westminster86

Need a free text editor to begin a new php document. Any suggestions?

Is there an alternative to using the header to redirect, as I am getting the follwoing warning message. Cannot modify header information - headers already sent

I forgot to mention that im appending the product Id of the item added to the cart to the end of the url. So it looks something like this, http://www.collections.streamlinenettrial.co.uk/cgi-bin/showCart.php?new=1. So below, the user is going to be redirected to the checkout page only if the item with ID 1 is added to the cart. I have 193 products. if ($_POST['from'] == 'http://www.collections.streamlinenettrial.co.uk/cgi-bin/showCart.php?new=1') { header ('Location: http://collections.streamlinenettrial.co.uk/cgi-bin/checkout.php'); } else { header ('Location: http://collections.streamlinenettrial.co.uk/cgi-bin/myaccount.php'); }

How do I extract the hidden field's value on the page that process's the login form?

so does the hidden field have the value "http://collections.streamlinenettrial.co.uk/cgi-bin/checkout.php" ?

Ill try that.

I echoed $_SERVER['HTTP_REFERER'] and I got, http://www.collections.streamlinenettrial.co.uk/cgi-bin/login.php

Im not all that familiar with $_SERVER['HTTP_REFERER'] so I dont know if im using it right.

I have a login / register link on the header of a page. If the users email address and password matches the values in the database, the user is redirected to the myaccount.php page. The showCart.php is a page displaying the items added to the shopping cart. I have a button, 'checkout', taking the user to the checkout.php page. At the start of the page I use the isset function to check the $_SESSION['user_fname'] isset. If not the user is redirected to the login.php. The problem im having is, if the user has come to the login.php page via clicking the checkout button, id like the user to be taken to the checkout.php page. At the moment its taking the user to the myaccount.php page regardless. $query = "select * from customers where emailaddress='$email'"; $result = mysql_query($query, $db); $num_results = mysql_num_rows($result); if ($num_results>0) { $row = mysql_fetch_assoc($result); $encrypt = $row['password']; if (crypt($password, $encrypt)==$encrypt) { $_SESSION['user_id'] = $row['customerid']; $_SESSION['user_fname'] = $row['firstname']; if ($_SERVER['HTTP_REFERER'] == 'http://www.collections.streamlinenettrial.co.uk/cgi-bin/checkout.php') { header ('Location: http://collections.streamlinenettrial.co.uk/cgi-bin/checkout.php'); } else { header ('Location: http://collections.streamlinenettrial.co.uk/cgi-bin/myaccount.php'); } } else { echo 'Sorry, we could not log you in with that password. <a href="login.php">Please go back and try again.</a>'; } } else { echo 'Sorry, we could not recognise that email address. <a href="login.php">Please go back and try again.</a>'; }

Its in fact the line below that is causing the problem. I added an else statment to the if and its the else statment its echoing. if (checkCreditCard ($_POST['CardNumber'], $_POST['CardType'], $ccerror, $ccerrortext)) { }

Ive echoed out the two form fields and it doesnt seem to be posting the two form variables, and so is not calling the function. <html> <head> </head> <body> <table border = 0 width = '100%' cellspacing = 0> <form action = '' method = 'post'> <tr><th colspan = 2 bgcolor="#cccccc">Credit Card Details</th></tr> <tr> <td>Card Type:</td> <td><select name = 'CardType'><option><option>American Express<option>Maestro<option>MasterCard<option>Solo<option>Switch<option>Visa<option>Visa Electron</select></td> </tr> <tr> <td>Number:</td> <td><input type = 'text' name = 'CardNumber' value = "" maxlength = 19 size = 20></td> </tr> <tr> <td><input type='submit' name='submit' value='submit'></td> </tr> </form> </table> </body> </html> <?php if (isset($_POST['submit'])) { if (checkCreditCard ($_POST['CardNumber'], $_POST['CardType'], $ccerror, $ccerrortext)) { $ccerrortext = 'This card has a valid format'; } } function checkCreditCard ($cardnumber, $cardname, &$errornumber, &$errortext) { $cards = array ( array ('name' => 'American Express', 'length' => '15', 'prefixes' => '34,37', 'checkdigit' => true ), array ('name' => 'Maestro', 'length' => '16,18', 'prefixes' => '5020,6', 'checkdigit' => true ), array ('name' => 'MasterCard', 'length' => '16', 'prefixes' => '51,52,53,54,55', 'checkdigit' => true ), array ('name' => 'Solo', 'length' => '16,18,19', 'prefixes' => '6334,6767', 'checkdigit' => true ), array ('name' => 'Switch', 'length' => '16,18,19', 'prefixes' => '4903,4905,4911,4936,564182,633110,6333,6759', 'checkdigit' => true ), array ('name' => 'Visa', 'length' => '13,16', 'prefixes' => '4', 'checkdigit' => true ), array ('name' => 'Visa Electron', 'length' => '16', 'prefixes' => '417500,4917,4913', 'checkdigit' => true ) ); $ccErrorNo = 0; $ccErrors [0] = "Unknown card type"; $ccErrors [1] = "No card number provided"; $ccErrors [2] = "Credit card number has invalid format"; $ccErrors [3] = "Credit card number is invalid"; $ccErrors [4] = "Credit card number is wrong length"; // Establish card type $cardType = -1; for ($i=0; $i<sizeof($cards); $i++) { // See if it is this card (ignoring the case of the string) if (strtolower($cardname) == strtolower($cards[$i]['name'])) { $cardType = $i; break; } } // If card type not found, report an error if ($cardType == -1) { $errornumber = 0; $errortext = $ccErrors [$errornumber]; return false; } // Ensure that the user has provided a credit card number if (strlen($cardnumber) == 0) { $errornumber = 1; $errortext = $ccErrors [$errornumber]; return false; } // Remove any spaces from the credit card number $cardNo = str_replace (' ', '', $cardnumber); // Check that the number is numeric and of the right sort of length. if (!eregi('^[0-9]{13,19}$',$cardNo)) { $errornumber = 2; $errortext = $ccErrors [$errornumber]; return false; } // Now check the modulus 10 check digit - if required if ($cards[$cardType]['checkdigit']) { $checksum = 0; // running checksum total $mychar = ""; // next char to process $j = 1; // takes value of 1 or 2 // Process each digit one by one starting at the right for ($i = strlen($cardNo) - 1; $i >= 0; $i--) { // Extract the next digit and multiply by 1 or 2 on alternative digits. $calc = $cardNo{$i} * $j; // If the result is in two digits add 1 to the checksum total if ($calc > 9) { $checksum = $checksum + 1; $calc = $calc - 10; } // Add the units element to the checksum total $checksum = $checksum + $calc; // Switch the value of j if ($j ==1) {$j = 2;} else {$j = 1;}; } // All done - if checksum is divisible by 10, it is a valid modulus 10. // If not, report an error. if ($checksum % 10 != 0) { $errornumber = 3; $errortext = $ccErrors [$errornumber]; return false; } } // The following are the card-specific checks we undertake. // Load an array with the valid prefixes for this card $prefix = split(',',$cards[$cardType]['prefixes']); // Now see if any of them match what we have in the card number $PrefixValid = false; for ($i=0; $i<sizeof($prefix); $i++) { $exp = '^' . $prefix[$i]; if (ereg($exp,$cardNo)) { $PrefixValid = true; break; } } // If it isn't a valid prefix there's no point at looking at the length if (!$PrefixValid) { $errornumber = 3; $errortext = $ccErrors [$errornumber]; return false; } // See if the length is valid for this card $LengthValid = false; $lengths = split(',',$cards[$cardType]['length']); for ($j=0; $j<sizeof($lengths); $j++) { if (strlen($cardNo) == $lengths[$j]) { $LengthValid = true; break; } } // See if all is OK by seeing if the length was valid. if (!$LengthValid) { $errornumber = 4; $errortext = $ccErrors [$errornumber]; return false; }; // The credit card is in the required format. return true; } ?>

One last thing. I know its not ideal to store the these sensitive details in a database, but for my project im going to have to. Before storing the details im going to encrypt them. Ive only ever used the crypt fucntion to encrypt password fields. Would it be suitable to use this function for the credit card details? Is there a better option, is MD5 more appropriate?

So you wouldnt suggest using an algorithm of some sort but to use the preg_match instead?

The thing is im not actually selling the products. Its a project im doing for my final year. I have products that a user can to the shopping cart and when he/she goes to checkout it asks for their credit card details. I just want to validate the the users input. Can i still do this with paypal?

Im assuming uve created one or more session variables upon loggin in. Try the following if (isset($_SESSION['elementname'])) { // add to cart } else { // redirect user to login page } Check to see if the session variable is set, if not use 'header' to redirect the user to the login page.