Checkout page binding issue

OK - decided that checkout really should have user logged in to keep track.

So...tried attaching a user recordset where session variable = MM_UserGroup

However, the user's name, last name and email address don't appear on the checkout form, even after login.

Any ideas?

What have you set the initial value to?

Sorry Ray - not following you?

I've got my shopping cart page which has option to checkout, checkout page has restricted access for members only, so user logs in and get diverted to the checkout page, however the checkout page doesn't contain any of the details from the recordset filtered by session variable MM_UserGroup

Right... so how did you tell it to contain the details from the recordset?

Did you highlight the field that you wanted populated from the recordset and use the bindings tab?

Post sample code from one of your form elements that you expect to be pre populated but isn't.

yeah did that.

Here's what I've got on checkout.php in the code before html starts:

<?php
//WA eCart Include
require_once("WA_eCart/hchq_PHP.php");
?>
<?php require_once('Connections/connHCHQ.php'); ?>
<?php
$hchq->GetContent();
?>
<?php
if (!isset($_SESSION)) {
if (!session_id()) session_start();
}
$MM_authorizedUsers = "";
$MM_donotCheckaccess = "true";

// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False;

// When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && true) {
$isValid = true;
}
}
return $isValid;
}

$MM_restrictGoTo = "customer_login.php";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($QUERY_STRING) && strlen($QUERY_STRING) > 0)
$MM_referrer .= "?" . $QUERY_STRING;
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<?php
$colname_rsRegUser = "-1";
if (isset($_SESSION['MM_UserGroup'])) {
$colname_rsRegUser = (get_magic_quotes_gpc()) ? $_SESSION['MM_UserGroup'] : addslashes($_SESSION['MM_UserGroup']);
}
mysql_select_db($database_connHCHQ, $connHCHQ);
$query_rsRegUser = sprintf("SELECT * FROM users WHERE UserID = %s", GetSQLValueString($colname_rsRegUser, "int"));
$rsRegUser = mysql_query($query_rsRegUser, $connHCHQ) or die(mysql_error());
$row_rsRegUser = mysql_fetch_assoc($rsRegUser);
$totalRows_rsRegUser = mysql_num_rows($rsRegUser);
?>
<?php
if ($hchq->IsEmpty()) {
$hchq->redirStr = "shopping_cart.php";
$hchq->cartAction = "RedirectIfEmpty";
}
?>
<?php
// WA eCart Redirect
if ($hchq->redirStr != "") {
header("Location: ".$hchq->redirStr);
}
?>


and here's a sample of the form:
<tr>
<th><label for="firstname" >First name</label></th>
<td><input type="text" name="firstname" id="firstname" value="<?php echo $row_rsRegUser['FirstName']; ?>" /></td>
</tr>

$_SESSION['MM_UserGroup'] must not be set to the userID correctly. It looks like it would work if it were.

is that an issue on my login page then or on the checkout?

Add a die statement to your recordset to see:


<?php
$colname_rsRegUser = "-1";
if (isset($_SESSION['MM_UserGroup'])) {
$colname_rsRegUser = (get_magic_quotes_gpc()) ? $_SESSION['MM_UserGroup'] : addslashes($_SESSION['MM_UserGroup']);
}
mysql_select_db($database_connHCHQ, $connHCHQ);
$query_rsRegUser = sprintf("SELECT * FROM users WHERE UserID = %s", GetSQLValueString($colname_rsRegUser, "int"));
$rsRegUser = mysql_query($query_rsRegUser, $connHCHQ) or die(mysql_error());
$row_rsRegUser = mysql_fetch_assoc($rsRegUser);
$totalRows_rsRegUser = mysql_num_rows($rsRegUser);
die($query_rsRegUser);
?>

My guess is a problem on the login page. Does anything associated with the MM_UserGroup session variable work?

Sorry - where should die statement go?

Nothing of MM_UserGroup seems to work.

Here's the login page:

<?php require_once('Connections/connHCHQ.php'); ?>
<?php
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}
?>
<?php
// *** Validate request to login to this site.
if (!isset($_SESSION)) {
session_start();
}

$loginFormAction = $_SERVER['PHP_SELF'];
if (isset($_GET['accesscheck'])) {
$_SESSION['PrevUrl'] = $_GET['accesscheck'];
}

if (isset($_POST['emailAddress'])) {
$loginUsername=$_POST['emailAddress'];
$password=$_POST['password'];
$MM_fldUserAuthorization = "";
$MM_redirectLoginSuccess = "checkout.php";
$MM_redirectLoginFailed = "customer_login.php?failed=true";
$MM_redirecttoReferrer = false;
mysql_select_db($database_connHCHQ, $connHCHQ);

$LoginRS__query=sprintf("SELECT UserEmail, Password1 FROM users WHERE UserEmail=%s AND Password1=%s",
GetSQLValueString($loginUsername, "text"), GetSQLValueString($password, "text"));

$LoginRS = mysql_query($LoginRS__query, $connHCHQ) or die(mysql_error());
$loginFoundUser = mysql_num_rows($LoginRS);
if ($loginFoundUser) {
$loginStrGroup = "";

//declare two session variables and assign them
$_SESSION['MM_Username'] = $loginUsername;
$_SESSION['MM_UserGroup'] = $loginStrGroup;

if (isset($_SESSION['PrevUrl']) && false) {
$MM_redirectLoginSuccess = $_SESSION['PrevUrl'];
}
header("Location: " . $MM_redirectLoginSuccess );
}
else {
header("Location: ". $MM_redirectLoginFailed );
}
}
?>

and it's form:

<form action="<?php echo $loginFormAction; ?>" method="POST" name="customerLogin" class="user">
<p><label>Email address:</label><input name="emailAddress" type="text" /></p>
<p><label>Password:</label><input name="password" type="password" /></p>
<p class="submit">
<label>
<input name="Login" type="image" id="Login" value="Login to my account" src="images/login-button.png" />
</label>
</p>
</form>

Yes it looks like you have applied your login server behavior wrong. Try applying again and make sure to use the correct settings for the username, password, and user group fields.

If you own security assist you should use that login server behavior instead. It has a lot of advantages.