Is this basket coding relevant? Delete, keeps bits, or keep it all?!?

Hi there,

A web designer coded our basket in the past and I am now designing the web site myself. I would be appreciative if someone could just browse the two separate bits of code below to check that they are all needed. Each piece of code is from a separate php page. I could do one of three things:

1. Delete and not use these pages.:injured:
2. Use relevant parts of code, if you can suggest which should be kept.
3. Keep all coding and include them as they are currently being called upon.

// ** Base 64 Encoding function **
// PHP does it natively but just for consistency and ease of maintenance, let's declare our own function
function base64Encode($plain) {
  // Initialise output variable
  $output = "";
  
  // Do encoding
  $output = base64_encode($plain);
  
  // Return the result
  return $output;
}


// ** Base 64 decoding function **
// PHP does it natively but just for consistency and ease of maintenance, let's declare our own function

function base64Decode($scrambled) {
  // Initialise output variable
  $output = "";
  
  // Fix plus to space conversion issue
  $scrambled = str_replace(" ","+",$scrambled);
  
  // Do encoding
  $output = base64_decode($scrambled);
  
  // Return the result
  return $output;
}


/*  The SimpleXor encryption algorithm                                                                                **
**  NOTE: This is a placeholder really.  Future releases of VSP Form will use AES or TwoFish.  Proper encryption      **
**       This simple function and the Base64 will deter script kiddies and prevent the "View Source" type tampering    **
**      It won't stop a half decent hacker though, but the most they could do is change the amount field to something **
**      else, so provided the vendor checks the reports and compares amounts, there is no harm done.  It's still      **
**      more secure than the other PSPs who don't both encrypting their forms at all                                  */

function simpleXor($InString, $Key) {
  // Initialise key array
  $KeyList = array();
  // Initialise out variable
  $output = "";
  
  // Convert $Key into array of ASCII values
  for($i = 0; $i < strlen($Key); $i++){
    $KeyList[$i] = ord(substr($Key, $i, 1));
  }

  // Step through string a character at a time
  for($i = 0; $i < strlen($InString); $i++) {
    // Get ASCII code from string, get ASCII code from key (loop through with MOD), XOR the two, get the character from the result
    // % is MOD (modulus), ^ is XOR
    $output.= chr(ord(substr($InString, $i, 1)) ^ ($KeyList[$i % strlen($Key)]));
  }

  // Return the result
  return $output;
}

/* The getToken function.                                                                                         **
** NOTE: A function of convenience that extracts the value from the "name=value&name2=value2..." VSP reply string **
**     Works even if one of the values is a URL containing the & or = signs.                                      */

function getToken($thisString) {

  // List the possible tokens
  $Tokens = array(
    "Status",
    "StatusDetail",
    "VendorTxCode",
    "VPSTxId",
    "TxAuthNo",
    "Amount",
    "AVSCV2", 
    "AddressResult", 
    "PostCodeResult", 
    "CV2Result", 
    "GiftAid", 
    "3DSecureStatus", 
    "CAVV" );

  // Initialise arrays
  $output = array();
  $resultArray = array();
  
  // Get the next token in the sequence
  for ($i = count($Tokens)-1; $i >= 0 ; $i--){
    // Find the position in the string
    $start = strpos($thisString, $Tokens[$i]);
    // If it's present
    if ($start !== false){
      // Record position and token name
      $resultArray[$i]->start = $start;
      $resultArray[$i]->token = $Tokens[$i];
    }
  }
  
  // Sort in order of position
  sort($resultArray);

  // Go through the result array, getting the token values
  for ($i = 0; $i<count($resultArray); $i++){
    // Get the start point of the value
    $valueStart = $resultArray[$i]->start + strlen($resultArray[$i]->token) + 1;
    // Get the length of the value
    if ($i==(count($resultArray)-1)) {
      $output[$resultArray[$i]->token] = substr($thisString, $valueStart);
    } else {
      $valueLength = $resultArray[$i+1]->start - $resultArray[$i]->start - strlen($resultArray[$i]->token) - 2;
      $output[$resultArray[$i]->token] = substr($thisString, $valueStart, $valueLength);
    }      

  }

  // Return the ouput array
  return $output;

}

// Randomise based on time
function randomise() {
    list($usec, $sec) = explode(' ', microtime());
    return (float) $sec + ((float) $usec * 100000);
}

This is the second bit of coding:

<?
//mod file created 2007


//read and explode cookies in Array Var
$piecesCode = explode("|", $_COOKIE['TheBasketCode']);
$piecesBasket = explode("|", $_COOKIE['TheBasketName']);
$piecesQTY=explode("|", $_COOKIE['TheBasketQuantity']);
$piecesPrice=explode("|", $_COOKIE['TheBasketPrice']);

$i=0;

//count array lines. 
//piecesCountLine is to set the line count for Protx
//piecesCount is to set the count for the for loop

$piecesCountLine=count($piecesCode);
$piecesCount=count($piecesCode);
$piecesCount=$piecesCount-1;

$pdBasket="";
$pdBasket.="$piecesCountLine:";

//for loop, adding lines to the variable pdBasket;

for ($i=0; $i<=$piecesCount; $i++) {
	$iqty=$piecesQTY[$i];
	$iprice=$piecesPrice[$i];
	$iprice = str_replace("~", "", $iprice);
	$totalPrice=$iqty*$iprice;
	if ($piecesCode[$i]<>"") {
		$pdBasket.=$piecesBasket[$i]." (".$piecesCode[$i] ."):".$piecesQTY[$i].":£".$iprice.":::£".$totalPrice.":";
	}
}

//Add delivery charges calc'd above
$pdBasket.="Delivery:---:---:---:---:£$postage";

//what is in the basket 
//print($pdBasket);
?>

Thanks,

Matt.

That’s not true. PHP sessions work by using a cookie to store a session ID. If that cookie is deleted, then the basket will be lost. The session will only be lost if it expires (there is a time length setting), the user clears cookies or has the “delete all cookies on close of browser” setting on (which is rare).

Yes, I think I would have a long expiry. But I might make it about 2 weeks.

Matt.

I do.

Are you using PHP’s setcookie? If so, you can just do something like:

$expire=time()+60*60*24*30;
setcookie("TheBasketCode", "1234", $expire);

This will set the cookie for a month (current_time + 60 sec * 60 min * 24 hours * 30 days). Unless someone has their settings configured to clear cookie’s on browser close (unlikely).

What about people who have their browser set to clear cookies every time they close their browser?

The problem with storing cart data in a session variable is if someone turns off their computer when they start up again it will not feature the things they added to their basket previously, right?

If this is incorrect can you briefly explain how I can do it.

Matt.

That’s a bad way to code a shopping cart, it’s storing every attribute about a product in a separate cookie. This exposes your cart so it can be viewed, modified, and makes the code harder to work with and maintain/extend.

A better alternative is to store the cart on the server side in a session variable (array).

Also see why short open tags are bad.

Is this basket coding relevant? Delete, keeps bits, or keep it all?!?

That’s a pointless question unless you list the functionality you require.

If your basket still works without the code, then delete it. Otherwise keep it and modify it to suit your needs if required.

All major PHP ecommerce systems use MySQL by default dude. And the ones I’ve worked with already gather information from customers and track carts.

From the sound of your post you aren’t aware of what existing free solutions can do. I would recommend examining them and their code. Even if you decide to stay with your current project, you can learn from them.

http://www.zen-cart.com/
Magento - Home - eCommerce Software for Growth

The only one I’d stay away from is OS Commerce because last time I checked it still hadn’t been brought up to PHP 5.0, let alone PHP current.

I am building a cart from scratch because I am using:

• MySQL Database
• Forms that include the info I need from customers
• Basket that includes info I want customer to see

If I use some software surely it will not talk to my MySQL Database in the way I intend? And what about the look of the basket…doing it myself I can design the look exactly as I want…surely with software, I have to use their template, etc.

Or am I wrong about the limitations?!

Matt.

Why are you building a cart from scratch? Why not Zencart, Magneto or one of a dozen other free solutions already available?