mo Posted April 8, 2008 Share Posted April 8, 2008 Hello, I created a PHP/MySQL shopping cart and I want to add an option where a user can email the cart to someone and allow that person to add to the same cart by following a link to the store. This is like a group order. My main issue is the session/login. The cart will have a unique session ID and the main user (user who initiatted the order) will be logged in with this session ID and I do not want the additional people to have to log-in to add to the group order. If I require that a user must have an account and than login to my store to add to the cart than I have no issue. I want any visitor to be able to add to the cart but with the way I currently have my software setup, this is not possible as there is an access check on all the cart related pages. I guess I could alter the access control logic to check if the logged in user is a group user and therefor treat that session differently????? Quote Link to comment Share on other sites More sharing options...
Caesar Posted April 8, 2008 Share Posted April 8, 2008 I can see many problems arising from this. (I work for a company that writes ecommerce software....our software is among the top 5 sold in a certain price range.) Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted April 8, 2008 Share Posted April 8, 2008 My main issue is the session/login. The cart will have a unique session ID and the main user (user who initiatted the order) will be logged in with this session ID and I do not want the additional people to have to log-in to add to the group order. If I require that a user must have an account and than login to my store to add to the cart than I have no issue. You should use mysql to back it up. Basically when the users hits "send a person a cart" the user cart is added to a mysql table of permed carts instead of the temp carts you may use now. Linked via an mysql auto increment ID + a sessionID so when the user continues to shop it updates both the temp and perm cart. No real issue here just storing a lot of data Quote Link to comment Share on other sites More sharing options...
mo Posted April 8, 2008 Author Share Posted April 8, 2008 My main issue is the session/login. The cart will have a unique session ID and the main user (user who initiatted the order) will be logged in with this session ID and I do not want the additional people to have to log-in to add to the group order. If I require that a user must have an account and than login to my store to add to the cart than I have no issue. You should use mysql to back it up. Basically when the users hits "send a person a cart" the user cart is added to a mysql table of permed carts instead of the temp carts you may use now. Linked via an mysql auto increment ID + a sessionID so when the user continues to shop it updates both the temp and perm cart. No real issue here just storing a lot of data Thanks for your reply. I am using MySQL to back the cart. The cart is in the DB and not just a temp cart so I could have another user update the cart by referencing the unique cart ID but I would need the additional user(s) to be logged into the cart which means they need to have an account. My issue is not how to share the cart from a DB perspective but from a session perspective. I can alter my logic that checks if a user is logged in but this causes all sorts of problems. I think I will just make it a requirement that a person must have an account with my store to add to a group cart. Quote Link to comment Share on other sites More sharing options...
discomatt Posted April 8, 2008 Share Posted April 8, 2008 If you're doing it that way, it's much more logical to just create a 'shared session' for the cart with a long expiration date. The original cart creator picks x users or y usergroup with permission to modify the cart. The next time x users or a user in y group logs in the shared cart is now visible. It's exactly like a normal session, only no sensitive information is stored, and the id is shared. Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted April 8, 2008 Share Posted April 8, 2008 just pass the mysql id of the cart and basically its not "protected" but it will allow the transfer fairly simply Quote Link to comment Share on other sites More sharing options...
mo Posted April 8, 2008 Author Share Posted April 8, 2008 Thanks for the feedback guys. I made it required that you need to have a user ID to add to a group cart and this way I have have the main user (who initiated the order) email the cart id to friends and when the friend(s) log in they can enter a shared cart area and pull up the cart by entering the ID. I just now need to add logic to make sure only the originator of the cart can submit it for checkout, etc. and make sure I did not affect any of the old functionality of my cart. Quote Link to comment Share on other sites More sharing options...
discomatt Posted April 8, 2008 Share Posted April 8, 2008 I'm not sure if this is important or not, but... Say any random user enters cart number 10, even though they weren't emailed it initially... could this be a problem? Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted April 9, 2008 Share Posted April 9, 2008 I'm not sure if this is important or not, but... Say any random user enters cart number 10, even though they weren't emailed it initially... could this be a problem? You double key it similar to how an email authentication system uses two keys to make sure random traffic don't get to it. Yes using GET will leave a fingerprint, but thats minimal. Quote Link to comment Share on other sites More sharing options...
discomatt Posted April 9, 2008 Share Posted April 9, 2008 Can a double-key system work, if, say, you want 5 other people to access it? I was more attempting to reveal a potential problem he might run in to, as he seems like a beginner programmer Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted April 9, 2008 Share Posted April 9, 2008 by double key I mean http://www.mysite.com/cartid=52&code=ast348sgfjl You need the right $_GET['code'] for that $_GET['cartid'] to view it. Its jsut a reduendency to prevent probing. Quote Link to comment Share on other sites More sharing options...
discomatt Posted April 9, 2008 Share Posted April 9, 2008 It works, but why not build a list of user_id's allowed to modify the cart? That way you wouldn't be relying on cryptic id's whatsoever The user doesn't have to log in and check their email for the link every time they want to modify the cart Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted April 9, 2008 Share Posted April 9, 2008 because 99% of users don't like to login to a site to build a shopping cart. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.