PLEASE HELP! Page can't be accessed on first try, but works on 2nd?

[TheBrandon]

Hello all,

 

I'm working on a shopping cart based on the plaincart tutorial here:

http://www.phpwebcommerce.com/php-mysql-shopping-cart-tutorial.php

 

However I am having a strange problem that I've never encountered before.

 

If you add a product to your cart and hit "Go To Checkout" and then "Checkout," enter your info and hit Submit, the page posts to itself but generates a 404 error. If you hit refresh on your browser on this screen, the page will then load but without the posted data.

 

Does anyone have any idea how to fix this? Why is it generating a 404 error?

 

I'm attaching the zip of the cart files. I was really hoping to get this online tomorrow so any help would be greatly appreciated.

 

 

[attachment deleted by admin]

[EdwinPaul]

Instead of

<form action="<?php echo $_SERVER['PHP_SELF']; ?>?step=3" method="post"        // step=3 is just an example...

 

use:

 

<form action="?step=3" method="post"

 

 

[TheBrandon]

When I tried that, it had the same result. =/

[EdwinPaul]

If you call your page in your browser, look at the source. You will only see html, but you can see what parameters there are and the contents you composed.

[TheBrandon]

I either get the source code for a 404 error page or the right page with missing form data. What do you mean?

[EdwinPaul]

I mean the page BEFORE you get the 404-error.

[TheBrandon]

It seems okay to me, that's one reason I'm asking for help. Do you see something wrong?

 

<form action="?step=2" method="post" name="frmCheckout" id="frmCheckout" onSubmit="return checkShippingAndPaymentInfo();"> 
    <table width="550" border="0" align="center" cellpadding="5" cellspacing="1" class="entryTable"> 
        <tr class="entryTableHeader"> 
            <td colspan="2">Shipping Information</td> 
        </tr> 
        <tr> 
            <td width="150" class="label">First Name</td> 
            <td class="content"><input name="txtShippingFirstName" type="text" class="box" id="txtShippingFirstName" size="30" maxlength="50"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Last Name</td> 
            <td class="content"><input name="txtShippingLastName" type="text" class="box" id="txtShippingLastName" size="30" maxlength="50"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Address1</td> 
            <td class="content"><input name="txtShippingAddress1" type="text" class="box" id="txtShippingAddress1" size="50" maxlength="100"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Address2</td> 
            <td class="content"><input name="txtShippingAddress2" type="text" class="box" id="txtShippingAddress2" size="50" maxlength="100"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Phone Number</td> 
            <td class="content"><input name="txtShippingPhone" type="text" class="box" id="txtShippingPhone" size="30" maxlength="32"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Province / State</td> 
            <td class="content"><input name="txtShippingState" type="text" class="box" id="txtShippingState" size="30" maxlength="32"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">City</td> 
            <td class="content"><input name="txtShippingCity" type="text" class="box" id="txtShippingCity" size="30" maxlength="32"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Postal / Zip Code</td> 
            <td class="content"><input name="txtShippingPostalCode" type="text" class="box" id="txtShippingPostalCode" size="10" maxlength="10"></td> 
        </tr> 
    </table> 
    <p> </p> 
    <table width="550" border="0" align="center" cellpadding="5" cellspacing="1" class="entryTable"> 
        <tr class="entryTableHeader"> 
            <td width="150">Payment Information</td> 
            <td><span style="float:left;"><input type="checkbox" name="chkSame" id="chkSame" value="checkbox" onClick="setPaymentInfo(this.checked);"> </span> 
                <label for="chkSame" style="cursor:pointer">Same as shipping information</label></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">First Name</td> 
            <td class="content"><input name="txtPaymentFirstName" type="text" class="box" id="txtPaymentFirstName" size="30" maxlength="50"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Last Name</td> 
            <td class="content"><input name="txtPaymentLastName" type="text" class="box" id="txtPaymentLastName" size="30" maxlength="50"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Address1</td> 
            <td class="content"><input name="txtPaymentAddress1" type="text" class="box" id="txtPaymentAddress1" size="50" maxlength="100"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Address2</td> 
            <td class="content"><input name="txtPaymentAddress2" type="text" class="box" id="txtPaymentAddress2" size="50" maxlength="100"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Phone Number</td> 
            <td class="content"><input name="txtPaymentPhone" type="text" class="box" id="txtPaymentPhone" size="30" maxlength="32"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Province / State</td> 
            <td class="content"><input name="txtPaymentState" type="text" class="box" id="txtPaymentState" size="30" maxlength="32"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">City</td> 
            <td class="content"><input name="txtPaymentCity" type="text" class="box" id="txtPaymentCity" size="30" maxlength="32"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Postal / Zip Code</td> 
            <td class="content"><input name="txtPaymentPostalCode" type="text" class="box" id="txtPaymentPostalCode" size="10" maxlength="10"></td> 
        </tr> 
    </table> 
    <p> </p> 
    <table width="550" border="0" align="center" cellpadding="5" cellspacing="1" class="entryTable"> 
      <tr> 
        <td width="150" class="entryTableHeader">Payment Method </td> 
        <td class="content"> 
        <input name="optPayment" type="radio" id="optPaypal" value="paypal" checked="checked" /> 
        <label for="optPaypal" style="cursor:pointer">Paypal</label></td> 
      </tr> 
    </table> 
    <p> </p> 
    <p align="center"> 
        <input class="box" name="btnStep1" type="submit" id="btnStep1" value="Proceed >>"> 
    </p> 
</form> 

[EdwinPaul]

It seems okay to me, that's one reason I'm asking for help. Do you see something wrong?

 

<form action="?step=2" method="post" name="frmCheckout" id="frmCheckout" onSubmit="return checkShippingAndPaymentInfo();"> 
    <table width="550" border="0" align="center" cellpadding="5" cellspacing="1" class="entryTable"> 
        <tr class="entryTableHeader"> 
            <td colspan="2">Shipping Information</td> 
        </tr> 
        <tr> 
            <td width="150" class="label">First Name</td> 
            <td class="content"><input name="txtShippingFirstName" type="text" class="box" id="txtShippingFirstName" size="30" maxlength="50"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Last Name</td> 
            <td class="content"><input name="txtShippingLastName" type="text" class="box" id="txtShippingLastName" size="30" maxlength="50"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Address1</td> 
            <td class="content"><input name="txtShippingAddress1" type="text" class="box" id="txtShippingAddress1" size="50" maxlength="100"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Address2</td> 
            <td class="content"><input name="txtShippingAddress2" type="text" class="box" id="txtShippingAddress2" size="50" maxlength="100"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Phone Number</td> 
            <td class="content"><input name="txtShippingPhone" type="text" class="box" id="txtShippingPhone" size="30" maxlength="32"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Province / State</td> 
            <td class="content"><input name="txtShippingState" type="text" class="box" id="txtShippingState" size="30" maxlength="32"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">City</td> 
            <td class="content"><input name="txtShippingCity" type="text" class="box" id="txtShippingCity" size="30" maxlength="32"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Postal / Zip Code</td> 
            <td class="content"><input name="txtShippingPostalCode" type="text" class="box" id="txtShippingPostalCode" size="10" maxlength="10"></td> 
        </tr> 
    </table> 
    <p> </p> 
    <table width="550" border="0" align="center" cellpadding="5" cellspacing="1" class="entryTable"> 
        <tr class="entryTableHeader"> 
            <td width="150">Payment Information</td> 
            <td><span style="float:left;"><input type="checkbox" name="chkSame" id="chkSame" value="checkbox" onClick="setPaymentInfo(this.checked);"> </span> 
                <label for="chkSame" style="cursor:pointer">Same as shipping information</label></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">First Name</td> 
            <td class="content"><input name="txtPaymentFirstName" type="text" class="box" id="txtPaymentFirstName" size="30" maxlength="50"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Last Name</td> 
            <td class="content"><input name="txtPaymentLastName" type="text" class="box" id="txtPaymentLastName" size="30" maxlength="50"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Address1</td> 
            <td class="content"><input name="txtPaymentAddress1" type="text" class="box" id="txtPaymentAddress1" size="50" maxlength="100"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Address2</td> 
            <td class="content"><input name="txtPaymentAddress2" type="text" class="box" id="txtPaymentAddress2" size="50" maxlength="100"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Phone Number</td> 
            <td class="content"><input name="txtPaymentPhone" type="text" class="box" id="txtPaymentPhone" size="30" maxlength="32"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Province / State</td> 
            <td class="content"><input name="txtPaymentState" type="text" class="box" id="txtPaymentState" size="30" maxlength="32"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">City</td> 
            <td class="content"><input name="txtPaymentCity" type="text" class="box" id="txtPaymentCity" size="30" maxlength="32"></td> 
        </tr> 
        <tr> 
            <td width="150" class="label">Postal / Zip Code</td> 
            <td class="content"><input name="txtPaymentPostalCode" type="text" class="box" id="txtPaymentPostalCode" size="10" maxlength="10"></td> 
        </tr> 
    </table> 
    <p> </p> 
    <table width="550" border="0" align="center" cellpadding="5" cellspacing="1" class="entryTable"> 
      <tr> 
        <td width="150" class="entryTableHeader">Payment Method </td> 
        <td class="content"> 
        <input name="optPayment" type="radio" id="optPaypal" value="paypal" checked="checked" /> 
        <label for="optPaypal" style="cursor:pointer">Paypal</label></td> 
      </tr> 
    </table> 
    <p> </p> 
    <p align="center"> 
        <input class="box" name="btnStep1" type="submit" id="btnStep1" value="Proceed >>"> 
    </p> 
</form> 

 

There is something stange in this line:

<form action="?step=2" method="post" name="frmCheckout" id="frmCheckout" onSubmit="return checkShippingAndPaymentInfo();">

 

What do you want to happen when the submit-button is clicked? You code onsubmit=  and also action=

 

[TheBrandon]

The onSubmit is just form validation.

 

function checkShippingAndPaymentInfo()
{
with (window.document.frmCheckout) {
	if (isEmpty(txtShippingFirstName, 'Enter first name')) {
		return false;
	} else if (isEmpty(txtShippingLastName, 'Enter last name')) {
		return false;
	} else if (isEmpty(txtShippingAddress1, 'Enter shipping address')) {
		return false;
	} else if (isEmpty(txtShippingPhone, 'Enter phone number')) {
		return false;
	} else if (isEmpty(txtShippingState, 'Enter shipping address state')) {
		return false;
	} else if (isEmpty(txtShippingCity, 'Enter shipping address city')) {
		return false;
	} else if (isEmpty(txtShippingPostalCode, 'Enter the shipping address postal/zip code')) {
		return false;
	} else if (isEmpty(txtPaymentFirstName, 'Enter first name')) {
		return false;
	} else if (isEmpty(txtPaymentLastName, 'Enter last name')) {
		return false;
	} else if (isEmpty(txtPaymentAddress1, 'Enter Payment address')) {
		return false;
	} else if (isEmpty(txtPaymentPhone, 'Enter phone number')) {
		return false;
	} else if (isEmpty(txtPaymentState, 'Enter Payment address state')) {
		return false;
	} else if (isEmpty(txtPaymentCity, 'Enter Payment address city')) {
		return false;
	} else if (isEmpty(txtPaymentPostalCode, 'Enter the Payment address postal/zip code')) {
		return false;
	} else {
		return true;
	}
}
}

[EdwinPaul]

Your included file checkoutConfirmation starts with:

Line 2 : Check if step is defined and the value is two                                                            //  two=2

if (!defined('WEB_ROOT')
    || !isset($_GET['step']) || (int)$_GET['step'] != 2
|| $_SERVER['HTTP_REFERER'] != 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?step=1') {    //  1 ????
exit;
}

 

[TheBrandon]

Yeah but step is defined. Is it written improperly?

[EdwinPaul]

Yeah but step is defined. Is it written improperly?

 

it is written properly, but I think

 

'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?step=1'

 

should be

 

'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?step=2'

[TheBrandon]

No. See comments below.

 

It says: if $_GET['step'] is NOT set OR IF $_GET['step'] DOES NOT EQUAL 2. So "if its anything but 2 and is set"

 

Line 2 : Check if step is defined and the value is two                                                            //  two=2

if (!defined('WEB_ROOT')
//if $_GET['step'] is NOT set OR IF $_GET['step'] DOES NOT EQUAL 2
    || !isset($_GET['step']) || (int)$_GET['step'] != 2
|| $_SERVER['HTTP_REFERER'] != 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?step=1') {    //  1 ????
exit;
}

[mikesta707]

I dont really see anything wrong with most of your code. The only thing that strikes me (and my not be incorrect, but seems weird) is the action of your form.

 
<form action="?step=2" ...>

 

Now theoretically I think that should work, but have you tried putting the page name in there? Like instead o just ?step=2, try (assuming your page is named page.php) page.php?step=2 (obviously replace page with your pages name)

[TheBrandon]

I dont really see anything wrong with most of your code. The only thing that strikes me (and my not be incorrect, but seems weird) is the action of your form.

 
<form action="?step=2" ...>

 

Now theoretically I think that should work, but have you tried putting the page name in there? Like instead o just ?step=2, try (assuming your page is named page.php) page.php?step=2 (obviously replace page with your pages name)

 

Yeah. Same result. I even tried putting the absolute path with the full URL.

[EdwinPaul]

I dont really see anything wrong with most of your code. The only thing that strikes me (and my not be incorrect, but seems weird) is the action of your form.

 
<form action="?step=2" ...>

 

Now theoretically I think that should work, but have you tried putting the page name in there? Like instead o just ?step=2, try (assuming your page is named page.php) page.php?step=2 (obviously replace page with your pages name)

 

@Mike:

 

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

Might be unsafe. If the script is called with:

http://localhost/example.php/"><script>alert('howdy');</script>

you may have XSS.

[TheBrandon]

I moved it to another domain name thinking maybe it was a conflict with some .htaccess or something.

 

Same result.

 

Spits this out:

 

Forbidden

You don't have permission to access /cart/checkout.php on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.

 

I don't get it. Why is accessing step=2 generating a 404 error on the first try?

 

[PFMaBiSmAd]

I would go through your code and every place you have a header('Location: xxxx.xxx'); redirect statement, add an exit; statement after it to prevent the remainder of the code on the page from being executed.

 

Edit: I would also set error_reporting to E_ALL and display_errors to ON (in a local php.ini if php is running as a CGI application or in a .htaccess file if php is running as an Apache Module) so that any things like session errors would be reported and displayed. If output_buffering is turned on in your master php.ini, I would turn it off as well since it hides any  output from your code when you perform a redirect.

[TheBrandon]

Will do. Any ideas on why it's creating the error?

 

Actually when I put it on a new domain, it created a 403 error; not a 404.

[PFMaBiSmAd]

Any chance that this is happening when the paypal sandbox redirects you back to "http://www.phpwebcommerce.com/plaincart/";?

 

Is the URL actually your domain or is the the value in the $paypal['site_url'] variable in the paypal.inc.php file?

[TheBrandon]

Any chance that this is happening when the paypal sandbox redirects you back to "http://www.phpwebcommerce.com/plaincart/";?

 

Is the URL actually your domain or is the the value in the $paypal['site_url'] variable in the paypal.inc.php file?

 

The paypal data shouldn't be being accessed until after you confirm your order, no. That's step 3; my script is breaking on 2.

[xyph]

You were always getting a 403 Forbidden.

 

You got a 404 when Apache couldn't find a default 403 error page to display.

[TheBrandon]

I contacted my host. They said it seems to be a security glitch on their server. I'll keep you guys updated. It hasn't been fixed yet.

[xyph]

It's 100% a server error, unless you're trying to redirect to a page outside of your webroot, or a script with HTTP auth (http://php.net/manual/en/features.http-auth.php)