osCommerce France : Accueil Forum Portail osCommerce France Réponses aux questions Foire aux contributions

Bienvenue invité ( Connexion | Inscription )

 
Reply to this topicStart new topic
> créer une session $organization_id dans une session $customer_id [résolu]
equisol
posté 24 Dec 2014, 13:01
Message #1


Ceinture jaune+ OSC
Icône de groupe

Groupe : Membres
Messages : 124
Inscrit : 7-November 07
Lieu : Lyon
Membre no 19668



Bonjour,

Je travaille sur le développement d'un site avec pour base la v2.3.3.4. La particularité de ce site est qu'un client, si et seulement s'il est connecté, peut accéder à un autre espace privé.
Concrètement, lorsqu'un client se logue, le bouton "déconnexion" s'affiche ainsi que le bouton "organisations". Si le client clique sur "organisations" pour la 1ère fois, il lui est demandé d'enregistrer un mot de passe; et s'il a déjà enregistré un mot de passe, on lui demande de le saisir pour accéder à l'espace privé.
Cet espace privé est commun à plusieurs clients, comme un espace de coworking par exemple.

Pour se faire, j'ai réuni dans la même page ces 2 phases de connexion. Un champ customer_password_coactivities a été créé dans la table CUSTOMERS : s'il est vide alors on affiche la phase de création du mot de passe, sinon la phase de saisie du mot de passe.
Une table COACTIVITIES_INFO a également été créée. Elle correspond à la table CUSTOMERS_INFO, mais comprend un champ en plus customers_id.

Une fois que le client s'est logué, il est redirigé vers la page FILENAME_ORGANIZATIONS.

Le code se présente comme suit :
Code
<?php

  require('includes/application_top.php');

  if (!tep_session_is_registered('customer_id')) {
    $navigation->set_snapshot();
    tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
  }

  require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ACCOUNT_PASSWORD_COACTIVITIES);

///First login -> create password
  $process = false;
  if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
    $process = true;

    $password = tep_db_prepare_input($HTTP_POST_VARS['password']);
    $confirmation = tep_db_prepare_input($HTTP_POST_VARS['confirmation']);

    $error = false;

    if (strlen($password) < ENTRY_PASSWORD_MIN_LENGTH) {
      $error = true;

      $messageStack->add('create_password_coactivities', ENTRY_PASSWORD_ERROR);
    } elseif ($password != $confirmation) {
      $error = true;

      $messageStack->add('create_password_coactivities', ENTRY_PASSWORD_ERROR_NOT_MATCHING);
    }

    if ($error == false) {
      $sql_data_array = array('customers_password_coactivities' => tep_encrypt_password($password));

      tep_db_perform(TABLE_CUSTOMERS, $sql_data_array);

      if (SESSION_RECREATE == 'True') {
        tep_session_recreate();
      }

      tep_redirect(tep_href_link(FILENAME_ORGANIZATIONS, '', 'SSL'));
    }
  }
///

///Login coactivities
  $error = false;
  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
    $password = tep_db_prepare_input($HTTP_POST_VARS['password']);

    $check_customer_query = tep_db_query("select customers_id, customers_password_coactivities from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
// Check that password is good
      if (!tep_validate_password($password, $check_customer['customers_password_coactivities'])) {
        $error = true;
      } else {
        if (SESSION_RECREATE == 'True') {
          tep_session_recreate();
        }

// migrate old hashed password to new phpass password
        if (tep_password_type($check_customer['customers_password_coactivities']) != 'phpass') {
          tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password_coactivities = '" . tep_encrypt_password($password) . "' where customers_id = '" . (int)$check_customer['customers_id'] . "'");
        }

        $customer_id = $check_customer['customers_id'];
        tep_session_register('customer_id');

        tep_db_query("update " . TABLE_COACTIVITIES_INFO . " set coactivities_info_date_of_last_logon = now(), coactivities_info_number_of_logons = coactivities_info_number_of_logons+1, password_reset_key = null, password_reset_date = null where customers_id = '" . (int)$customer_id . "'");

// reset session token
        $sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());

        tep_redirect(tep_href_link(FILENAME_ORGANIZATIONS, '', 'SSL'));
      }
  }

  if ($error == true) {
    $messageStack->add('login_coactivities', TEXT_LOGIN_ERROR);
  }
///

  $check_password_exist_query = tep_db_query("select customers_password_coactivities from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
  $check_password_exist = tep_db_fetch_array($check_password_exist_query);    

  $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_ACCOUNT_PASSWORD_COACTIVITIES, '', 'SSL'));

  require(DIR_WS_INCLUDES . 'template_top.php');
  require('includes/form_check.js.php');
?>

<h1><?php echo HEADING_TITLE; ?></h1>

<?php
  if ($messageStack->size('login_coactivities') > 0) {
    echo $messageStack->output('login_coactivities');
  }

  if ($messageStack->size('create_password_coactivities') > 0) {
    echo $messageStack->output('create_password_coactivities');
  }
?>

<?php
    if (tep_not_null($check_password_exist['customers_password_coactivities'])) {
?>
<div class="contentContainer">
  <h2><?php echo HEADING_PASSWORD_COACTIVITIES; ?></h2>

  <div class="contentText">
    <?php echo tep_draw_form('login_coactivities', tep_href_link(FILENAME_ACCOUNT_PASSWORD_COACTIVITIES, 'action=process', 'SSL'), 'post', '', true); ?>

    <table border="0" cellspacing="0" cellpadding="2" width="100%">
      <tr>
        <td class="fieldKey"><?php echo ENTRY_PASSWORD; ?></td>
        <td class="fieldValue"><?php echo tep_draw_password_field('password'); ?></td>
      </tr>
    </table>

    <p><?php echo '<a href="' . tep_href_link(FILENAME_PASSWORD_COACTIVITIES_FORGOTTEN, '', 'SSL') . '">' . TEXT_PASSWORD_COACTIVITIES_FORGOTTEN . '</a>'; ?></p>

    <p align="right"><?php echo tep_draw_button(IMAGE_BUTTON_LOGIN, 'key', null, 'primary'); ?></p>

    </form>
  </div>
</div>
<?php
    } else {
?>
<?php echo tep_draw_form('create_password_coactivities', tep_href_link(FILENAME_ACCOUNT_PASSWORD_COACTIVITIES, '', 'SSL'), 'post', 'onsubmit="return check_form(create_password_coactivities);"', true) . tep_draw_hidden_field('action', 'process'); ?>

<div class="contentContainer">
  <span class="inputRequirement" style="float: right;"><?php echo FORM_REQUIRED_INFORMATION; ?></span>
  <h2><?php echo HEADING_PASSWORD_COACTIVITIES_FIRST; ?></h2>

  <div class="contentText">
    <table border="0" cellspacing="2" cellpadding="2" width="100%">
      <tr>
        <td class="fieldKey"><?php echo ENTRY_PASSWORD; ?></td>
        <td class="fieldValue"><?php echo tep_draw_password_field('password') . '&nbsp;' . (tep_not_null(ENTRY_PASSWORD_TEXT) ? '<span class="inputRequirement">' . ENTRY_PASSWORD_TEXT . '</span>': ''); ?></td>
      </tr>
      <tr>
        <td class="fieldKey"><?php echo ENTRY_PASSWORD_CONFIRMATION; ?></td>
        <td class="fieldValue"><?php echo tep_draw_password_field('confirmation') . '&nbsp;' . (tep_not_null(ENTRY_PASSWORD_CONFIRMATION_TEXT) ? '<span class="inputRequirement">' . ENTRY_PASSWORD_CONFIRMATION_TEXT . '</span>': ''); ?></td>
      </tr>
    </table>
  </div>

  <div class="buttonSet">
    <span class="buttonAction"><?php echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'person', null, 'primary'); ?></span>
  </div>
</div>

</form>
<?php
    }
?>

<?php
  require(DIR_WS_INCLUDES . 'template_bottom.php');
  require(DIR_WS_INCLUDES . 'application_bottom.php');
?>

Avant d'aller plus loin, j'ai besoin d'un regard extérieur pour plusieurs points :
1- n'étant pas un as du php, j'ai recopié certaines parties de code qui ne sont peut-être pas nécessaires
2- lors de la phase de création du mot de passe, il est créé dans la table CUSTOMERS un nouvel enregistrement, avec un id et le mot de passe crypté dans le champ customer_password_coactivities => comment faire pour ne pas créer un nouvel enregistrement et que le mot de passe s'enregistre bien dans l'enregistrement du $customer_id en cours ? Je ne trouve pas à quel niveau ça se passe.
3- quelqu'un pourrait-il m'expliquer les points incontournables à checker pour la création d'une session ?
4- comment créer !tep_session_is_registered('organization_id'), l'équivalent de !tep_session_is_registered('customer_id'), pour accéder aux pages de l'espace privé ?

Merci !!

Ce message a été modifié par equisol - 28 Dec 2014, 12:15.


--------------------
Goo69
Go to the top of the page
 
equisol
posté 27 Dec 2014, 12:26
Message #2


Ceinture jaune+ OSC
Icône de groupe

Groupe : Membres
Messages : 124
Inscrit : 7-November 07
Lieu : Lyon
Membre no 19668



Bon, ça y est, tout fonctionne !
Voici le code corrigé de la page de connexion à l'espace commun privé :
Code
<?php

  require('includes/application_top.php');

  if (!tep_session_is_registered('customer_id')) {
    $navigation->set_snapshot();
    tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL'));
  }

  require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ACCOUNT_PASSWORD_COACTIVITIES);

///First login -> create password
  $process = false;
  if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
    $process = true;

    $password_first = tep_db_prepare_input($HTTP_POST_VARS['password_first']);
    $confirmation = tep_db_prepare_input($HTTP_POST_VARS['confirmation']);

    $error = false;

    if (strlen($password_first) < ENTRY_PASSWORD_MIN_LENGTH) {
      $error = true;

      $messageStack->add('create_password_coactivities', ENTRY_PASSWORD_ERROR);
    } elseif ($password_first != $confirmation) {
      $error = true;

      $messageStack->add('create_password_coactivities', ENTRY_PASSWORD_ERROR_NOT_MATCHING);
    }

    if ($error == false) {
      $sql_data_array = array('customers_password_coactivities' => tep_encrypt_password($password_first));

      tep_db_perform(TABLE_CUSTOMERS, $sql_data_array, 'update', "customers_id = '" . (int)$customer_id . "'");

      if (SESSION_RECREATE == 'True') {
        tep_session_recreate();
      }

      tep_redirect(tep_href_link(FILENAME_ORGANIZATIONS, '', 'SSL'));
    }
  }
///

///Login coactivities
  $error = false;
  if (isset($HTTP_GET_VARS['action']) && ($HTTP_GET_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) {
    $password = tep_db_prepare_input($HTTP_POST_VARS['password']);

    $check_customer_query = tep_db_query("select customers_id, customers_password_coactivities from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
      $check_customer = tep_db_fetch_array($check_customer_query);
// Check that password is good
      if (!tep_validate_password($password, $check_customer['customers_password_coactivities'])) {
        $error = true;
      } else {
        if (SESSION_RECREATE == 'True') {
          tep_session_recreate();
        }

// migrate old hashed password to new phpass password
        if (tep_password_type($check_customer['customers_password_coactivities']) != 'phpass') {
          tep_db_query("update " . TABLE_CUSTOMERS . " set customers_password_coactivities = '" . tep_encrypt_password($password) . "' where customers_id = '" . (int)$check_customer['customers_id'] . "'");
        }

    $check_organization_query = tep_db_query("select customers_id, organizations_id from " . TABLE_CUSTOMERS_TO_ORGANIZATIONS . " where customers_id = '" . (int)$customer_id . "'");
      $check_organization = tep_db_fetch_array($check_organization_query);
        $organization_id = $check_organization['organizations_id'];
        tep_session_register('organization_id');

        tep_db_query("update " . TABLE_COACTIVITIES_INFO . " set coactivities_info_date_of_last_logon = now(), coactivities_info_number_of_logons = coactivities_info_number_of_logons+1, password_reset_key = null, password_reset_date = null where customers_id = '" . (int)$customer_id . "'");

// reset session token
        $sessiontoken = md5(tep_rand() . tep_rand() . tep_rand() . tep_rand());

        tep_redirect(tep_href_link(FILENAME_ORGANIZATIONS, '', 'SSL'));
      }
  }

  if ($error == true) {
    $messageStack->add('login_coactivities', TEXT_LOGIN_ERROR);
  }
///

  $check_password_exist_query = tep_db_query("select customers_password_coactivities from " . TABLE_CUSTOMERS . " where customers_id = '" . (int)$customer_id . "'");
  $check_password_exist = tep_db_fetch_array($check_password_exist_query);    

  $breadcrumb->add(NAVBAR_TITLE, tep_href_link(FILENAME_ACCOUNT_PASSWORD_COACTIVITIES, '', 'SSL'));

  require(DIR_WS_INCLUDES . 'template_top.php');
  require('includes/form_check.js.php');
?>

<h1><?php echo HEADING_TITLE; ?></h1>

<?php
  if ($messageStack->size('login_coactivities') > 0) {
    echo $messageStack->output('login_coactivities');
  }

  if ($messageStack->size('create_password_coactivities') > 0) {
    echo $messageStack->output('create_password_coactivities');
  }
?>

<?php
    if (tep_not_null($check_password_exist['customers_password_coactivities'])) {
?>
<div class="contentContainer">
  <h2><?php echo HEADING_PASSWORD_COACTIVITIES; ?></h2>

  <div class="contentText">
    <?php echo tep_draw_form('login_coactivities', tep_href_link(FILENAME_ACCOUNT_PASSWORD_COACTIVITIES, 'action=process', 'SSL'), 'post', '', true); ?>

    <table border="0" cellspacing="0" cellpadding="2" width="100%">
      <tr>
        <td class="fieldKey"><?php echo ENTRY_PASSWORD; ?></td>
        <td class="fieldValue"><?php echo tep_draw_password_field('password'); ?></td>
      </tr>
    </table>

    <p><?php echo '<a href="' . tep_href_link(FILENAME_PASSWORD_COACTIVITIES_FORGOTTEN, '', 'SSL') . '">' . TEXT_PASSWORD_COACTIVITIES_FORGOTTEN . '</a>'; ?></p>

    <p align="right"><?php echo tep_draw_button(IMAGE_BUTTON_LOGIN, 'key', null, 'primary'); ?></p>

    </form>
  </div>
</div>
<?php
    } else {
?>
<?php echo tep_draw_form('create_password_coactivities', tep_href_link(FILENAME_ACCOUNT_PASSWORD_COACTIVITIES, '', 'SSL'), 'post', 'onsubmit="return check_form(create_password_coactivities);"', true) . tep_draw_hidden_field('action', 'process'); ?>

<div class="contentContainer">
  <span class="inputRequirement" style="float: right;"><?php echo FORM_REQUIRED_INFORMATION; ?></span>
  <h2><?php echo HEADING_PASSWORD_COACTIVITIES_FIRST; ?></h2>

  <div class="contentText">
    <table border="0" cellspacing="2" cellpadding="2" width="100%">
      <tr>
        <td class="fieldKey"><?php echo ENTRY_PASSWORD; ?></td>
        <td class="fieldValue"><?php echo tep_draw_password_field('password_first') . '&nbsp;' . (tep_not_null(ENTRY_PASSWORD_TEXT) ? '<span class="inputRequirement">' . ENTRY_PASSWORD_TEXT . '</span>': ''); ?></td>
      </tr>
      <tr>
        <td class="fieldKey"><?php echo ENTRY_PASSWORD_CONFIRMATION; ?></td>
        <td class="fieldValue"><?php echo tep_draw_password_field('confirmation') . '&nbsp;' . (tep_not_null(ENTRY_PASSWORD_CONFIRMATION_TEXT) ? '<span class="inputRequirement">' . ENTRY_PASSWORD_CONFIRMATION_TEXT . '</span>': ''); ?></td>
      </tr>
    </table>
  </div>

  <div class="buttonSet">
    <span class="buttonAction"><?php echo tep_draw_button(IMAGE_BUTTON_CONTINUE, 'person', null, 'primary'); ?></span>
  </div>
</div>

</form>
<?php
    }
?>

<?php
  require(DIR_WS_INCLUDES . 'template_bottom.php');
  require(DIR_WS_INCLUDES . 'application_bottom.php');
?>

Voici le test de session à l'ouverture de la page organizations.php :
Code
  if (!tep_session_is_registered('organization_id')) {
    tep_redirect(tep_href_link(FILENAME_DEFAULT, '', 'SSL'));
  }

Enfin, la déconnexion avec logoff.php
Code
  tep_session_unregister('customer_id');
  tep_session_unregister('organization_id');
  tep_session_unregister('customer_default_address_id');
  tep_session_unregister('customer_first_name');
  tep_session_unregister('customer_country_id');
  tep_session_unregister('customer_zone_id');
  tep_session_unregister('comments');

Bon, c'est très basic pour l'instant, mais ça fonctionne !


--------------------
Goo69
Go to the top of the page
 

Reply to this topicStart new topic
1 utilisateur(s) sur ce sujet (1 invité(s) et 0 utilisateur(s) anonyme(s))
0 membre(s) :

 



RSS Version bas débit Nous sommes le : 22nd November 2017 - 17:40
Ce site est déclaré auprès de la commision Nationale
de l'Informatique et des Libertés (déclaration n°: 1043896)