ansaurus

Question

Answer 1

+3 A:

edit: As for managing remote sessions through cURL, it depends how the remote site tracks sessions. Some use cookies (which cURL supports), some generate a sessionid token that you have to pass back in subsequent requests, either as a parameter or in the http header.

The docs for PHP's cURL API are pretty sparse, so you may have to hunt for more complete tutorials. I found the following by Googling for "curl cookie tutorial":

http://coderscult.com/php/php-curl/2008/05/20/php-curl-cookies-example/

Bill Karwin 2008-12-02 19:41:07

How would this work - would you pass the user's session ID to curl? For a shopping cart the script needs to see the end-user's session data. By just using curl wouldn't a new session get created on every request, because it is requested from PHP and not the user's browser?

Tom Haigh 2008-12-05 16:14:06

Answer 2

+5 A:

Yes you can do this with ajax.

Use jQuery to do your ajax requests.

e.g

$.get("http://mywebsite.com/json/cart_add.php?pid=25");
$.get("http://mywebsite.com/json/cart_add.php?pid=27");

If you use sessions then it will be added to the current session providing it is on the same domain.

Jay 2008-12-02 19:42:03

That is slick. Is there a security issue to worry about? I can't think of any, but I am not necessarily the best at figuring them out.

MrChrister 2008-12-02 19:44:25

Not really, they would have to hi-jack your session id which should be fine if you NEVER pass it via the url.

Jay 2008-12-02 19:45:48

So as long as the cart_add.php was giving back good responses, no worries. This attack wouldn't apply because you can mitigate the response, right? http://haacked.com/archive/2008/11/20/anatomy-of-a-subtle-json-vulnerability.aspx

MrChrister 2008-12-02 19:48:05

Jay 2008-12-02 19:51:44

Cool. Thank you. I am going to try your method in my project then. +1

MrChrister 2008-12-02 19:52:47

As far as personal information is concerned (secure data), a) you should be doing it over SSL and b) you should never have a public page that dishes out user data simply by passing the user / customer id.It's up to the coder really whether they make it insecure or not.

Jay 2008-12-02 19:54:51

FYI all my json data scripts need to have active sessions in order for them to work, if you are using database sessions this can get quite tough, but it is workable using a token which combines the client user agent with some other user specific data in order to pass to the json responder.

Jay 2008-12-02 19:57:22

This is AJAX however and does not do any JSON so the OP (original poster) should be safe!

Jay 2008-12-02 19:58:00

Answer 3

A:

it really depends on specifics of your site.

if its oo, you may be able to call the relevant methods one after the other to add items to the basket? or you may be able to do this with includes?

or it may be that the site has some include files you can use?

or it may have a mechanism to redirect users after adding items to the basket that you can take advantage of?

or if not, there's other answers that have appeared whilst i was writing that suggest valid ways to achieve this with javascript or curl.

benlumley 2008-12-02 19:43:25

Answer 4

A:

ok i'm going to try the ajax suggestion but i'm not sure how the code is formatted with get and post. this is what i've started and it doesn't fetch the url(i swapped in generic urls for demonstration);

 <html>   
 <head>                                        
 <script type="text/javascript" src="jquery-1.2.6.min.js"></script>          
 <script type="text/javascript">      
 $(document).ready(function() {    
 $("a").click(function(){    
 $.get("http://www.store.com/item4");    
 $.get("http://www.store.com/item5");
 alert("Items Added, Now Redirecting");           
 });    
 });                                                         
 </script>                                                         
 </head>  
 <body>
 <a href="">Link</a>                                                                                               
 </body>                                                                        
 </html>

mrtunes 2008-12-02 20:27:04

What does the script you are targeting output after it adds the items to the cart?

MrChrister 2008-12-02 20:52:21

nothing, i added a post line and it didn't help$.get("http://www.store.com/item5");$.post("http://www.store.com/cart.php");

mrtunes 2008-12-02 20:53:43

Put some outputting code in the script that adds items to the cart. Then use something like this $.get("http://www.store.com/item5", function(data){ alert("Data Loaded: " + data); });To see your output from the page calling the $.get

MrChrister 2008-12-02 21:14:21

hmm, i gave that a shot to no avail. do you know if there's a working example of this sort of thing anywhere?

mrtunes 2008-12-02 23:28:19

you should access the urls you are trying directly to ensure there is not an error in your script. Also make sure you are debugging in Opera or Firefox because IE is awful for javascript debugging unless you have some particular tools installed.

Jay 2008-12-16 15:59:15

Any PHP errors generated when the javascript accesses a script via ajax should show up in the javascript console.

Jay 2008-12-16 16:00:03

ansaurus

tags:

views:

answers:

PHP Script to execute multiple URLs?

related questions