Index: openacs-4/packages/dotlrn-ecommerce/www/ecommerce/checkout-3.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn-ecommerce/www/ecommerce/checkout-3.tcl,v
diff -u -r1.3 -r1.4
--- openacs-4/packages/dotlrn-ecommerce/www/ecommerce/checkout-3.tcl	30 Jun 2005 21:55:56 -0000	1.3
+++ openacs-4/packages/dotlrn-ecommerce/www/ecommerce/checkout-3.tcl	1 Jul 2005 03:49:42 -0000	1.4
@@ -22,6 +22,8 @@
 }
 
 ec_redirect_to_https_if_possible_and_necessary
+set user_session_id [ec_get_user_session_id]
+ec_create_new_session_if_necessary
 
 # Make sure we have all their necessary info, otherwise they probably got
 # here via url surgery or by pushing Back
@@ -32,7 +34,7 @@
 # 4. The order should have an address associated with it.
 # 5. The order should have credit card and shipping method associated with it.
 
-# We need them to be logged in
+# Require user to be logged in at this point
 if { ! [info exists user_id] } {
     set user_id [ad_verify_and_get_user_id]
 } elseif { $user_id == 0 } {
@@ -44,13 +46,47 @@
     set return_url [ad_return_url]
     ad_returnredirect [export_vars -base login {return_url}]
     ad_script_abort
+} else {
+    # Make sure all orders are owned by the user
+    db_transaction {
+	db_foreach orders {
+	    select order_id as in_basket_order_id
+	    from ec_orders
+	    where order_state = 'in_basket'
+	    and user_session_id = :user_session_id
+	} {
+	    db_dml set_session_orders {
+		update ec_orders
+		set user_id = :user_id
+		where order_id = :in_basket_order_id
+		and user_id = 0
+	    }
+	    
+	    db_foreach items { 
+		select item_id as in_basket_item_id
+		from ec_items
+		where order_id = :in_basket_order_id
+	    } {
+		db_dml set_dotlrn_ecommerce_orders {
+		    update dotlrn_ecommerce_orders
+		    set patron_id = :user_id
+		    where item_id = :in_basket_item_id
+		    and patron_id = 0
+		}
+		db_dml set_dotlrn_ecommerce_orders_2 {
+		    update dotlrn_ecommerce_orders
+		    set participant_id = :user_id
+		    where item_id = :in_basket_item_id
+		    and participant_id = 0
+		}
+	    }
+	}
+    }
 }
 
 # Make sure they have an in_basket order, otherwise they've probably
 # gotten here by pushing Back, so return them to index.tcl
 
-set user_session_id [ec_get_user_session_id]
-ec_create_new_session_if_necessary
 set order_id [db_string get_order_id "
     select order_id 
     from ec_orders 
Index: openacs-4/packages/dotlrn-ecommerce/www/ecommerce/checkout-one-form-2.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn-ecommerce/www/ecommerce/checkout-one-form-2.tcl,v
diff -u -r1.4 -r1.5
--- openacs-4/packages/dotlrn-ecommerce/www/ecommerce/checkout-one-form-2.tcl	30 Jun 2005 21:55:56 -0000	1.4
+++ openacs-4/packages/dotlrn-ecommerce/www/ecommerce/checkout-one-form-2.tcl	1 Jul 2005 03:49:42 -0000	1.5
@@ -127,14 +127,14 @@
 	db_foreach orders {
 	    select order_id as in_basket_order_id
 	    from ec_orders
-	    where user_id = 0
-	    and order_state = 'in_basket'
+	    where order_state = 'in_basket'
 	    and user_session_id = :user_session_id
 	} {
 	    db_dml set_session_orders {
 		update ec_orders
 		set user_id = :user_id
 		where order_id = :in_basket_order_id
+		and user_id = 0
 	    }
 	    
 	    db_foreach items { 
@@ -144,10 +144,16 @@
 	    } {
 		db_dml set_dotlrn_ecommerce_orders {
 		    update dotlrn_ecommerce_orders
-		    set patron_id = :user_id,
-		    participant_id = :user_id
+		    set patron_id = :user_id
 		    where item_id = :in_basket_item_id
+		    and patron_id = 0
 		}
+		db_dml set_dotlrn_ecommerce_orders_2 {
+		    update dotlrn_ecommerce_orders
+		    set participant_id = :user_id
+		    where item_id = :in_basket_item_id
+		    and participant_id = 0
+		}
 	    }
 	}
     }
Index: openacs-4/packages/dotlrn-ecommerce/www/ecommerce/checkout-one-form.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn-ecommerce/www/ecommerce/checkout-one-form.tcl,v
diff -u -r1.3 -r1.4
--- openacs-4/packages/dotlrn-ecommerce/www/ecommerce/checkout-one-form.tcl	30 Jun 2005 13:46:55 -0000	1.3
+++ openacs-4/packages/dotlrn-ecommerce/www/ecommerce/checkout-one-form.tcl	1 Jul 2005 03:49:42 -0000	1.4
@@ -15,7 +15,7 @@
 } {
     usca_p:optional
     
-    user_id:integer,notnull
+    user_id:integer,notnull,optional
     participant_id:integer,optional
 }
 
@@ -74,13 +74,81 @@
     }
 }
 
-ec_redirect_to_https_if_possible_and_necessary
+set user_session_id [ec_get_user_session_id]
 
+# Require user to be logged in at this point
+if { ! [info exists user_id] } {
+    set user_id [ad_verify_and_get_user_id]
+} elseif { $user_id == 0 } {
+    set user_id [ad_verify_and_get_user_id]
+}
+
+if {![ad_secure_conn_p]} {
+    if { ![ec_ssl_available_p] } {
+	ad_return_error "No SSL available" "
+		    We're sorry, but we cannot display this page because SSL isn't available from this site.  Please contact <a href=\"mailto:[ad_system_owner]\">[ad_system_owner]</a> for assistance.
+		    "
+    } else {
+	set secure_url "[ec_secure_location][ns_conn url]"
+	set vars_to_export [ec_export_entire_form_as_url_vars_maybe]
+	if { ![empty_string_p $vars_to_export] } {
+	    set secure_url "$secure_url?$vars_to_export"
+	}
+
+	set register_url "login?return_url=[ns_urlencode $secure_url]&http_id=$user_id&user_session_id=$user_session_id"
+	ad_returnredirect $register_url
+	ad_script_abort
+    }
+}
+
+if {$user_id == 0} {
+    set form [rp_getform]
+    ns_set delkey $form user_id
+    set return_url [ad_return_url]
+    ad_returnredirect [export_vars -base login {return_url}]
+    ad_script_abort
+} else {
+    # Make sure all orders are owned by the user
+    db_transaction {
+	db_foreach orders {
+	    select order_id as in_basket_order_id
+	    from ec_orders
+	    where order_state = 'in_basket'
+	    and user_session_id = :user_session_id
+	} {
+	    db_dml set_session_orders {
+		update ec_orders
+		set user_id = :user_id
+		where order_id = :in_basket_order_id
+		and user_id = 0
+	    }
+	    
+	    db_foreach items { 
+		select item_id as in_basket_item_id
+		from ec_items
+		where order_id = :in_basket_order_id
+	    } {
+		db_dml set_dotlrn_ecommerce_orders {
+		    update dotlrn_ecommerce_orders
+		    set patron_id = :user_id
+		    where item_id = :in_basket_item_id
+		    and patron_id = 0
+		}
+		db_dml set_dotlrn_ecommerce_orders_2 {
+		    update dotlrn_ecommerce_orders
+		    set participant_id = :user_id
+		    where item_id = :in_basket_item_id
+		    and participant_id = 0
+		}
+	    }
+	}
+    }
+}
+
 # Make sure they have an in_basket order, otherwise they've probably
 # gotten here by pushing Back, so return them to index.tcl
 
 #set user_id [ad_conn user_id]
-set user_session_id [ec_get_user_session_id]
 ec_create_new_session_if_necessary
 
 ec_log_user_as_user_id_for_this_session
Index: openacs-4/packages/dotlrn-ecommerce/www/ecommerce/finalize-order.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/dotlrn-ecommerce/www/ecommerce/finalize-order.tcl,v
diff -u -r1.2 -r1.3
--- openacs-4/packages/dotlrn-ecommerce/www/ecommerce/finalize-order.tcl	30 Jun 2005 11:50:07 -0000	1.2
+++ openacs-4/packages/dotlrn-ecommerce/www/ecommerce/finalize-order.tcl	1 Jul 2005 03:49:42 -0000	1.3
@@ -20,11 +20,51 @@
     participant_id:integer,optional
 }
 
+set user_session_id [ec_get_user_session_id]
+
+# Require user to be logged in at this point
 if { ! [info exists user_id] } {
     set user_id [ad_verify_and_get_user_id]
 } elseif { $user_id == 0 } {
     set user_id [ad_verify_and_get_user_id]
 }
+if {$user_id == 0} {
+    set form [rp_getform]
+    ns_set delkey $form user_id
+    set return_url [ad_return_url]
+    ad_returnredirect [export_vars -base login {return_url}]
+    ad_script_abort
+} else {
+    # Make sure all orders are owned by the user
+    db_transaction {
+	db_foreach orders {
+	    select order_id as in_basket_order_id
+	    from ec_orders
+	    where user_id = 0
+	    and order_state = 'in_basket'
+	    and user_session_id = :user_session_id
+	} {
+	    db_dml set_session_orders {
+		update ec_orders
+		set user_id = :user_id
+		where order_id = :in_basket_order_id
+	    }
+	    
+	    db_foreach items { 
+		select item_id as in_basket_item_id
+		from ec_items
+		where order_id = :in_basket_order_id
+	    } {
+		db_dml set_dotlrn_ecommerce_orders {
+		    update dotlrn_ecommerce_orders
+		    set patron_id = :user_id,
+		    participant_id = :user_id
+		    where item_id = :in_basket_item_id
+		}
+	    }
+	}
+    }
+}
 
 # If they reload, we don't have to worry about the credit card
 # authorization code being executed twice because the order has
@@ -65,7 +105,6 @@
 # otherwise redirect them to index.tcl
 
 # user session tracking
-set user_session_id [ec_get_user_session_id]
 
 ec_log_user_as_user_id_for_this_session