Im having a strange problem.
I have a registration script for a car show's website I manage and for no reason the older code is broken. I know it worked before, but now does not.
I am setting session variables correctly. I am saving an entire Array of variables to the session and I know the session works once the form is submitted as the form reloads to a new page and I display the registration info for confirmation. However, the script then continues to a PayPal page where it takes the user through a payment process. It then redirects back to the site where the registration info is submitted to the MySQL database upon the completion of the payment process.
HOWEVER, when the users return to the confirmation page where the data is submitted, the session variable is completely blank. I have echo'ed all the variables and there's nothing there.
To test where its breaking, I put a link on the page you're taken to after filling out the form linking directly to the confirmation page where the info is dumped to the SQL server. When you link the link, the info is still there. However, if you were to take that same URL and paste it into the address bar (aka NOT using the link), the variables are blank.
So at this point, I am lost as to why the variables are fine when you link and click to the page, but not when you past the same url into the address bar and not click the link. Session is started on EVERY page and all are on the same domain name.
Any help?!
===== EDIT =====
Test Code (to give a rough idea)
How I am setting the session variables. The session_start(); function is called at the loading of every page on this site for continuity across other pages:
$storedVars = array(1 => $name, $email, $state, $year, $make, $model, $generation, $color, $now, $paymentType);
$_SESSION['registration']=$storedVars;
On the confirmation page after PayPal where the information gets sent to the database, the following code is run (again, session_start(); already called):
$storedVars = $_SESSION['registration'];
$name = $storedVars[1];
$email = $storedVars[2];
$state = $storedVars[3];
$year = $storedVars[4];
$make = $storedVars[5];
$model = $storedVars[6];
$generation = $storedVars[7];
$color = $storedVars[8];
$now = $storedVars[9];
The 10th array variable, paymentType, is not needed at this point as its only used for the page after the form is submitted)
When those variables are echo'ed on the confirm page after following through the steps on paypal OR pasting the right URL into the address bar after filling out the form, nothing is there.
HOWEVER..
When you click the link on the data validation page that follows after the form is submitted, the variables are still there.
Your last comment makes me believe that your session was set at http://yoursite.com/ and the return url you are sending to PayPal is http://www.yoursite.com/ (or vice versa). "www" is really a subdomain to your base domain and considered to be a different host as far as your browser is concerned.
Long story short, use the following for the return url when setting up your token with paypal:
$_SERVER["HTTP_HOST"] . "/Path/To/PaypalReturnPage.php"
Related
I built a php website where a user signs in and a session with the user credentials are created. For every page that requires users to be signed in, I created a function where it checks for the session variables. Now all of my code seems to work like a charm when I use the site directly with the server IP address (example: http://123.45.67.891/mywebsite). However, once I assigned a subdomain via "domain masking" from GoDaddy, all the session seems to not work at all. I tried to search through other Stackoverflow posts and any google searches but cannot seem to resolve it. The website does not redirect any pages to a different subdomain like I've read to other posts. All redirects on this website I built is within the same subdomain masking. Now, I do suspect that this masking is causing the cookies to get confused...
So the result I'm getting currently is that when you submit the signin form, the php code runs, creates the sessions successfully, returns success info to ajax, the ajax success function redirects to the next page, but as soon as it reaches to the next page, my code to check for credentials immediately throws the user back to the index page as it does not see any Sessions. The function is working as intended as I wrote it to prevent anyone from accessing the page without being signed in. But with the domain masking, a user is never able to signin...
Is there a solution to this or do I need to rid the subdomain masking and purchase a separate domain for this so it can work like a normal website?
Below is a snippet where I create the session and the snippet where I run the credential check.
Thanks!
//====== Create sessions at signin
... mysqli calls before this with Posts from ajax ...
session_set_cookie_params(0,'/','.mywebsite.com');
session_start();
$_SESSION["TYPE"] = $row[3];
$_SESSION["USERNAME"] = $row[0];
$_SESSION["FULLNAME"] = $row[2];
session_write_close();
... some codes returning success call to ajax where javascript then redirects to the user dashboard page...
//======= Credential Check
function checksignin(){
session_set_cookie_params(0,'/','.mywebsite.com');
session_start();
if(!isset($_SESSION["USERNAME"])){
session_destroy();
header('Location: ../index.php');
exit;
else if(empty($_SESSION["USERNAME"])){
session_destroy();
header('Location: ../index.php');
exit;
}
}
Have a project where a user fills out a succession of forms in a multi-step process. Each of the form screens have a next/back button that does an AJAX call and does a POST to a PHP controller. The PHP Controller then writes the form data to SESSION.
I need to insert a test for a certain state. Let's say the user selects 'California' as a state. If so, then they are taken OUT of the flow and shown another page that is an error/info page. Part of the functionality of this page is that it needs to take the stored Session values and write to a MySQL table (first_name, last_name, email)
So far so good. Part of my confusion is WHERE is the proper place to test for this value. Since we are MVC, I could test for it at the AJAX/JS level, or do the test in the controller. I chose to just test directly after the POST:
// If the customer has chosen CA as a state we must stop process
if ($('#employee_state_origin').val() == 'CA') {
PAGE_STATUS.destination = 'error-page';
}
The code uses PAGE_STATUS.destination as a way to keep track of what page is coming up next, what page is behind, etc. etc. Basically a keep-alive sort of history.
The problem is this. Once I do this test, of course the POST has already happened, and the controller puts the values in SESSION like so:
private function storeUserData(&$posted_data, &$user_input)
{
if ($this->response_body->has_error) {
return;
}
//If we just got data posted from employee entrance and it already exists - we need to reset all the data
if ($posted_data->step === 'employee_entrance' && !empty($_SESSION[SELF::SESSION_KEY][$posted_data->step])) {
$_SESSION[SELF::SESSION_KEY] = array();
}
if ($posted_data->step === 'member_information' || $posted_data->step === 'physician_information') {
$user_input->createCustomObject($posted_data);
$_SESSION[SELF::SESSION_KEY][$posted_data->step][] = $posted_data;
} else {
$_SESSION[SELF::SESSION_KEY][$posted_data->step] = $posted_data;
}
}
After the data is posted and written into SESSION the page redirects and shows the error page. On the error page, I am writing procedural code to dump into a MySQL table.
The issue is when I first start the browser, of course the Session is empty. I go to the form, put in first_name, last_name and email and then hit Next... the Ajax call happens, the POST values are good, the Session gets written....
But after the redirect, on the error page I have to start the session...
session_start();
$first_name = $_SESSION['wonderousBooksProject']['employee_entrance']->employee_first_name;
The problem is $first_name is empty when echo-ing it out as well as the other values. If I go to the page again, and put in different information and then go to the error page again.... it prints out the PREVIOUS ENTRY.
So, it's saving the session information, but my target page will not retrieve the latest entry...it retrieves the one previous.
Anyone have a thought about what is happening. I have used session_destroy() to end session, session_write_close(), and lots of other things, but cannot understand why it writes the session value the first time, shows it as blank, then the next entry is persona non grata and it displays the previous one?
I'm creating an online store using ajax and php. My index has a login section that appears with ajax and also have a navigator bar that gets the name of the user when completes the login.
So, when you login to the page the form sends you to Login.php, where you can see the content of the session and the navigator bar changes as explained before.
I only had session_start() on the index page, and it worked fine; the SESSION stored everything I wanted and the navigation bar worked, showing the name. But then when I changed something with ajax and printed out the session (print_r($_SESSION)) it turned out that the session had disappeared and it wasn't defined.
A friend told me to put session_start() in every page, so I put it in the Login.php file and now the session variable appears to be empty right after the login, so the navigator bar doesn't even work.
Also, when refreshing the index after getting logged in, it doesn't stay logged at all.
So it appears that the Session stores the variables but they don't stay stored for long.
I'm trying to use the MVC scheme (it's an assignment) so I only use the session_start on the index and the login page, not on the "controllers" and the "views"
To sum up, my session works at the beggining, it stores data, I change to the second page and still works and after loading the page the content is gone and the session undefined, but if I write down "session_start()" on the second file it doesn't even work
Here is the code where I get info from the db. (I don't think it's usefull but)
function Login()
{
// Skiping conection code
$sql = "SELECT * FROM Usuario WHERE nombre = '$username' && password = '$password'";
$resultat = mysqli_query($connexio,$sql)or die(mysqli_error($connexio));
$usuaris = array();
while ($fila = mysqli_fetch_array($resultat))
{
$usuaris = $fila;
}
$_SESSION['ID'] = $usuaris['ID'];
$_SESSION['nombre'] = $usuaris['nombre'];
$_SESSION['admin'] = $usuaris['Admin'];
mysqli_close($connexio);
return $usuaris;
}
Thanks for the attention
Add following before session_start()
session_set_cookie_params(0, "/");
I have a login form which sends 3 post values from username, password and submit button. But my form processor has 3 pages one is validation.php which validates the field second is read.php which checks the posted values against db and third is login.php which is a result of login success. All redirect to each other respectively on success. Problem here is that when I try to access the user posted values from form in read.php (redirected page) not validate.php (action page) I get an error of undefined index.
I really don't see why you are doing all those redirects, but if you want to make the data more persistent you could use a session variable, because the $_POST superglobal is only set for the current request.
firstfile.php
<?php
session_start();
$_SESSION['posted_data'] = $_POST;
other file
<?php
session_start();
var_dump($_SESSION['posted_data']);
However as already stated you may really want to reconsider doing all the requests.
UPDATE
Besides the fact that you will loose your data you are also doing multiple (unneeded) requests to simply sumbit the form. The only redirect that should happen is to the successpage when you have done all you work. See this for more information: http://en.wikipedia.org/wiki/Post/Redirect/Get
If you are look to keep you code clean you could always just include the other files or go for an OOP approach.
You should do one page only that will do all the work. That doesn't seem too complicated of a script, so I would advise putting everthing together on one page.
You did not provide any code so I'll show you a general example. I just typed it without rereading so it's not pure PHP syntax, just the spirit:
<?php
$login=$_POST['login'];
$pwd=$_POST['pwd'];
$dbcheck = mysql_fetch_array(mysql_query("SELECT COUNT(1) FROM table WHERE user =$login and pwd = $pwd"))
if($dbcheck[0] > 0) {
//Login success
//Setup your session variables, cookies, etc
//Then you can do your redirect here
} else {
//Page for wrong login
}
I have an HTML order form that collects info and then on submission passes that to a PHP form which sends an email. Then I have the PHP form forwarding to a PHP confirmation page.
I am using the POST method on my HTML form.
I am forwarding to the PHP confirmation page with header() after it sends the email.
Everything is working fine, but I need to know how to pass the variables along to the confirmation page. I can use them on the email page, but they are dropped on the page forwarding. I'm sure it's easy, but I have a lot to learn yet. :-) Do I have to create a file to store the variables, or can I pass them along?
I know I could display the confirmation page with the PHP page that sends the email (I did have it setup that way) but we have had users bookmark that page which will resend the order every time they visit that bookmark. So I'm separating the pages so if they bookmark the confirmation page it will at least not resend an order.
Make sense? Thanks for your help!
You can keep the parameter sent in POST in session variables. This way on your second page, you can still access them.
For example on your first page :
<?php
session_start();
// ... //
$_SESSION['value1'] = $_POST['value1'];
$_SESSION['value2'] = $_POST['value2'];
header('Location: youremailpage.php');
die();
// ... //
?>
And on your second page :
<?php
session_start();
// ... //
$value1 = $_SESSION['value1'];
$value2 = $_SESSION['value2'];
// ... //
?>