store visitor hash in session instead of api key

eug-L · eug-L · commit 5d2a80fcfce7 · 2025-03-12T14:59:15.000+08:00
diff --git a/prestashop1.7/tawkto.php b/prestashop1.7/tawkto.php
@@ -35,7 +35,7 @@ class Tawkto extends Module
     public const TAWKTO_WIDGET_OPTS = 'TAWKTO_WIDGET_OPTS';
     public const TAWKTO_WIDGET_USER = 'TAWKTO_WIDGET_USER';
     public const TAWKTO_SELECTED_WIDGET = 'TAWKTO_SELECTED_WIDGET';
-    public const TAWKTO_JS_API_KEY = 'TAWKTO_JS_API_KEY';
+    public const TAWKTO_VISITOR_SESSION = 'TAWKTO_VISITOR_SESSION';
 
     /**
      * __construct
@@ -115,7 +115,11 @@ public function hookDisplayFooter()
         $widgetId = $current_widget['widget_id'];
 
         $result = Configuration::get(self::TAWKTO_WIDGET_OPTS);
-        $enable_visitor_recognition = true; // default value
+        // default values
+        $enable_visitor_recognition = true;
+        $js_api_key = '';
+        $config_version = 0;
+
         if ($result) {
             $options = json_decode($result);
             $current_page = (string) $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
@@ -124,6 +128,14 @@ public function hookDisplayFooter()
                 $enable_visitor_recognition = $options->enable_visitor_recognition;
             }
 
+            if (isset($options->js_api_key)) {
+                $js_api_key = $options->js_api_key;
+            }
+
+            if (isset($options->config_version)) {
+                $config_version = $options->config_version;
+            }
+
             // prepare visibility
             if (false == $options->always_display) {
                 // show on specified urls
@@ -181,12 +193,7 @@ public function hookDisplayFooter()
             $customer_name = $customer->firstname . ' ' . $customer->lastname;
             $customer_email = $customer->email;
 
-            try {
-                $key = $this->getJsApiKey($options->js_api_key);
-                $hash = hash_hmac('sha256', $customer_email, $key);
-            } catch (Exception $e) {
-                $hash = '';
-            }
+            $hash = $this->getVisitorHash($customer_email, $js_api_key, $config_version);
         }
 
         $this->context->smarty->assign([
@@ -299,29 +306,41 @@ private function getArrayFromJson($data)
     }
 
     /**
-     * Retrieve JS API key
+     * Get visitor hash
      *
-     * @param string $js_api_key Encrypted JS API key
+     * @param string $email Visitor email
+     * @param string $js_api_key JS API key
+     * @param int $config_version Config version
      *
      * @return string
-     *
-     * @throws Exception error retrieving JS API key
      */
-    private function getJsApiKey(string $js_api_key)
+    private function getVisitorHash(string $email, string $js_api_key, int $config_version)
     {
-        if (empty($js_api_key)) {
-            throw new Exception('JS API key is empty');
+        if (isset($_SESSION[self::TAWKTO_VISITOR_SESSION])) {
+            $current_session = $_SESSION[self::TAWKTO_VISITOR_SESSION];
+
+            if (isset($current_session['hash'])
+                && $current_session['email'] === $email
+                && $current_session['config_version'] === $config_version) {
+                return $current_session['hash'];
+            }
         }
 
-        if (isset($_SESSION[self::TAWKTO_JS_API_KEY])) {
-            return $_SESSION[self::TAWKTO_JS_API_KEY];
+        if (empty($js_api_key)) {
+            return '';
         }
 
         $key = $this->getDecryptedData($js_api_key);
 
-        $_SESSION[self::TAWKTO_JS_API_KEY] = $key;
+        $hash = hash_hmac('sha256', $email, $key);
+
+        $_SESSION[self::TAWKTO_VISITOR_SESSION] = [
+            'hash' => $hash,
+            'email' => $email,
+            'config_version' => $config_version,
+        ];
 
-        return $key;
+        return $hash;
     }
 
     /**
diff --git a/prestashop8.x/tawkto.php b/prestashop8.x/tawkto.php
@@ -34,7 +34,7 @@ class Tawkto extends Module
     public const TAWKTO_WIDGET_OPTS = 'TAWKTO_WIDGET_OPTS';
     public const TAWKTO_WIDGET_USER = 'TAWKTO_WIDGET_USER';
     public const TAWKTO_SELECTED_WIDGET = 'TAWKTO_SELECTED_WIDGET';
-    public const TAWKTO_JS_API_KEY = 'TAWKTO_JS_API_KEY';
+    public const TAWKTO_VISITOR_SESSION = 'TAWKTO_VISITOR_SESSION';
 
     /**
      * __construct
@@ -114,7 +114,11 @@ public function hookDisplayFooter()
         $widgetId = $current_widget['widget_id'];
 
         $result = Configuration::get(self::TAWKTO_WIDGET_OPTS);
-        $enable_visitor_recognition = true; // default value
+        // default values
+        $enable_visitor_recognition = true;
+        $js_api_key = '';
+        $config_version = 0;
+
         if ($result) {
             $options = json_decode($result);
             $current_page = (string) $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
@@ -123,6 +127,14 @@ public function hookDisplayFooter()
                 $enable_visitor_recognition = $options->enable_visitor_recognition;
             }
 
+            if (isset($options->js_api_key)) {
+                $js_api_key = $options->js_api_key;
+            }
+
+            if (isset($options->config_version)) {
+                $config_version = $options->config_version;
+            }
+
             // prepare visibility
             if (false == $options->always_display) {
                 // show on specified urls
@@ -180,12 +192,7 @@ public function hookDisplayFooter()
             $customer_name = $customer->firstname . ' ' . $customer->lastname;
             $customer_email = $customer->email;
 
-            try {
-                $key = $this->getJsApiKey($options->js_api_key);
-                $hash = hash_hmac('sha256', $customer_email, $key);
-            } catch (Exception $e) {
-                $hash = '';
-            }
+            $hash = $this->getVisitorHash($customer_email, $js_api_key, $config_version);
         }
 
         $this->context->smarty->assign([
@@ -297,29 +304,41 @@ private function getArrayFromJson($data)
     }
 
     /**
-     * Retrieve JS API key
+     * Get visitor hash
      *
-     * @param string $js_api_key Encrypted JS API key
+     * @param string $email Visitor email
+     * @param string $js_api_key JS API key
+     * @param int $config_version Config version
      *
      * @return string
-     *
-     * @throws Exception error retrieving JS API key
      */
-    private function getJsApiKey(string $js_api_key)
+    private function getVisitorHash(string $email, string $js_api_key, int $config_version)
     {
-        if (empty($js_api_key)) {
-            throw new Exception('JS API key is empty');
+        if (isset($_SESSION[self::TAWKTO_VISITOR_SESSION])) {
+            $current_session = $_SESSION[self::TAWKTO_VISITOR_SESSION];
+
+            if (isset($current_session['hash'])
+                && $current_session['email'] === $email
+                && $current_session['config_version'] === $config_version) {
+                return $current_session['hash'];
+            }
         }
 
-        if (isset($_SESSION[self::TAWKTO_JS_API_KEY])) {
-            return $_SESSION[self::TAWKTO_JS_API_KEY];
+        if (empty($js_api_key)) {
+            return '';
         }
 
         $key = $this->getDecryptedData($js_api_key);
 
-        $_SESSION[self::TAWKTO_JS_API_KEY] = $key;
+        $hash = hash_hmac('sha256', $email, $key);
+
+        $_SESSION[self::TAWKTO_VISITOR_SESSION] = [
+            'hash' => $hash,
+            'email' => $email,
+            'config_version' => $config_version,
+        ];
 
-        return $key;
+        return $hash;
     }
 
     /**
