So i have this webshop running on a server, it's working fine on every pc i have been able to get my hands on. but for some reason quite often customers still have problems with one header(location ) to a payment site. I checked everything codewise and tried a hundred different ways of breaking the payment link but haven't found one.
I'm assuming it's the header(location: ...) or the fact that it's three in a row (some php only verification pages inbetween) which might give some version trouble but i'm only guessing.
snip out of the index.php
ob_start();
require_once($Content_Path);
$zpfw_page_output = ob_get_contents();
ob_end_clean();
//************************************************
// Include the requested header / footer / etc..
//************************************************
//Here we include the HEADER HTML.
require_once($Config['AbsolutePath'] . '_headers/' . $Config['HeaderFilename']);
//Here we include the PHP PAGE.
echo $zpfw_page_output;
//Here we include the FOOTER HTML.
require_once($Config['AbsolutePath'] . '_footers/' . $Config['FooterFilename']);
The Content page is the only thing that changes ($Content_Path) So the customers puts hit products that he wants to buy in his basket and goes towards checkout, now every post done on our pages go to a posttogethandler to make it seo friendly (the indexpages uses the first 2 parameters (www.google.nl/module/page/test)
to change the content path everything behind that are used as parameters $_Get[Param1] = 'test'
posttogethandler.php:
<?php
if(isset($_POST))
{
include '../../../_bootstrap.php';
if(!empty($_POST['m']) && !empty($_POST['c']))
{
$post_string = '';
foreach($_POST as $key => $postitem)
{
if($key == 'm')
{
}
elseif($key== 'c')
{
}
else
{
$post_string = $post_string.$postitem.'/';
}
}
header('location:'.$Config['AbsoluteURL'].$_POST['m'].'/'.$_POST['c'].'/'.$post_string);
}
}
and for the actual check which creates a mollie payment and sends to person to the payment (again i will shorten it a bit to only containt the code it passes through if nothing is wrong) (No echo commands exist in this file)
<?php
$mollie = new Mollie_API_Client();
$mollie->setApiKey($Config['Mollie']['Api_Key']);
if(!empty($_GET['param1']) && $_GET['param1'] == 'checkout' && !empty($_SESSION['Customer_ID']))
{
/* alot of checks and inserts into mysql database to keep track */
if(!empty($_GET['param3']) && $_GET['param3'] == 'secretcode')
{
//for skipping payment
header('Location: ' . $Config['AbsoluteURL'] . 'account/order/' . $uniqueID);
exit;
}
else
{
$payment = $mollie->payments->create(array(
"amount" => mollieCartPriceIncTaxes($_SESSION['cart'],$_SESSION['Customer_ID'])[0],
"description" => "Payment for ...",
"redirectUrl" => $Config['AbsoluteURL']."account/order/payment/".$uniqueID."",
"webhookUrl" => $Config['AbsoluteURL']."cart/checkout/webhook"
));
$payment = $mollie->payments->get($payment->id);
zp_mysqli_query("Update orders set Order_MollieID = '".$mysqli->real_escape_string($payment->id)."' where Order_ID = '".$mysqli->real_escape_string($uniqueID)."'");
if(!empty($_SESSION['pick_up']))
{
unset($_SESSION['pick_up']);
}
header("Location: " . $payment->getPaymentUrl()."/#");
exit;
}
}
I'll edit it some more in a few hours, need to go now. this is hosted on a server so i've checked for html code being send first but can't find any nor experience any problems with it on any pc i've tried to open the website with.
any pointers would be much appreciated!
EDIT:
It seems to be a problem with redirecting to a page outside of the domain. I'm remaking the page so the button is a direct link to the payment page. This seems to work.
Related
Dear friends I have installed prestashop on my existing website.My current website has a login system that I have already built.
Because of installing prestashop for my system,I thought to change my existing login to prestashop login.
As for the prestashop documentation,to access prestashop cookie outside prestashop,I made a test page to retrieve cookie data as follows,
include_once('path_to_prestashop/config/config.inc.php');
include_once('path_to_prestashop/config/settings.inc.php');
include_once('path_to_prestashop/classes/Cookie.php');
$cookie = new Cookie('ps');
print_r($cookie);
But this is not working and browser says
It contains redirect loop.
I tried to disable SEO friendly url and cannonical url to no-direct as some posts suggested.
Now if I go to the test page it redirects to the prestashop index page rather displaying cookie data.
What should I do to overcome this problem?
Thank you.
When you include config/config.inc.php PrestaShop redirects to the shop domain.
The following code is causing this behavior in classes/shop/Shop.php:
$shop = new Shop($id_shop);
if (!Validate::isLoadedObject($shop) || !$shop->active)
{
// No shop found ... too bad, let's redirect to default shop
$default_shop = new Shop(Configuration::get('PS_SHOP_DEFAULT'));
// Hmm there is something really bad in your Prestashop !
if (!Validate::isLoadedObject($default_shop))
throw new PrestaShopException('Shop not found');
$params = $_GET;
unset($params['id_shop']);
$url = $default_shop->domain;
if (!Configuration::get('PS_REWRITING_SETTINGS'))
$url .= $default_shop->getBaseURI().'index.php?'.http_build_query($params);
else
{
// Catch url with subdomain "www"
if (strpos($url, 'www.') === 0 && 'www.'.$_SERVER['HTTP_HOST'] === $url || $_SERVER['HTTP_HOST'] === 'www.'.$url)
$url .= $_SERVER['REQUEST_URI'];
else
$url .= $default_shop->getBaseURI();
if (count($params))
$url .= '?'.http_build_query($params);
}
$redirect_type = Configuration::get('PS_CANONICAL_REDIRECT') == 2 ? '301' : '302';
header('HTTP/1.0 '.$redirect_type.' Moved');
header('location: http://'.$url);
exit;
}
You could override the Shop class to disable the redirect for your script.
To do this first define PS_DISABLE_SHOP_REDIRECT constant before you include config/config.inc.php:
define('PS_DISABLE_SHOP_REDIRECT', true);
Then paste the following before the previous code in the overridden class:
if (defined('PS_DISABLE_SHOP_REDIRECT')) {
$id_shop = Configuration::get('PS_SHOP_DEFAULT');
}
Basically I am coding a script where it simply redirects the user to the destination page. And I want to be able to check if multiple websites are not equal to the value; if this is so, it will run a error, else it will proceed.
I can't seem to get this to work though, although I am sure there's a way to check multiple values.
<?php
$url = $_GET['site']; // gets the site URL the user is being redirected to.
if ($url != "***.co", "***.net")
{
echo ("Website is not valid for redirection.");
} else {
echo ("You are being redirected to: " . $url);
}
?>
You can make an array of items to check for and then check if the url is in the array:
if (!in_array($url, array("***.co", "***.net")))
{
}
You can also use multiple conditions like #wrigby showed, but the solution using an array makes it easier to add more (or a dynamic number of) urls. But if there are always two, his is better.
You'll need two complete conditionals, connected with a logical and (&&) operator:
<?php
$url = $_GET['site']; // gets the site URL the user is being redirected to.
if ($url != "***.co" && $url != "***.net")
{
echo ("Website is not valid for redirection.");
} else {
echo ("You are being redirected to: " . $url);
}
?>
I am trying to make a little search game and i am creating a command line that opens websites in a iframe, in the middle of the page (i didn't add this iframe yet to the page). I must say that the command line field is also in an iframe.
You can see and test the page here: http://www.josdenhertog.nl/tnes/getin.php
Now the problem:
When you just use your mouse and just press it so that you see the cursor at the start in the text field and you press ENTER on your keyboard without typing any command in this line, then it goes black on the iframe and do not load anything.
This is the code what i have so far:
$urlList = array ('test' => 'commandline.php',
' ' => 'commandline.php',
' ' => 'commandline.php'
);
if (isset ($_POST['command']) && strlen($_POST['command']) > 0) {
# See if the command provided by the user exists in the list.
if (array_key_exists ($_POST['command'], $urlList)) {
#When Command exist.
header ("Location: " . $urlList[$_POST['command']]);
}
else {
# Command not found
header ("Location: commandline.php");
}
}
My question is now:
How do i make that when you press only ENTER without typing anything in the command line, load up ONLY the commandline.php webpage. Like that array variable: $urlList
I am terrible when it comes on questions, hopefully you understand what i mean :)
You need another else at the very end presumably. This will redirect back to commandline.php when $_POST['command'] is not set, or strlen() is <=0.
$urlList = array ('test' => 'commandline.php',
' ' => 'commandline.php',
' ' => 'commandline.php'
);
if (isset ($_POST['command']) && strlen($_POST['command']) > 0) {
# See if the command provided by the user exists in the list.
if (array_key_exists ($_POST['command'], $urlList)) {
#When Command exist.
header ("Location: " . $urlList[$_POST['command']]);
}
else {
# Command not found
header ("Location: commandline.php");
}
} else {
header ("Location: commandline.php");
}
die();
Add this to the end of the code shown above, all you need is an else statement since your check for command string length and isset are the ones behind your issue:
else {
header ("Location: commandline.php");
}
I have added some server side validation to a dropdown box on one of my pages and when I did the page wouldn't work anymore. The code I added is as follows:
$show_form = true;
if (isset($_POST['submit'])) {
//All of the server side validations
$validator = new FormValidator();
$validator->addValidation("hospital_name","dontselect=000","No facility was chosen");
if ($validator->ValidateForm()) {
// All the variables from the submission form
$userid = $_SESSION['user_id'];
$hosp = $_POST['hospital_name'];
header('Location: ../site_hospital' . $hosp . '/hospital_submitform.php?usr=' . $userid . '&&hosp=' . $hosp);
exit;
$show_form = false;
} else {
echo "<B style='color:red;'>The following errors occurred:</B>";
$error_hash = $validator->GetErrors();
foreach ($error_hash as $inpname => $inp_err) {
echo "<p style='color:red;'>$inp_err</p>\n";
}
}}
if (true == $show_form) {
Through pure chance I added ob_start(); as part of my debugging to the beginning of the page and suddenly my code worked properly but I have no idea why and I was hoping the community could throw out an educated guess as to why. When the code stopped working it would not execute my header command above, the page would simply refresh and not change location, when I added ob_start(); to the top of the page the page redirected as planned. So the overall question is why would the page not direct using the header command without ob_start? I'm sure alot more detail and code is necessary for a definitive answer but I'm hoping someone has run into this before or has an educated guess that may lead me to my own answers. Thanks for any insight.
it's because you were writing to the output stream and preventing the header from working properly. once you started buffering other outputs, you removed the obstacle to the header's operation.
I am creating my own license checker since I often forget when to charge people for software every month. This is in infancy state.
I have an if statement checking a POST variable from another site before the site can run. (I know if the right person understood it he can manipulate it, but no such person!)
I have such statements working in the background, everytime a page loads thats part of the app. I cannot find a damn way around this though.
Here's the problem. When it successfully matches up and the variable returns yes, I have a die(). This takes the user off of the page they are working on, and redirects them to my checker script. I don't want that. If the variable returns yes, I just want the script to die (not do anything except stop), not redirect to a blank page because I put die.
I don't want the script to give a response, in other words.
Here's the snippet I am working with.
I want it to go back to the page it was on before. This script is an include, and the user should not know it's running. If the script completes, it takes the user to a blank page.
Here's the entire process.
License.php submits this form:
<form name="hidsys" method="post" action="../rauth/rauth.php">
<input type="hidden" name="siteid" value="<? echo $value; ?>">
<input type="hidden" name="keytype" value="a6request">
</form>
<script language="JavaScript" type="text/javascript">
setTimeout("document.hidsys.submit(hidsys)" ,1);
</script>
Here's my function and variables:
function rauth($url)
{
$ch = curl_init();
$timeout = 5;
curl_setopt($ch,CURLOPT_URL,$url);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_CONNECTTIMEOUT,$timeout);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
$timestamp = date("Y-m-d h:i", $timestamp + 10800);
$token = sha1($_POST['siteid']);
$rogue = sha1(time());
$authKey = md5($_POST['siteid']);
$skeletonKey = $token.$authKey;
$value = 'cca';
It talks to rauth.php:
<?php
// Declarations
$id = $_POST["siteid"];
$rauth_returned = rauth('http://www.mysite.com/rauth/index.php?siteid=' . $id . '&token=' . $token . '&time=' . $timestamp);
if (isset($_POST["siteid"])) {
if( strstr($rauth_returned, 'no')) {
exit('You are not authorized');
}
else if( !strstr($rauth_returned, 'yes')) {
exit('There was an error');
}
}
else {
exit("You can't view this page directly");
}
header('Location:' . $HTTP_REFERER);
?>
And this is the site index it talks to get if it's "authorized" or not:
<?php
if (isset($_GET["siteid"])){
$site = $_GET["siteid"];
switch ($site)
{
case cca:
echo 'yes';
die();
case ccgay:
echo 'no';
die();
default:
echo 'absno';
die();
}
}else{
echo "No data to process.";
die();
}
?>
Everytime a file (index.php) in a different direction than these files runs, it tells license.php to run in the background to simply check on if its allowed to run or not. Every link and every time the site opens it tells license.php to go through the process above. I probably wrote this really stupid but I just need something to help me remember when people don't pay I guess.
Instead of die() use header():
header('Location: http://www.example.com/');
UPDATED:
Try this:
posix_kill(posix_getpid(),9);