[英]How to redirect user back to index.php after checkout page?
如何防止用戶在結帳后返回支付頁面? 目前,在用戶結帳后,當我點擊瀏覽器后退按鈕時,用戶仍然能夠返回到付款頁面,所有信息仍在表單上。 如何將用戶重定向回主頁,以便在用戶結帳后,當他們點擊后退按鈕時,而不是返回支付頁面,他們將被重定向回主頁(index.php ) 反而?
目前,在 saveOrderToTable function 下,我調用 session 數組來存儲用戶購買的所有產品。 提交按鈕后,我可以刪除數組,但不能刪除付款表單中的值。
我當前的付款頁面代碼:
<html>
<head>
<title>PAYMENT PAGE</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/header_footer.css">
<link rel="stylesheet" href="css/process_payment.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.4.0/js/bootstrap.min.js"></script>
<script src="js/bootstrap.min.js"></script>
</head>
<body>
<?php
include "navbar.inc.php";
?>
<article class="formvalidateOutput">
<?php
$key = 'qkwjdiw239&&jdafweihbrhnan&^%$ggdnawhd4njshjwuuO';
// Constants for accessing our DB:
define("DBHOST", "");
define("DBNAME", "");
define("DBUSER", "");
define("DBPASS", "");
$custname = $custemail = $custnumber = $streetadd = $blknumber = $unitnumber = $zipcode = $deldate = $deltime = $ccname = $ccnumber = $expdate = $ccvnumber = $errorMsg = "";
$success = true;
if (empty($_POST["custname"])) {
$errorMsg .= "First name is required.<br>";
$success = false;
} else {
$custname = sanitize_input($_POST["custname"]);
if (!preg_match("/^[a-zA-Z]+(([',. -][a-zA-Z ])?[a-zA-Z]*)*$/", $custname)) {
$errorMsg .= "Please enter a proper first name.<br>";
$success = false;
} else {
$custname = sanitize_input($_POST["custname"]);
}
}
if (empty($_POST["custemail"])) {
$errorMsg .= "Email is required.<br>";
$success = false;
} else {
$custemail = sanitize_input($_POST["custemail"]); // Additional check to make sure e-mail address is well-formed.
if (!filter_var($custemail, FILTER_VALIDATE_EMAIL)) {
$errorMsg .= "Invalid email format.<br>";
$success = false;
}
}
if (empty($_POST["custnumber"])) {
$errorMsg .= "Contact Number is required.<br>";
$success = false;
} else {
$custnumber = sanitize_input($_POST["custnumber"]);
if (!preg_match("/^([0-9]{8})$/", $custnumber)) {
$errorMsg .= "Please enter a valid contact number.<br>";
$success = false;
} else {
$custnumber = sanitize_input($_POST["custnumber"]);
}
}
if (empty($_POST["streetadd"])) {
$errorMsg .= "Address is required.<br>";
$success = false;
} else {
$streetadd = sanitize_input($_POST["streetadd"]);
if (!preg_match("/^([A-Za-z0-9\.\-\s\,])+$/", $streetadd)) {
$errorMsg .= "Please enter a valid address.<br>";
$success = false;
} else {
$streetadd = sanitize_input($_POST["streetadd"]);
}
}
if (empty($_POST["blknumber"])) {
$errorMsg .= "Blk number is required.<br>";
$success = false;
} else {
$blknumber = sanitize_input($_POST["blknumber"]);
if (!preg_match("/^([0-9]{3})$/", $blknumber)) {
$errorMsg .= "Please enter a valid blk number.<br>";
$success = false;
} else {
$blknumber = sanitize_input($_POST["blknumber"]);
}
}
if (empty($_POST["unitnumber"])) {
$errorMsg .= "Unit number is required.<br>";
$success = false;
} else {
$unitnumber = sanitize_input($_POST["unitnumber"]);
if (!preg_match("/^([0-9]{2}\-[0-9]{3})$/", $unitnumber)) {
$errorMsg .= "Please enter a valid unit number.<br>";
$success = false;
} else {
$unitnumber = sanitize_input($_POST["unitnumber"]);
}
}
if (empty($_POST["zipcode"])) {
$errorMsg .= "Zipcode is required.<br>";
$success = false;
} else {
$zipcode = sanitize_input($_POST["zipcode"]);
if (!preg_match("/^([0-9]{6})$/", $zipcode)) {
$errorMsg .= "Please enter a valid zipcode.<br>";
$success = false;
} else {
$zipcode = sanitize_input($_POST["zipcode"]);
}
}
if (empty($_POST["deldate"])) {
$errorMsg .= "Date is required.<br>";
$success = false;
} else {
$deldate = sanitize_input($_POST["deldate"]);
}
if ($_POST["deltime"] == "0") {
$errorMsg .= "Please select a time.<br>";
$success = false;
} else {
$deltime = $_POST["deltime"];
}
if (empty($_POST["ccname"])) {
$errorMsg .= "Credit card name is required.<br>";
$success = false;
} else {
$ccname = sanitize_input($_POST["ccname"]);
if (!preg_match("/^[a-zA-Z]+(([a-zA-Z ])?[a-zA-Z]*)*$/", $ccname)) {
$errorMsg .= "Please enter a valid credit card name.<br>";
$success = false;
} else {
$ccname = sanitize_input($_POST["ccname"]);
}
}
if (empty($_POST["ccnumber"])) {
$errorMsg .= "Credit Card Number is required.<br>";
$success = false;
} else {
$ccnumber = sanitize_input($_POST["ccnumber"]);
if (!preg_match("/^([0-9]{16})$/", $ccnumber)) {
$errorMsg .= "Please enter a valid credit card number.<br>";
$success = false;
} else {
$ccnumber = encryptthis(sanitize_input($_POST["ccnumber"]), $key);
}
}
if (empty($_POST["expdate"])) {
$errorMsg .= "Exp date is required.<br>";
$success = false;
} else {
$expdate = sanitize_input($_POST["expdate"]);
if (!preg_match("/^([0-9]{2}\/[0-9]{2})$/", $expdate)) {
$errorMsg .= "Please enter a valid exp date.<br>";
$success = false;
} else {
$expdate = encryptthis(sanitize_input($_POST["expdate"]), $key);
}
}
if (empty($_POST["ccvnumber"])) {
$errorMsg .= "CCV number is required.<br>";
$success = false;
} else {
$ccvnumber = sanitize_input($_POST["ccvnumber"]);
if (!preg_match("/^([0-9]{3})$/", $ccvnumber)) {
$errorMsg .= "Please enter a valid ccv number.<br>";
$success = false;
} else {
$ccvnumber = encryptthis(sanitize_input($_POST["ccvnumber"]), $key);
}
}
if ($success) {
saveCustomerInfoToDB();
savePaymentInfoToDB();
saveOrderToTable();
echo "<h1>Your Order Has been Placed!</h1>";
echo "<h2>Thank You For Your Support</h2>";
echo "<h3>Have A Nice Day</h3>";
header('Refresh:3; url=index.php');
exit();
} else {
echo "<h1>Please check your payment input!</h1>";
echo "<h4>The following input errors were detected:</h4>";
echo "<p>" . $errorMsg . "</p>";
header('Refresh:3; url=payment_information.php');
}
//Helper function that checks input for malicious or unwanted content.
function sanitize_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
function encryptthis($data, $key) {
$encryption_key = base64_decode($key);
$iv = openssl_random_pseudo_bytes(openssl_cipher_iv_length('aes-256-cbc'));
$encrypted = openssl_encrypt($data, 'aes-256-cbc', $encryption_key, 0, $iv);
return base64_encode($encrypted . '::' . $iv);
}
//Save user information into database.
function saveCustomerInfoToDB() {
global $custname, $custemail, $custnumber, $streetadd, $blknumber, $unitnumber, $zipcode, $deldate, $deltime, $errorMsg;
// Create connection
$conn = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME);
// Check connection
if ($conn->connect_error) {
$errorMsg = "Connection failed: " . $conn->connect_error;
}
else{ //prepared statement
$compile = $conn->prepare("INSERT INTO customer_information (name, email, mobileNumber, streetName, blkNumber, unitNumber, zipcode, deliveryDate, deliveryTime) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)");
$compile->bind_param("ssisssiss", $custname, $custemail, $custnumber, $streetadd, $blknumber, $unitnumber, $zipcode, $deldate, $deltime);
$compile->execute();
$compile->close();
$conn->close();
}
}
//Save user information into database.
function savePaymentInfoToDB() {
global $ccname, $ccnumber, $expdate, $ccvnumber, $errorMsg;
// Create connection
$conn = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME);
if ($conn->connect_error) {
$errorMsg = "Connection failed: " . $conn->connect_error;
}
else{ //prepared statement
$sql = "SELECT customer_id FROM customer_information ORDER BY customer_id DESC LIMIT 1";
$idValue = $conn->query($sql);
$idValueResult = $idValue->fetch_assoc();
$customerID = $idValueResult['customer_id'];
$compile = $conn->prepare("INSERT INTO customer_payment_information (customer_id, fullName, creditcardNumber, expiry, ccv) VALUES (?, ?, ?, ?, ?)");
$compile->bind_param("issss", $customerID, $ccname, $ccnumber, $expdate, $ccvnumber);
$compile->execute();
$compile->close();
$conn->close();
}
}
//Save user order into database.
function saveOrderToTable() {
session_start();
global $errorMsg;
$connect = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME);
$array = $_SESSION['shopping_cart'];
if ($connect->connect_error) {
$errorMsg = "Connection failed: " . $connect->connect_error;
} else {
foreach ($array as $product) {
if($product == "") {
//prevent user from returning back to payment page after checkout.
header('Location: index.php');
}
else {
//fetch primary key value
$sql = "SELECT customer_id FROM customer_information ORDER BY customer_id DESC LIMIT 1";
$idValue = $connect->query($sql);
$idValueResult = $idValue->fetch_assoc();
$customerID = $idValueResult['customer_id'];
//prepared statement
$compile = $connect->prepare("INSERT INTO customer_order (cust_id, productName, quantity, price, pax) VALUES (?, ?, ?, ?, ?)");
$compile->bind_param("isiii", $customerID, $product['name'],$product['quantity'], $product['price'], $product['pax']);
$compile->execute();
$compile->close();
}
}
}
session_destroy();
$connect->close();
}
?>
</article>
<?php
include "footer.inc.php";
?>
</body>
有一種稱為 PRG (POST-Redirect-GET) 的模式,它通過瀏覽器的后退按鈕來處理這種煩惱。
本質上,您可以發布到您的頁面,做您的事情,然后重定向到不會再次執行該操作的第二個頁面。
這是一篇體面的文章,更詳細地解釋了它。
結帳后添加:
<?php
header("Location: /index.php");
exit();
位置 header 告訴瀏覽器重定向,退出停止腳本執行,還要注意,如果您已將任何 output 發送到瀏覽器(例如echo
或 html 代碼,您將無法正常工作)。
您應該單獨處理結帳,其中沒有任何內容發送到瀏覽器。
例如,您可以使用您的結帳代碼創建一個單獨的文件,您將在<html>
標記之前包含該文件,然后如果沒有提交任何內容,則在腳本中不執行任何操作,如果提交了表單,處理它然后執行重定向.
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.