I've a really weird thing happening that I'm not able to reproduce out of my script but still if anyone has any idea how to solve this. So I'm adding a token to a script to avoid double form submission. I've got a pretty simple function that sets the session and returns the token:
function generate_token() {
$token = sha1(mt_rand());
$_SESSION['token'] = array($token => 1);
print_r($_SESSION);
return $token;
}
the print_r here shows this (exactly as it should):
Array
(
[token] => Array
(
[1a1c5cbdbe9d85dcb0b55a712ff8bf187ae795cb] => 1
)
)
and I call the script like so (nothing fancy)
$token = generate_token();
but if I print_r just after that outside the function, I get this
Array
(
[token] => 1a1c5cbdbe9d85dcb0b55a712ff8bf187ae795cb
)
and if instead of
$token = generate_token();
I just call
generate_token();
it work like it should.
I've tried it out of my script in a test page and nothing weird happen. I can show you the rest of my code if needeed, but around this, it's only generating html. as someone seen that before? it's hurt my brain so any help will be appreciated. Cheers
EDIT:
As requested, I put the full code here , the weirdness is happening around line 304. here I've put the function which is normally called from an include which not change anything in my case. (the code is cut at the end due to SO character number limitations)
<?php
require('includes/application_top.php');
require('includes/functions/scrambled_order_num.php');
$quantity_left = isset($_POST['labels_qty']) ? $_POST['labels_qty']: 1;
if (isset($_SESSION['quantity_needed'])) {
$quantity_left = $_SESSION['quantity_needed'];
unset($_SESSION['quantity_needed']);
}
$action = isset($_GET['action']) ? $_GET['action'] : '';
$order_id = isset($_GET['order_id']) ? tep_db_input($_GET['order_id']) : '';
$order_num = isset($_POST['order_num']) ? tep_db_input(trim($_POST['order_num'])) : '';
$weight = isset($_POST['weight']) ? tep_db_input($_POST['weight']) : '';
$label_type = isset($_POST['label_type']) ? tep_db_input($_POST['label_type']) : '';
$CN23 = isset($_POST['CN23']) ? $_POST['CN23'] : '';
$addressee = isset($_POST['addressee']) ? $_POST['addressee'] : '';
$comments = isset($_POST['comments']) ? $_POST['comments'] : '';
// update products infos
if (!empty($CN23)) {
foreach($CN23 as $pID => $values) {
if (is_numeric($pID)) {
$qry = "UPDATE products
SET origin_country_id = '" . (int)$values['originCountry'] . "'
WHERE products_id = '" . (int)$pID . "'";
tep_db_query($qry);
$qry = "UPDATE products_stock_location
SET weight = '" . $values['weight'] . "'
WHERE products_id = '" . (int)$pID . "'";
tep_db_query($qry);
}
}
}
if (isset($_POST['deposit_date']) && empty($_POST['deposit_date'])) {
$today = new DateTime();
$deposit_date = $today->format("Y-m-d");
} else if (isset($_POST['deposit_date'])) {
$format = "d/m/Y";
$date_object = DateTime::createFromFormat($format, tep_db_input($_POST['deposit_date']));
$deposit_date = $date_object->format("Y-m-d");
}
switch ($action) {
case 'get_infos':
if (empty($order_id)){
$order_id = derandomise_order_num($order_num);
}
// check actual shipping status
$qry = "SELECT o.shipping_status, o.is_partial, o.orders_language, o.shipping_method
FROM orders AS o
WHERE o.orders_id = '" . $order_id . "'";
$status_query = tep_db_query($qry);
$status = tep_db_fetch_array($status_query);
if ($status['shipping_status'] == SHIPPING_STATUS_READY_TO_SHIP) {
$messageStack->add_session(TEXT_NOT_READY_TO_SHIP);
tep_redirect(tep_href_link(FILENAME_SHIPPING_LABEL));
}
if ($status['shipping_method'] == 'Chronopost') {
$messageStack->add_session('chronopost');
tep_redirect(tep_href_link(FILENAME_SHIPPING_LABEL));
}
case 'get_label':
case 'relai_lookup':
$qry = "SELECT shipping_method
FROM " . TABLE_ORDERS . "
WHERE orders_id = " . $order_id;
$shipping_query = tep_db_query($qry);
$shipping_result = tep_db_fetch_array($shipping_query);
if ($shipping_result['shipping_method'] == 'Colissimo' || $shipping_result['shipping_method'] == 'So Colissimo' || $shipping_result['shipping_method'] == 'Colissimo free') {
$module = 'socolissimo';
} else if ($shipping_result['shipping_method'] == 'Chronopost') {
$module = 'chronopost';
}
include_once(DIR_FS_CATALOG_MODULES . 'shipping/' . $module . ".php");
$shipping = new $module;
break;
default:
break;
}
if ($action == "relai_lookup") {
$relai_id = $_POST['relai_id'];
echo json_encode($shipping->get_relais_by_id($relai_id));
die();
}
if ($action == 'get_label' ) {
if (is_valid_token($_POST['token'])) {
$label = $shipping->get_label( $order_id, $addressee, $label_type, $deposit_date, $weight, $CN23);
if ($label->messages->id != 0) {
$messageStack->add_session($label->messages->messageContent);
$error_code = $label->messages->id;
tep_redirect(tep_href_link(FILENAME_SHIPPING_LABEL,'action=get_infos&order_id=' . $order_id . '&error_code=' . $error_code));
} else {
$email_url_param = 'order_id';
$qry = "SELECT osh.billing_status_id
FROM " . TABLE_ORDERS_STATUS_HISTORY . " AS osh
WHERE osh.orders_id = " . (int)$order_id . "
ORDER BY osh.orders_status_history_id
LIMIT 1";
$query = tep_db_query($qry);
$result = tep_db_fetch_array($query);
$parcel_number = tep_db_input($label->labelResponse->parcelNumber);
$comments = str_replace('[TN]', $parcel_number, $comments);
// send mail
$qry = "SELECT customers_name, customers_email_address, billing_status, orders_language, date_purchased
FROM orders
WHERE orders_id = '" . (int)$order_id . "'";
$order_qry = tep_db_query($qry);
$order_info = tep_db_fetch_array($order_qry);
$billing_status = $order_info['billing_status'];
$order_lang = $order_info['orders_language'];
$scrambled_order_num = randomise_order_num($order_id);
$languages = tep_get_languages();
$base_lang = '';
foreach ($languages as $lang) {
if ($lang['id'] == $order_lang && ($base_lang == '' || $base_lang == $order_lang)) {
$dir = $lang['directory'];
$base_lang = $order_lang;
}
}
require_once(DIR_WS_LANGUAGES . $dir . '/orders_auto_email.php');
require(DIR_FS_CATALOG . 'includes/classes/' . FILENAME_TRACKING_MODULE);
include(DIR_FS_CATALOG_LANGUAGES . $language . '/' . FILENAME_TRACKING_MODULE);
if (isset($_POST['partial'])){
$shipping_status = SHIPPING_STATUS_PARTIALLY_SHIPPED;
$email_comment = EMAIL_TEXT_PARTIALLY_SHIPPED;
$soon = EMAIL_TEXT_CONTACT_SOON;
} else {
$shipping_status = SHIPPING_STATUS_SHIPPED;
$email_comment = EMAIL_TEXT_SHIPPED;
$soon = '';
}
$tracking = new tracking_module();
$tracking->suffix = $shipping->suffix;
$tracking->tracking_id = $parcel_number;
$tracking->fill_comment();
$email_comment .= $tracking->shipping_name . ".
" . EMAIL_TEXT_RECEPTION . $tracking->delay . "
" . $soon . EMAIL_TEXT_THX;
if (!empty($comments)) {
$email_comment = $comments;
}
$email = sprintf(EMAIL_TEXT_ORDER_NUMBER . ' ' . $scrambled_order_num . "
" .
EMAIL_TEXT_DATE_ORDERED . ' ' . email_date_long($order_info['date_purchased'], $order_lang) . "
" .
$email_comment . "
" .
$tracking->email_add_tracking() . "
" .
EMAIL_TEXT_INVOICE_URL . ' ' . tep_catalog_href_link(FILENAME_CATALOG_ACCOUNT_HISTORY_INFO, $email_url_param . '=' . $scrambled_order_num, 'SSL', false) . "
" ) . EMAIL_TEXT_REPLY_TO . "
";
// send mail to aide for now
//$order_info['customers_email_address']
tep_mail($order_info['customers_name'], $order_info['customers_email_address'], EMAIL_TEXT_SUBJECT, $email, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
// start update
if ($quantity_left != 1) {
$shipping_status = SHIPPING_STATUS_READY_TO_SHIP;
}
$qry = "UPDATE orders
SET shipping_status = '" . $shipping_status . "',
picked = 0, is_partial = 0,
last_modified = NOW()
WHERE orders_id ='" . (int)$order_id . "'";
tep_db_query($qry);
$qry = "INSERT INTO " . TABLE_ORDERS_STATUS_HISTORY . "
(orders_id, shipping_status_id, billing_status_id, date_added, customer_notified, comments, tracking_id)
VALUES
('" . (int)$order_id . "', '" . (int)$shipping_status . "', '" . (int)$result['billing_status_id'] . "', now(), 1, '" . tep_db_input($email_comment) . "', '" . tep_db_input($parcel_number . "|" . $shipping->suffix) . "')";
tep_db_query($qry);
$qry = "INSERT INTO " . TABLE_BORDEREAU . "
(parcel_number, parcel_type, order_id, customers_name, customers_address, zipcode, city, country_code, weight)
VALUES
('" . tep_db_input($parcel_number) . "', '" . tep_db_input($label_type) . "', '" . tep_db_input($order_id) . "', '" . tep_db_input($addressee['lastName']) . "', '" . tep_db_input($addressee['line2']) . "', '" . tep_db_input($addressee['zipCode']) . "', '" . tep_db_input($addressee['city']) . "', '" . tep_db_input($addressee['countryCode']) . "', '" . tep_db_input($weight) . "')";
tep_db_query($qry);
// prep data to print
$_SESSION['tmp_label_filename'] = tempnam(sys_get_temp_dir(), 'zpl');
$handle = fopen($_SESSION['tmp_label_filename'], 'w');
fwrite($handle, $label->labelResponse->label);
fclose($handle);
if (isset($label->labelResponse->cn23)) {
$_SESSION['tmp_pdf_filename'] = tempnam(sys_get_temp_dir(), "pdf");
$handle = fopen($_SESSION['tmp_pdf_filename'], "w");
fwrite($handle,$label->labelResponse->cn23);
fclose($handle);
}
if ( $quantity_left > 1) {
$_SESSION['quantity_needed'] = $quantity_left;
tep_redirect(tep_href_link(FILENAME_SHIPPING_LABEL,'action=get_infos&print=true&order_id=' . $order_id));
} else {
tep_redirect(tep_href_link(FILENAME_SHIPPING_LABEL,'print=true&order_id=' . $order_id));
}
}
} else {
$messageStack->add_session(TEXT_ERROR_ALREADY_PROCESSED . '<a href="' . tep_href_link(FILENAME_ORDERS, 'oID=' . $order_id . '&action=edit') . '"> ' . randomise_order_num($order_id) . '</a>');
tep_redirect(tep_href_link(FILENAME_SHIPPING_LABEL));
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo HEADING_TITLE; ?></title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<script language="javascript" src="includes/general.js" type="text/javascript"></script>
<script language="JavaScript" src="js/jquery-3.3.1.min.js" type="text/javascript"></script>
<?php
if (isset($_GET['action']) && $_GET['action'] == 'get_infos') {
?>
<script src="js/orders.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ready( function() {
<?php
if (isset($_GET['error_code'])) {
switch ($_GET['error_code']) {
case '30221':
echo '$(\'input[name="addressee\\[mobileNumber\\]"]\').focus();';
}
}
?>
$('input[name="addressee\\[firstName\\]"]').attr("id", "cbname");
$('input[name="addressee[pickupLocationId]"]').keyup(function(){
let val = $(this).val();
$.ajax({
type: "POST",
url: "shipping_label.php?action=relai_lookup&order_id=<?php echo $order_id; ?>",
data: {
"relai_id": val,
},
success: function(data) {
let obj = $.parseJSON(data);
$("input[name='addressee[line2]']").val(obj['entry_street_address']);
$("input[name='addressee[zipCode]']").val(obj['entry_postcode']);
$("input[name='addressee[city]']").val(obj['entry_city']);
if (obj['entry_street_address'].toLowerCase().indexOf('poste') >=0 ) {
$("select#label_type option[value='BPR']").prop('selected', true);
} else {
$("select#label_type option[value='A2P']").prop('selected', true);
}
}
})
})
});
</script>
<?php
}
if (isset($_GET['print']) && $_GET['print'] == 'true') {
?>
<script type="text/javascript">
window.open('print_shipping_label.php?label=<?php echo $_SESSION['tmp_label_filename']; ?>', '_blank');
<?php
if (isset($_SESSION['tmp_pdf_filename'])) {
?>
window.open('print_shipping_label.php?pdf=<?php echo $_SESSION['tmp_pdf_filename']; ?>', '_blank');
window.open('invoice.php?qty=3&oID=<?php echo $order_id; ?>', '_blank');
<?php
}
?>
</script>
<?php
}
if ($action === "get_infos"){
echo '<link href="includes/datepicker.css" rel="stylesheet" type=" text / css ">';
echo '<script type="text/javascript" src="includes/datepicker.js"></script>';
}
?>
</head>
<body bgcolor="#FFFFFF" >
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td class="pageHeading" colspan="2">
<?php echo HEADING_TITLE; ?>
</td>
</tr>
<tr>
<td>
<?php
function tep_generate_token() {
$token = sha1(mt_rand());
$_SESSION['token'] = array($token => 1);
print_r($_SESSION);
return $token;
}
switch ($action) {
case 'get_infos':
echo tep_draw_form('colis', 'shipping_label.php?action=get_label&order_id=' . $order_id, '', 'post');
print_r($_SESSION);
$token = tep_generate_token();
echo tep_draw_hidden_field('token', $token);
print_r($_SESSION);
?>
<table>
<tr>
<td>
<?php
?>
<label for="weight"><?php echo LABEL_WEIGHT; ?></label>
</td>
<td>
<?php
echo tep_draw_input_field('weight', '', 'id="weight" autofocus') . '<br>';
?>
</td>
</tr>
<tr>
<td>
<label for="partial"><?php echo LABEL_PARTIAL; ?></label>
</td>
<td>
<?php
echo tep_draw_checkbox_field('partial', '', $status['is_partial'], "partial") . '<br>';
?>
</td>
</tr>
<tr>
<td>
<label for="labels_qty"><?php echo LABEL_NEEDED; ?></label>
</td>
<td>
<?php
for ($i=1; $i < 9; $i++) {
$dropdown_values[] = array("id" => $i, "text" => $i);
}
$default_labels = $quantity_left - 1;
echo tep_draw_pull_down_menu('labels_qty', $dropdown_values, $default_labels, 'id="labels_qty"') . '<br>';
echo tep_draw_hidden_field('order_id', $order_id);
$date_format = 'class="dateformat-d-sl-m-sl-Y range-low-today" size="10"';
?>
</td>
</tr>
<tr>
<td>
<label for="deposit_date"><?php echo LABEL_DEPOSIT_DATE; ?></label>
</td>
<td>
<?php
echo tep_draw_input_field("deposit_date", $value = '', $parameters = $date_format) . '<br>';
?>
</td>
</tr>
<tr>
<td>
<label for="relai_id"><?php echo LABEL_RELAI_ID; ?></label>
</td>
<td>
<?php
$addressee = $shipping->get_addressee($order_id);
$relai_id = '';
$default_product = 'DOM';
$CN23_needed = false;
if (!empty($addressee['address']['pickupLocationId'])) {
preg_match("#.*(\d{6})\/.+#", $addressee['address']['pickupLocationId'], $matches);
$relai_id = $matches[1];
if (strpos(strtolower($addressee['address']['line2']), 'poste') == false) {
$default_product = 'A2P';
} else {
$default_product = 'BPR';
}
} else if ($addressee['address']['countryCode'] == 'FD') {
$CN23_needed = true;
$addressee['address']['countryCode'] = 'FR';
$default_product = 'COM';
}
unset($addressee['address']['pickupLocationId']);
echo tep_draw_input_field("addressee[pickupLocationId]", $relai_id) . '<br>';
foreach ($addressee['address'] as $field => $value) {
if ($field == 'orders_language') continue;
?>
<tr>
<td>
<label for="<?php echo $field ?>"><?php echo constant(LABEL_ . strtoupper($field)); ?></label>
</td>
<td>
<?php
echo tep_draw_input_field("addressee[" . $field . "]", $value, 'style="width: 300px"') . '<br>';
?>
</td>
</tr>
<?php
}
?>
<tr>
<td>
<label for="comment"><?php echo LABEL_COMMENT; ?></label>
</td>
<td>
<?php
$languages = tep_get_languages();
foreach ($languages as $lang) {
if ($lang['id'] == $addressee['address']['orders_language']) {
echo tep_draw_hidden_field('cblang', $lang['code'], 'id="cblang"');
$order_language = $lang['code'];
}
}
echo tep_draw_hidden_field('cbshipping', $module, 'id="cbshipping"');
echo tep_draw_hidden_field('cborder', $order_num, 'id="cborder"');
echo tep_draw_hidden_field('cbnotify', '', 'id="cbnotify" checked="checked"');
echo tep_draw_textarea_field('comments', 'virtual', '60', '5');
// TODO create a premier second ... array
if ($orders_language == 'en') {
$parcel_dropdown_options = array(array('id' => '1', 'text' => 'first'),
array('id' => '2', 'text' => 'second'),
array('id' => '3', 'text' => 'third'),
array('id' => '4', 'text' => 'fourth'),
array('id' => '5', 'text' => 'fith'));
} else {
$parcel_dropdown_options = array(array('id' => '1', 'text' => 'premier'),
array('id' => '2', 'text' => 'deuxième'),
array('id' => '3', 'text' => 'troisième'),
array('id' => '4', 'text' => 'quatrième'),
array('id' => '5', 'text' => 'cinquième'));
}
?>
<br>
<?php
echo tep_draw_pull_down_menu('parcel_number', $parcel_dropdown_options, '', 'id="parcel_number"');
?>
<input type="button" value="nd track nb" onclick="preloadnewshippingnumbercomment('Tatiana', true);">
</td>
</tr>
<tr>
<td>
<label for="delivery_comment"><?php echo LABEL_DELIVERY_COMMENT; ?></label>
</td>
<td>
<?php
$delivery_comment = '';
$qry = "SELECT comments
FROM orders_status_history
WHERE orders_id = '" . $order_id . "'
AND packing_slip = 1";
$query = tep_db_query($qry);
while ($rslt = tep_db_fetch_array($query)) {
$delivery_comment .= $rslt['comments'] . "
";
}
echo tep_draw_textarea_field('addressee[delivery_comment]', 'virtual', '60', '5', $delivery_comment);
?>
</td>
</tr>
<?php
if ($shipping->need_CN23($addressee['address']['countryCode']) || $CN23_needed) {
$dropdown_none = array('id' => '', 'text' => TEXT_NONE);
$origin_country_array = array_merge(array($dropdown_none), tep_get_countries('', null, true));
$qry = "SELECT op.products_id, op.products_name AS description, op.products_quantity AS quantity, psl.weight AS weight, ROUND(op.products_price, 2) AS value, p.origin_country_id,
(SELECT REPLACE(ROUND(ot.value, 2), '.', '')
FROM orders_total AS ot
WHERE ot.orders_id = '" . tep_db_input($order_id) . "'
AND ot.class = 'ot_shipping') AS totalAmount
FROM orders_products AS op
LEFT JOIN products AS p
ON op.products_id = p.products_id
LEFT JOIN products_stock_location AS psl
ON p.products_id = psl.products_id
AND (psl.option_id IN (SELECT opa.products_options_values_id
FROM orders_products_attributes AS opa
WHERE opa.orders_id = '" . tep_db_input($order_id) . "'
AND op.orders_products_id = opa.orders_products_id)
OR psl.option_id IS NULL)
WHERE op.orders_id = '" . tep_db_input($order_id) . "'";
$query = tep_db_query($qry);
echo '<tr><td><label for="cn23_categories">' . TEXT_LABEL_CN23_CATEGORIES . '</td>';
$CN23_categories_array = $shipping->get_CN23_categories();
$CN23_product_families_array = $shipping->get_CN23_product_families();
echo '<td>' . tep_draw_pull_down_menu('CN23[category]', $CN23_categories_array, 3) . '</td></tr>';
echo '<tr><td colspan=2><table>';
echo '<tr>';
echo '<th>' . TABLE_HEADING_DESCRIPTION . '</th>';
echo '<th>' . TABLE_HEADING_QUANTITY . '</th>';
echo '<th id="weight_title">' . TABLE_HEADING_WEIGHT . '</th>';
echo '<th>' . TABLE_HEADING_VALUE . '</th>';
echo '<th>' . TABLE_HEADING_FAMILY . '</th>';
echo '<th>' . TABLE_HEADING_ORIGIN_COUNTRY . '</th>';
echo '</tr>';
while ($result = tep_db_fetch_array($query)) {
echo tep_draw_hidden_field('CN23[totalAmount]', $result['totalAmount']);
echo '<tr>';
echo '<td>' . tep_draw_input_field('CN23[' . $result['products_id'] . '][description]', $result['description']) . '</td>';
echo '<td>' . tep_draw_input_field('CN23[' . $result['products_id'] . '][quantity]', $result['quantity']) . '</td>';
echo '<td>' . tep_draw_input_field('CN23[' . $result['products_id'] . '][weight]', $result['weight'], 'class="js_weight"') . '</td>';
echo '<td>' . tep_draw_input_field('CN23[' . $result['products_id'] . '][value]', $result['value']) . '</td>';
echo '<td>' . tep_draw_pull_down_menu('CN23[' . $result['products_id'] . '][hsCode]', $CN23_product_families_array) . '</td>';
echo '<td>' . tep_draw_pull_down_menu('CN23[' . $result['products_id'] . '][originCountry]', $origin_country_array, $result['origin_country_id']) . '</td>';
echo '</tr>';
}
echo '</table></td></tr>';
}
?>
<tr>
<td>
<?php
echo '<a href="' . tep_href_link(FILENAME_SHIPPING_LABEL) . '">' . tep_css_button(BUTTON_BACK, false) . '</a>';
echo tep_css_button(BUTTON_SUBMIT, true);
break;
case 'get_label':
// echo '<div class="hidden">' . $label . '</div>';
// }
break;
default:
echo tep_draw_form('colis', 'shipping_label.php?action=get_infos', '', 'post');
?>
<label for="order_num"><?php echo LABEL_ORDER; ?></label>
<?php
echo tep_draw_input_field('order_num', '', 'id="order_num" autofocus');
echo tep_css_button(BUTTON_SUBMIT, true);
break;
}
?>
