Well, my problem is what the title says.
I have build a small application (php + mysql), to test my skills in an e-commerce environment - 6 pages in total.
Each page after the 1st, relies on an id to retrieve/save data. This id is passed usually as hidden form field between pages.
On top of each page i have a small script that checks in what state is the selected id (2 checks actually.... a) if user has reached the last page/step of application and b) if a fantastic payment has been completed for this user) - if both of these conditions are valid, then i redirect user to a thank you page, stating that his process is already completed and he can choose to start over.
Yet i have problems with hitting the back button on my browser.
Hitting the back button once, works good - validation check forces the redirect i have implemented in my code.
But hitting the back button fast for 2 or more times, break this script - leading to lost records in my database - in live environment these will be purchases.
So my question is this: what measures should i take to prevent the "back hitting user" of duplicating/deleting/overwrite data records in the application.
I am looking for ideas and strategies.
Check wether the user is eligble for the thank-you page on any of the pages. You can do this with sessions or by storing a flag into the database.
If a user that has finished the checkout already moves back more than one step you can check on that page if the user has already the checkout done or not - an react according to it.
I don't think is a good idea to pass variables from pages in post forms. Most likely you should make a good use out of sessions, paths and database.
What I'm trying to say is to save all info in a good structured database, every step has to be separated, that way you can always return to any step and load that step info from database without losing or breaking anything.
Since is an e-commerce website you can't afford to make a double payment or errors, since one single error can lead you into losing that client.
After finishing the forms you can save a field in database and tell other scripts to redirect the client on another page since he finished.
Related
This question already has answers here:
How to check what is the reason of session lost in php?
(2 answers)
Closed 1 year ago.
I have a checkout process that has the following stages:
Price Results
Customer Details
Payment
Order Confirmation
I use PHP session variables to store information along the way and I check these session variables exist throughout the buying process as the user proceeds with their purchase. I also have some code in place to stop users being able to hit the customer, payment or order confirmation page directly as this would mean they haven't obtained a quote on the results page and wouldn't have set the relevant session variables.
The problem:
It seems users who are getting quotes on tablets and smart phones are doing a lot of price comparison with other websites and leaving our site open in a tab. But the behaviour of such devices is different to desktop browsers.
It seems that if you leave a tab open and then go to another app, or load lots of other webpages, that when you try to return to a previous tab, the device will either:
have the page loaded in the state you left it, OR
will reload the tab URL as if it's a fresh hit to the page.
And there is the problem. If someone is on my customer page or payment page, and the URL gets a fresh hit, the session doesn't appear to exist and my code thinks someone is hitting the page for the first time, which throws a friendly error message to my customers saying to please restart their quote.
Is my system badly designed? Does anyone have any suggestions how I can get round this? I really need a way to allow customers to sit on a customer details stag or payment stage, maybe for a couple of hours and then be able to complete the buying process.
Should I be using sessions, cookies and database - or a combination?
Your problem can only be reliably solved by using cookies.
PHP can store its session variable in a cookie and read all relevant session parameters internally by the value the session cookie has.
So instead of an URL session you get a cookie session.
just use session_start() at the top of each of your PHP files or if you have a main object that always gets loaded first(for example index.php) place session_start() there.
A short tutorial in W3schools about PHP Sessions writes the following:
When you work with an application, you open it, do some changes, and then you close it. This is much like a Session. The computer knows who you are. It knows when you start the application and when you end. But on the internet there is one problem: the web server does not know who you are or what you do, because the HTTP address doesn't maintain state.
Session variables solve this problem by storing user information to be used across multiple pages (e.g. username, favorite color, etc). By default, session variables last until the user closes the browser.
So; Session variables hold information about one single user, and are available to all pages in one application.
I would like to ask you if there is something similar in Zoho Creator. The reason why I am asking is because I have an application with 3 pages (each page has an embedded form). Each page redirects to the other (1st Page -> 2nd Page -> 3rd Page) and passes data through them via openurl. The final result is an HTML Page with the data of these 3 Pages (they have a unique ID).
Let's say that I am in the second page and for some reason (electricity blackout, do another job and close the browser) I want to escape from the application and the next time to continue from the same point, is there any way to do that??
I can suggest you next way
On first page generate unique session Id for the user and pass this id as a parameter to next page in URL. You can crypt in this id pointer to record from first form for example..
so I've hit a potential problem in my site....it's a post-based system, with the posts being in text files. Uses some Javascript and a lot of PHP.
When you make a submission on the form on the homepage, you are sent to a page where data is posted and processed, but you don't see it because you get redirected back. Then the homepage is changed based on what the post you made says. All that was working fine.
But now I'm trying to add a new feature that modifies the post you made, based on a button you hit which submits a hidden form using javascript, and sends to another process and redirect page you don't see, and it works fine until the block that I realized today. I don't know how to specify that the post being altered is the right one.
I anticipate a good amount of users of this site, so my concern is what if user X makes a post while user Y is making a post, and the post of user X becomes the top post, so user Y's options actually change user X's post.....
I was thinking of adding to the main processing page (the one that happens when you first submit) a COOKIE or something that would make note of the number of the line that post will become, by counting the number of the lines in that file at the time and adding 1 to it. Then checking it against the user's number (each user has a number) to see if it's that user's most recent post....but the problem is I don't know how I would pass that value around to be read in the next page.
Setting a COOKIE is out I think because the page both redirects, AND reads and writes to files. The only output to the page though are currently var_dumps.
POST/GET is out because to my knowledge the user would have to do SOMETHING to submit it, and the user's not even going to see the page.
Writing to a file would be messy if lots of users are trying to get their own data.
I think what I may be looking for is SESSION variables...but I don't know anything about those except that they're used to login to pages, and this site has no login.
To make things more fun, when a user posts the same content within a minute of another user, the first user's post is replaced and it gets a little +1 next to it...which makes it harder to check it against the user's number....
AND in the end I'm trying to use AJAX (which I dont know yet) to make the updates in real-time...now THAT is going to suck. But for now I'm worried about my static little site.
Baby steps.
Any ideas how to go about this??
Use Session variables, just as you have alluded. They aren't just used by login pages, they are used by everything. Sessions are the equivalent of server-side cookies / server-side storage, so you don't have to worry (as much) about your users tampering with them.
If you want to make life more difficult for yourself, you can json encode your variables and store them as an object in a database or even flat text file. But really, read up on sessions.
All you need to know is session_start(); before anything else then $_SESSION['var']=$yourvar; to save data and $_SESSION['yourvar'] to retrieve it later (such as on another page).
So I've made an extremely simple 4 page static webpage for this client with a quick contact form handled by php. Everything goes swimmingly.
Then the client comes to me and requests that he is able to see a counter of how many submits have been made. So he generally wants a counter for his form, Which is simple enough because I just add a counter for every successful email sent using the form and save it within some kind of data storage.
BUT...
the only way I can think to do it is have a separate user page with a simple box that has the number in it, that only the client can access.
I could do this... Save the counter in an xml file or a one table, one column, one row mySQL database.
But is there a better easier simpler way to do this??? Can I set up a link with Google analytics or something? Rather than making a single page with a number on it.
I suggest going with a separate page for the client to view counts. You can use .htaccess to control the access to this page. The main reason is looking forward to future client requests. Most likely, they will then ask you to show counts for specified periods of time, counts per day/week/months, etc. If you set up your page now, then you can have place to customize/extend.
As for storing the counter, I would suggest storing more than just the total. Have a table where you'd store:
date/time of form submission
remote IP address (for possible future reference)
content of the submitted form (if the client ever decides to want to see it)
maybe event content of the email (if the client ever decides to want to resend it)
Then to display the totals, you'd just select count(1) from that_table with any required date/etc. grouping.
Okay so I'm running into a small problem.
Basicly my whole website runs through the AJAX system, content is loaded in the middle page, and theres a left and right menu which dont refresh.
Currently I'm trying to look for a PHP->Ajax feature that refreshes the whole website incase a certain record changes in the MYSQL table
Okay so every user has a record called "State" which indicates the state of their account, this can be changed by anyone, for example the account gets shot and killed by someone. How do I make it so it checks what state you have and if it changes from the "standart" state that it performs a full page refresh.
I tried to find an answer for this everywhere but haven't been able to figure something out.
-----Edit-----
Okay so I'll also notify, I kind of know how to perform a full page refresh, and I know how to retrieve data from the mysql database, this isn't the problem.
I have a table with all the users accounts in it, one of the records for every user is called "State" everybodies state will be 1 which means alive. when its 0 it means its a dead account.
On a part of my website theres an auto refresh with always fetches data from the database every 5 seconds, to check if your online if you have money etc. it also checks what state you have.
the only thing I want to do, is that when it sees your state is 0, it performs a full page refresh, considering state 0 means death, you should be seeing a deathscreen, I want it to perform a full page refresh cause the menu's have to dissapear. and it has to redirect you to the deathpage.
You need long pooling / comet - basically you keep open connection between the client and the server, and when the state is changed, the server sends the response to the client.
Basically, you'll open a long pooling connection, sending the userid.
The server script receives the userid, and starts monitoring for changes for that user. If such change is detected, send the response.
If performance is concern, you can use Tornado web server. What's nice about it, is that you can post from another application to the web server, and it can detect which client is affected by the change and send response to that client.