Форуми / Cotonti / Development / Plugin which adds a random value to the database on each page load

foxhound
#1 15.03.2015 22:57

I am trying to identify a user/guest and know if he is on my website while he connects to a different server. So, for that I am using a session  in some custom php I wrote over the last few weeks.
However, this PHP script I made runs outside of Cotonti, I query the DB for a few values but thats it.
Since my script is actually working and doing what it is supposed to be doing I want to change it now so it gets embedded properly within my website and for that I need to make it a plugin.

Can someone explain to me how to make a plugin which will load with ever page request a user makes on my website please? Cause I really have no idea how to make it and where to start to make it work with every page request.
I was looking through the common.php and sure I can edit it and add it there, but I rather have this as a plugin so the core stays clean of my stuff :)

 

Oh, I know there are already sessions created but those are of no use for me as they are the same for the entire session. I need to create unique session values with each page request so i can cross check a users presence.

 

<img src="http://www.armaholic.com/datas/thumbs/green-sea-battalion-uniforms-version-03-preview_4.jpg" alt="green-sea-battalion-uniforms-version-03-" />
Dayver
#2 15.03.2015 23:28

Read extensions/extdevguide and try to create a simple plugin myplug with two files 1) myplug.setup.php 2) myplug.global.php in his us hook "input" or "global" with your needed code. Then your code will be attached in common.php (will load with ever page request) but common.php not be hacked and after upgrades your code be will work

Pavlo Tkachenko aka Dayver
foxhound
#3 16.03.2015 21:33

Thanks, that link was very usefull.
I am now making my first real plugin :)

 

Added 5 days later:

Ok, here is the first plugin I have made and I am actually hoping anyone can take a look and tell me if I should change something or if things should be done differently.
Due to me using this plugin for a specific feature on my website I will remove some stuff otherwise people could abuse it but the removed content wont cause issues to understand what it does I think.

But, what it does is...create a random session (an md5 string) in the database which I will check and compare elewhere.


 

<?php

/* ====================
[BEGIN_SED]
File=plugins/sessions/sessions.php
Version=1.0
Updated=2015-march-21
Type=Plugin
Author=Foxhound
Description=Insert a unique session with each pageload on pages only
[END_SED]

[BEGIN_SED_EXTPLUGIN]
Code=sessions
Part=
File=sessions
Hooks=global
Tags=
Minlevel=0
Order=1
[END_SED_EXTPLUGIN]

============ */


if (!defined('SED_CODE')) { die('Wrong URL.'); }

// here we check if we are working on the download system, if no all session stuff is set else we exit
if ($cfg['plugin']['sessions']['workinprogress'] != 'Yes')
	{
		$ses_pageid = sed_import('id','G','INT');
		$ses_userid = $usr['id'];
		$ses_username = $usr['name'];
			if ($ses_username == "") {
					$ses_username = "guest";
			}
		$ses_userip = $usr['ip'];
					
		$ses_sql1 = sed_sql_query("SELECT online_ip, online_location, online_sessionid, online_randomer FROM $db_online WHERE online_ip='$ses_userip'");	
			while ($row = sed_sql_fetcharray($ses_sql1)) {
				$ses_userloc = $row['online_location'];
				$ses_usersessionid = $row['online_sessionid'];
				$ses_randomer = $row['online_randomer'];
			}
		
		if ($ses_userloc == "Pages") {
			$dwnldlink_sql1 = sed_sql_query("SELECT page_id, page_extra_url FROM $db_pages WHERE page_id='$ses_pageid'");
				while ($row = sed_sql_fetcharray($dwnldlink_sql1)) {
					$ses_downloadurl = $row['page_extra_url'];
				}

			// create random string
			$ses_randomer = "";
			$ses_str_length = xx;
				for($ses_i=0; $ses_i<$ses_str_length; $ses_i++){
					$ses_rand_number = mt_rand(0,xx);
					$ses_string = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx";
					$ses_randomer .= substr($ses_string, $ses_rand_number, 1);
				}

			$ses_usersessionid = md5($ses_xxxxx . md5($ses_randomer));
				
			$ses_sql1 = sed_sql_query("UPDATE $db_online SET online_sessionid='$ses_usersessionid', online_randomer='$ses_randomer' WHERE online_ip='$ses_userip'");
		}
		
		// this is required cause we never know if the visitor does actually click the downloadlink on the page he visitted!
		if (($ses_userloc != "Pages") && ((!empty($ses_usersessionid)) || (!empty($ses_randomer)))) {
			$ses_sql_u1 = sed_sql_query("UPDATE $db_online SET online_sessionid='', online_randomer='' WHERE online_ip='$ses_userip'");
			
		}
	}
?>


Some things:
- I know md5 is not the safest, yet the sessionID wont contain any sensetive data. Its just for me to check a users presence with a certain value (random). I use md5 just to make it unreadable in case someone decides to dig further.
- I remove the sessionID string if not on pages to make sure it can not be abused (its actually only valid for one page view and/or action.
- no, It did not take me all those days just to write this. In addition to this I made another plugin which works together with this (the workinprogress thing) and in addition another script in another location checks stuff.


Any tips? Thoughts?
Its my first real fully coded plugin, so if I did do real stupid stuff please be gentle :)

<img src="http://www.armaholic.com/datas/thumbs/green-sea-battalion-uniforms-version-03-preview_4.jpg" alt="green-sea-battalion-uniforms-version-03-" />

Відредаговано: foxhound (21.03.2015 22:53, 9 років тому)
Dayver
#4 22.03.2015 17:49
  1. This is plug for Cotonti Genoa?
  2. For
        ...
        if ($ses_userloc == "Pages") {
        ...
    	
    May be us on of this params?
        $location = 'Pages';
        $z = 'page';
        
    But it doesn't so matter
Pavlo Tkachenko aka Dayver
foxhound
#5 22.03.2015 17:55

Yeah, its for Genoa, I still have not moved over to Sienna :)

But, I do not understand what you mean with: 

$location = 'Pages';
$z = 'page';


I am using $ses_userloc which got its value from a database query (checking where the user is from the sed_online table). Your code gets values from where?

Added 16 hours later:

Ahhhh, I see. Location is already an available variable so I dont have to query the DB for the location at all. ($location)

I am just unable to find where this is actually being set. Its not in the common.php and I also found nothing in the functions.php. Any idea where the value of location is actually gotten from?

<img src="http://www.armaholic.com/datas/thumbs/green-sea-battalion-uniforms-version-03-preview_4.jpg" alt="green-sea-battalion-uniforms-version-03-" />

Відредаговано: foxhound (23.03.2015 10:50, 9 років тому)
Dayver
#6 24.03.2015 12:59

This see in start Page module file https://github.com/Cotonti/Cotonti/blob/genoa/page.php#L14 / But only for Genoa

Pavlo Tkachenko aka Dayver
foxhound
#7 24.03.2015 22:38

I see, thanks for the info. Saved me an additional query which was not really needed and since its a very busy website with many hundreds active visitors each minute whatever I can save is welcome :)

<img src="http://www.armaholic.com/datas/thumbs/green-sea-battalion-uniforms-version-03-preview_4.jpg" alt="green-sea-battalion-uniforms-version-03-" />