即使退房后,如何防止用户返回付款页面?目前,在用户结帐后,当我单击浏览器的“后退”按钮时,用户仍可以返回到付款页面,而所有信息仍保留在表格中。我如何将用户重定向回主页,以便在用户结帐后,当他们单击“后退”按钮时,而不是返回到付款页面,而是将他们重定向回主页(index.php )呢?
当前,在saveOrderToTable函数下,我正在调用存储用户购买的所有产品的会话数组。提交按钮后,我可以删除数组,但不能删除付款表单中的值。
我当前的付款页面代码:
<html>
<head>
<title>PAYMENT PAGE</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/header_footer.css">
<link rel="stylesheet" href="css/process_payment.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/bootstrap.min.js"></script>
<script src="js/bootstrap.min.js"></script>
</head>
<body>
<?php
include "navbar.inc.php";
?>
<article class="formvalidateOutput">
<?php
$key = 'qkwjdiw239&&jdafweihbrhnan&^%$ggdnawhd4njshjwuuO';
// Constants for accessing our DB:
define("DBHOST", "");
define("DBNAME", "");
define("DBUSER", "");
define("DBPASS", "");
$custname = $custemail = $custnumber = $streetadd = $blknumber = $unitnumber = $zipcode = $deldate = $deltime = $ccname = $ccnumber = $expdate = $ccvnumber = $errorMsg = "";
$success = true;
if (empty($_POST["custname"])) {
$errorMsg .= "First name is required.<br>";
$success = false;
} else {
$custname = sanitize_input($_POST["custname"]);
if (!preg_match("/^[a-zA-Z]+(([',. -][a-zA-Z ])?[a-zA-Z]*)*$/", $custname)) {
$errorMsg .= "Please enter a proper first name.<br>";
$success = false;
} else {
$custname = sanitize_input($_POST["custname"]);
}
}
if (empty($_POST["custemail"])) {
$errorMsg .= "Email is required.<br>";
$success = false;
} else {
$custemail = sanitize_input($_POST["custemail"]); // Additional check to make sure e-mail address is well-formed.
if (!filter_var($custemail, FILTER_VALIDATE_EMAIL)) {
$errorMsg .= "Invalid email format.<br>";
$success = false;
}
}
if (empty($_POST["custnumber"])) {
$errorMsg .= "Contact Number is required.<br>";
$success = false;
} else {
$custnumber = sanitize_input($_POST["custnumber"]);
if (!preg_match("/^([0-9]{8})$/", $custnumber)) {
$errorMsg .= "Please enter a valid contact number.<br>";
$success = false;
} else {
$custnumber = sanitize_input($_POST["custnumber"]);
}
}
if (empty($_POST["streetadd"])) {
$errorMsg .= "Address is required.<br>";
$success = false;
} else {
$streetadd = sanitize_input($_POST["streetadd"]);
if (!preg_match("/^([A-Za-z0-9\.\-\s\,])+$/", $streetadd)) {
$errorMsg .= "Please enter a valid address.<br>";
$success = false;
} else {
$streetadd = sanitize_input($_POST["streetadd"]);
}
}
if (empty($_POST["blknumber"])) {
$errorMsg .= "Blk number is required.<br>";
$success = false;
} else {
$blknumber = sanitize_input($_POST["blknumber"]);
if (!preg_match("/^([0-9]{3})$/", $blknumber)) {
$errorMsg .= "Please enter a valid blk number.<br>";
$success = false;
} else {
$blknumber = sanitize_input($_POST["blknumber"]);
}
}
if (empty($_POST["unitnumber"])) {
$errorMsg .= "Unit number is required.<br>";
$success = false;
} else {
$unitnumber = sanitize_input($_POST["unitnumber"]);
if (!preg_match("/^([0-9]{2}\-[0-9]{3})$/", $unitnumber)) {
$errorMsg .= "Please enter a valid unit number.<br>";
$success = false;
} else {
$unitnumber = sanitize_input($_POST["unitnumber"]);
}
}
if (empty($_POST["zipcode"])) {
$errorMsg .= "Zipcode is required.<br>";
$success = false;
} else {
$zipcode = sanitize_input($_POST["zipcode"]);
if (!preg_match("/^([0-9]{6})$/", $zipcode)) {
$errorMsg .= "Please enter a valid zipcode.<br>";
$success = false;
} else {
$zipcode = sanitize_input($_POST["zipcode"]);
}
}
if (empty($_POST["deldate"])) {
$errorMsg .= "Date is required.<br>";
$success = false;
} else {
$deldate = sanitize_input($_POST["deldate"]);
}
if ($_POST["deltime"] == "0") {
$errorMsg .= "Please select a time.<br>";
$success = false;
} else {
$deltime = $_POST["deltime"];
}
if (empty($_POST["ccname"])) {
$errorMsg .= "Credit card name is required.<br>";
$success = false;
} else {
$ccname = sanitize_input($_POST["ccname"]);
if (!preg_match("/^[a-zA-Z]+(([a-zA-Z ])?[a-zA-Z]*)*$/", $ccname)) {
$errorMsg .= "Please enter a valid credit card name.<br>";
$success = false;
} else {
$ccname = sanitize_input($_POST["ccname"]);
}
}
if (empty($_POST["ccnumber"])) {
$errorMsg .= "Credit Card Number is required.<br>";
$success = false;
} else {
$ccnumber = sanitize_input($_POST["ccnumber"]);
if (!preg_match("/^([0-9]{16})$/", $ccnumber)) {
$errorMsg .= "Please enter a valid credit card number.<br>";
$success = false;
} else {
$ccnumber = encryptthis(sanitize_input($_POST["ccnumber"]), $key);
}
}
if (empty($_POST["expdate"])) {
$errorMsg .= "Exp date is required.<br>";
$success = false;
} else {
$expdate = sanitize_input($_POST["expdate"]);
if (!preg_match("/^([0-9]{2}\/[0-9]{2})$/", $expdate)) {
$errorMsg .= "Please enter a valid exp date.<br>";
$success = false;
} else {
$expdate = encryptthis(sanitize_input($_POST["expdate"]), $key);
}
}
if (empty($_POST["ccvnumber"])) {
$errorMsg .= "CCV number is required.<br>";
$success = false;
} else {
$ccvnumber = sanitize_input($_POST["ccvnumber"]);
if (!preg_match("/^([0-9]{3})$/", $ccvnumber)) {
$errorMsg .= "Please enter a valid ccv number.<br>";
$success = false;
} else {
$ccvnumber = encryptthis(sanitize_input($_POST["ccvnumber"]), $key);
}
}
if ($success) {
saveCustomerInfoToDB();
savePaymentInfoToDB();
saveOrderToTable();
echo "<h1>Your Order Has been Placed!</h1>";
echo "<h2>Thank You For Your Support</h2>";
echo "<h3>Have A Nice Day</h3>";
header('Refresh:3; url=index.php');
exit();
} else {
echo "<h1>Please check your payment input!</h1>";
echo "<h4>The following input errors were detected:</h4>";
echo "<p>" . $errorMsg . "</p>";
header('Refresh:3; url=payment_information.php');
}
//Helper function that checks input for malicious or unwanted content.
function sanitize_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
function encryptthis($data, $key) {
$encryption_key = base64_decode($key);
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
$encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);
return base64_encode($encrypted . '::' . $iv);
}
//Save user information into database.
function saveCustomerInfoToDB() {
global $custname, $custemail, $custnumber, $streetadd, $blknumber, $unitnumber, $zipcode, $deldate, $deltime, $errorMsg;
// Create connection
$conn = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME);
// Check connection
if ($conn->connect_error) {
$errorMsg = "Connection failed: " . $conn->connect_error;
}
else{ //prepared statement
$compile = $conn->prepare("INSERT INTO customer_information (name, email, mobileNumber, streetName, blkNumber, unitNumber, zipcode, deliveryDate, deliveryTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)");
$compile->bind_param("ssisssiss", $custname, $custemail, $custnumber, $streetadd, $blknumber, $unitnumber, $zipcode, $deldate, $deltime);
$compile->execute();
$compile->close();
$conn->close();
}
}
//Save user information into database.
function savePaymentInfoToDB() {
global $ccname, $ccnumber, $expdate, $ccvnumber, $errorMsg;
// Create connection
$conn = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME);
if ($conn->connect_error) {
$errorMsg = "Connection failed: " . $conn->connect_error;
}
else{ //prepared statement
$sql = "SELECT customer_id FROM customer_information ORDER BY customer_id DESC LIMIT 1";
$idValue = $conn->query($sql);
$idValueResult = $idValue->fetch_assoc();
$customerID = $idValueResult['customer_id'];
$compile = $conn->prepare("INSERT INTO customer_payment_information (customer_id, fullName, creditcardNumber, expiry, ccv) VALUES (?, ?, ?, ?, ?)");
$compile->bind_param("issss", $customerID, $ccname, $ccnumber, $expdate, $ccvnumber);
$compile->execute();
$compile->close();
$conn->close();
}
}
//Save user order into database.
function saveOrderToTable() {
session_start();
global $errorMsg;
$connect = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME);
$array = $_SESSION['shopping_cart'];
if ($connect->connect_error) {
$errorMsg = "Connection failed: " . $connect->connect_error;
} else {
foreach ($array as $product) {
if($product == "") {
//prevent user from returning back to payment page after checkout.
header('Location: index.php');
}
else {
//fetch primary key value
$sql = "SELECT customer_id FROM customer_information ORDER BY customer_id DESC LIMIT 1";
$idValue = $connect->query($sql);
$idValueResult = $idValue->fetch_assoc();
$customerID = $idValueResult['customer_id'];
//prepared statement
$compile = $connect->prepare("INSERT INTO customer_order (cust_id, productName, quantity, price, pax) VALUES (?, ?, ?, ?, ?)");
$compile->bind_param("isiii", $customerID, $product['name'],$product['quantity'], $product['price'], $product['pax']);
$compile->execute();
$compile->close();
}
}
}
session_destroy();
$connect->close();
}
?>
</article>
<?php
include "footer.inc.php";
?>
</body>
答案 0 :(得分:3)
有一种称为PRG(POST-Redirect-GET)的模式,可通过浏览器的后退按钮处理这种烦恼。
基本上,您可以发布到页面,执行您的操作,然后重定向到第二个页面,该页面将不再执行该操作。
这是一篇不错的文章,对其进行了详细说明。
答案 1 :(得分:0)
在结帐后添加以下内容:
<?php
header("Location: /index.php");
exit();
location标头告诉浏览器重定向,退出会停止脚本执行,还请注意,如果您已经向浏览器发送了任何输出(例如echo或顶部的html代码),它将不会工作。
您应该单独处理结帐,在此结账不会发送到浏览器。
例如,您可以使用结帐代码创建一个单独的文件,然后将其包括在<html>标记之前,然后如果未提交任何内容,则在脚本中不执行任何操作,如果提交了表单,则对其进行处理然后执行重定向。