Access Forbidden on checkout step 1

  • Posts: 24
  • Thank you received: 0
  • Hikashop Business Hikashop Essential
3 months 5 days ago #304903

-- HikaShop version -- : 4.0.2
-- Joomla version -- : 3.9.4
-- PHP version -- : 7.2.15
-- Browser(s) name and version -- : Chrome
-- Error-message(debug-mod must be tuned on) -- : Access Forbidden

This error has occurred on 2 different sites on two different servers but both running Hikashop and Sh404 for SEF URL's. On step one of the checkout process the Joomla message appears "Access Forbidden". I thought this was an SH404 problem as I could workaround the issue by using the Joomla router and not the Sh404 one (default). I lodged a ticket with them and replicated a test site for them to check. They have come back and said that is not their plugin as they can get this issue even when SH404 is uninstalled.

Their comments were;
"I actually downloaded a backup of the site to debug the issue until I thought of testing this without sh404SEF and without Joomla SEF: the error was happening, even without sh404SEF on the site!

So this pointed at a bug in Hikashop - as the checkout should work with or without SEF URLs enabled. It took a bit of digging but I found out they are doing something that's cannot work if their SEF system is not used (ie not compatible with Joomla API).

The fix is easy but it must be done in their code, in file /components/com_hikashop/views/checkout/tmpl/show.php. It looks like this:
<?php
/**
* @package HikaShop for Joomla!
* @version 4.0.2
* @author hikashop.com
* @copyright (C) 2010-2019 HIKARI SOFTWARE. All rights reserved.
* @license GNU/GPLv3 www.gnu.org/licenses/gpl-3.0.html
*/
defined('_JEXEC') or die('Restricted access');
?><form action="<?php echo $this->checkoutHelper->completeLink('cid='. $this->step, false, false, false, $this->itemid); ?>" method="post" id="hikashop_checkout_form"


and it must be changed to:
<?php
/**
* @package HikaShop for Joomla!
* @version 4.0.2
* @author hikashop.com
* @copyright (C) 2010-2019 HIKARI SOFTWARE. All rights reserved.
* @license GNU/GPLv3 www.gnu.org/licenses/gpl-3.0.html
*/
defined('_JEXEC') or die('Restricted access');
?><form action="<?php echo $this->checkoutHelper->completeLink('ctrl=checkout&cid='. $this->step, false, false, false, $this->itemid); ?>" method="post" id="hikashop_checkout_form"


ie there's an added ctrl=checkout& bit in there.

Currently they are adding this ctrl=checkout bit in their router.php file but that's not an API-compatible design because when a 3rd party SEF extension is used, their router.php file is not used at all.

I would suggest your report the detailed issue with them, especially the fact that the checkout does not work when only using non-SEF URLs in Joomla - that is when sh404SEF is NOT there and cannot be suspected to cause any issue."

Would this be able to be rectified in a subsequent release?

Please Log in or Create an account to join the conversation.

  • Posts: 66041
  • Thank you received: 9666
  • MODERATOR
3 months 4 days ago #304911

Hi,

The removal of the ctrl parameter was especially added to address such issue and avoid having the "checkout" element to the SEF URL when the menu item used for the checkout is already a checkout type menu item, which is redundent information :
www.hikashop.com/forum/checkout/877600-checkout-checkout.html
Also, I can guarantee you that this works without any change to the code without the SEF activated with the latest version of HikaShop.
Now, I understand that sh404SEF actually only use half of the router to generate the URLs but not parsing half so I understand that this technic would create a problem with their extension.
So we would still like to keep that improvement but not break sh404sef.
If they could give the PHP code to use to know whether sh404sef is installed and activated or not, we could add some exception for it on our end and have the best of both worlds.
Coudl you check with them ?

Please Log in or Create an account to join the conversation.

  • Posts: 24
  • Thank you received: 0
  • Hikashop Business Hikashop Essential
3 months 3 days ago #304984

Here is their reply...

"Hi
Also, I can guarantee you that this works without any change to the code without the SEF activated with the latest version of HikaShop - This is incorrect on your site. Please tell them and let them test.

Now, I understand that sh404SEF actually only use half of the router to generate the URLs but not parsing half so I understand that this technique would create a problem with their extension - Not with sh404SEF but with all other SEF URL extensions.

If they could give the PHP code to use to know whether sh404sef is installed and activated or not, we could add some exception for it on our end and have the best of both worlds - That's easy: defined('SH404SEF_IS_RUNNING')

If they need/want to go any further they can contact me at This email address is being protected from spambots. You need JavaScript enabled to view it. of course. But they should test the fact that this does not work and generate the same issue (at least on your 2 sites) when SEF is disabled."


If you go to test.pumpkincutter.co.nz/ and buy the knife, proceed to checkout and then go through the process, after a Next or Two you get Access Forbidden. I can confirm that in the Global Configuration SEF URL's is off and SH404 component config, SEF URL's is also off. The checkout page uses this URL - test.pumpkincutter.co.nz/index.php?optio...yout=show&Itemid=311 so clearly a non-SEF url.

Please let me know if you need access to the test admin

Please Log in or Create an account to join the conversation.

  • Posts: 66041
  • Thank you received: 9666
  • MODERATOR
3 months 2 days ago #304991

Hi,

You're using HikaShop 4.0.2 on that website. Update to HikaShop 4.0.3, where there is a patch to make it work with the Joomla SEF turned off and you'll see it works just fine.

Please Log in or Create an account to join the conversation.

Time to create page: 0.059 seconds
Powered by Kunena Forum