Help?

[Darrin]

Guys, I need some help badly

I am workin on a site (supposed to be DONE on monday!) that includes a VERY simple shopping cart. It takes variables from one (ok 7, but they are coded the same, so I am only including one of them) page and then submits them to another page which requires them to login to the site and then submits their order to the database. My problem is with the second page. When I DON'T have the log-in script included, it works fine, but when I DO, it doesn't add the order to the database. It adds a line but all off the "package colums" (that include the number of items the customer wants) are still 0's! can anyone help me?



here is the code....



the first page (that SENDS the variables from a simple form.)

PHP Code:


<html>
<head>
<title>Lewright Meats</title>
<?php
@include("http://www.lewrightmeats.biz/includes/header.php")
?>

<p align="right">
<a href="/packages/"><font class="text14" color="1D6B21">Packages</font></a><br>
<a href="/packages/cart.php"><font class="text14" color="1D6B21">My Cart</font></a>
</p>

<font class="text24"><b>
Package 1
</b></font>
<br>

<br>
<img src="/images/package1.jpg"><br><br>
<br>

<font class="text18" color="1D6B21"><b>Package includes:</b></font><br>
<font class="text14">
  <ul type="circle">
     <li>Our award winning ham, cooked to perfection over burning Hickory logs, with no water added.</li>
  </ul>
</font>
<br><br>

<div id="orderform">
<font class="text18" color="990033">Quantity Requested:</font>
<font class="text14">

<form action="/packages/order.php" method="post">
8-9lb. Hams @ 40.30 <input name="onea" maxlength="2" size="2"><br>
9-10lb. Hams @ 44.90 <input name="oneb" maxlength="2" size="2"><br>
10-11lb. Hams @ 49.00 <input name="onec" maxlength="2" size="2"><br>
11-12lb. Hams @ 52.10 <input name="oned" maxlength="2" size="2"><br>
<br><br>
<input type=submit name="submitorder" value="submit">
</form>
</div>
</font>

   
<?php
@include("http://www.lewrightmeats.biz/includes/footer.php")
?>

the second page (the script that is makes them log-in and is SUPPOSED to add their order to the database...which it isn't exactly doing)

PHP Code:


<html>
<head>
<title>Lewright Meats</title>
<?php
@include("http://www.lewrightmeats.biz/includes/header.php")
?>

<?php


$dbhost = "localhost";
$dbuser = "jlewrigh_pages";
$dbpass = "password";

function dbConnect($db="jlewrigh_orders") {
    global $dbhost, $dbuser, $dbpass;
    
    $dbcnx = @mysql_connect($dbhost, $dbuser, $dbpass)
        or die("The site database appears to be down.");

    if ($db!="" and !@mysql_select_db($db))
        die("The site database is unavailable.");
    
    return $dbcnx;
}



if(!isset($email)) {
  ?>
  <html>
  <head>
  <title> Please Log In</title>
  </head>
  <body>
  <h1> To place an order you need to log In </h1>
  <p class="text16">Please enter your username and password below.  If you do you have an account, please <a href="/packages/newcust.php" target="_blank">sign up here</a></p>
  <p><form method="post" action="http://www.lewrightmeats.biz/packages/order.php">
    E-mail address: <input type="text" name="email" size="30"><br>
    Password: <input type="password" name="pwd" SIZE="20"><br>
    <input type="submit" value="Log in">
  </form></p>
  </body>
  </html>
  <?php
  exit;
}



dbConnect("jlewrigh_orders");
$sql = "select cust from customers where email = '$email' and password = PASSWORD('$pwd')";
$result = mysql_query($sql);
if (!$result) {
  error("A database error occurred while checking your ".
        "login details.\\nIf this error persists, please ".
        "contact [email]webmaster@lewrightmeats.biz[/email]");
}


if (mysql_num_rows($result) == 0) {
$email="";
$pwd="";

  ?>
  <html>
  <head>
  <title> please re-enter your login details </title>
  </head>
  <body>
  <p class="text16">Your user ID or password is incorrect. To try logging in again, click <a href="<?=$PHP_SELF?>">here</a>.</p>
  </body>
  </html>

  <?php
  exit;
}




while($currow= mysql_fetch_array($result)) {
$cust = $currow["cust"];  
}


$dbcnx = @mysql_connect("localhost", "jlewrigh_pages", "password");
if (!$dbcnx) {  echo( "<P>Unable to connect to the database server at this time.</P>" );  exit();}

mysql_select_db("jlewrigh_orders", $dbcnx);


$sql2 = "insert into packages set " . "cust='$cust', " . "onea='$onea'," . "oneb='$oneb'," . "onec='$onec'," . "oned='$oned'," . "two='$two'," . "three='$three'," . "four='$four'," . "five='$five'," . "six='$six'," . "seven='$seven'";
if (mysql_query($sql2)) {    echo("<p class='text20'>The package(s) have been added to your cart.  What do you want to do now?</p><p class='text16'>--Go back to the <a href='/packages/'>packages page</a><br>--Take me to my <a href=/packages/cart.php>cart</a> to check out</P>");  } else {    echo("<P class='text16'>Error adding package: " .         mysql_error() . " Please e-mail the <a href='mailto:webmaster@lewrightmeats.biz'>webmaster@lewrightmeats.biz</a> to let us know</P>");  }

?>


  
<?php
@include("http://www.lewrightmeats.biz/includes/footer.php")
?>

Any help would be GREATLY appreciated!

Darrin


P.S. to "log in" you can use

e-mail address:email

passwordass


or you can sign up for an accout if you're willing, I will clear the database before we actually start using the site so you can setup whatever account(s) you need because they will be gone as soon as I fix this anyways.

[Vin DSL]

Sorry, Darrin, I don't know anything about shopping carts, but I can tell you one thing - I need a bigger monitor!!!

Hahahahaha!

[Darrin]

LoL, well it's not really a shopping cart per say. It just unpdates a database with what they want to order and then we will call them to actually order it. So it's really not any differnt then say, a content management system.

[jason]

I haven't studied your code line by line, but I think I can figure out what's going on. Web servers serve up pages and then forget about them. When you submit a form, each field is passed as a variable to the script you are requesting. The script uses those variables to run and process your request and then it gives the output to the server to send to you. The server then discards all of those variables because the request is over.

What your code appears to be doing is
1. Submitting variables to the login script that are never used.
2. Asking the user to log in. At this point the variables from the first form are discarded.
3. Trying to use a variable from the first script after it has been discarded.

There are two solutions to this problem. The first is the more secure (but more complex to implement) method. The second is the older, less secure way to do it.

The first method is to use session variables. PHP can keep track of variables from script to script if you store them as session varibales. When you start a session a cookie is sent to the user's browser with a unique identifier. Then, each time a new script is requested, that identifier is sent and PHP uses it to look up any variables that are stored on the server for that user. See the PHP manual's session handling functions section for details.

The other method is to pass the variables from the order script that you need in the final script as hidden variables in the login script. There have been several articles written on how this is a bad practice because it can allow a user to change values from page to page, but in your case (since you seem to just be passing quantities around) there shouldn't be any problems.

--Jason

[Darrin]

thanks, I was thinking it was something like that, my question now is, WHERE do I meed to put the "hidden variables" in my script? I can't seem to make that work!

[Chappy]

Here's some thoughts on a little different approach:

1) Collect your data on the order form (the html form). I may not be undersanding the setup here, but, wouldn't it be easier for the customer to go ahead and enter the login here, at this point, rather than having to go through logging in on a separately generated php page? If they are not a member, at this point you can go ahead and redirect them to the registration page now rather than having to take them through, effectively, a third page (seems like this would save them time). This page looks okay, however (But, heck, what do I know?);
2) On the next page, start a session using the session handlers that Jason referred to (this has to be first out of the chute - I like sessions - even if I'm not going to use them much);
3) Sanitize the data coming from the html form (Make sure nobodys put any nasties in your form);
4) Insure that they have entered something in the appropriate fields (if you have used my thought stated in #1, you would check the e-mail, password, and the ordered items .
5) If you have used my thought in #1, go through your user validation. If the user passes, add their order to the database. If you have used the approach I've mentioned, I'm not sure you even have to start a session in #2.

Benefits? The registered user has to enter data on only one page and the non-registered user isn't checking off boxes only to be told that, well, we can't mess with your order until you register, blah, blah, blah. The non-registered user is told right off that he has to go through a registration sequence. If you have not used my thought in #1, you will need to register their order in your session, then go through your authentication routine (requiring the reload of the page, and the session handling routine), validate their authentication data, then connect to the database and add the order);

Of course, you have seven different order pages so, maybe a possibility would be to combine all seven order pages, so that you have just the one page I'm suggesting with a link (maybe a delicious looking picture link of a ham or roast - my God, I'm getting hungry just thinking about it) to each available package that opens up in a separate page. They would not order from the description page, only the main form page that lists ALL the packages and gives radio buttons, checkboxes, or whatever, plus the login info. This has the added benefit of keeping more of the products in front of them onscreen.

Just a few thoughts. If what you want is more complicated than this and involves sessions, may I recommend this three part tutorial on Dev Shed: Part One ; Part Two ;
Part Three

Hope this helps! And if it sounds totally crazy, well, it prob. is!

[jason]

I like Chappy's idea, but one thing experience has taught me is that a link like "if you have not done so already, please register" at the top of a page that is mainly an order form is likely to be overlooked. Also, what happens if the same customer wants to order from multiple pages? Do they have to log in each time?

The shopping cart concept has been quite refined over the past few years to the point that everyone is doing essentially the same thing now: customers place their order from some sort of description page, the items are added to a list on a "cart" page, and when the customer clicks on "check out" they are prompted to log in or register. This is usually done with some sort of session management, as Chappy and I both recommended.

Since you need this done yesterday (quite literally), you should probably look at doing some kind of triage for the time being. Once you get the site up and running, then you can start planning a more robust system to launch as "version 2.0." So I'd still recommend doing it the way I originally suggested for now. In that case, add the hidden fields inside the <form> tags for the login form. Or, save yourself a step and do it as Chappy recommends: just add the login to the original order form. Worry about getting it working now, go for style and grace later.

--Jason

[Darrin]

Thanks guys, I did it without the session managment right now, and I'll be the first to admit that it's not the best system, simply cause they have to log in so much. However, this website is only up for less than a month, and then I am TOTALLY re-coding it, so I'll probably do the sessions stuff then.

Thanks for all your help everyone!