I have 3 pages that deal with the checkout
checkout - displays totals, user enters shipping method + CC info
checkout confirm - displays new totals with shipping and makes sure things are ok
order complete - displays order number and order info
whats the best way to make sure people are taking the right steps to go through the forms?
HTTP_REFERER seems to be completely useless for security because it can be turned off by browsers.
I was going to use
Code: Select all
<?php
if(!$_POSTї'Submit'])
{
header("Location: sc_checkout.php");
exit;
}
?>session variables? If someone goes to checkout confirm I could set a variable, but if they go to that page from my site - it sets the var, then they make their own form to change prices it would still work.
Anyone have any thoughts? thanks!