help with POST data

[samoht]

alright I'm stumped again.

 

I am trying to build a checkout process for my site that goes from filling in ship and bill info to confirm order info. The problem I am having is that I want to be able to skip the first step if the client already has an account and has signed in. This would be easy except I am posting the data from step1 (ship/bill info) on my form like:

<form action="<?php echo $_SERVER['PHP_SELF']; ?>?step=2" method="post" name="frmCheckout" id="frmCheckout" onSubmit="return checkShippingAndPaymentInfo();">

 

the onSubmit goes to a js function that will send the user back to step1 if data is missing.

 

in my confirm.php I check to see if the steps are being served up correct like

<?php 
if (!defined('WEB_ROOT')
    || !isset($_GET['step']) || (int)$_GET['step'] != 2
|| $_SERVER['HTTP_REFERER'] != 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?step=1') {
exit;
}

which works well for making sure that the user who is not logged in gives me all the required data - but also prohibits me from skipping step 1

 

I do set a session variable for ClientId - once logged in - so is there any way that I could add that to the condition so that I could skip step 1 ??

 

and how should I deal with the POST data normally retrieved from step1??

 

thanks

[liebs19]

If you check that they have come from step 1 and it fails, check to see if they are logged in. Then if they are logged in pull their information from the database and continue with step 2.

 

Another option is, when they go to step 1, if they are logged in, just fill in their information in your form. That way they can edit it easily if they need to or just simply click next.

[steve0024]

How are you handling user sessions? $_SESSION['user_id'] ?

Why not just add another if statement to bypass all of the form validation if the user is already logged in?

 

<?php 
if (!isset($_SESSION['user_id'])) {
if (!defined('WEB_ROOT')
    || !isset($_GET['step']) || (int)$_GET['step'] != 2
|| $_SERVER['HTTP_REFERER'] != 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'] . '?step=1') {
exit;
}
}

 

Just change the $_SESSION['user_id'] variable to whatever you're using to check for a logged in user.

Cheers!

[samoht]

Another option is, when they go to step 1, if they are logged in, just fill in their information in your form. That way they can edit it easily if they need to or just simply click next.

 

This is what I am currently doing - which I thought was a good idea, but my boss is not to keen on it.

 

Then if they are logged in pull their information from the database and continue with step 2.

 

This is what I want to do but the step1 data gets POST 'ed to step2

e.g.

<tr> 
   <td width="150" class="labelcell">First Name</td><input name="hidBillAddressId" type="hidden" id="hidBillAddressId" value="<?php echo $_POST['BillAddressId']; ?>" />
   <td class="labelcell"><?php echo $_POST['txtShippingFirstName']; ?>
   <input name="hidShippingFirstName" type="hidden" id="hidShippingFirstName" value="<?php echo $_POST['txtShippingFirstName']; ?>"></td>
</tr> 

 

how do I deel with the conflict of pulling form my db verses the POST info?

[BlueSkyIS]

if the data is posted, use it and update the database, else use the database data.

[liebs19]

Check if the post is sent or not. If it isn't set then pull the data from the database using the login information.

 

This is what I usually use to make sure that my POST data was sent.

if (sizeof($_POST)==0)//This shows that no POST data was sent
{
Pull the data that you need from the database here using their login information stored elsewhere.
}
else //This will be used if POST data was sent.
{
Do your data validation here on the POST data.
}

Do the rest of your page code here.

 

There are other ways to see if the POST was sent, that is just the method I usually use. You can set all the variables that you need in both parts of the if statement and then after the else you can continue on with the page the same way no matter how the data was retrieved.