Page refresh when logging in within checkout

  • Posts: 78
  • Thank you received: 5
  • Hikashop Business
2 years 10 months ago #333555

-- HikaShop version -- : 4.4.3
-- Joomla version -- : 3.9.27
-- PHP version -- : 7.3.28
-- Browser(s) name and version -- : Chrome
-- Error-message(debug-mod must be tuned on) -- : None?

(This issue is on our staging server - please let me know if that is a problem)

Steps to reproduce:

1) Add to cart
2) View Cart
3) Log in

If I log in using another method and then try to check out, it also refreshes the page the first time when I click "Finish", but sometimes if I click Finish again, it goes through.

Also, when in the cart, if I click "X" to remove from the cart, it just refreshes the page.

I have tried with both "Redirect Joomla registration to HikaShop Plugin" activated and deactivated.

Please Log in or Create an account to join the conversation.

  • Posts: 81484
  • Thank you received: 13062
  • MODERATOR
2 years 10 months ago #333576

Hi,

If you do the login on the checkout, you can briefly see the login/registration form being replaced with the HTTP status 401 before the whole page is reloaded:
i.imgur.com/NM59E9Q.png
In fact, if you check the URL /index.php/hikashop-test/checkout/submitblock/tmpl-raw on your website, you can see the same message being returned by your website:
i.imgur.com/MviwbLQ.png
That 401 error is displayed by HikaShop's checkout when the token cannot be verified by Joomla.
I think it has something to do with the fact that the login request is done through AJAX. If I fill in the email and password in the login form and click on the finish button instead of the login button, the process works.
So I'm tempted to say this comes from another extension (or the template ?) messing with the form parameters in AJAX (when the "tmpl" parameter is set to "raw"). But hard to say more on this.
One thing you could try is to add a line:
var_dump($_REQUEST);
after the line:
echo '401';
in the file components/com_hikashop/controllers/checkout.php
That way, we might be able to confirm that the token is removed from the request when we arrive in the controller from HikaShop. But that won't tell us exactly what is causing the issue.
I'm afraid the way forward is to deactivate the system and hikashop plugins and switch the template, one by one to check which is causing the issue.

Please Log in or Create an account to join the conversation.

  • Posts: 78
  • Thank you received: 5
  • Hikashop Business
2 years 10 months ago #333591

Thanks for getting back to me! I'm not sure if I did that right... Here is the code I used:

if(!JSession::checkToken('request')) {
			$tmpl = hikaInput::get()->getCmd('tmpl', '');
			if(in_array($tmpl, array('ajax', 'raw'))) {
				echo '401';
				var_dump($_REQUEST);
				if(!headers_sent())
					header('X-Robots-Tag: noindex');
				exit;
			}
			jexit('Invalid Token');
		}

When implemented, and I enter the username/password and click Login, it first resulted in showing the full page nested in the main component column. When I refreshed and tried again, it seemed to log me in, but also showed the following:
401array(14) { ["login"]=> array(2) { ["username"]=> string(10) "XXXXXXXXXX" ["passwd"]=> string(10) "YYYYYYYY" } ["data"]=> array(2) { ["register"]=> array(6) { ["email"]=> string(0) "" ["email_confirm"]=> string(0) "" ["password"]=> string(0) "" ["password2"]=> string(0) "" ["id"]=> string(1) "0" ["gid"]=> string(1) "0" } ["address"]=> array(10) { ["address_firstname"]=> string(0) "" ["address_lastname"]=> string(0) "" ["address_company"]=> string(0) "" ["address_street"]=> string(0) "" ["address_city"]=> string(0) "" ["address_post_code"]=> string(0) "" ["address_telephone"]=> string(0) "" ["address_telephone2"]=> string(0) "" ["address_state"]=> string(18) "state_Alabama_4261" ["address_country"]=> string(36) "country_United_States_of_America_223" } } ["data_address_address_state_default_value"]=> string(17) "state_Rh__ne_1375" ["login_view_action"]=> string(5) "login" ["blocktask"]=> string(5) "login" ["cid"]=> string(1) "1" ["c642adcff8d4ae0f73312132a57d41c6"]=> string(1) "1" ["Itemid"]=> string(3) "457" ["option"]=> string(12) "com_hikashop" ["ctrl"]=> string(8) "checkout" ["task"]=> string(11) "submitblock" ["tmpl"]=> string(3) "raw" ["hikashop_front_end_main"]=> int(1) ["view"]=> string(8) "checkout" }

Ultimately, clicking "Finish" just refreshed the page, like before.


I did try to create a new menu item with no login modules and changed the overall template to protostar. Here is the new menu folder:

/index.php/hika3
/index.php/hika3/checkout

It resulted in the same refresh.

Last edit: 2 years 10 months ago by brentwilliams2.

Please Log in or Create an account to join the conversation.

  • Posts: 81484
  • Thank you received: 13062
  • MODERATOR
2 years 10 months ago #333592

Hi,

The login doesn't happen because Joomla cannot validate the token.
The var_dump line you've added shows that the token is properly sent to the server and is available in $_REQUEST.
So Joomla should have no issue validating it.

Now the token check here can be omitted as the security is still guaranteed by the main "finish" button.
So what you can do for now is this:
- remove the var_dump line from that code.
- change the line:
if(!JSession::checkToken('request')) {
to:
if(false) {
and it should then hopefully circumvent the problem.
However, the downside to this is that you might have similar issues elsewhere with the token not validating, and that you'll have to reapply that modification each time you update HikaShop.
The best would be to find out which extension / element on the server is causing the problem, deactivating them one by one as I was saying in my previous message, but that's a tedious work.

Please Log in or Create an account to join the conversation.

  • Posts: 78
  • Thank you received: 5
  • Hikashop Business
2 years 9 months ago #333662

Thanks, Nicolas. How does one deactivate a component? I thought that only modules/plugins can be deactivated...

Also, unfortunately that solution you gave didn't quite work completely. It did stop the page refresh, but once I hit Finish, it sent me to this page "index.php/hikashop-test/checkout/cid-1" and just said "Invalid Token".

Please Log in or Create an account to join the conversation.

  • Posts: 78
  • Thank you received: 5
  • Hikashop Business
2 years 9 months ago #334178

I thought I would update this for anyone who stumbles upon this down the road with a similar issue. Turns out this was not a Hikashop issue, or any other Joomla component. The issue was related to server-side caching. Apparently a lot of hosting companies are optimized for Wordpress (which authenticates users by cookie only), but not Joomla (being more secure and using form tokens), even though they might say that they are optimized for Joomla. I ended up finding Fotis with JoomlaWorks who worked us through all of the issues and found us a solution that was much faster than we had previously. So if you are having issues like I did, it is probably best to look at your server situation.

The following user(s) said Thank You: nicolas

Please Log in or Create an account to join the conversation.

  • Posts: 16
  • Thank you received: 2
  • Hikashop Business
2 years 1 week ago #340819

To add to Brent's message, I have encountered this issue when using the JCHOptimize plugin. Will update if a workaround is found.

The following user(s) said Thank You: nicolas

Please Log in or Create an account to join the conversation.

  • Posts: 122
  • Thank you received: 2
  • Hikaserial Subscription Hikashop Business
9 months 3 weeks ago #352629

What should be changed at the server to make it joomla optimized?

Last edit: 9 months 3 weeks ago by alexmartin.

Please Log in or Create an account to join the conversation.

Time to create page: 0.086 seconds
Powered by Kunena Forum