Connecting Php App With Cs-Cart

I did a php script that communicates with the cs-cart database but I want to control who can run the script.

How can I check if there is an admin account active with session on? Basically I would like to check if who is running the script is an user and have a login session on the backoffice on.

Thanks in advance.

$uid = empty($_SESSION['auth']['user_id']) ? 0 : $_SESSION['auth']['user_id'];

If $uid is non empty, then the user is logged in. You can grab other info from the session auth array to validate your user(s). I will leave that for you to determine.


Just one question, there is any way to check if the user is an admin or not using the auth array? Or if there is any different session variables for admins.

Any reason you don't just print out the auth array and see for yourself? Or go look at the code in core/fn.users.php?

But $_SESSION['auth']['area'] will tell you whether it's an admin or customer if it is set.

Thanks very much. I'm going to print out the auth array and take a look on core/fn.users.php more closely.

tbirnseth, do I need to include anything in my php page? Because when I try to check $_SESSION['auth']['area'] or $_SESSION['auth']['user_id'] it were empty.

I tried to print all defined variables and I didn't find any variable defined by cs-cart. So do I need to include anything?

Whatever “agent” is making the call needs to handle session data. If you are running it from your browser and you are not logged in then there will not be any 'auth' data.

The problem is that even with the session_start() I cannot read cs-cart sessions variables.

For example, I have this file on the cs-cart root directory.






When I run the file, all variables are empty. Even after I login into my cs-cart admin, all variables still empty.

I am missing something here? should I do something else?

You have to use the cs-cart Session handler since it is what stores/retrieves session data across pages. It is invoked via init.php.

You are mixing methodologies and the cart is doing exactly what it should, it is protecting itself (and you) from inappropriate requests.

Thank you very much indeed.

It's working now.