Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

OscSid in Checkout Form


dahammer2

Recommended Posts

Hi

 

I'm using the snapshot from 2 days ago.

When proceding to the "Checkout_confirmation.php" page after selecting my desired payment gateway this page generates the form for posting to desired processor.

the relevant code:

 echo tep_draw_form('checkout_confirmation', $form_action_url, 'post');



 if (is_array($payment_modules->modules)) {

   echo $payment_modules->process_button();

 }



 echo tep_image_submit('button_confirm_order.gif', IMAGE_BUTTON_CONFIRM_ORDER) . '</form>' . "n";

 

Somehow a hidden field "oscSid" is added to this form even tho no where does the code spefically add it. If for instance I changed the above code to this

<form >

test

<input type="hidden" name="bill" value="bob">

</form>

the output would be like this

<form ><input type="hidden" name="osCsid" value="2405fdf16da53f47f1563a6d43cfa1d7" />

test

<input type="hidden" name="bill" value="bob">

</form>

 

I did a test on my local win2k box and this doesn't occur so I imagine some apache/*nix magic is happening here.

 

The problem is that some payment processors fallover if you send it exta post fields that it doesn't recognise.

Can I turn this off for just this page/form?

Link to comment
Share on other sites

It is added from the process_button function in all of the payment modules.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

It is added from the process_button function in all of the payment modules.

 

I can't see how thats possible as in one example I don't even call that function. (plus I can't even see hte oscSid in the process button function)

 

Its something added to all forms through out the whole site

 

If i put this static html into the page

 

<form > 

test 

<input type="hidden" name="bill" value="bob"> 

</form>

I get this as the output

<form ><input type="hidden" name="osCsid" value="2405fdf16da53f47f1563a6d43cfa1d7" /> 

test 

<input type="hidden" name="bill" value="bob"> 

</form>

 

 

And only on apache/*nix versions.

This suggests that there is some sort of session management in place and some sort of module that automatically writes the session id to forms.

 

if you goto www.boeschcomputing.com.au/os/default.php you can see that all forms on every page has this oscSid.

You can login as

"[email protected]" password "12345"

and goto the checkout and see I've removed the process button.

But if you look at the html source u will see a dummy form as above.

 

This is just a test site i whacked up to test it on a *nix machine, so don't worry about breaking anything.

Link to comment
Share on other sites

The tep_href_link function automatically adds the session in those cases.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

My whole point is that I'm calling <b>no</b> functions

 

I'm just inserting a static html form into any .php file which has the oscommerce includes.

 

i.e.

<form >

test

<input type="hidden" name="bill" value="bob">

</form>

 

No functions are called, yet is still out puts the oscsid as ahidden form field. Obviously something is going on I'm unaware off but its not via the calling of one of the standard html output functions.

 

 

Thanks

 

Hamish

Link to comment
Share on other sites

Since osC disables use_trans_sid and you are not calling any functions, I do not see how the session id can be getting added.

 

Just for grins, disable use_trans_sid in your php.ini and see if that does not help.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

Ok

 

Well, its on a shared hosting account so its not easy for me to edit the php.ini file.

 

I tried turning it off via

 

ini_set('session.use_trans_sid','0');

echo ini_get('session.use_trans_sid');

 

But it still tells me its enabled.

But for the recored, this would be the problem you think?

Link to comment
Share on other sites

If use_trans_sid is enabled that is what is doing it.

 

Since you are on a shared server, the easiest way to do this is to edit your public_html/.htaccess file and add:

php_value session.use_trans_sid 0

Try that and see what happens.

"Great spirits have always found violent opposition from mediocre minds. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - A. Einstein

Link to comment
Share on other sites

  • 4 years later...

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...