Hi there all
I am having a strange issue with the login routines in a PHP e-commerce shop I have set-up.
This problem had occurred in the testing stages but thorough testing showed it only happened if the customer logged in, logged out and then tried to log in again – this was solved by requesting the user to restart their browser before they use the shop again.
The site was tested & tested & tested – all was fine – then last night I thought I’d make sure it was working and bam! – no go.
This question is a little long – I apologise but felt that by showing some of the code I could explain it better and you could see what is going on.
The programming is based around the Mymarket tutorial found at Devshed – writted by Ying Zhang.
To explain the issue:
On pages that require the customer to be logged in I call a function - require_login – see as follows–
These are contained in two files full of unctions called std_lib and login_functions…
function require_login() {
/ this function checks to see if the user is logged in. if not, it will show
the login screen before allowing the user to continue */
global $CFG, $USER;
if (! is_logged_in()) {
unset($USER["wanturl"]);
$USER["wanturl"] = qualified_me();
redirect_to("$CFG->wwwroot/log_in_page.php");
}
}
function is_logged_in() {
global $USER;
return isset($USER["user"])
&& !empty($USER["user"]["cust_username"])
&& nvl($USER["ip"]) == $_SERVER["REMOTE_ADDR"];
}
function strip_querystring($url) {
/ takes a URL and returns it without the querystring portion /
if ($commapos = strpos($url, '?')) {
return substr($url, 0, $commapos);
} else {
return $url;
}
}
function me() {
/ returns the name of the current script, without the querystring portion.
this function is necessary because PHP_SELF and REQUEST_URI and PATH_INFO
return different things depending on a lot of things like your OS, Web
server, and the way PHP is compiled (ie. as a CGI, module, ISAPI, etc.) */
if (isset($_SERVER["REQUEST_URI"])) {
$me = $_SERVER["REQUEST_URI"];
} elseif ($_SERVER["PATH_INFO"]) {
$me = $_SERVER["PATH_INFO"];
} elseif ($_SERVER["PHP_SELF"]) {
$me = $_SERVER["PHP_SELF"];
}
return strip_querystring($me);
}
function qualified_me() {
/ like me() but returns a fully URL /
$protocol = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? "https://" : "http://";
$url_prefix = "$protocol$_SERVER[HTTP_HOST]";
return $url_prefix . me();
}
So if they are not logged in the page which requires login is stored in USER[“wanturl”] and it goes to my login page – which displays a login form – once the form is submitted and login is checked and ok (I have errors set up and if I put the log in wrong displays errors as I intended)
This is where it goes down hill….
When you login successfully it goes to this piece of code to go to the page which required login…
/ if wantsurl is set, that means we came from a page that required
log in, so let's go back there. otherwise go back to the main page */
$goto = empty($USER["wanturl"]) ? $CFG->wwwroot : $USER["wanturl"];
header("Location: $goto");
die;
for some reason at this stage it thinks the page that required login is called “2”. And I get this message because it does not exist…
The requested URL /bbp_shop/2 was not found on this server.
So I suppose $USER["wanturl"] is not being set correctly.
I echoed $USER["wanturl"] on the login page out of curiosity and it seems to think it is “h” – not sure what is going on.
It does the same thing regardless of which page has the require login.
I already tried a few things when the issue first came up:
Did have $wantsurl I changed the name of the variable – out of curiosity, obviously didn’t make a difference.
Re-programmed in a different way but this is by far the way to go.
Put the unset for $wanturl in before it gets set.
I am pulling my hair because as I said all was OK and then turned pear shaped – there was nothing that changed in the middle.
My hosting company take care of all the server side software could it be any of this?
I hope someone can give me a hand.
I appreciate any help you could give - thanks.
