Table of Contents
- type:
- integration
- system:
- PHP
- name:
- SSO (Single Sign-On)
- description:
- An example single sign-on (SSO) (aka "shared authentication") implementation in PHP
- tag:
- sso
- date:
- 2009-05-10
Shared Authentication PHP Sample Code
Please note: The code on this page is submitted by members of the FoxyCart community, and may not verified by FoxyCart.com LLC in any way, shape, or form. Please double check the code before installing. If you need help with it please post in our forum, but if we cannot offer assistance (due to unfamiliarity with this particular system or language) we apologize in advance.
Description
Sample code for using FoxyCart's shared authentication (available in FoxyCart v051+) in PHP.
Installation
Implementing FoxyCart's shared authentication functionality is for advanced users familiar. This code will get you started, but will very like need to be modified to fit your needs. See the Single Sign-On documentation for more details.
Requirements
- FoxyCart v051+
Code
<?php /* FoxyCart Shared Authentication for FoxyCart v051 Two options: Option 1: If you have an existing session-based authentication include file, then include it at the top of this file and use this file as your shared authentication end point in the FoxyCart admin. Ideally, your authentication script should ideally know which FoxyCart customer_id is logged in. Option 2: Include this file in your existing authentication check to create a new, publicly accessible shared authentication endpoint which you'll configure in the FoxyCart admin. Be sure no output has taken place yet, since this file will do a redirect every time. */ /*************** EDIT THESE VALUES *******************/ // Put in a boolean value here which represents if the // current user session is authenticated. $user_is_authenticated = true; // Put in your FoxyCart api / datafeed access key here. // This value should match the value setup in your // FoxyCart admin under "advanced". $foxycart_api_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'; // Put in your full foxycart store domain here. $foxycart_domain = 'MYDOMAIN'; // If the user is not logged in, do you still want to // allow them to proceed to checkout? $allow_non_auth_checkout = true; // if not, you must specify a redirect page (such as your login page?) $redirect_url = 'http://yourdomain.com/login.php'; // Put in your database query or session variable here // for the current logged in user's FoxyCart customer_id $foxycart_customer_id = 123456; /**************************************************/ $return_hash = ''; $customer_id = 0; $timestamp = 0; $fcsid = ''; if ($user_is_authenticated) { $customer_id = $foxycart_customer_id; } if (isset($_GET['timestamp']) && isset($_GET['fcsid'])) { $fcsid = $_GET['fcsid']; $timestamp = $_GET['timestamp'] + (60 * 30); // valid for 30 minutes; } /* // Uncomment this block of code to fetch the current cart contents for this user // Send the session ID $foxyData = array(); $foxyData["fcsid"] = $fcsid; $foxyData["output"] = 'json'; $ch = curl_init(); curl_setopt($ch,CURLOPT_URL,"https://" . $foxycart_domain . "/cart"); curl_setopt($ch,CURLOPT_POSTFIELDS, $foxyData); curl_setopt($ch,CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch,CURLOPT_CONNECTTIMEOUT, 5); curl_setopt($ch,CURLOPT_TIMEOUT, 15); // If you get SSL errors, you can uncomment the following, or ask your host to add the appropriate CA bundle // curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); $response = trim(curl_exec($ch)); if ($response == false) { //FAIL } else { //SUCCESS $response = json_decode($response,true); } curl_close($ch); */ if (!$allow_non_auth_checkout) { if (!$user_is_authenticated) { header('Location: ' . $redirect_url); exit(); } } $redirect_url = 'https://' . $foxycart_domain . '/checkout?fc_auth_token='; $return_hash = sha1($customer_id . '|' . $timestamp . '|' . $foxycart_api_key); $full_redirect = $redirect_url . $return_hash . '&fc_customer_id=' . $customer_id . '×tamp=' . $timestamp . '&fcsid=' . $fcsid; header('Location: ' . $full_redirect); ?>