I'm using opencart version 3.0.3.6. I wonder, how does the session_id created?
Correct me if I'm wrong.
When I trace the code. when user access the storefront opencart. it will trigger file catalog/controller/startup/session.php on function index(). here will run code:
$this->session->start($session_id);
this code will run function on file system/library/session.php on function start(); this will trigger code:
$this->session_id = $session_id;
as I know, that code will trigger insert session_id param throught tabel "oc_session".. but I confuse how to find the query from that code.
You can get session id using this query:
$this->session->getId();
Related
I have a Moodle site and i would like to create a mysql trigger using the id of the logged user.
Is it possible to use php to set a custom mysql session variable ( User-Defined Variable).
My goal is to get the id of the logged user and put il in a mysql global variable in order to use that information in a mysql trigger.
Something like: SET #utilisateur = $USER->id;
I was thinking of adding a line of that kind at the end of the file index.php to catch the id of the logged user but i don't know the exact syntax
$query .= "SET #utilisateur = $USER->id;"; doesn't work
Thanks in advance for your help
I build a system in php, i have page name x.php
and in this page i create variable name $accountid and get the acocunt id from the sesstion.
now i have others varibles in php at the same page that calls to functions that in other page called functions.php, and deliver the accountid, the function return info about the account (for example the name of the user..)
is this security breach?
i mean the user can call in ajax to the function with other accountid and then he can get info about other account?
here is the code example:
<?php
include "Includs/Config.php";
if(!isset($_SESSION[get("session_name")])) {
header("Location: index.php");
}
$accountid = getAccountid($_SESSION[get("session_name")]);
$e = getECategorys($accountid);
?>
function getE($accountId){
$query = mysql_query("SELECT * FROM `x` WHERE `accountid` = $accountId");
while($result = mysql_fetch_assoc($query)){
// get the info about the account..
}
}
Yes you are right. User can get information by passing another accountId to that function.
Solution: All you can do is check session variable and passed accountId. You can put condition, If session variable (accountId) is matched with passed accountId to that function then only retrieve data otherwise gives an error.
Second solution is to achieve this thing with class base, setting private member variable of accountId.
Hope this helps.
I'm not sure, it seems you are getting accountId from the $_SESSION so this seems to be safe.
Also, users can't call php functions directly using ajax.
Actually, you shouldn't consider AJAX as something else than a simple HTTP request.
So I have the following scenario:
A user recharges his account via Adyen API and when the payment is processed I have a ProcessOrder method that receives the callback and does the following:
public function ProcessOrder($order)
{
//some order processing
$order_total = Yii::app()->db->createCommand()
->select('sum(`amount`) as total')
->from('`order_table`')
->where('`uid` = ' . $order->user->id)
->queryRow();
//send email with data
}
And I know the $order_total is failing but I don't know why...
I want to check logs but I don't know where they are (I'm new to this project) and I am trying to send me a email with the result. I cannot var_dump() the result and then die() because the class method is called via Adyen callback...
So basically my question is:
Where are the logs in a yii app OR
Why is the query failing? :-?
More Info
This class is the Order Module file under protected.
The var $order->user->id has the correct value, I checked this with email :D
I also tried foreach($order_total as $row) { //send result } and nothing... It's like the system does not have access to perform query s in that part
Please ask in comments if more information is needed
:)) This is stupid...
So I figured out why this does NOT work and the problem is this:
order_table and uid MUST NOT HAVE apostrophes ``! Without them, the query executes and everything works fine.
And yii app logs are in runtime folder :)
(And for those of you new to Yii and what to know how to call something from a query like this, the value is is $order_total['total'])*
I have an update.php file, calling a function which is on "functions.php" in order to update info.
I would like to know if there is a way to make a unique function for Updating, which would work independently on the number of arguments needed for it.
I know one way of doing this, which is, on the php file, saving the entire query on a variale first and then sending it to functions.php with the variable as parameter, as seen on here:
PHP file:
$queryUpdate="UPDATE carta SET titulo='$titulo', ingredientes='$ingredientes', precio='$precio', tipo='$tipo', porcentaje='$porcentaje', imagen='$rutaFinal' WHERE id_carta='$id'";
$update = consultaQuery($queryUpdate);
FUNCTIONS file:
function consultaQuery($par_query){
$consulta = mysql_query($par_query);
return $consulta;}
But I was wondering if there is another way of dinamizing my function to send any $variables=values separately in order to be added to a mysql_query(UPDATE) query.
I could do this by:
PHP file:
$update = consultaQuery($titulo,$ingredientes,$precio,$tipo,$porcentaje,$rutaFinal,$id);
FUNCTIONS file:
function consultaQuery($par_titulo,$par_ingredientes,$par_precio,$par_tipo,$par_porcentaje,$par_rutaFinal,$par_id){
$consulta = mysql_query(UPDATE carta SET titulo=$par_titulo, ingredientes=$par_ingredientes, precio=$par_precio, tipo=$par_tipo, porcentaje=$par_porcentaje, imagen=$par_rutaFinal WHERE id_carta='par_id);
return $consulta;}
But this would not work, for example, with a 3-argument update. Is there any way of making this? Do I keep doing this as the first way? Thank you for your attention.
I am editing a template to try and add some conditional logic to my page.
The page template shows topics related to a user.
I want to add a piece of code which will grab the user name from the page we are viewing and then use that in a string for my conditional statements.
The code I have put together is as follows, but it breaks my page so I am doing something wrong.
<?php global
// I query the ID and try and set that to the $userID - I think I am doing this wrong, but when I echo the ID it gets the correct info.
$userID = get_queried_object()->ID;
// This is the string I create using the userID which should be from the query above
$memberstatus = get_user_meta($userID,'member_status',true);
?>
later on I use IF statements to use thsi result (which i know work) so i won't post them. My problem is trying to get the above to work.
Any help?
damm, looks like when I remove 'global' from the php it works! I thought global had to be in this...ah well