我发生了一件非常不可思议的事情,我无法从脚本中重现,但是仍然有人知道如何解决这个问题。 因此,我向脚本中添加了令牌,以避免重复提交表单。 我有一个非常简单的函数来设置会话并返回令牌:
function generate_token() {
$token = sha1(mt_rand());
$_SESSION['token'] = array($token => 1);
print_r($_SESSION);
return $token;
}
此处的print_r显示了此消息(完全正确):
Array
(
[token] => Array
(
[1a1c5cbdbe9d85dcb0b55a712ff8bf187ae795cb] => 1
)
)
我这样称呼脚本(没什么花哨)
$token = generate_token();
但是如果我在函数之外紧随其后打印,我会得到
Array
(
[token] => 1a1c5cbdbe9d85dcb0b55a712ff8bf187ae795cb
)
如果不是
$token = generate_token();
我只是打电话
generate_token();
工作正常。
我已经在测试页的脚本中尝试过了,没有任何奇怪的事情发生。 如果需要的话,我可以向您展示我的代码的其余部分,但是围绕它,它仅生成html。 就像以前看到的那样? 它伤了我的大脑,所以任何帮助将不胜感激。 干杯
编辑:
根据要求,我将完整的代码放在这里,奇怪的是发生在304行附近。 在这里,我放置了通常从一个include调用的函数,该函数在我的情况下不会改变任何内容。 (由于SO字符数限制,代码最后被截断了)
<?php
require('includes/application_top.php');
require('includes/functions/scrambled_order_num.php');
$quantity_left = isset($_POST['labels_qty']) ? $_POST['labels_qty']: 1;
if (isset($_SESSION['quantity_needed'])) {
$quantity_left = $_SESSION['quantity_needed'];
unset($_SESSION['quantity_needed']);
}
$action = isset($_GET['action']) ? $_GET['action'] : '';
$order_id = isset($_GET['order_id']) ? tep_db_input($_GET['order_id']) : '';
$order_num = isset($_POST['order_num']) ? tep_db_input(trim($_POST['order_num'])) : '';
$weight = isset($_POST['weight']) ? tep_db_input($_POST['weight']) : '';
$label_type = isset($_POST['label_type']) ? tep_db_input($_POST['label_type']) : '';
$CN23 = isset($_POST['CN23']) ? $_POST['CN23'] : '';
$addressee = isset($_POST['addressee']) ? $_POST['addressee'] : '';
$comments = isset($_POST['comments']) ? $_POST['comments'] : '';
// update products infos
if (!empty($CN23)) {
foreach($CN23 as $pID => $values) {
if (is_numeric($pID)) {
$qry = "UPDATE products
SET origin_country_id = '" . (int)$values['originCountry'] . "'
WHERE products_id = '" . (int)$pID . "'";
tep_db_query($qry);
$qry = "UPDATE products_stock_location
SET weight = '" . $values['weight'] . "'
WHERE products_id = '" . (int)$pID . "'";
tep_db_query($qry);
}
}
}
if (isset($_POST['deposit_date']) && empty($_POST['deposit_date'])) {
$today = new DateTime();
$deposit_date = $today->format("Y-m-d");
} else if (isset($_POST['deposit_date'])) {
$format = "d/m/Y";
$date_object = DateTime::createFromFormat($format, tep_db_input($_POST['deposit_date']));
$deposit_date = $date_object->format("Y-m-d");
}
switch ($action) {
case 'get_infos':
if (empty($order_id)){
$order_id = derandomise_order_num($order_num);
}
// check actual shipping status
$qry = "SELECT o.shipping_status, o.is_partial, o.orders_language, o.shipping_method
FROM orders AS o
WHERE o.orders_id = '" . $order_id . "'";
$status_query = tep_db_query($qry);
$status = tep_db_fetch_array($status_query);
if ($status['shipping_status'] == SHIPPING_STATUS_READY_TO_SHIP) {
$messageStack->add_session(TEXT_NOT_READY_TO_SHIP);
tep_redirect(tep_href_link(FILENAME_SHIPPING_LABEL));
}
if ($status['shipping_method'] == 'Chronopost') {
$messageStack->add_session('chronopost');
tep_redirect(tep_href_link(FILENAME_SHIPPING_LABEL));
}
case 'get_label':
case 'relai_lookup':
$qry = "SELECT shipping_method
FROM " . TABLE_ORDERS . "
WHERE orders_id = " . $order_id;
$shipping_query = tep_db_query($qry);
$shipping_result = tep_db_fetch_array($shipping_query);
if ($shipping_result['shipping_method'] == 'Colissimo' || $shipping_result['shipping_method'] == 'So Colissimo' || $shipping_result['shipping_method'] == 'Colissimo free') {
$module = 'socolissimo';
} else if ($shipping_result['shipping_method'] == 'Chronopost') {
$module = 'chronopost';
}
include_once(DIR_FS_CATALOG_MODULES . 'shipping/' . $module . ".php");
$shipping = new $module;
break;
default:
break;
}
if ($action == "relai_lookup") {
$relai_id = $_POST['relai_id'];
echo json_encode($shipping->get_relais_by_id($relai_id));
die();
}
if ($action == 'get_label' ) {
if (is_valid_token($_POST['token'])) {
$label = $shipping->get_label( $order_id, $addressee, $label_type, $deposit_date, $weight, $CN23);
if ($label->messages->id != 0) {
$messageStack->add_session($label->messages->messageContent);
$error_code = $label->messages->id;
tep_redirect(tep_href_link(FILENAME_SHIPPING_LABEL,'action=get_infos&order_id=' . $order_id . '&error_code=' . $error_code));
} else {
$email_url_param = 'order_id';
$qry = "SELECT osh.billing_status_id
FROM " . TABLE_ORDERS_STATUS_HISTORY . " AS osh
WHERE osh.orders_id = " . (int)$order_id . "
ORDER BY osh.orders_status_history_id
LIMIT 1";
$query = tep_db_query($qry);
$result = tep_db_fetch_array($query);
$parcel_number = tep_db_input($label->labelResponse->parcelNumber);
$comments = str_replace('[TN]', $parcel_number, $comments);
// send mail
$qry = "SELECT customers_name, customers_email_address, billing_status, orders_language, date_purchased
FROM orders
WHERE orders_id = '" . (int)$order_id . "'";
$order_qry = tep_db_query($qry);
$order_info = tep_db_fetch_array($order_qry);
$billing_status = $order_info['billing_status'];
$order_lang = $order_info['orders_language'];
$scrambled_order_num = randomise_order_num($order_id);
$languages = tep_get_languages();
$base_lang = '';
foreach ($languages as $lang) {
if ($lang['id'] == $order_lang && ($base_lang == '' || $base_lang == $order_lang)) {
$dir = $lang['directory'];
$base_lang = $order_lang;
}
}
require_once(DIR_WS_LANGUAGES . $dir . '/orders_auto_email.php');
require(DIR_FS_CATALOG . 'includes/classes/' . FILENAME_TRACKING_MODULE);
include(DIR_FS_CATALOG_LANGUAGES . $language . '/' . FILENAME_TRACKING_MODULE);
if (isset($_POST['partial'])){
$shipping_status = SHIPPING_STATUS_PARTIALLY_SHIPPED;
$email_comment = EMAIL_TEXT_PARTIALLY_SHIPPED;
$soon = EMAIL_TEXT_CONTACT_SOON;
} else {
$shipping_status = SHIPPING_STATUS_SHIPPED;
$email_comment = EMAIL_TEXT_SHIPPED;
$soon = '';
}
$tracking = new tracking_module();
$tracking->suffix = $shipping->suffix;
$tracking->tracking_id = $parcel_number;
$tracking->fill_comment();
$email_comment .= $tracking->shipping_name . ".\n" . EMAIL_TEXT_RECEPTION . $tracking->delay . "\n" . $soon . EMAIL_TEXT_THX;
if (!empty($comments)) {
$email_comment = $comments;
}
$email = sprintf(EMAIL_TEXT_ORDER_NUMBER . ' ' . $scrambled_order_num . "\n" .
EMAIL_TEXT_DATE_ORDERED . ' ' . email_date_long($order_info['date_purchased'], $order_lang) . "\n\n" .
$email_comment . "\n\n" .
$tracking->email_add_tracking() . "\n\n" .
EMAIL_TEXT_INVOICE_URL . ' ' . tep_catalog_href_link(FILENAME_CATALOG_ACCOUNT_HISTORY_INFO, $email_url_param . '=' . $scrambled_order_num, 'SSL', false) . "\n\n" ) . EMAIL_TEXT_REPLY_TO . "\n";
// send mail to aide for now
//$order_info['customers_email_address']
tep_mail($order_info['customers_name'], $order_info['customers_email_address'], EMAIL_TEXT_SUBJECT, $email, STORE_OWNER, STORE_OWNER_EMAIL_ADDRESS);
// start update
if ($quantity_left != 1) {
$shipping_status = SHIPPING_STATUS_READY_TO_SHIP;
}
$qry = "UPDATE orders
SET shipping_status = '" . $shipping_status . "',
picked = 0, is_partial = 0,
last_modified = NOW()
WHERE orders_id ='" . (int)$order_id . "'";
tep_db_query($qry);
$qry = "INSERT INTO " . TABLE_ORDERS_STATUS_HISTORY . "
(orders_id, shipping_status_id, billing_status_id, date_added, customer_notified, comments, tracking_id)
VALUES
('" . (int)$order_id . "', '" . (int)$shipping_status . "', '" . (int)$result['billing_status_id'] . "', now(), 1, '" . tep_db_input($email_comment) . "', '" . tep_db_input($parcel_number . "|" . $shipping->suffix) . "')";
tep_db_query($qry);
$qry = "INSERT INTO " . TABLE_BORDEREAU . "
(parcel_number, parcel_type, order_id, customers_name, customers_address, zipcode, city, country_code, weight)
VALUES
('" . tep_db_input($parcel_number) . "', '" . tep_db_input($label_type) . "', '" . tep_db_input($order_id) . "', '" . tep_db_input($addressee['lastName']) . "', '" . tep_db_input($addressee['line2']) . "', '" . tep_db_input($addressee['zipCode']) . "', '" . tep_db_input($addressee['city']) . "', '" . tep_db_input($addressee['countryCode']) . "', '" . tep_db_input($weight) . "')";
tep_db_query($qry);
// prep data to print
$_SESSION['tmp_label_filename'] = tempnam(sys_get_temp_dir(), 'zpl');
$handle = fopen($_SESSION['tmp_label_filename'], 'w');
fwrite($handle, $label->labelResponse->label);
fclose($handle);
if (isset($label->labelResponse->cn23)) {
$_SESSION['tmp_pdf_filename'] = tempnam(sys_get_temp_dir(), "pdf");
$handle = fopen($_SESSION['tmp_pdf_filename'], "w");
fwrite($handle,$label->labelResponse->cn23);
fclose($handle);
}
if ( $quantity_left > 1) {
$_SESSION['quantity_needed'] = $quantity_left;
tep_redirect(tep_href_link(FILENAME_SHIPPING_LABEL,'action=get_infos&print=true&order_id=' . $order_id));
} else {
tep_redirect(tep_href_link(FILENAME_SHIPPING_LABEL,'print=true&order_id=' . $order_id));
}
}
} else {
$messageStack->add_session(TEXT_ERROR_ALREADY_PROCESSED . '<a href="' . tep_href_link(FILENAME_ORDERS, 'oID=' . $order_id . '&action=edit') . '"> ' . randomise_order_num($order_id) . '</a>');
tep_redirect(tep_href_link(FILENAME_SHIPPING_LABEL));
}
}
?>
<!doctype html public "-//W3C//DTD HTML 4.01 Transitional//EN">
<html <?php echo HTML_PARAMS; ?>>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET; ?>">
<title><?php echo HEADING_TITLE; ?></title>
<link rel="stylesheet" type="text/css" href="includes/stylesheet.css">
<script language="javascript" src="includes/general.js" type="text/javascript"></script>
<script language="JavaScript" src="js/jquery-3.3.1.min.js" type="text/javascript"></script>
<?php
if (isset($_GET['action']) && $_GET['action'] == 'get_infos') {
?>
<script src="js/orders.js" type="text/javascript"></script>
<script type="text/javascript">
$(document).ready( function() {
<?php
if (isset($_GET['error_code'])) {
switch ($_GET['error_code']) {
case '30221':
echo '$(\'input[name="addressee\\[mobileNumber\\]"]\').focus();';
}
}
?>
$('input[name="addressee\\[firstName\\]"]').attr("id", "cbname");
$('input[name="addressee[pickupLocationId]"]').keyup(function(){
let val = $(this).val();
$.ajax({
type: "POST",
url: "shipping_label.php?action=relai_lookup&order_id=<?php echo $order_id; ?>",
data: {
"relai_id": val,
},
success: function(data) {
let obj = $.parseJSON(data);
$("input[name='addressee[line2]']").val(obj['entry_street_address']);
$("input[name='addressee[zipCode]']").val(obj['entry_postcode']);
$("input[name='addressee[city]']").val(obj['entry_city']);
if (obj['entry_street_address'].toLowerCase().indexOf('poste') >=0 ) {
$("select#label_type option[value='BPR']").prop('selected', true);
} else {
$("select#label_type option[value='A2P']").prop('selected', true);
}
}
})
})
});
</script>
<?php
}
if (isset($_GET['print']) && $_GET['print'] == 'true') {
?>
<script type="text/javascript">
window.open('print_shipping_label.php?label=<?php echo $_SESSION['tmp_label_filename']; ?>', '_blank');
<?php
if (isset($_SESSION['tmp_pdf_filename'])) {
?>
window.open('print_shipping_label.php?pdf=<?php echo $_SESSION['tmp_pdf_filename']; ?>', '_blank');
window.open('invoice.php?qty=3&oID=<?php echo $order_id; ?>', '_blank');
<?php
}
?>
</script>
<?php
}
if ($action === "get_infos"){
echo '<link href="includes/datepicker.css" rel="stylesheet" type=" text / css ">';
echo '<script type="text/javascript" src="includes/datepicker.js"></script>';
}
?>
</head>
<body bgcolor="#FFFFFF" >
<!-- header //-->
<?php require(DIR_WS_INCLUDES . 'header.php'); ?>
<!-- header_eof //-->
<!-- body //-->
<table border="0" width="100%" cellspacing="2" cellpadding="2">
<tr>
<td width="<?php echo BOX_WIDTH; ?>" valign="top"><table border="0" width="<?php echo BOX_WIDTH; ?>" cellspacing="1" cellpadding="1" class="columnLeft">
<!-- left_navigation //-->
<?php require(DIR_WS_INCLUDES . 'column_left.php'); ?>
<!-- left_navigation_eof //-->
</table></td>
<!-- body_text //-->
<td width="100%" valign="top"><table border="0" width="100%" cellspacing="0" cellpadding="2">
<tr>
<td class="pageHeading" colspan="2">
<?php echo HEADING_TITLE; ?>
</td>
</tr>
<tr>
<td>
<?php
function tep_generate_token() {
$token = sha1(mt_rand());
$_SESSION['token'] = array($token => 1);
print_r($_SESSION);
return $token;
}
switch ($action) {
case 'get_infos':
echo tep_draw_form('colis', 'shipping_label.php?action=get_label&order_id=' . $order_id, '', 'post');
print_r($_SESSION);
$token = tep_generate_token();
echo tep_draw_hidden_field('token', $token);
print_r($_SESSION);
?>
<table>
<tr>
<td>
<?php
?>
<label for="weight"><?php echo LABEL_WEIGHT; ?></label>
</td>
<td>
<?php
echo tep_draw_input_field('weight', '', 'id="weight" autofocus') . '<br>';
?>
</td>
</tr>
<tr>
<td>
<label for="partial"><?php echo LABEL_PARTIAL; ?></label>
</td>
<td>
<?php
echo tep_draw_checkbox_field('partial', '', $status['is_partial'], "partial") . '<br>';
?>
</td>
</tr>
<tr>
<td>
<label for="labels_qty"><?php echo LABEL_NEEDED; ?></label>
</td>
<td>
<?php
for ($i=1; $i < 9; $i++) {
$dropdown_values[] = array("id" => $i, "text" => $i);
}
$default_labels = $quantity_left - 1;
echo tep_draw_pull_down_menu('labels_qty', $dropdown_values, $default_labels, 'id="labels_qty"') . '<br>';
echo tep_draw_hidden_field('order_id', $order_id);
$date_format = 'class="dateformat-d-sl-m-sl-Y range-low-today" size="10"';
?>
</td>
</tr>
<tr>
<td>
<label for="deposit_date"><?php echo LABEL_DEPOSIT_DATE; ?></label>
</td>
<td>
<?php
echo tep_draw_input_field("deposit_date", $value = '', $parameters = $date_format) . '<br>';
?>
</td>
</tr>
<tr>
<td>
<label for="relai_id"><?php echo LABEL_RELAI_ID; ?></label>
</td>
<td>
<?php
$addressee = $shipping->get_addressee($order_id);
$relai_id = '';
$default_product = 'DOM';
$CN23_needed = false;
if (!empty($addressee['address']['pickupLocationId'])) {
preg_match("#.*(\d{6})\/.+#", $addressee['address']['pickupLocationId'], $matches);
$relai_id = $matches[1];
if (strpos(strtolower($addressee['address']['line2']), 'poste') == false) {
$default_product = 'A2P';
} else {
$default_product = 'BPR';
}
} else if ($addressee['address']['countryCode'] == 'FD') {
$CN23_needed = true;
$addressee['address']['countryCode'] = 'FR';
$default_product = 'COM';
}
unset($addressee['address']['pickupLocationId']);
echo tep_draw_input_field("addressee[pickupLocationId]", $relai_id) . '<br>';
foreach ($addressee['address'] as $field => $value) {
if ($field == 'orders_language') continue;
?>
<tr>
<td>
<label for="<?php echo $field ?>"><?php echo constant(LABEL_ . strtoupper($field)); ?></label>
</td>
<td>
<?php
echo tep_draw_input_field("addressee[" . $field . "]", $value, 'style="width: 300px"') . '<br>';
?>
</td>
</tr>
<?php
}
?>
<tr>
<td>
<label for="comment"><?php echo LABEL_COMMENT; ?></label>
</td>
<td>
<?php
$languages = tep_get_languages();
foreach ($languages as $lang) {
if ($lang['id'] == $addressee['address']['orders_language']) {
echo tep_draw_hidden_field('cblang', $lang['code'], 'id="cblang"');
$order_language = $lang['code'];
}
}
echo tep_draw_hidden_field('cbshipping', $module, 'id="cbshipping"');
echo tep_draw_hidden_field('cborder', $order_num, 'id="cborder"');
echo tep_draw_hidden_field('cbnotify', '', 'id="cbnotify" checked="checked"');
echo tep_draw_textarea_field('comments', 'virtual', '60', '5');
// TODO create a premier second ... array
if ($orders_language == 'en') {
$parcel_dropdown_options = array(array('id' => '1', 'text' => 'first'),
array('id' => '2', 'text' => 'second'),
array('id' => '3', 'text' => 'third'),
array('id' => '4', 'text' => 'fourth'),
array('id' => '5', 'text' => 'fith'));
} else {
$parcel_dropdown_options = array(array('id' => '1', 'text' => 'premier'),
array('id' => '2', 'text' => 'deuxième'),
array('id' => '3', 'text' => 'troisième'),
array('id' => '4', 'text' => 'quatrième'),
array('id' => '5', 'text' => 'cinquième'));
}
?>
<br>
<?php
echo tep_draw_pull_down_menu('parcel_number', $parcel_dropdown_options, '', 'id="parcel_number"');
?>
<input type="button" value="nd track nb" onclick="preloadnewshippingnumbercomment('Tatiana', true);">
</td>
</tr>
<tr>
<td>
<label for="delivery_comment"><?php echo LABEL_DELIVERY_COMMENT; ?></label>
</td>
<td>
<?php
$delivery_comment = '';
$qry = "SELECT comments
FROM orders_status_history
WHERE orders_id = '" . $order_id . "'
AND packing_slip = 1";
$query = tep_db_query($qry);
while ($rslt = tep_db_fetch_array($query)) {
$delivery_comment .= $rslt['comments'] . "\n";
}
echo tep_draw_textarea_field('addressee[delivery_comment]', 'virtual', '60', '5', $delivery_comment);
?>
</td>
</tr>
<?php
if ($shipping->need_CN23($addressee['address']['countryCode']) || $CN23_needed) {
$dropdown_none = array('id' => '', 'text' => TEXT_NONE);
$origin_country_array = array_merge(array($dropdown_none), tep_get_countries('', null, true));
$qry = "SELECT op.products_id, op.products_name AS description, op.products_quantity AS quantity, psl.weight AS weight, ROUND(op.products_price, 2) AS value, p.origin_country_id,
(SELECT REPLACE(ROUND(ot.value, 2), '.', '')
FROM orders_total AS ot
WHERE ot.orders_id = '" . tep_db_input($order_id) . "'
AND ot.class = 'ot_shipping') AS totalAmount
FROM orders_products AS op
LEFT JOIN products AS p
ON op.products_id = p.products_id
LEFT JOIN products_stock_location AS psl
ON p.products_id = psl.products_id
AND (psl.option_id IN (SELECT opa.products_options_values_id
FROM orders_products_attributes AS opa
WHERE opa.orders_id = '" . tep_db_input($order_id) . "'
AND op.orders_products_id = opa.orders_products_id)
OR psl.option_id IS NULL)
WHERE op.orders_id = '" . tep_db_input($order_id) . "'";
$query = tep_db_query($qry);
echo '<tr><td><label for="cn23_categories">' . TEXT_LABEL_CN23_CATEGORIES . '</td>';
$CN23_categories_array = $shipping->get_CN23_categories();
$CN23_product_families_array = $shipping->get_CN23_product_families();
echo '<td>' . tep_draw_pull_down_menu('CN23[category]', $CN23_categories_array, 3) . '</td></tr>';
echo '<tr><td colspan=2><table>';
echo '<tr>';
echo '<th>' . TABLE_HEADING_DESCRIPTION . '</th>';
echo '<th>' . TABLE_HEADING_QUANTITY . '</th>';
echo '<th id="weight_title">' . TABLE_HEADING_WEIGHT . '</th>';
echo '<th>' . TABLE_HEADING_VALUE . '</th>';
echo '<th>' . TABLE_HEADING_FAMILY . '</th>';
echo '<th>' . TABLE_HEADING_ORIGIN_COUNTRY . '</th>';
echo '</tr>';
while ($result = tep_db_fetch_array($query)) {
echo tep_draw_hidden_field('CN23[totalAmount]', $result['totalAmount']);
echo '<tr>';
echo '<td>' . tep_draw_input_field('CN23[' . $result['products_id'] . '][description]', $result['description']) . '</td>';
echo '<td>' . tep_draw_input_field('CN23[' . $result['products_id'] . '][quantity]', $result['quantity']) . '</td>';
echo '<td>' . tep_draw_input_field('CN23[' . $result['products_id'] . '][weight]', $result['weight'], 'class="js_weight"') . '</td>';
echo '<td>' . tep_draw_input_field('CN23[' . $result['products_id'] . '][value]', $result['value']) . '</td>';
echo '<td>' . tep_draw_pull_down_menu('CN23[' . $result['products_id'] . '][hsCode]', $CN23_product_families_array) . '</td>';
echo '<td>' . tep_draw_pull_down_menu('CN23[' . $result['products_id'] . '][originCountry]', $origin_country_array, $result['origin_country_id']) . '</td>';
echo '</tr>';
}
echo '</table></td></tr>';
}
?>
<tr>
<td>
<?php
echo '<a href="' . tep_href_link(FILENAME_SHIPPING_LABEL) . '">' . tep_css_button(BUTTON_BACK, false) . '</a>';
echo tep_css_button(BUTTON_SUBMIT, true);
break;
case 'get_label':
// echo '<div class="hidden">' . $label . '</div>';
// }
break;
default:
echo tep_draw_form('colis', 'shipping_label.php?action=get_infos', '', 'post');
?>
<label for="order_num"><?php echo LABEL_ORDER; ?></label>
<?php
echo tep_draw_input_field('order_num', '', 'id="order_num" autofocus');
echo tep_css_button(BUTTON_SUBMIT, true);
break;
}
?>