frankos Posted January 9, 2014 Share Posted January 9, 2014 Hi everyone, i have two websites: 1 - a normal website which requires to login to browse it 2 - a shop (PrestaShop 1.5.6.0) at the moment everytime that someone registers on the website i automatically create the user in the shop with the same credentials. My goal now is start the session of both the websites at the same time or better every time that someone login into the the website should be automatically logged in also on the shop Any Idea or suggestion on how to do it? I was thinking about try with CURL Thanks for any help Link to comment Share on other sites More sharing options...
krisives Posted January 9, 2014 Share Posted January 9, 2014 Good thing you asked! I did a search for session_start and didn't find anything in the core: https://github.com/PrestaShop/PrestaShop/search?q=session_start&ref=cmdform Looking a bit closer and thinking back they do not use PHP sessions directly to save data, which makes sense because most things in PrestaShop are stored in the database, so they use a cookie instead. The cookie appears to be managed by classes/Cookie.php https://github.com/PrestaShop/PrestaShop/blob/1.6/classes/Cookie.php#L189 To get an idea of how I would load the cookie / hook up with prestashop I found config.inc.php seemed to show it's usage: https://github.com/PrestaShop/PrestaShop/blob/1.6/config/config.inc.php#L135 There are some object dependencies though At the end of the day it will come down to checking an MD5 hash that is in a cookie (which you can probably just get with $_COOKIE in your site). The code in PrestaShop that does this is not great, because it actually leaks your password/login credentials: https://github.com/PrestaShop/PrestaShop/blob/1.6/classes/Customer.php#L485 $sql = 'SELECT `id_customer` FROM `'._DB_PREFIX_.'customer` WHERE `id_customer` = '.$id_customer.' AND `passwd` = \''.$passwd.'\''; So you can check the database the same way to see if the cookie is a logged in user hash or not. I really don't like how PrestaShop is doing this, since it can be used for replay attacks. Please anyone correct me if anything I said is wrong! 2 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now