-1

I have a wordpress site, created a plugin that creates a URL and then it's supposed to go to that URL. I created a shortcode for it as well. I have a pop-up that runs when I click a button and inside that pop-up I have the shortcode. It works if my plugin code is just a simple return 'Hello World', however with my code (below) as soon as I load the page it will go to the URL. I need it to only run when I open my pop-up. Been trying to fix this for over a day and it's driving me nuts.

<?php
/*
Plugin Name: Keystone AR Payments
Description: Allows customers to make online payments
Version: 1.0
Author: Jeff Margel
*/
function keystone_ar_payments(){
    global $wpdb;
    $table = 'tblAR';
    $current_user = wp_get_current_user(); 
    $user_id      = $current_user->user_login;

$db = new mysqli('localhost', 'wp_user', 'wp_password', 'wp_database');

// Check for connection errors
if ($db->connect_error) {
    die('Connection failed: ' . $db->connect_error);
}

// Query the tblAR table for invoice numbers and amount


$sql = "SELECT * FROM $table WHERE customer_number = '$user_id' AND select_invoice = 'YES'";
$result = $db->query($sql);

// Check for query errors
if (!$result) {
    die('Query failed: ' . $db->error);
}

    $invoices = '';
    $amount_total = 0;
    $cus_name = '';
    $cus_address = '';
    $cus_city = '';
    $cus_state = '';
    $cus_zip = '';


        while ($row = $result->fetch_assoc()) {
             $invoices .= $row['invoice_number'] . ',';
             $amount_total += $row['amount'];
             $cus_name = $row['cus_name'];
             $cus_address = $row['cus_address'];
             $cus_city = $row['cus_city'];
             $cus_state = $row['cus_state'];
             $cus_zip = $row['cus_zip'];
        }
        $cus_name = trim($cus_name);
        $cus_address = trim($cus_address);
        $cus_city = trim($cus_city);
        $cus_state = trim($cus_state);
        $cus_zip = trim($cus_zip);
        
        $invoices = rtrim($invoices, ',');
        
        $url = 'https://cphppdemo.securepayments.cardpointe.com/?cf_CustomField0=' . urlencode($invoices) . '&total=' . urlencode($amount_total) . '&customerId=' . urlencode($user_id) . '&billCompany=' . urlencode($cus_name) . '&billAddress1=' . urlencode($cus_address) . '&billCity=' . urlencode($cus_city) . '&billState=' . urlencode($cus_state) . '&billZip=' . urlencode($cus_zip);

wp_redirect( $url );
exit;
}
add_shortcode('keystone_ar_payments', 'keystone_ar_payments');
?>

It works if I change the code to a simple return 'Hello World' so I know the pop-up is working and can run shortcodes. For some reason the browser is running the wp_redirect code on pageload and which it should only fire during the button click.

Jeff Margel
  • 9
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman Mar 26 '23 at 13:05

1 Answers1

0

The issue with your plugin is that the wp_redirect function is being executed immediately when the shortcode is processed. This happens because the wp_redirect function sends a header redirect to the browser, and headers must be sent before any content is output to the browser.

To fix this, you can add a query parameter to the URL that triggers the shortcode when it is set. Example:

function keystone_ar_payments(){
    global $wpdb;

    // Check if the flag is set
    if (!isset($_GET['keystone_ar_payments'])) {
        return '';
    }

    // Your code here
    // ...

    $url = 'https://cphppdemo.securepayments.cardpointe.com/?cf_CustomField0=' . urlencode($invoices) . '&total=' . urlencode($amount_total) . '&customerId=' . urlencode($user_id) . '&billCompany=' . urlencode($cus_name) . '&billAddress1=' . urlencode($cus_address) . '&billCity=' . urlencode($cus_city) . '&billState=' . urlencode($cus_state) . '&billZip=' . urlencode($cus_zip);

    // Remove this line
    // wp_redirect( $url );

    // Return the URL as the shortcode output
    return '<a href="' . esc_url(add_query_arg('keystone_ar_payments', '1')) . '">Make Payment</a>';
}
add_shortcode('keystone_ar_payments', 'keystone_ar_payments');
4efirrr
  • 231
  • 1
  • 5
  • Thank you for the reply! I will work with it now. – Jeff Margel Mar 25 '23 at 16:39
  • I tried your code, in the pop-up nothing seems to be happening. So i then put the shortcode in the button URL. It opens a browser window but the URL showing is: about:blank#blocked Any idea why it might be doing that? – Jeff Margel Mar 25 '23 at 16:48
  • I thought it was the url so I changed it to http://www.example.com but still getting the same error. – Jeff Margel Mar 25 '23 at 16:54
  • Still need help. I tried every which way and still getting the about:blank#blocked. I have the shortcode being called by a button. Any advice? – Jeff Margel Mar 27 '23 at 13:31
  • I even created another page, put the shortcode in the text block (I am using WP Bakery, aka Visual Composer) then had the button navigate to that page. It's running the code but when it gets to the redirection, nothing happens. For some reason (tried 3 different browsers) it refuses to do the redirect. – Jeff Margel Mar 27 '23 at 14:31
  • I created a test.php with the header function and it works. I then stripped my code down to this, it it won't redirect. Something about using redirects in shortcodes don't work? Is this a bug in PHP? – Jeff Margel Mar 27 '23 at 14:44