Redirect after user registration in checkout fails with custom prices

  • Posts: 15
  • Thank you received: 0
  • Hikashop Multisite
1 week 2 days ago #371505

-- HikaShop version -- : 6.1.0
-- Joomla version -- : 5.4.3
-- PHP version -- : 8.3.21
-- Browser(s) name and version -- : Firefox 149.0.2

What goes wrong:
The checkout controller has a variable $checkout_itemid, that’s not always defined but always required. This creates broken url’s like “/component/hikashop/checkout/show/cid-3?Itemid=”. This url reroutes back the start of checkout instead of step 3 of the checkout.
Important note: Our site has different prices for different ACL levels → public ACL has different prices than registered.

Why this goes wrong:
in components/com_hikashop/controllers/checkout.php line 455 checks if $valid and checks if the current marker is equal to the new marker. In our case the marker ‘full_price’ changes because our prices change based on ACL. This causes the →show function to be triggered. See attachment Hikashop marker logic error



In the show function are multiple lines that assume that $checkout_itemid is defined, but that’s only the case if $task != ‘submitstep’. When dumping the $task variable it’s filled with the string ‘submitstep’. This none of the code from 141 to 208 to be called. This includes defining $checkout_itemid. Lines 219 untill 237 all assume that $checkout_itemid is defined, but in this case it’s not.
At the end of the show function are 4 instances of $checkout_itemid where it’s possible that $checkout_itemid not defined

Sidenote:
In the submitstep function on line 468, it does define the $checkout_itemid variable, but that’s only after →show is already triggered because of the new marker value, and show already redirects.

Attachments:

Please Log in or Create an account to join the conversation.

  • Posts: 85507
  • Thank you received: 13986
  • MODERATOR
1 week 2 days ago #371513

Hi,

You are absolutely right and your analysis is spot on. Thank you for the detailed report with line numbers and screenshots, that made it really easy to confirm.

The issue is exactly as you described: when show() is called from submitstep() after a marker change (which is what happens when the prices change because the user just registered and now belongs to a different ACL with different prices), the check "if($task != 'submitstep')" skips the block where $checkout_itemid is initialized. But the variable is still used afterwards when building the redirect URLs, which results in the broken "?Itemid=" you observed.

I have applied a fix on our end and pushed it to the 6.4.0 release package. You can download the latest package from your member area on our website and install it over your existing installation to apply the fix. That should resolve the redirect loop on your custom-pricing setup.

The following user(s) said Thank You: E. van Doorne

Please Log in or Create an account to join the conversation.

Time to create page: 0.361 seconds
Powered by Kunena Forum