Whoops! Sorry, but you are not allowed to perform the action requested

**strelitzia** · 23 Mar 2013, 10:11 PM

I have a custom tpl_checkout_shipping_default.php

Site functioned perfectly when running as v1.3.9h. Since upgrade i get a "Whoops! Sorry, but you are not allowed to perform the action requested." error and am redirected to /index.php?main_page=time_out when trying to move on from checkout_shipping if i selected out of bond, or in bond shipping.
I tracked it down to a problem with tpl_checkout_shipping_default.php.
If i put this file into a completely fresh install of zc1.51, along with the relevant shipping files in modules/shipping i get the same fault, so i know it isn't an issue caused by another module.
Comparing the zc1.3.9 tpl_checkout_shipping_default.php with the zc1.5.1 version they are identical, so theoretically the file should be ok, but not so.
I'm assuming some function within zc has changed and the custom coding in my file is not compatible, but i just don't know where.
Any help really appreciated because i've been trying all day to see what is wrong here and am now tearing out my hair.

Code is posted below:

<?php

* @version $Id: tpl_checkout_shipping_default.php 5316 2006-12-21 02:25:58Z drbyte $
*/

//print_r($_SESSION['shipping']);

$sel = $db->Execute('select Description from '. TABLE_TEXT_HEADER .'');
if ($sel->RecordCount() > 0) {
$text_header = $sel->fields['Description'];
}

$comments = $_POST['comments'];
?>
<?php
$ship_zone = $_POST['ship_zone'];
$sel_zone = $db->Execute('select * from '.TABLE_SHIP_ZONE.'');
if($sel_zone->RecordCount()>0){
while(!$sel_zone->EOF){
$zone_id = $sel_zone->fields['Id'];
$zonename = $sel_zone->fields['Zone_Name'];
$zonerate = $sel_zone->fields['Zone_Rate'];
$select_zone = $zone_id == $ship_zone ? 'selected="selected"' : '';
$zone_option .= '<option '.$select_zone.' value="'.$zone_id.'">'.$zonename.'</option>';
$sel_zone->MoveNext();
}
}
if($ship_zone){
$_SESSION['ship_zone'] = $ship_zone;
$sel_zone_rate = $db->Execute('select Zone_Rate from '.TABLE_SHIP_ZONE.' where Id = '.$ship_zone.'');
$zonerate = $sel_zone_rate->fields['Zone_Rate'];
}
?>
<script type="text/javascript" language="javascript">
function create_name(){
document.checkout_address.action.value = 'process';
}
</script>
<?php
$ship_type = $_POST['shipping_type'];
if($ship_type == 1){
$sel1 = 'selected="selected"';
$ship_type1 = 1;
}
if($ship_type == 2){
$sel2 = 'selected="selected"';
$ship_type1 = 2;
}

if($ship_type == 3){
$sel3 = 'selected="selected"';
$ship_type1 = 3;
}

if($ship_type == 4){
$sel4 = 'selected="selected"';
$ship_type1 = 4;
}

if($ship_type == 5){
$sel5 = 'selected="selected"';
$ship_type1 = 4;
}
if($ship_type1!=""){
$sel_ship_text = $db->Execute('select Description from '.TABLE_SHIPPING_TEXT.' where Shipping_Type = '.$ship_type1.'');
if ($sel_ship_text->RecordCount() > 0) {
$ship_text = '<div style="background-color:#393939; padding:7px;">'.$sel_ship_text->fields['Description'].'</div>';
}
}
?>
<div class="centerColumn" id="checkoutShipping">
<?php
if(($ship_type == 2) || ($ship_type == 3)){
echo zen_draw_form('checkout_address', zen_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
}else{
echo '<form name="checkout_address" action="" method="post">';
}
?>

<div style="background-color:#393939; padding:7px;"><?=$text_header?></div>
<h1 id="checkoutShippingHeading"><?php echo HEADING_TITLE; ?></h1>
<?php if ($messageStack->size('checkout_shipping') > 0) echo $messageStack->output('checkout_shipping'); ?>


<div id="order_steps">
<div class="order_steps_text">
<span id="active_step_text"><?php echo zen_image($template->get_template_dir(ORDER_STEPS_IMAGE, DIR_WS_TEMPLATE, $current_page_base,'images'). '/' . ORDER_STEPS_IMAGE, ORDER_STEPS_IMAGE_ALT); ?><br /><?php echo TEXT_ORDER_STEPS_1; ?></span><span class="order_steps_text2"><?php echo TEXT_ORDER_STEPS_2; ?></span><span class="order_steps_text3"><?php echo TEXT_ORDER_STEPS_3; ?></span><span class="order_steps_text4"><?php echo TEXT_ORDER_STEPS_4; ?></span>
</div>
<div class="order_steps_line_2">
<span class="progressbar_active"> </span><span class="progressbar_inactive"> </span><span class="progressbar_inactive"> </span><span class="progressbar_inactive"> </span>
</div>
</div>

<?php
if($ship_type == 1){ ?>
<h2 id="checkoutShippingHeadingAddress"><?php echo TITLE_SHIPPING_ADDRESS; ?></h2>

<div id="checkoutShipto" class="floatingBox back">
<?php if ($displayAddressEdit) { ?>
<div class="buttonRow forward"><?php echo '<a href="' . $editShippingButtonLink . '">' . zen_image_button(BUTTON_IMAGE_CHANGE_ADDRESS, BUTTON_CHANGE_ADDRESS_ALT) . '</a>'; ?></div>
<?php } ?>
<address class=""><?php echo zen_address_label($_SESSION['customer_id'], $_SESSION['sendto'], true, ' ', '<br />'); ?></address>
</div>
<div class="floatingBox important forward"><?php echo TEXT_CHOOSE_SHIPPING_DESTINATION; ?></div>
<br class="clearBoth" />
<?php
}
?>
<?php
if (zen_count_shipping_modules() > 0) {
?>

<h2 id="checkoutShippingHeadingMethod"><?php echo TABLE_HEADING_SHIPPING_METHOD; ?></h2>

<?php
if (sizeof($quotes) > 1 && sizeof($quotes[0]) > 1) {
?>

<div id="checkoutShippingContentChoose" class="important"><?php echo TEXT_CHOOSE_SHIPPING_METHOD; ?></div>

<?php
} elseif ($free_shipping == false) {
?>
<div id="checkoutShippingContentChoose" class="important"><?php echo TEXT_ENTER_SHIPPING_INFORMATION; ?></div>

<?php
}
?>
<?php
if ($free_shipping == true) {
?>
<div id="freeShip" class="important" ><?php echo FREE_SHIPPING_TITLE; ?> <?php echo $quotes[$i]['icon']; ?></div>
<div id="defaultSelected"><?php echo sprintf(FREE_SHIPPING_DESCRIPTION, $currencies->format(MODULE_ORDER_TOTAL_SHIPPING_FREE_SHIPPING_OVER)) . zen_draw_hidden_field('shipping', 'free_free'); ?></div>

<?php
} else {
$radio_buttons = 0; ?>

<fieldset>
<legend>Shipping</legend>
<?=$ship_text?><br />
Select Shipping Method: <select name="shipping_type" onchange="document.checkout_address.submit();">
<option value="">--Select--</option>
<option <?=$sel1?> value="1">Out Of Bond</option>
<option <?=$sel2?> value="2">En Primeur</option>
<option <?=$sel3?> value="3">Export</option>
<option <?=$sel4?> value="4">In Bond (Transfer)</option>
<option <?=$sel5?> value="5">In Bond (Collection)</option>
</select>
</fieldset>

<?php
//print_r($quotes);
for ($i=0, $n=sizeof($quotes); $i<$n; $i++) {
?>
<?
/***************** BOF Shipping type display***************************/
if ($quotes[$i]['module'] != '') {

**strelitzia** · 23 Mar 2013, 10:12 PM

Duplicated

**strelitzia** · 23 Mar 2013, 10:12 PM

Continued code as it said the post was too long:

/**************** BOF OUT OF BOND *******************/

if(($ship_type == 1) && ($quotes[$i]['module'] == 'Outofbond')){
?>
<fieldset>
<legend>
<?php echo $quotes[$i]['module']; ?> <?php if (isset($quotes[$i]['icon']) && zen_not_null($quotes[$i]['icon'])) { echo $quotes[$i]['icon']; } ?>
</legend>
<div>
Select Ship Zone: <select name="ship_zone" onchange="document.checkout_address.submit();">
<option value=""> --Select--</option>
<?=$zone_option?>
</select>
</div>
<?php
if($_POST['ship_zone'] != ""){
$c_id = $_SESSION['customer_id'];
$case_duty = 0;
$products_price = 0;
$sel_cust = $db->Execute('select products_id, customers_basket_quantity from '.TABLE_CUSTOMERS_BASKET.' where customers_id = '.$c_id.'');
if($sel_cust->RecordCount()>0){
while(!$sel_cust->EOF) {
$p_id = $sel_cust->fields['products_id'];
$basket_quantity = $sel_cust->fields['customers_basket_quantity'];
$sel_case = $db->Execute('select products_case_type, products_price from '.TABLE_PRODUCTS.' where products_id = '.$p_id.'');
if($sel_case->RecordCount()>0){
$p_model = $sel_case->fields['products_case_type'];
$p_price = $sel_case->fields['products_price'];
$res_duty = $db->Execute('select * from '.TABLE_CASE_DUTY.' where Case_Type = "'.$p_model.'"');
$duty1 = $res_duty->fields['Case_Duty'];
$duty = ($basket_quantity * $duty1);
$price = ($basket_quantity * $p_price);
//$z_rate = ($basket_quantity * $zonerate);
}

$case_duty = ($case_duty + $duty);
$products_price = ($products_price + $price);
//$zone_rate = $zone_rate + $z_rate;
$sel_cust->MoveNext();
}
}
$sel_tax = $db->Execute('select tax_rate from '.TABLE_TAX_RATES.' where tax_class_id = (select tax_class_id from '.TABLE_TAX_CLASS.' where tax_class_title = "VAT")');
if($sel_tax){
$vat = round($sel_tax->fields['tax_rate'],2);
}

$vat1 = round((($products_price + $case_duty + $zonerate) * ($vat/100)),2);
$rs = round(($case_duty + $zonerate + (($products_price + $case_duty + $zonerate) * ($vat/100))),2);
$sel_value = $db->Execute('select * from '.TABLE_SHIPPING_VALUE.' where shipping_module_code = "outofbond_outofbond" and customers_id = '.$_SESSION['customer_id'].'');
if($sel_value->RecordCount()>0){
$rs_ins = $db->Execute('update ' .TABLE_SHIPPING_VALUE. ' set shipping_cost = "'.$rs.'", date1 = "'.date("h:i:s").'" where shipping_module_code = "outofbond_outofbond" and customers_id = '.$_SESSION['customer_id'].'');
}else{
$rs_ins = $db->Execute('insert into ' .TABLE_SHIPPING_VALUE. ' set shipping_cost = "'.$rs.'", shipping_module_code = "outofbond_outofbond", customers_id = '.$_SESSION['customer_id'].', date1 = "'.date("H:i:s").'"');
}
echo zen_draw_hidden_field('action', '');
if (isset($quotes[$i]['error'])) { ?>
<div><?php echo $quotes[$i]['error']; ?></div>
<?php
} else {
for ($j=0, $n2=sizeof($quotes[$i]['methods']); $j<$n2; $j++) {
// set the radio button to be checked if it is the method chosen
$checked = (($quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'] == $_SESSION['shipping']['id']) ? true : false);
if ( ($checked == true) || ($n == 1 && $n2 == 1) ) {

}
$checked = 'checked="checked"';
?>
<?php
if ( ($n > 1) || ($n2 > 1) ) { ?>
<div class="forward">
<table width="150" cellpadding="0" cellspacing="0" border="0">
<tr>
<td>
Products Price:
</td>
<td align="right">
<?=$currencies->format($products_price)?>
</td>
</tr>
<tr>
<td>
Case Duty(cd):
</td>
<td align="right">
<?=$currencies->format($case_duty)?>
</td>
</tr>
<tr>
<td>
Carriage Cost(cc):
</td>
<td align="right">
<?=$currencies->format($zonerate)?>
</td>
</tr>
<tr>
<td>
VAT(v):
</td>
<td align="right">
<?=$currencies->format($vat1)?>
</td>
</tr>
<tr>
<td class="important">
Total(cd+cc+v):
</td>
<td class="important" align="right">
<?php echo $currencies->format(zen_add_tax($rs, (isset($quotes[$i]['tax']) ? $quotes[$i]['tax'] : 0))); ?>
</td>
</tr>
</table>

</div>
<?php
} else { ?>
<div class="important forward"><?php echo $currencies->format(zen_add_tax($quotes[$i]['methods'][$j]['cost'], $quotes[$i]['tax'])) . zen_draw_hidden_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id']); ?>
</div>
<?php
}
?>

<?php echo zen_draw_radio_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'], $checked, 'id="ship-'.$quotes[$i]['id'] . '-' . $quotes[$i]['methods'][$j]['id'].'"'); ?>
<label for="ship-<?php echo $quotes[$i]['id'] . '-' . $quotes[$i]['methods'][$j]['id']; ?>" class="checkboxLabel" ><?php echo $quotes[$i]['methods'][$j]['title']; ?></label>

<br class="clearBoth" />
<?php
$radio_buttons++;
}
}
} // end of if($_POST['ship_zone'])
?>
</fieldset><?
}

/******************** EOF OUT OF BOND *********************/

/******************* BOF En Primeur **********************/
if(($ship_type == 2) && ($quotes[$i]['module'] == 'En Primeur')){
echo zen_draw_hidden_field('action', '');
?>
<fieldset>
<legend><?php echo $quotes[$i]['module']; ?> <?php if (isset($quotes[$i]['icon']) && zen_not_null($quotes[$i]['icon'])) { echo $quotes[$i]['icon']; } ?></legend>

<?php
if (isset($quotes[$i]['error'])) {
?>
<div><?php echo $quotes[$i]['error']; ?></div>
<?php
} else {
for ($j=0, $n2=sizeof($quotes[$i]['methods']); $j<$n2; $j++) {
// set the radio button to be checked if it is the method chosen
$checked = (($quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'] == $_SESSION['shipping']['id']) ? true : false);

if ( ($checked == true) || ($n == 1 && $n2 == 1) ) {

}
$checked = 'checked="checked"';
?>
<?php
if ( ($n > 1) || ($n2 > 1) ) {
?>
<div class="important forward"><?php echo $currencies->format(zen_add_tax($quotes[$i]['methods'][$j]['cost'], (isset($quotes[$i]['tax']) ? $quotes[$i]['tax'] : 0))); ?></div>
<?php
} else {
?>
<div class="important forward"><?php echo $currencies->format(zen_add_tax($quotes[$i]['methods'][$j]['cost'], $quotes[$i]['tax'])) . zen_draw_hidden_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id']); ?></div>
<?php
}
?>

<?php echo zen_draw_radio_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'], $checked, 'id="ship-'.$quotes[$i]['id'] . '-' . $quotes[$i]['methods'][$j]['id'].'"'); ?>
<label for="ship-<?php echo $quotes[$i]['id'] . '-' . $quotes[$i]['methods'][$j]['id']; ?>" class="checkboxLabel" ><?php echo $quotes[$i]['methods'][$j]['title']; ?></label>

<br class="clearBoth" />
<?php
$radio_buttons++;
}
}
?>

</fieldset><?
}

/**************** EOF En Primeur *******************/

/**************** BOF Export *******************/

if(($ship_type == 3) && ($quotes[$i]['module'] == 'Export')){

echo zen_draw_hidden_field('action', '');
?>
<fieldset>
<legend><?php echo $quotes[$i]['module']; ?> <?php if (isset($quotes[$i]['icon']) && zen_not_null($quotes[$i]['icon'])) { echo $quotes[$i]['icon']; } ?></legend>

<?php
if (isset($quotes[$i]['error'])) {
?>
<div><?php echo $quotes[$i]['error']; ?></div>
<?php
} else {
for ($j=0, $n2=sizeof($quotes[$i]['methods']); $j<$n2; $j++) {
// set the radio button to be checked if it is the method chosen
$checked = (($quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'] == $_SESSION['shipping']['id']) ? true : false);

if ( ($checked == true) || ($n == 1 && $n2 == 1) ) {

}
$checked = 'checked="checked"';
?>
<?php
if ( ($n > 1) || ($n2 > 1) ) {
?>
<div class="important forward"><?php echo $currencies->format(zen_add_tax($quotes[$i]['methods'][$j]['cost'], (isset($quotes[$i]['tax']) ? $quotes[$i]['tax'] : 0))); ?></div>
<?php
} else {
?>
<div class="important forward"><?php echo $currencies->format(zen_add_tax($quotes[$i]['methods'][$j]['cost'], $quotes[$i]['tax'])) . zen_draw_hidden_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id']); ?></div>
<?php
}
?>

<?php echo zen_draw_radio_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'], $checked, 'id="ship-'.$quotes[$i]['id'] . '-' . $quotes[$i]['methods'][$j]['id'].'"'); ?>
<label for="ship-<?php echo $quotes[$i]['id'] . '-' . $quotes[$i]['methods'][$j]['id']; ?>" class="checkboxLabel" ><?php echo $quotes[$i]['methods'][$j]['title']; ?></label>

<br class="clearBoth" />
<?php
$radio_buttons++;
}
}
?>

</fieldset><?
}

/**************** EOF Export *************************/

/**************** BOF IN BOND *******************/

if(($ship_type == 4) && ($quotes[$i]['module'] == 'Inbond')){ ?>

<fieldset>
<legend><?php echo $quotes[$i]['module']; ?> <?php if (isset($quotes[$i]['icon']) && zen_not_null($quotes[$i]['icon'])) { echo $quotes[$i]['icon']; } ?></legend>

<?php
/**************** BOF trans/ship INBOND *******************/
//echo $location;
$ship_from = $_POST['ship_from'];
$res = $db->Execute('select * from '.TABLE_WAREHOUSES_TRANSFER_RATE.' where From_Location = "'.$location.'" order by From_Location,To_Location');
if ($res->RecordCount() > 0) {
while(!$res->EOF) {
$id = $res->fields['Id'];
$f_name = $res->fields['From_Location'];
$to_name = $res->fields['To_Location'];
if($id == $ship_from){
$selected = 'selected="selected"';
$toname = $to_name;
}else{
$selected = '';
}

$fromto .= '<option '.$selected.' value="'.$id.'">From '.$f_name.' To '.$to_name.'</option>';
$res->MoveNext();
}
}

?>
<?php
$sel_trans = $db->Execute('select Description from '.TABLE_TRANSFER_TEXT.'');
if ($sel_trans->RecordCount() > 0) {
$sel_trans = $sel_trans->fields['Description'];
}
?>
<div style="background-color:#393939; padding:7px;"><?=$sel_trans?></div><br />
<div style="width:350px;">
<div style="float:left;">
Select Transfer Location: <select name="ship_from" onchange="document.checkout_address.submit();">
<option value=""> --Select--</option>
<?=$fromto?>
</select>
</div>
</div> <br /><br /><br />
<?php
if($ship_from != ""){
$sel_cust = $db->Execute('select products_id, customers_basket_quantity from '.TABLE_CUSTOMERS_BASKET.' where customers_id = '.$_SESSION['customer_id'].'');
if($sel_cust->RecordCount()>0){
$basket_quan = 0;
while(!$sel_cust->EOF) {
$p_id = $sel_cust->fields['products_id'];
$basket_quantity = $sel_cust->fields['customers_basket_quantity'];
$basket_quan = $basket_quan + $basket_quantity;
$sel_cust->MoveNext();
}
}
//echo $basket_quan;
$sel_tax = $db->Execute('select tax_rate from '.TABLE_TAX_RATES.' where tax_class_id = (select tax_class_id from '.TABLE_TAX_CLASS.' where tax_class_title = "VAT")');
if($sel_tax){
$vat = round($sel_tax->fields['tax_rate'],2);
}
$rs1 = $db->Execute('select Rate, Rate_Per_Case, Case_Limit from '.TABLE_WAREHOUSES_TRANSFER_RATE.' where Id = '.$ship_from.'');
if($basket_quan > $rs1->fields['Case_Limit']){
$case_rate = $rs1->fields['Rate_Per_Case'];
$rs = $case_rate * $basket_quan;
}else{
$rs = $rs1->fields['Rate'];
}

//echo $rs;
$rs = $rs + ($rs *($vat/100));
$sel_value = $db->Execute('select * from '.TABLE_SHIPPING_VALUE.' where shipping_module_code = "inbond_inbond" and customers_id = '.$_SESSION['customer_id'].'');
if($sel_value->RecordCount()>0){
$rs_ins = $db->Execute('update ' .TABLE_SHIPPING_VALUE. ' set shipping_cost = "'.$rs.'", date1 = "'.date("h:i:s").'", To_Location = "'.$toname.'" where shipping_module_code = "inbond_inbond" and customers_id = '.$_SESSION['customer_id'].'');
}else{
$rs_ins = $db->Execute('insert into ' .TABLE_SHIPPING_VALUE. ' set shipping_cost = "'.$rs.'", shipping_module_code = "inbond_inbond", customers_id = '.$_SESSION['customer_id'].', date1 = "'.date("H:i:s").'", To_Location = "'.$toname.'"');
}
if (isset($quotes[$i]['error'])) {
?>
<div><?php echo $quotes[$i]['error']; ?></div>
<?php
} else {
echo zen_draw_hidden_field('action', '');
for ($j=0, $n2=sizeof($quotes[$i]['methods']); $j<$n2; $j++) {
// set the radio button to be checked if it is the method chosen
$checked = (($quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'] == $_SESSION['shipping']['id']) ? true : false);

if ( ($checked == true) || ($n == 1 && $n2 == 1) ) {

}
$checked = 'checked="checked"';
?>
<?php
if ( ($n > 1) || ($n2 > 1) ) {
?>
<div class="important forward"><?php echo $currencies->format(zen_add_tax($rs, (isset($quotes[$i]['tax']) ? $quotes[$i]['tax'] : 0))); ?></div>
<?php
} else {
?>
<div class="important forward"><?php echo $currencies->format(zen_add_tax($quotes[$i]['methods'][$j]['cost'], $quotes[$i]['tax'])) . zen_draw_hidden_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id']); ?></div>
<?php
}
?>

<?php echo zen_draw_radio_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'], $checked, 'id="ship-'.$quotes[$i]['id'] . '-' . $quotes[$i]['methods'][$j]['id'].'"'); ?>

<label for="ship-<?php echo $quotes[$i]['id'] . '-' . $quotes[$i]['methods'][$j]['id']; ?>" class="checkboxLabel" ><?php echo $quotes[$i]['methods'][$j]['title']; ?></label>

<br class="clearBoth" />
<?php
$radio_buttons++;
}
}
}
?>
<br /><br />
</fieldset><?
}
/******************** EOF IN BOND *********************/

/**************** BOF Collection INBOND *******************/

if(($ship_type == 5) && ($quotes[$i]['module'] == 'Collection')){
echo zen_draw_hidden_field('action', ''); ?>
<fieldset>
<legend>
<?php echo $quotes[$i]['module']; ?> <?php if (isset($quotes[$i]['icon']) && zen_not_null($quotes[$i]['icon'])) { echo $quotes[$i]['icon']; } ?>
</legend>
<?php
$sel_coll = $db->Execute('select Description from '.TABLE_COLLECTION_TEXT.'');
if ($sel_coll->RecordCount() > 0) {
$text_coll = $sel_coll->fields['Description'];
}
?>
<div style="background-color:#393939; padding:7px;"><?=$text_coll?></div><br />
<?php
if (isset($quotes[$i]['error'])) {
?>
<div><?php echo $quotes[$i]['error']; ?></div>
<?php
} else {
for ($j=0, $n2=sizeof($quotes[$i]['methods']); $j<$n2; $j++) {
// set the radio button to be checked if it is the method chosen
$checked = (($quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'] == $_SESSION['shipping']['id']) ? true : false);

if ( ($checked == true) || ($n == 1 && $n2 == 1) ) {

}
$checked = 'checked="checked"';
?>
<?php
//echo 'Hello'.$quotes[$i]['methods'][$j]['cost'];
if ( ($n > 1) || ($n2 > 1) ) {
?>
<div class="important forward"><?php echo $currencies->format(zen_add_tax($quotes[$i]['methods'][$j]['cost'], (isset($quotes[$i]['tax']) ? $quotes[$i]['tax'] : 0))); ?></div>
<?php
} else {
?>
<div class="important forward"><?php echo $currencies->format(zen_add_tax($quotes[$i]['methods'][$j]['cost'], $quotes[$i]['tax'])) . zen_draw_hidden_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id']); ?></div>
<?php
}
?>

<?php echo zen_draw_radio_field('shipping', $quotes[$i]['id'] . '_' . $quotes[$i]['methods'][$j]['id'], $checked, 'id="ship-'.$quotes[$i]['id'] . '-' . $quotes[$i]['methods'][$j]['id'].'"'); ?>
<label for="ship-<?php echo $quotes[$i]['id'] . '-' . $quotes[$i]['methods'][$j]['id']; ?>" class="checkboxLabel" ><?php echo $quotes[$i]['methods'][$j]['title']; ?></label>

<br class="clearBoth" />
<?php
$radio_buttons++;
}
}
?>
</fieldset>
<?php
}
/**************** EOF Collection INBOND *******************/

}
?>

<?php
}
}
?>

<?php
} else {
?>
<h2 id="checkoutShippingHeadingMethod"><?php echo TITLE_NO_SHIPPING_AVAILABLE; ?></h2>
<div id="checkoutShippingContentChoose" class="important"><?php echo TEXT_NO_SHIPPING_AVAILABLE; ?></div>
<?php
}
?>
<fieldset class="shipping" id="comments">
<legend><?php echo TABLE_HEADING_COMMENTS; ?></legend>
<textarea name="comments" cols="45" rows="3"><?=$comments?></textarea>
</fieldset>

<div class="buttonRow forward"><input type="image" src="includes/templates/template_default/buttons/english/button_continue_checkout.gif" alt="Continue" title=" Continue " onclick="create_name();" /><?php //echo zen_image_submit(BUTTON_IMAGE_CONTINUE_CHECKOUT, BUTTON_CONTINUE_ALT); ?></div>
<div class="buttonRow back"><?php echo '<strong>' . TITLE_CONTINUE_CHECKOUT_PROCEDURE . '</strong><br />' . TEXT_CONTINUE_CHECKOUT_PROCEDURE; ?></div>

</form>
</div>

**DrByte** · 24 Mar 2013, 12:14 AM

It could be your custom code which inserts direct HTML for

Code:

echo '<form name="checkout_address" action="" method="post">';

... since it doesn't use zen_draw_form() to output the HTML, and thus doesn't properly place the necessary XSS-protecting security token onto the page, and thus when you submit the form you're triggering a security error.

Instead of this:

Code:

<?php 
if(($ship_type == 2) || ($ship_type == 3)){
    echo zen_draw_form('checkout_address', zen_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL'));
}else{
    echo '<form name="checkout_address" action="" method="post">';
}
?>

I'd probably use the following shortened version instead (this is with ONLY looking at these lines of code, and not taking ANYTHING ELSE into consideration ... so there might be more issues at stake ... I'm just pointing out something that popped off the page at me for THIS SPECIFIC FEW LINES):

Code:

<?php 
echo zen_draw_form('checkout_address', ($ship_type==2 || $ship_type==3 ? zen_href_link(FILENAME_CHECKOUT_SHIPPING, '', 'SSL') : ''));
?>

**strelitzia** · 28 Mar 2013, 11:16 AM

Thank you ever so much Dr Byte. You were spot on. Worked a treat.
I'll remember this snippet of info for future use.

Thread: Whoops! Sorry, but you are not allowed to perform the action requested

Thread Tools

Search Thread

Display