link to comment Share on other sites More sharing options...
MrPhil Posted December 18, 2017 Share Posted December 18, 2017 If you need something about a user stored permanently, and be available across sessions (sign ons), I think you will have to add a field or two to the member information table, and add code to update and query that on a per-user basis. In your case, it would be a member geography field. Take a look to see if there are any add-ons for custom data fields (or customer geography fields) for members/customers. That might take care of most of the work for you. If all you need is the country, to determine which database, you might already have the country available in the member/customer address data. Of course, this is a core change and will vary by osC version, so you'll be on your own for maintaining it. Link to comment Share on other sites More sharing options...
fin_anorak Posted December 19, 2017 Author Share Posted December 19, 2017 Hi Phil thank you for the post, but this doesn't help me. I need this information from the option field to access exactly these databases you mentioned. The administrator can choose, which databases he want to administrate. I need a possibility to save this informations temporarily, so that they are available during the logon process in the admin area. Cookies are not possible, because these values are just available after a reload of the page. Session is not possible because they destroy and recreate them during the logon process. So What's left? Link to comment Share on other sites More sharing options...
MrPhil Posted December 19, 2017 Share Posted December 19, 2017 Let's back up here and take a fresh look. As I understand it, you can have two or more administrator sessions active at one time? This database selection you want to do is only for administrators, and not customers? This is not information that needs to be preserved from login to login, but is active only for this one session (login), across multiple pages? Could you do something like this: say, your admin ID is myAdmin. Sign on with myAdmin_E or myAdmin_A, with special code added to the login routine to look for just those two cases. Strip off the suffix and sign on normally, with the appropriate configure files selected. Regular users (customers) would use the normal configure.php files, while myAdmin would use configure_E.php and configure_A.php. I haven't looked at the code, but I'm assuming that the database isn't opened until after the ID and password have been received. If the database has already been opened at this point (it may well be), you'll have to do something different. Could you look for a Query String such as &dbselect=A and use it ($_REQUEST['dbselect'], if set) to pick your database to open (configure_A.php and configure_E.php again)? You would probably have to add some custom code to pass this Query String on to the next call, via tep_href_link(). Not elegant, but it could work. There may already be a provision for passing on arbitrary Query String entries. Before going through all this trouble, stop and consider whether having multiple databases is the best approach to whatever problem you're trying to solve. Is there a better way, such as using one database with some new tables? Is there so much difference between 'A' and 'E' that it's worth two databases, or is it just a few tables that are different? Someone must have already solved a problem something like this -- be sure to check the add-ons to see if there's anything similar. Link to comment Share on other sites More sharing options...
fin_anorak Posted December 31, 2017 Author Share Posted December 31, 2017 It seems to be working now. Doing it via a database table did not the trick. It feels a little bit like “What was first: The chicken or the egg”. After each page redirection all Session variables - even the database connection - are lost. I resolved this problem by passing the countrycode variable via the URL. Adding a lit bit code to the “HTML href link wrapper function” did the trick: if ( strpos($link, '?') !== false ) { $link .= '&DB='. $countrycode; }else{ $link .= '?DB='. $countrycode; } return $link; This way the countrycode value is application-wide available. Thanks again. Link to comment Share on other sites More sharing options...
MrPhil Posted December 31, 2017 Share Posted December 31, 2017 So long as random users adding "DB=cc" to the query string are ignored (admin users only?), that should be reasonably safe. You want to be careful not to put something in the URL that bad actors can use to cause trouble. Link to comment Share on other sites More sharing options...
fin_anorak Posted January 2, 2018 Author Share Posted January 2, 2018 It just for admins, and htaccess is enabled. Should be secure enough. Shouldn't it? Link to comment Share on other sites More sharing options...
MrPhil Posted January 2, 2018 Share Posted January 2, 2018 It sounds like it should be secure enough, but without examining the code I'm not going to make a definitive statement. My warning was a general one about putting shortcuts and convenience features in that could be abused by users, especially in a URL Query String (GET data). The canonical example of that is passing an item price back from a form via GET data, and someone can change the price of that diamond ring from $15000 to $1.50 simply by modifying the URL in the browser address line. You have to anticipate every place that someone might try to insert or modify data (where they shouldn't be doing this). Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.