php session, post problem?

rejvin

Hello!

The site has already started a session and when im at the end of the inputs, I made a new form action. After the new form action i want it to remember the old session, so all can be calculated, not only the last page.

Here is the main code (payment.php)

<?
session_start();

include_once ("config/config.php");
include_once ("gateway.php");
include_once ("redirect.php");

if ($_REQUEST['table']==1) $_SESSION['table_to_modify']="users";
if ($_REQUEST['table']==2) $_SESSION['table_to_modify']="auctions";
if ($_REQUEST['table']==3) $_SESSION['table_to_modify']="winners";
if ($_REQUEST['table']==4) $theoption=2;

// assign posted variables to local variables
// note: additional IPN variables also available -- see IPN documentation

$payment_gross = $_POST['amount'];
$txn_id = "Test Transaction";
$custom = $_POST['custom'];
$currentTime = time();


if ($payment_status == "Completed"){
	#-------------------------------------------
	if ($theoption==2) {
		$currentBalance = getSqlField("SELECT balance FROM users WHERE id='".$custom."'","balance");
		$updatedBalance = $currentBalance - $payment_gross;
		if ($updatedBalance<=0) {
			$_SESSION['accsusp']=0;
		}
		$currentTime = time();
		$updateUser = mysql_query("UPDATE users SET 
		active='1', payment_status='confirmed', balance='".$updatedBalance."' WHERE id='".$custom."'");
        $updateAuction = mysql_query("UPDATE auctions SET 
		active='1' WHERE ownerid='".$custom."'");
        $insertInvoice = mysql_query("INSERT INTO invoices 
		(userid,feename,feevalue,feedate,balance,transtype,processor) VALUES 
        ('".$custom."','".$lang[payment_fee]."','".$payment_gross."','".$currentTime."','".$updatedBalance."','payment','".$setts['payment_gateway']."')");
	} else {
		if ($_REQUEST['table']==3) {
			$updateTable = mysql_query("UPDATE ".$_SESSION['table_to_modify']." SET 
			active = '1',payment_status='confirmed',amountpaid='".$payment_gross."',paymentdate='".$currentTime."',
			txnid='".$txn_id."',processor='".$setts['payment_gateway']."' WHERE auctionid='".$custom."'") or die(mysql_error());
		} else {
			$updateTable = mysql_query("UPDATE ".$_SESSION['table_to_modify']." SET 
			active = '1',payment_status='confirmed',
			amountpaid='".$payment_gross."',paymentdate='".$currentTime."',
			processor='".$setts['payment_gateway']."' WHERE id='".$custom."'") or die(mysql_error());
		}
	}
	echo "<script>document.location.href='".$_POST['return']."'</script>";
}

?>

gateway.php is accepted, cause there is no post functions there.
And here is the redirect.php (thats causing the main code session to die)

<?php
session_start();

// Definiera konstanter för databasanslutning
include_once ("config/config.php");

// Definiera koders livslängd, i sekunder
$CODE_LIFETIME = 24*60*60;

// Definiera vilken sida/adress man hamnar på vid godkänd kod
//$LOCATION = 'paymentsimulatororg.php';

// Definiera felmeddelande
$ERROR_MSG = 'Felaktig kod.<br>';

// Stäng av PHP:s felrapportering
error_reporting(0);

// Anslut till databasen
mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);

// Användaren tryckte på login-knappen
if ( isset($_REQUEST['submit']) ) {

// Radera utnyttjade koder som är äldre än $CODE_LIFETIME
	mysql_query('DELETE from smspay WHERE (used=1) AND (tstamp-now()+'
		. $CODE_LIFETIME . ' < 0)');

// Kontrollera om koden är giltig (plocka också ut eventuell 'used'-flagga)
	$res = mysql_query('SELECT used FROM smspay WHERE code="'
		. addslashes($_REQUEST['kod']) . '"');

// Kod fanns i DB
	if ( mysql_num_rows($res) > 0 ) {

// Om det är första gången koden används (used=0) - påbörja nedräkning
		if (mysql_result($res,0,0) == '0') {
			mysql_query('UPDATE smspay SET used=1, tstamp=now() WHERE code="'
				. addslashes($_REQUEST['kod']) . '"');
		}

// Om koden är godkänd ge detta värde.		
		$payment_status = "Completed";

// Kod fanns ej i DB, sätt felmeddelande
	} else {
		$error = $ERROR_MSG;
	}
}

?>

<? if (isset($error)) echo $error;  ?>

<form action=payment.php method=\"post\">

Kod: <input type="text" name="kod"><br>	
<br>
<input type="submit" name="submit" value="Aktivera">

</form>

Session from sellitem -> payment.php is not saved when using redirect.php action post.

Setup.

1.Sellitem.php (choose what to buy)
2.payment.php (calculates the price and deal is off if $payment_status = "Completed"; should be outputed from redirect.php when enter paycode.

ClarkF1

Please use the php tags around your code.........it makes it easier to read

Houdini

For a start fix this HTML

<form action=paymentsimulator.php method=[/COLOR]"post[/COLOR]">

You don't escape quotes in HTML so

<form action="paymentsimulator.php" method="post">

rejvin

Houdini,

so when using <form action="paymentsimulator.php" method="post">

paymentsimulator.php will not be reloaded? just updated? the sessions must be there from sellitem.php, ill try tonight, thanks. I heard someone told be about the inputs must be hidden?

rejvin

maybe <input type="hidden" will work

rejvin

still it doesnt include old session 🙁

bogu

Man sessions doesnt have anything to do with post vars only if u have register_globals = On and the name of the session is the same with the elements from the form or somethig...

U set your session in one page an after 10 pages view if u view your sessions are still there ...

U can destroy them by using session_destroy();

rejvin

Well if seems gone anyway,

<?
session_start();

// Definiera konstanter för databasanslutning
include_once ("config/config.php");

// Definiera koders livslängd, i sekunder
$CODE_LIFETIME = 24*60*60;

// Definiera vilken sida/adress man hamnar på vid godkänd kod
$LOCATION = 'sellitem.php';

// Definiera felmeddelande
$ERROR_MSG = 'Felaktig kod.<br>';

// Stäng av PHP:s felrapportering
error_reporting(0);

// Anslut till databasen
mysql_connect($dbhost, $dbuser, $dbpass);
mysql_select_db($dbname);

// Användaren tryckte på login-knappen
if ( isset($_REQUEST['submit']) ) {

// Radera utnyttjade koder som är äldre än $CODE_LIFETIME
	mysql_query('DELETE from smspay WHERE (used=1) AND (tstamp-now()+'
		. $CODE_LIFETIME . ' < 0)');

// Kontrollera om koden är giltig (plocka också ut eventuell 'used'-flagga)
	$res = mysql_query('SELECT used FROM smspay WHERE code="'
		. addslashes($_REQUEST['kod']) . '"');

// Kod fanns i DB
	if ( mysql_num_rows($res) > 0 ) {

// Om det är första gången koden används (used=0) - påbörja nedräkning
		if (mysql_result($res,0,0) == '0') {
			mysql_query('UPDATE smspay SET used=0, tstamp=now() WHERE code="'
				. addslashes($_REQUEST['kod']) . '"');
		}

// Skicka användaren till $LOCATION		
		header('location: ' . $LOCATION); exit();


// Kod fanns ej i DB, sätt felmeddelande
	} else {
		$error = $ERROR_MSG;
	}
}

?>
<html>

<? if (isset($error)) echo $error; ?>

<form action="redirect.php">

Kod: <input type="text" name="kod"><br>
<br>
<input type="submit" name="submit" value="Logga in">

</form>

</html>

As you can see, if the code is accepted you will be forwarded to sellitem.php($LOCATION = 'sellitem.php'😉, and I cant see anything saved. Just a plain site with nothing selected anymore. Before redirect.php is executed lots of stuff are selected on sellitem.php :mad: HELP

rejvin

loading redirect.php

All variables from $_REQUEST : all user input variables.
Key: table; Value: 2
Key: business; Value: mail@paypalemail.com
Key: receiver_email; Value: mail@paypalemail.com
Key: amount; Value: 9.50
Key: currency_code; Value: SEK
Key: return; Value: http://.............paymentdone.php
Key: cancel_return; Value: http://.................paymentfailed.php
Key: undefined_quantity; Value: 0
Key: no_shipping; Value: 1
Key: no_note; Value: 1
Key: custom; Value: 100020
Key: notify_url; Value: http://,.............paymentsimulator.php?table=2
Key: submit_x; Value: 22
Key: submit_y; Value: 40
Key: PHPSESSID; Value: 41389ead452e119f270d1a4b0267f4e9

Kod: 

Logga in

After clicking on Logga in

All variables from $_REQUEST : all user input variables.
Key: kod; Value: fc5b31
Key: submit; Value: Logga in
Key: PHPSESSID; Value: 80a300471f645da0ef936e36d782a643

Kod:

Logga in

Older session data is lost 🙁

bogu

After a little search in php manual, look what I find ...

php_manual wrote:
Session ID's wont be carried over through meta refreshes, so make sure you add the variables (in GET format) to the URL.
IE )
<meta http-equiv=\"refresh\" content=\"1;URL=index.php?PHPSESSID=$PHPSESSID\">

Why dont u set your own session?

rejvin

That must be it!... still I need some help how to setup the script..


<?php 
session_start(); 

// Definiera konstanter för databasanslutning 
include_once ("config/config.php"); 

// Definiera koders livslängd, i sekunder 
$CODE_LIFETIME = 24*60*60; 

// Definiera vilken sida/adress man hamnar på vid godkänd kod 
//$LOCATION = 'payment.php'; 

// Definiera felmeddelande 
$ERROR_MSG = 'Felaktig kod.<br>'; 

// Stäng av PHP:s felrapportering 
error_reporting(0); 

// Anslut till databasen 
mysql_connect($dbhost, $dbuser, $dbpass); 
mysql_select_db($dbname); 

// Användaren tryckte på login-knappen 
if ( isset($_REQUEST['submit']) ) { 

// Radera utnyttjade koder som är äldre än $CODE_LIFETIME 
    mysql_query('DELETE from smspay WHERE (used=1) AND (tstamp-now()+' 
        . $CODE_LIFETIME . ' < 0)'); 

// Kontrollera om koden är giltig (plocka också ut eventuell 'used'-flagga) 
    $res = mysql_query('SELECT used FROM smspay WHERE code="' 
        . addslashes($_REQUEST['kod']) . '"'); 

// Kod fanns i DB 
    if ( mysql_num_rows($res) > 0 ) { 

// Om det är första gången koden används (used=0) - påbörja nedräkning 
        if (mysql_result($res,0,0) == '0') { 
            mysql_query('UPDATE smspay SET used=1, tstamp=now() WHERE code="' 
                . addslashes($_REQUEST['kod']) . '"'); 
        } 

// Om koden är godkänd ge detta värde.         

        header('location: ' . $LOCATION); exit();


// Kod fanns ej i DB, sätt felmeddelande 
    } else { 
        $error = $ERROR_MSG; 
    } 
} 

?> 

<? if (isset($error)) echo $error;  ?> 

<form action=<meta http-equiv=\"refresh\" content=\"1;URL=redirect.php?PHPSESSID=$PHPSESSID\">method=\"post\"> 

Kod: <input type="text" name="kod"><br>     

<br> 
<input type="submit" name="submit" value="Aktivera"> 

</form>

bogu

Man what are u doing, put a meta tag in form's action?

The problem is here ....

header('location: ' . $LOCATION); exit();

that's where u make the redirect ...

rejvin

So hmm, what do i do? 🙂 I dont know what to put there..

bogu

Hmmm, man man man ....

Think ....

......

Session ID's wont be carried over through meta refreshes, so make sure you add the variables (in GET format) to the URL.

So, u need to add PHPSESSID=$PHPSESSID to your redirect URL ...

rejvin

ohh, will that use the old session? and the new data will also be inserted?

rejvin

Okej now the sessionid is right, but it still loses data somehow.

Before using the submit

Tack för din beställning. Din kod är: f51cfcAll variables from $_REQUEST : all user input variables.
Key: table; Value: 2
Key: business; Value: mail@paypalemail.com
Key: receiver_email; Value: mail@paypalemail.com
Key: amount; Value: 9.50
Key: currency_code; Value: SEK
Key: return; Value: http://handla.homeip.net/auction/paymentdone.php
Key: cancel_return; Value: http://handla.homeip.net/auction/paymentfailed.php
Key: undefined_quantity; Value: 0
Key: no_shipping; Value: 1
Key: no_note; Value: 1
Key: custom; Value: 100060
Key: notify_url; Value: http://handla.homeip.net/auction/paymentsimulator.php?table=2
Key: submit_x; Value: 41
Key: submit_y; Value: 28
Key: PHPSESSID; Value: 7ff13e13cbb999165208bc1965c4d9a9

Kod:

After using the submit with accepted code :

All variables from $_REQUEST : all user input variables.
Key: PHPSESSID; Value: 7ff13e13cbb999165208bc1965c4d9a9

How do i get the other values to?

bogu

If u redirect u need to send the values through your redirect URL or create a session array with your POST values...

I suggest the session part ...

rejvin

Are there any code exemples I can see? anyone?

rejvin

I Made it!!! 😃 😃

There was no $REQUEST, it was $POST LOL

session_start();
foreach ($SESSION['temp'] as $key=>$value) {
$POST[$key] = $value;
}

bogu

Congratulation ... 😃

Now u can make your post RESOLVED. :p