Duplicate OrderreferenceIds - Ecart 5

Hello,

I use the following code on checkout succes page to reset things. When user buys other stuff after this, the new orders get the same orderreferenceid in the database as the other already finished order which i reset on the success page?

I need other sessions alive (logged in users) BTW but in the example i destroy everything (and that seems to work since users get thrown out) but still i keep getting the same orderreferenceid as the completed order from previous session...

When the user uses the same windo or new tab it gets the orderreferenceid of the first finished order as orderreferenceid... When you go back the cart is empty and all so it is a new order in the database but like i said the new order has the same orderreferenceid as the completed order(s)...

Also the part after session_destroy does not seem to execute..

//TOp of page
<?php
if (!session_id()) session_start();
if(!isset($_SESSION["MyCart_OrderID"])) {
$_SESSION["MyCart_OrderID"] = "";
}
?>

// Bottom page
<?php
$MyCart->ClearCart();
unset($_SESSION['MyCart_OrderID']);
session_destroy();
if ($MyCart->IsEmpty()) {
$MyCart->redirStr = "store_cart.php";
$MyCart->cartAction = "RedirectIfEmpty";
}
?>

Any help would be great

WKR

use this code to destroy the session:

<?php

// Initialize the session.

// If you are using session_name("something"), don't forget it now!

@session_start();



// Unset all of the session variables.

$_SESSION = array();



// If it's desired to kill the session, also delete the session cookie.

// Note: This will destroy the session, and not just the session data!

if (ini_get("session.use_cookies")) {

    $params = session_get_cookie_params();

    @setcookie(session_name(), '', time() - 42000,

        $params["path"], $params["domain"],

        $params["secure"], $params["httponly"]

    );

}



// Finally, destroy the session.

@session_destroy();

@session_regenerate_id(true);

?>

Tyvm This does the trick... but now I have to keep my users session alive... I found something about that on the forum and tried it but the session UserId does not get regenerated... Beneath the code i tried...

<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
@session_start();

//store the user session
$userSession = $_SESSION['UserID'];

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
@setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}

// Finally, destroy the session.
@session_destroy();
@session_regenerate_id(true);

//reset user session
$_SESSION['UserID'] = $userSession;
?>

wkr

Working code for destroying session and regenerating user session...
Just check to see if the session of your users also is UserID or named differently...

<!-- CLEAR CART SESSIONS -->
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
@session_start();

//store the user session
$userSession = $_SESSION['UserID'];

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
@setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}

// Finally, destroy the session.
session_destroy();
unset($_SESSION);
session_start();
session_regenerate_id();


//reset user session
$_SESSION['UserID'] = $userSession;
?>

I pasted the code of the last post above on the bottom of my pp_checkout_success page.

The code seems to work: The "order" session ist destroyed - meaning I can buy new stuff and get a new order id for that in the database. And the User ID is alive - the costumer (if purchased a digital download) is getting displayed the link to the Download Center where he can download his purchase.

BUT I get the following on the pp_checkout_success page:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\ ... \pp_checkout_success.php:186) in C:\xampp\htdocs\sonic-magic\A-SONICMAGIC\A_pages_E\pp_checkout_success.php on line 420

Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in C:\xampp\htdocs\ ... \pp_checkout_success.php on line 421

On line 186 is this code:

<?php
//WA eCart Show If Start
if (!$eCart_en->IsEmpty()) {
?>

Is there anybody who can see the issue here?
Thank you!

Henrik

Is there a space character or an empty line above that code? That could be the problem.

Yes, there was an empty line above ...
I removed it but got the same warning:

Warning: session_start() [function.session-start]: Cannot send session cache limiter - headers already sent (output started at C:\xampp\htdocs\sonic-magic\A-SONICMAGIC\A_pages_E\pp_checkout_success.php:186) in C:\xampp\htdocs\sonic-magic\A-SONICMAGIC\A_pages_E\pp_checkout_success.php on line 419

Warning: session_regenerate_id() [function.session-regenerate-id]: Cannot regenerate session id - headers already sent in C:\xampp\htdocs\sonic-magic\A-SONICMAGIC\A_pages_E\pp_checkout_success.php on line 420


Here is the code of the whole site. I just removed some things like the api signature, title and some html stuff from the body:


<?php
//WA eCart Include
require_once("../../WA_eCart/eCart_en_PHP.php");
?>
<?php require_once('../../Connections/mysql_sonic_magic.php'); ?>
<?php
$eCart_en->GetContent();
?>
<?php
require_once("../../WA_eCart/PP_ECO_Scripts/PP_ECO_PHP.php");
?>
<?php require_once( "../../WA_SecurityAssist/Helper_PHP.php" ); ?>
<?php
$WA_PP_ECO_GetResult = WA_PP_ECO_SOAPObject();
if ((isset($_GET["token"]) && isset($_GET["PayerID"])) || (isset($_SESSION["PayPal_ECO_Token"]) && $_SESSION["PayPal_ECO_Token"] != "")) {
$WA_PP_ECO_GetResult = WA_PP_ECO_Get_Post("--removed--", "--removed--", "--removed--", true);
}
?>
<?php
if (!WA_Auth_RulePasses("Logged in to users")){
WA_Auth_RestrictAccess("../A-SONICMAGIC/A_pages_E/users_LogIn.php");
}

if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
}

$theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue);

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}

$colname_pp_check_succ_users = "-1";
if (isset($_SESSION['UserID'])) {
$colname_pp_check_succ_users = (get_magic_quotes_gpc()) ? $_SESSION['UserID'] : addslashes($_SESSION['UserID']);
}
mysql_select_db($database_mysql_sonic_magic, $mysql_sonic_magic);
$query_pp_check_succ_users = sprintf("SELECT * FROM users WHERE UserID = %s", GetSQLValueString($colname_pp_check_succ_users, "int"));
$pp_check_succ_users = mysql_query($query_pp_check_succ_users, $mysql_sonic_magic) or die(mysql_error());
$row_pp_check_succ_users = mysql_fetch_assoc($pp_check_succ_users);
$totalRows_pp_check_succ_users = mysql_num_rows($pp_check_succ_users);

$paramUserID_rsDownloadCount = "-1";
if (isset($_SESSION['UserID'])) {
$paramUserID_rsDownloadCount = (get_magic_quotes_gpc()) ? $_SESSION['UserID'] : addslashes($_SESSION['UserID']);
}
mysql_select_db($database_mysql_sonic_magic, $mysql_sonic_magic);
$query_rsDownloadCount = sprintf("SELECT COUNT(products.ProductLocation) AS DownloadCount FROM orders INNER JOIN orderdetails on orders.OrderID = orderdetails.DetailOrderID INNER JOIN products on orderdetails.DetailProductID = products.ProductID WHERE orders.OrderUserID = %s", GetSQLValueString($paramUserID_rsDownloadCount, "int"));
$rsDownloadCount = mysql_query($query_rsDownloadCount, $mysql_sonic_magic) or die(mysql_error());
$row_rsDownloadCount = mysql_fetch_assoc($rsDownloadCount);
$totalRows_rsDownloadCount = mysql_num_rows($rsDownloadCount);
?>
<?php
if ($eCart_en->IsEmpty()) {
$eCart_en->redirStr = "cart_en.php";
$eCart_en->cartAction = "RedirectIfEmpty";
}
?>
<?php
// WA eCart Redirect
if ($eCart_en->redirStr != "") {
header("Location: ".$eCart_en->redirStr);
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Templates/sonicmagic.dwt.php" codeOutsideHTMLIsLocked="false" -->
<!-- DW6 -->
<head>
<!-- Copyright 2005 Macromedia, Inc. All rights reserved. -->
<!-- InstanceBeginEditable name="doctitle" -->
<title>--removed--</title>
<!-- InstanceEndEditable -->
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" href="../sonic_magic.css" type="text/css" />
<style type="text/css">
<!--
a:link {
text-decoration: none;
}
a:visited {
text-decoration: none;
}
a:hover {
text-decoration: none;
}
a:active {
text-decoration: none;
}
-->
</style>
<!-- InstanceBeginEditable name="head" -->
<link href="../../WA_eCart/CSS/eC_Checkpoint_Pacifica_Arial.css" rel="stylesheet" type="text/css" />
<!-- InstanceEndEditable -->
</head>
<body bgcolor="#14285f">
<table width="100%" border="0" cellspacing="0" cellpadding="0">


--removed--


<br />
You will shortly receive a confirmation of your order by email.<br /><br />
<?php
if ("".$row_rsDownloadCount['DownloadCount'] ."" > "0") { // WebAssist Show If
?>
To download your purchased music, please got to the <a href="download_center.php">Download Center</a>. You can do that by using the link above or at any time in the next 31 days by coming to our website (www.sonic-magic.com) logging in to Your Account and entering the Download Center. <br /><br />
<?php
} // ("".$row_rsDownloadCount['DownloadCount'] ."" > "0")
?>
<table class="eC_ShoppingCart" border="0" cellspacing="0" cellpadding="0">

<tr>

<th class="eC_GroupColumn" >Name</th>


<th class="eC_PriceItem">Price</th>


--removed--


<?php
//WA eCart Show If Middle
}
else {
?><table><tr><td>The cart is empty</td></tr></table><?php
//WA eCart Show If End
}
?>

<div class="eC_PurchaserInfoWrapper">
<table cellpadding="0" border="0" class="eC_HeadingTable"><tr><td><h3>PayPal Express Checkout Information</h3></td><td class="eC_bottomLine"><div>&nbsp;</div></td></tr></table>
<div class="eC_InfoContainer" >


<p class="eC_OrderInfo"><strong class="eC_OrderInfoLabel">PayPal account:</strong> <?php echo WA_PP_ECO_GetValue($WA_PP_ECO_GetResult, "Payer"); ?></p>
</div>
<table cellpadding="0" border="0" class="eC_HeadingTable"><tr><td><h3>Billing Information</h3></td><td class="eC_bottomLine"><div>&nbsp;</div></td></tr></table>
<div class="eC_InfoContainer">
<p class="eC_OrderInfo">
<?php echo $row_pp_check_succ_users['UserFirstName']; ?>&nbsp;<?php echo $row_pp_check_succ_users['UserLastName']; ?><br />
<?php echo $row_pp_check_succ_users['UserAddress']; ?><br />
<?php echo $row_pp_check_succ_users['UserAddress2']; ?><br />
<?php echo $row_pp_check_succ_users['UserCity']; ?>&nbsp;<?php echo $row_pp_check_succ_users['UserState']; ?>&nbsp;<?php echo $row_pp_check_succ_users['UserZip']; ?><br />
<?php echo $row_pp_check_succ_users['UserCountry']; ?>
</p>
</div>

<table cellpadding="0" border="0" class="eC_HeadingTable"><tr><td><h3>Shipping Information</h3></td><td class="eC_bottomLine"><div>&nbsp;</div></td></tr></table>
<div class="eC_InfoContainer">
<p class="eC_OrderInfo">
<?php echo WA_PP_ECO_GetValue($WA_PP_ECO_GetResult, "Name"); ?><br />
<?php echo WA_PP_ECO_GetValue($WA_PP_ECO_GetResult, "Street1"); ?><br />
<?php echo WA_PP_ECO_GetValue($WA_PP_ECO_GetResult, "Street2"); ?><br />
<?php echo WA_PP_ECO_GetValue($WA_PP_ECO_GetResult, "CityName"); ?>&nbsp;
<?php echo WA_PP_ECO_GetValue($WA_PP_ECO_GetResult, "StateOrProvince"); ?>&nbsp;
<?php echo WA_PP_ECO_GetValue($WA_PP_ECO_GetResult, "PostalCode"); ?><br />
<?php echo WA_PP_ECO_GetValue($WA_PP_ECO_GetResult, "Country"); ?><br />
</p>
</div>

</div>

<!-- <p class="eC_SmallPrint">Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumy eirmod tempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua. At vero eos et accusam et justo duo dolores et ea rebum. Stet clita kasd gubergren, no sea takimata sanctus est Lorem ipsum dolor sit amet.</p> -->

</div>

<!-- InstanceEndEditable --></td>
</tr>
</table>
</td>
<td width="100%"></td>
</tr>
<tr>
<td width="155">&nbsp;</td>
<td width="1"></td>
<td width="50">&nbsp;</td>
<td width="554">&nbsp;</td>
<td width="100%">&nbsp;</td>
</tr>
</table>
</body>
<!-- InstanceEnd --></html>
<?php
mysql_free_result($pp_check_succ_users);

mysql_free_result($rsDownloadCount);
?>
<!-- CLEAR CART SESSIONS -->
<?php
// Initialize the session.
// If you are using session_name("something"), don't forget it now!
@session_start();

//store the user session
$userSession = $_SESSION['UserID'];

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
@setcookie(session_name(), '', time() - 42000,
$params["path"], $params["domain"],
$params["secure"], $params["httponly"]
);
}

// Finally, destroy the session.
session_destroy();
unset($_SESSION);
session_start();
session_regenerate_id();


//reset user session
$_SESSION['UserID'] = $userSession;
?>


Thanks for the help!

Try using:

@session_start();
@session_regenerate_id();

Great, that works!

Thanks a lot, Ray!!