Jump to content

Cookie / Session Problem


roldahayes

Recommended Posts

I know that this is quite a vague question but would appreciate some help with this.

 

I have just moved a working shopping basket that uses Barclays EPDQ for payments, to a new server.

 

Now that it has moved I am having problems with it.

 

The orders are sending to the database, and we are receiving the customers money, but we are not getting any orders emailed to us (nor is the customer...) and they are just getting the error message that there has been a problem.

 

It appears that the UserID isnt returning back to this page and then knowing where to send the email confimrations back to.

 

Could this have been caused just by moving to the new server?

 

 

The only difference that I can see between the Cookie / Session set up on the server is that Session.use_only_cookies is now set to "On" with the new server.

 

 


<?php

error_reporting(E_ALL);
ini_set('display_errors', '1');


//include header code
//include_once("head.php");
//include header code
include_once("func_lib.php");

// use the user_connection include file's connectDB function
include_once("usr_conn.php");
if(!connectDB())
{
echo "<p>Unable To Connect To Database</p>";
return;
}
// assign variables
$currency = "£";

//get confirmation or customerID etc
$userID = stripslashes(($_COOKIE['userID'] ? $_COOKIE['userID'] : str_replace("BR_", "", $_GET["oid"])));
$shopperID = stripslashes(substr($userID, 0, 6));

$token = md5(uniqid(rand(),1));
setcookie("userID", $token, time() + 3600, "/");
setcookie("userID", $token, time() + 3600, "/upload/");

//get the user details
$result = mysql_query("SELECT * FROM shopper WHERE User_ID='$userID'");
$UserDetails = mysql_fetch_assoc($result);

$custdetails = explode("\n",$UserDetails["Customer_Address"]);
foreach($custdetails as $value) {
if(strpos($value,"Customer_Email") !== false) { $Customer_Email = str_replace("Customer_Email = ", "", $value); }
}

//check that the order has not alerady been sent
if (isset ($_COOKIE['order']))
{
$message = "Your order has already been processed";
$blnSet = "1";

}

?>


<?php


//get info from shopper table
$sqlquery = "SELECT * FROM shopper WHERE user_ID = '" . $userID . "'";
$result = mysql_query($sqlquery);
echo '<!--'.mysql_error() .'-->';
$rowCount = mysql_num_rows($result);
echo'<!--test-->';
// if no matches then nothing to checkout
if ($rowCount == 0)
{
echo'<!--in-->';
echo ("<p><font class=error>Your basket was empty. You have come to this page in error!!<br>Please return to the main site</font></p>");
return;
}
else
{ //store shopper details
$shoprow = mysql_fetch_assoc($result);
$Basket_total = number_format(htmlspecialchars($shoprow['Basket_total']), 2);
$Post_type = htmlspecialchars($shoprow['Postage']);
//echo "tot: " . $Basket_total;
$Postage = htmlspecialchars($shoprow['Postage']);
//get basket details
$sqlquery = "SELECT * FROM basket WHERE userID = '" . $userID . "'";
$result = mysql_query($sqlquery);
$rowCount = mysql_num_rows($result);
if ($rowCount == 0)
{
echo "<font class=error><p>Error: Your basket was empty.</p></font>";
return;
}
else
{
// select the userID's basket query and the Product Reference relating to each of the basket's productID's
$sqlquery = "SELECT * FROM basket INNER JOIN products ON basket.productID = products.Prod_ID WHERE ((basket.userID) = '" . $userID . "')";
//echo $sqlquery;
$baskresult = mysql_query($sqlquery);
$rowCount = mysql_num_rows($baskresult);

//set counter to name each hidden form element for the product details
$frmCount = 1;

while ($row = mysql_fetch_assoc($baskresult))
{

//cut the prod_type variable
//get the length of the variable
$strLength = strlen ($row["Prod_Type"]);
//assign first 2 characters of variable
$strPrefix = substr($row["Prod_Type"], 0, 2);
//debug
//echo "\n prefix :" . $strPrefix;
//assign remaining characters of variable
$strSuffix = substr($row["Prod_Type"], 2, $strLength);
//debug
//echo "\n suffix :" . $strSuffix;

//set product header image depending on the Prod_Type Code
//start the table row
$strProdType = prodType ($strPrefix);


echo("<tr class=stdtable><td align=center> " . htmlspecialchars($row['Car_Make']) . " " . "</td>");
echo("<td align=center> " . $strProdType . " " . "</td>");
echo("<td align=center> " . htmlspecialchars($row['Prod_Make']) . "<br>" . htmlspecialchars($row['Product_Desc']) . "</td>");
echo("<td align=center> " . htmlspecialchars($row['Prod_REF']) . " " . "</td>");
echo("<td align=center>". htmlspecialchars($row['quantity']) ."</td></tr>");
//create hidden form names and values containing product details
echo "<input type=hidden name=Product".$frmCount."_Make value=\"". htmlspecialchars($row['Prod_Make']) ."\">";
echo "<input type=hidden name=Product".$frmCount."_Model value=\"". htmlspecialchars($row['Prod_Model']) ."\">";
echo "<input type=hidden name=Product".$frmCount."_Type value=\"". $strProdType ."\">";
echo "<input type=hidden name=Product".$frmCount."_REF value=\"". $row['Prod_REF'] ."\">";
echo "<input type=hidden name=Product".$frmCount."_Quantity value=\"". htmlspecialchars($row['quantity']) ."\">";
//incrementcount by 1
$frmCount ++;
}//end while

echo("<tr class=stdtable><td colspan=3> </td><td align=center><b>TOTAL</b></td><td align=center>" . $currency . $Basket_total . "</td></tr>");

}//end else
}//end else
?>


<td height="32" colspan="2" align="center" class="header">Order
Number = <?php echo $shopperID; ?> </td>

</tr>

<tr>

<td height="80" colspan="2" align="center" class=std>

<?php

//create messsage based on whether mail was sent or not

if ($UserDetails["Success"] == 1)

echo ("Your order has been placed successfully. We will email or call you shortly confirming your details. <br><br>");

else

echo ("Unfortunately there has been an error sending your order. Please try again, or email us <br>");
echo $message;

?>




<?php

//include footer code



if ($UserDetails["Success"] == 1){
//finally send out a confirmation email to the customer, including their ShopperID
include_once("customer_mail_new.php");
include_once("client_mail_new.php");
}
?>



<?php
$blnSet = "";
?>

Edited by roldahayes
Link to comment
Share on other sites

You're not using sessions in that code, at least not in the code that you posted, so it's not that.

Though, you're not actually sending an e-mail either. Again, not from what I can see in the code you posted.

 

What you need to do is to go through the code in a debugger, and check the code line-by-line until you figure out exactly where the problem occurs. Turn on error reporting on your (development) server as well, or at the very least check the error logs on the production server (if you can't reproduce the problem).

 

Also, your script seems to be quite out of date, as it relies upon the magic_quotes setting. Nowadays you do not want to use stripslashes () on user-submitted data, as it can actually cause a security risk seeing as magic_quotes is turned off by default.

Lastly I recommend reading up on setcookie () as well. It got some new parameters, which might help.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.