Random Password Generation - Uploading Files

On my site I have been using the Random Password Generation function of Security Assist for a while and it works fine.

For the same site, in a diferent folder level, I have added it to a couple of pages. On my Local cpu they work fine. However, after uploading the pages to the remote server, and testing them, the random password function is not working.

I can't seem to find a new or newer file version or anything in the local site directory that I have not uploaded. But there must be something that I am not uploading. What should I be looking for?

make sure the WA_SecurityAssist directory is uploaded to the server.


If you still have a problem, can you give some more specifics?

Do you get an error message?

Thank you for getting back to me Jason.

It is a real puzzle. The WA_SecurityAssist directory and files were uploaded and I just re-uploaded again to confirm. Outside of the site root directory on the LOCAL the WA_SecurityAssist\WA_RandomPassword.php folder and file where created on the same day that I applied it to the pages. I have appended the file with "-old" and the random password function still works.

The require once statement in the pages is pointing to the file under the site root directory, as it should.

There are no errors on the page. I have sent a link to the shopping area for Erric regarding another issue in Ticket (#100961). For testing purposes only, a temp cart.php should display the session code. I have also been clearing session values and closing the browser to make sure that the old values are not retained. On the local new session values for the randomly generated are created.

A side note: I am getting the same js errors that others are getting but I don't think that it is related. I have cleared the cache with fixed some problems after the daylight savings time change and am going to next try rebuilding the config folder.

can you send a copy of your cart.php page so I can see how the set session value behaviors are created.

There must be something that I have missed. It is important, as the session variable will need to be passed to the cart when completed. The cart.php that I am using is just for testing this function first. Thank you for looking into this Jason.

For tessting, change the code on the index page that sets the session variabels to:

<?php

if (!session_id()) session_start();



    $_SESSION["CartAccessCode1"] = "";

    $_SESSION["CartAccessCode2"] = "";



    if (isset($_POST["ClubCartUSA_1_ATC"]) || isset($_POST["ClubCartUSA_1_ATC_x"]))     {

      $_SESSION["CartAccessCode1"] = WA_RandomPassword(10, true, true, true, "");

      $_SESSION["CartAccessCode2"] = WA_RandomPassword(10, true, true, true, "");

      var_dump($_SESSION);

      die();

    }

    

    if (isset($_POST["ClubCartUSA_2_ATC"]) || isset($_POST["ClubCartUSA_2_ATC_x"]))     {

      $_SESSION["CartAccessCode1"] = WA_RandomPassword(10, true, true, true, "");

      $_SESSION["CartAccessCode2"] = WA_RandomPassword(10, true, true, true, "");

      var_dump($_SESSION);

      die();

    }

?>

this will cause the script to stop functioning if the variables are being set and show them on the screen.


If they are displayed on the screen, then remove the two:

var_dump($_SESSION);

      die();

lines and add:

<?php var_dump($_SESSION); ?>

to the cart page in the body.


post back your results after testing.

I followed your instructions Jason. The problem is related to the session values being retained and I am not very good working with the sessions. However, everything still works fine on my local even after clearing cache and opening/closing the browser.

1. On the shopping index page, the dump code, confirmed that the codes are generated:

array(2) { ["CartAccessCode1"]=> string(10) "GbHcTZmohK" ["CartAccessCode2"]=> string(10) "Q6a5OFActK" }

2. With the session dump added to the cart, the results are varied depending on the order of pages that click on before reaching the cart. I don’t think that I am setting the sessions to hold the data from the index page (I had tried to add values manually to the button, but I don’t know how to set them up) and also may be clearing the codes when loading a page after they are created, or something like that.

Index > Cart = codes & all session values

Index > Detail > Cart = no session values

Index > Results (All Products) > Detail Cart = codes & all session values

Then: use back arrow to Index > Cart = no codes & all session values

Also, if you go back and forth a few times the session codes are added on top of the last session values and sometimes the code values are cleared. Of course the cart page was just made fast for testing so I am not worried about that. But that may tell more about the session values that might be helpful.

array(4) { ["CartAccessCode1"]=> &string(10) "TeVWggR7Da" ["CartAccessCode2"]=> &string(10) "66WyybUq2D" ["ClubCartUSA_Items"]=> &string(490) "1|WAECART|Theme Park 6 Month Pass & Premium Welcome Kit #1|WAECART|Theme Park Pass allows registered Club Members access to online virtual Land of Alderney Theme Park. Activities and games are designed to appeal to both boys and girls. Recommended for first time visitors, includes: Soft Cover Book with map and Club Card.|WAECART|0.8|WAECART|1|WAECART|2995|WAECART|TBB-11-000004-0101|WAECART||WAECART||WAECART|0.8|WAECART|2995|WAECART|1 Theme Park 6 Month Pass & Premium Welcome Kit #1 (1)" ["WAEC_ContinueRedirect"]=> &string(19) "/shopping/index.php" }
CartAccessCode1:TeVWggR7Da
CartAccessCode2:66WyybUq2D

Do you really need to keep changing the value of the session variables? couldn't you just set them once and be done with it? I dont really understand why you have code to reset them on every page. It seams to me that you could use the following code on each page:

<?php

if (!session_id()) session_start();

    if(!isset($_SESSION["CartAccessCode1"]))     {

      $_SESSION["CartAccessCode1"] = WA_RandomPassword(10, true, true, true, "");

    }

    if(!isset($_SESSION["CartAccessCode2"]))     {

      $_SESSION["CartAccessCode2"] = WA_RandomPassword(10, true, true, true, "");      

    }   

?>

This would ensure that where set once. it doesn't seam to me like they need to be reset every time the add to cart button is pressed.

Maybe you have a good idea. A user may purchase more than one pass in the same order and there are more than one pass type to select from. Each pass needs to be activated separatly for a unique member. So my thought was that each pass purchased would need its own code and appear as a separate item in the cart. That way each pass item can be stored separatly in the orderdetails table. I supose that it would not mater if the code was the same for each pass on the same order. They would only be good for that order and limited to the quanity of passes purchased.

Also, I use another factor in the code to confirm if item is a pass then generate a access code or if not don't.

It still seems puzzling why I can get the full information echoed on my local screen but not on the remote. With the debug code at least we know that sometimes the information is being pass throught.

There where some problems i saw in the code, for example on the detail page, you had:

<?php

if (!session_id()) session_start();



    $_SESSION["CartAccessCode1"] = "";

    $_SESSION["CartAccessCode2"] = "";



?>

then:

<?php

if (!session_id()) session_start();



    $_SESSION["CartAccessCode1"] = "";

    $_SESSION["CartAccessCode2"] = "";



if(isset($_POST["ClubCartUSA_1_ATC_x"]) && ($row_WADAproducts['PassLength'] > 0))     {

    $_SESSION["CartAccessCode1"] = WA_RandomPassword(10, true, true, true, "");

    $_SESSION["CartAccessCode2"] = WA_RandomPassword(10, true, true, true, "");

//  $_SESSION["CartAccessCode1"] = "".((isset($_POST["AccessCode1"]))?$_POST["AccessCode1"]:"")  ."";

//    $_SESSION["CartAccessCode2"] = "".((isset($_POST["AccessCode2"]))?$_POST["AccessCode2"]:"")  ."";

}

?>

so if you where to visit the detail page, then use the browsers back button to go to the cart page, the sessions would be set to nothing.

On the results page, you had:

<?php

if (!session_id()) session_start();

if(!isset($_SESSION["CartAccessCode1"]))     {

  $_SESSION["CartAccessCode1"] = "".((isset($_GET["AccessCode1"]))?$_GET["AccessCode1"]:"")  ."";

}

?>

<?php

if (!session_id()) session_start();

if(!isset($_SESSION["CartAccessCode2"]))     {

  $_SESSION["CartAccessCode2"] = "".((isset($_GET["AccessCode2"]))?$_GET["AccessCode2"]:"")  ."";

}

?>

But i couldn't see where the access codes where ever being passed through a querystring.