virtualadz Posted May 9, 2006 Share Posted May 9, 2006 i everyone i have set up a site ( not completely) , i want to have some suggestions and comments, in meantime, i also want to know if anyone can help me in this step to protect the security of my site's checkout page, this site is completely based on php. see the security risk i see.go to www.bhuratea.comclick on my account on the top-right cornerunder sign-in enterusername: virtualadz@yahoo.co.in (test username)password: w3schoolsnow click on checkout on the top-right cornerand type in the adress bar : http://bhuratea.com/checkout_success.phpit wil directly check you out without selecting payment method, shipping method and other details, this isn't much of risk as we will verify all orders and it even doesnot generate any invoice but then is there a way i can make it not to appear until the next step is completed, this may become a headache.hope i am not asking much (even if i am thanking you in advance for your help if any). thanksnote to spammers: please dont go there to have fun, as it wont affect me much, dont waste yours and mine time. Link to comment Share on other sites More sharing options...
aspnetguy Posted May 9, 2006 Share Posted May 9, 2006 You need to have a session variable (ie $_SESSION['steps']) As a step in the order process is completed increment the steps variable. That way you can check before loading each form if the step is correct. This will prevent people from skipping ahead. Link to comment Share on other sites More sharing options...
Nakor Posted May 9, 2006 Share Posted May 9, 2006 Also, if you are passing any form elements into that page you can do a very quick if (!$_POST[form_element]) {header("Location:redirectpage.php");exit;} This will not allow them to view the page unless certain elements have been filled out. However, this can be sort of unsafe being as that people can pass in variable names in the status bar. You should probably stick with sessions. Link to comment Share on other sites More sharing options...
virtualadz Posted May 9, 2006 Author Share Posted May 9, 2006 anymore comments and details how to about the session should i place it on every page i.e. shipping page, payment page, order confirmation page. can you please provide more details, it will be more than appreciated Link to comment Share on other sites More sharing options...
virtualadz Posted May 9, 2006 Author Share Posted May 9, 2006 hi this is the code for shipping page, may i know where do i add the sessions<?php/* $Id: checkout_shipping.php,v 1.16 2003/06/09 23:03:53 hpdl Exp $*/ require('includes/application_top.php'); require('includes/classes/http_client.php');// if the customer is not logged on, redirect them to the login page if (!tep_session_is_registered('customer_id')) { $navigation->set_snapshot(); tep_redirect(tep_href_link(FILENAME_LOGIN, '', 'SSL')); }// if there is nothing in the customers cart, redirect them to the shopping cart page if ($cart->count_contents() < 1) { tep_redirect(tep_href_link(FILENAME_SHOPPING_CART)); }// if no shipping destination address was selected, use the customers own address as default if (!tep_session_is_registered('sendto')) { tep_session_register('sendto'); $sendto = $customer_default_address_id; } else {// verify the selected shipping address $check_address_query = tep_db_query("select count(*) as total from " . TABLE_ADDRESS_BOOK . " where customers_id = '" . (int)$customer_id . "' and address_book_id = '" . (int)$sendto . "'"); $check_address = tep_db_fetch_array($check_address_query); if ($check_address['total'] != '1') { $sendto = $customer_default_address_id; if (tep_session_is_registered('shipping')) tep_session_unregister('shipping'); } } require(DIR_WS_CLASSES . 'order.php'); $order = new order;// register a random ID in the session to check throughout the checkout procedure// against alterations in the shopping cart contents if (!tep_session_is_registered('cartID')) tep_session_register('cartID'); $cartID = $cart->cartID;// if the order contains only virtual products, forward the customer to the billing page as// a shipping address is not needed if ($order->content_type == 'virtual') { if (!tep_session_is_registered('shipping')) tep_session_register('shipping'); $shipping = false; $sendto = false; tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); } $total_weight = $cart->show_weight(); $total_count = $cart->count_contents();// load all enabled shipping modules require(DIR_WS_CLASSES . 'shipping.php'); $shipping_modules = new shipping; if ( defined('MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING') && (MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING == 'true') ) { $pass = false; switch (MODULE_ORDER_TOTAL_SHIPPING_DESTINATION) { case 'national': if ($order->delivery['country_id'] == STORE_COUNTRY) { $pass = true; } break; case 'international': if ($order->delivery['country_id'] != STORE_COUNTRY) { $pass = true; } break; case 'both': $pass = true; break; } $free_shipping = false; if ( ($pass == true) && ($order->info['total'] >= MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING_OVER) ) { $free_shipping = true; include(DIR_WS_LANGUAGES . $language . '/modules/order_total/ot_shipping.php'); } } else { $free_shipping = false; }// process the selected shipping method if ( isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') ) { if (!tep_session_is_registered('comments')) tep_session_register('comments'); if (tep_not_null($HTTP_POST_VARS['comments'])) { $comments = tep_db_prepare_input($HTTP_POST_VARS['comments']); } if (!tep_session_is_registered('shipping')) tep_session_register('shipping'); if ( (tep_count_shipping_modules() > 0) || ($free_shipping == true) ) { if ( (isset($HTTP_POST_VARS['shipping'])) && (strpos($HTTP_POST_VARS['shipping'], '_')) ) { $shipping = $HTTP_POST_VARS['shipping']; list($module, $method) = explode('_', $shipping); if ( is_object($$module) || ($shipping == 'free_free') ) { if ($shipping == 'free_free') { $quote[0]['methods'][0]['title'] = FREE_SHIPPING_TITLE; $quote[0]['methods'][0]['cost'] = '0'; } else { $quote = $shipping_modules->quote($method, $module); } if (isset($quote['error'])) { tep_session_unregister('shipping'); } else { if ( (isset($quote[0]['methods'][0]['title'])) && (isset($quote[0]['methods'][0]['cost'])) ) { $shipping = array('id' => $shipping, 'title' => (($free_shipping == true) ? $quote[0]['methods'][0]['title'] : $quote[0]['module'] . ' (' . $quote[0]['methods'][0]['title'] . ')'), 'cost' => $quote[0]['methods'][0]['cost']); tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); } } } else { tep_session_unregister('shipping'); } } } else { $shipping = false; tep_redirect(tep_href_link(FILENAME_CHECKOUT_PAYMENT, '', 'SSL')); } }// get all available shipping quotes $quotes = $shipping_modules->quote();// if no shipping method has been selected, automatically select the cheapest method.// if the modules status was changed when none were available, to save on implementing// a javascript force-selection method, also automatically select the cheapest shipping// method if more than one module is now enabled if ( !tep_session_is_registered('shipping') || ( tep_session_is_registered('shipping') && ($shipping == false) && (tep_count_shipping_modules() > 1) ) ) $shipping = $shipping_modules->cheapest(); require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_CHECKOUT_SHIPPING); $breadcrumb->add(NAVBAR_TITLE_1, tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL')); $breadcrumb->add(NAVBAR_TITLE_2, tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));?><!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN"><html <?php echo HTML_PARAMS; ?>><head><meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>"><title><?php echo TITLE; ?></title><base href="<?php echo (($request_type == 'SSL') ? HTTPS_SERVER : HTTP_SERVER) . DIR_WS_CATALOG; ?>"><link rel="stylesheet" type="text/css" href="stylesheet.css"><script language="javascript"><!--var selected;function selectRowEffect(object, buttonSelect) { if (!selected) { if (document.getElementById) { selected = document.getElementById('defaultSelected'); } else { selected = document.all['defaultSelected']; } } if (selected) selected.className = 'moduleRow'; object.className = 'moduleRowSelected'; selected = object;// one button is not an array if (document.checkout_address.shipping[0]) { document.checkout_address.shipping[buttonSelect].checked=true; } else { document.checkout_address.shipping.checked=true; }}function rowOverEffect(object) { if (object.className == 'moduleRow') object.className = 'moduleRowOver';}function rowOutEffect(object) { if (object.className == 'moduleRowOver') object.className = 'moduleRow';}//--></script></head><body marginwidth="0" marginheight="0" topmargin="0" bottommargin="0" leftmargin="0" rightmargin="0"><!-- header //--><?php require(DIR_WS_INCLUDES . 'header.php'); ?><!-- header_eof //--><!-- body //--><table border="0" width="100%" cellspacing="3" cellpadding="3"> <tr> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"><!-- left_navigation //--><?php require(DIR_WS_INCLUDES . 'column_left.php'); ?><!-- left_navigation_eof //--> </table></td><!-- body_text //--> <td width="100%" valign="top"><?php echo tep_draw_form('checkout_address', tep_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL')) . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td class="pageHeading"><?php echo HEADING_TITLE; ?></td> <td class="pageHeading" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'table_background_delivery.gif', HEADING_TITLE, HEADING_IMAGE_WIDTH, HEADING_IMAGE_HEIGHT); ?></td> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td class="main"><b><?php echo TABLE_HEADING_SHIPPING_ADDRESS; ?></b></td> </tr> </table></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> <tr class="infoBoxContents"> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" width="50%" valign="top"><?php echo TEXT_CHOOSE_SHIPPING_DESTINATION . '<br><br><a href="' . tep_href_link(FILENAME_CHECKOUT_SHIPPING_ADDRESS, '', 'SSL') . '">' . tep_image_button('button_change_address.gif', IMAGE_BUTTON_CHANGE_ADDRESS) . '</a>'; ?></td> <td align="right" width="50%" valign="top"><table border="0" cellspacing="0" cellpadding="2"> <tr> <td class="main" align="center" valign="top"><?php echo '<b>' . TITLE_SHIPPING_ADDRESS . '</b><br>' . tep_image(DIR_WS_IMAGES . 'arrow_south_east.gif'); ?></td> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" valign="top"><?php echo tep_address_label($customer_id, $sendto, true, ' ', '<br>'); ?></td> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> </table></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr><?php if (tep_count_shipping_modules() > 0) {?> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td class="main"><b><?php echo TABLE_HEADING_SHIPPING_METHOD; ?></b></td> </tr> </table></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> <tr class="infoBoxContents"> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"><?php if (sizeof($quotes) > 1 && sizeof($quotes[0]) > 1) {?> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" width="50%" valign="top"><?php echo TEXT_CHOOSE_SHIPPING_METHOD; ?></td> <td class="main" width="50%" valign="top" align="right"><?php echo '<b>' . TITLE_PLEASE_SELECT . '</b><br>' . tep_image(DIR_WS_IMAGES . 'arrow_east_south.gif'); ?></td> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr><?php } elseif ($free_shipping == false) {?> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" width="100%" colspan="2"><?php echo TEXT_ENTER_SHIPPING_INFORMATION; ?></td> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr><?php } if ($free_shipping == true) {?> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td colspan="2" width="100%"><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" colspan="3"><b><?php echo FREE_SHIPPING_TITLE; ?></b>Â <?php echo $quotes[$i]['icon']; ?></td> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> <tr id="defaultSelected" class="moduleRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="selectRowEffect(this, 0)"> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" width="100%"><?php echo sprintf(FREE_SHIPPING_DESCRIPTION, $currencies->format(MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING_OVER)) . tep_draw_hidden_field('shipping', 'free_free'); ?></td> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> </table></td> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr><?php } else { $radio_buttons = 0; for ($i=0, $n=sizeof($quotes); $i<$n; $i++) {?> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td colspan="2"><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" colspan="3"><b><?php echo $quotes[$i]['module']; ?></b>Â <?php if (isset($quotes[$i]['icon']) && tep_not_null($quotes[$i]['icon'])) { echo $quotes[$i]['icon']; } ?></td> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr><?php if (isset($quotes[$i]['error'])) {?> <tr> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" colspan="3"><?php echo $quotes[$i]['error']; ?></td> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr><?php } else { for ($j=0, $n2=sizeof($quotes[$i]['methods']); $j<$n2; $j++) {// set the radio button to be checked if it is the method chosen $checked = (($quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'] == $shipping['id']) ? true : false); if ( ($checked == true) || ($n == 1 && $n2 == 1) ) { echo ' <tr id="defaultSelected" class="moduleRowSelected" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="selectRowEffect(this, ' . $radio_buttons . ')">' . "\n"; } else { echo ' <tr class="moduleRow" onmouseover="rowOverEffect(this)" onmouseout="rowOutEffect(this)" onclick="selectRowEffect(this, ' . $radio_buttons . ')">' . "\n"; }?> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main" width="75%"><?php echo $quotes[$i]['methods'][$j]['title']; ?></td><?php if ( ($n > 1) || ($n2 > 1) ) {?> <td class="main"><?php echo $currencies->format(tep_add_tax($quotes[$i]['methods'][$j]['cost'], (isset($quotes[$i]['tax']) ? $quotes[$i]['tax'] : 0))); ?></td> <td class="main" align="right"><?php echo tep_draw_radio_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'], $checked); ?></td><?php } else {?> <td class="main" align="right" colspan="2"><?php echo $currencies->format(tep_add_tax($quotes[$i]['methods'][$j]['cost'], $quotes[$i]['tax'])) . tep_draw_hidden_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id']); ?></td><?php }?> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr><?php $radio_buttons++; } }?> </table></td> <td><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr><?php } }?> </table></td> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr><?php }?> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td class="main"><b><?php echo TABLE_HEADING_COMMENTS; ?></b></td> </tr> </table></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> <tr class="infoBoxContents"> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td><?php echo tep_draw_textarea_field('comments', 'soft', '60', '5'); ?></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="1" cellpadding="2" class="infoBox"> <tr class="infoBoxContents"> <td><table border="0" width="100%" cellspacing="0" cellpadding="2"> <tr> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> <td class="main"><?php echo '<b>' . TITLE_CONTINUE_CHECKOUT_PROCEDURE . '</b><br>' . TEXT_CONTINUE_CHECKOUT_PROCEDURE; ?></td> <td class="main" align="right"><?php echo tep_image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE); ?></td> <td width="10"><?php echo tep_draw_separator('pixel_trans.gif', '10', '1'); ?></td> </tr> </table></td> </tr> </table></td> </tr> <tr> <td><?php echo tep_draw_separator('pixel_trans.gif', '100%', '10'); ?></td> </tr> <tr> <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td width="25%"><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td width="50%" align="right"><?php echo tep_image(DIR_WS_IMAGES . 'checkout_bullet.gif'); ?></td> <td width="50%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td> </tr> </table></td> <td width="25%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td> <td width="25%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td> <td width="25%"><table border="0" width="100%" cellspacing="0" cellpadding="0"> <tr> <td width="50%"><?php echo tep_draw_separator('pixel_silver.gif', '100%', '1'); ?></td> <td width="50%"><?php echo tep_draw_separator('pixel_silver.gif', '1', '5'); ?></td> </tr> </table></td> </tr> <tr> <td align="center" width="25%" class="checkoutBarCurrent"><?php echo CHECKOUT_BAR_DELIVERY; ?></td> <td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_PAYMENT; ?></td> <td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_CONFIRMATION; ?></td> <td align="center" width="25%" class="checkoutBarTo"><?php echo CHECKOUT_BAR_FINISHED; ?></td> </tr> </table></td> </tr> </table></form></td><!-- body_text_eof //--> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"><!-- right_navigation //--><?php require(DIR_WS_INCLUDES . 'column_right.php'); ?><!-- right_navigation_eof //--> </table></td> </tr></table><!-- body_eof //--><!-- footer //--><?php require(DIR_WS_INCLUDES . 'footer.php'); ?><!-- footer_eof //--><br></body></html><?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> Link to comment Share on other sites More sharing options...
pulpfiction Posted May 9, 2006 Share Posted May 9, 2006 Hi,The session will come ahead of all the code. You can have sessions like this,Example:Delivery Information : $_SESSION['step1']Payment Information : $_SESSION['step2']When the Delivery Information page is completed and is about to redirect to the next page the set $_SESSION['step1'] to TRUEWhen the Payment Information page [ http://bhuratea.com/checkout_payment.php ] loads, in the first line check if $_SESSION['step1']=truethen proceed with the pageelseredirect to previos pagesimlarly at the end of the second page set $_SESSION['step2'] to true and in the third page check if $_SESSION['step2'] is true..The session check will be in the first line because the age must not load if condition is not ture.. Link to comment Share on other sites More sharing options...
Little Goat Posted May 9, 2006 Share Posted May 9, 2006 also, make sure you use a session_start() at the beginning of all the pages you use the sessions on.LG Link to comment Share on other sites More sharing options...
virtualadz Posted May 9, 2006 Author Share Posted May 9, 2006 starting with i included the code only in shipping and everything clicked (worked well). please tell me have i done anything wrong as i dont want to proceed if it is wrong, no errors come but just to mkae sure, below giving a part of the code as told to include it at the top, no errors so far, should i proceed<?php/* $Id: checkout_shipping.php,v 1.16 2003/06/09 23:03:53 hpdl Exp $ osCommerce, Open Source E-Commerce Solutions http://www.oscommerce.com Copyright © 2003 osCommerce Released under the GNU General Public License*/ require('includes/application_top.php'); require('includes/classes/http_client.php');//to prevent directly moving out of the pagesession_start($_SESSION['step1']=true);// if the customer is not logged on, redirect them to the login page Link to comment Share on other sites More sharing options...
Little Goat Posted May 9, 2006 Share Posted May 9, 2006 actually, you should do this:session_start();$_SESSION['step1'] = true;LG Link to comment Share on other sites More sharing options...
virtualadz Posted May 9, 2006 Author Share Posted May 9, 2006 hey i did this both one ship.. and pay.. //to prevent directly moving out of the pagesession_start();$_SESSION['step1'] = true;pulpfiction told to include something at the end of the page, does that mean at the end of the shiiping page i should add://to prevent directly moving out of the pagesession_start();$_SESSION['step2'] = true;and then at the starting of conirmationpage add//to prevent directly moving out of the pagesession_start();$_SESSION['step2'] = true;please clear this also after what ending in payment should i add this , have a lookat't ending </table></form></td><!-- body_text_eof //--> <td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="0" cellpadding="2"><!-- right_navigation //--><?php require(DIR_WS_INCLUDES . 'column_right.php'); ?><!-- right_navigation_eof //--> </table></td> </tr></table><!-- body_eof //--><!-- footer //--><?php require(DIR_WS_INCLUDES . 'footer.php'); ?><!-- footer_eof //--><br></body></html><?php require(DIR_WS_INCLUDES . 'application_bottom.php'); ?> Link to comment Share on other sites More sharing options...
Little Goat Posted May 9, 2006 Share Posted May 9, 2006 no, you should not have that again at the end of you r page.LG Link to comment Share on other sites More sharing options...
pulpfiction Posted May 9, 2006 Share Posted May 9, 2006 What I meant was, the step2 page must set the $_SESSION['step2']=TRUE only after that page if done and just before it is redirected to the next page (page/step 3) where you will check for $_SESSION['step2']. Cos initially in page/step 2 the $_SESSION['step2'] will be false. Hope i didnt confuse more... Link to comment Share on other sites More sharing options...
virtualadz Posted May 9, 2006 Author Share Posted May 9, 2006 so in page/step 2 just aftersession_start();$_SESSION['step1'] = true;i should have//to prevent directly moving out of the pagesession_start();$_SESSION['step2'] = true;and in page/step 3, i should have//to prevent directly moving out of the pagesession_start();$_SESSION['step2'] = true; Link to comment Share on other sites More sharing options...
pulpfiction Posted May 9, 2006 Share Posted May 9, 2006 This is jus a representation, hth..Page/step 1:Code starting.........if everything is correct then just before redirect set$_SESSION['step1'] = true;and goto next pageCode endingPage/step 2:Code startingonly if $_SESSION['step1'] = true proceed else back.........if everything is correct then $_SESSION['step2'] = true;goto next pageCode ending Link to comment Share on other sites More sharing options...
virtualadz Posted May 10, 2006 Author Share Posted May 10, 2006 well, but one can still type checkout_success.php as it as a page and will be available anytime the cart if filled and you are logged in. can the url be made a litlle difiicult and also change automatically, have a look belowhttp://anysite.com/checkout_success.php?osCsiteID=e5c1a85954db909f80f559cd65fe02c0 Link to comment Share on other sites More sharing options...
justsomeguy Posted May 10, 2006 Share Posted May 10, 2006 If you want to do something like that, you need to either store the customer's cart information in the database, or you need to store it in a temporary file. You would also want some cleanup mechanism to empty out all the old ones where people just close the window and leave. Link to comment Share on other sites More sharing options...
virtualadz Posted May 10, 2006 Author Share Posted May 10, 2006 i think it is beyod my reach as i dont know about these things much. but if you have any suggestions/comments about my site you are welcome. Link to comment Share on other sites More sharing options...
virtualadz Posted May 11, 2006 Author Share Posted May 11, 2006 hi again i have a new question: see this code below:<script language="javascript"><!--document.write('<?php echo '<a href="java script:popupWindow(\\\'' . tep_href_link(FILENAME_POPUP_IMAGE, 'pID=' . $product_info['products_id']) . '\\\')">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], addslashes($product_info['products_name']), SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?>');//--></script><noscript><?php echo '<a href="' . tep_href_link(DIR_WS_IMAGES . $product_info['products_image']) . '" target="_blank">' . tep_image(DIR_WS_IMAGES . $product_info['products_image'], $product_info['products_name'], SMALL_IMAGE_WIDTH, SMALL_IMAGE_HEIGHT, 'hspace="5" vspace="5"') . '<br>' . TEXT_CLICK_TO_ENLARGE . '</a>'; ?></noscript>in the above code it is understood that a popup window will open with a image. i dont want the popup and have replaced it with dynamic drive's picture viewer, which opens the images there itself, i inserted this coderel="lightbox" inside the href and also removed all things related to opening a popup window, everythign was going right until now that the image opens itself in the same window by the image url : www.mysite.com/images/imagecan anyone help me remove all popup related javascript and put this simple rel="lightbox" in the href section, any will be great Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now