Okay so I'm trying to make a secure download system where a certain buyer with a specific license number has access to a download which he can download twice before his permission is lifted. In order to do this I've got a 'count' column next to a 'product_id' and 'license_number' column in the same row. The product id and license number are automatically generated and passed onto the buyer when my paypal ipn script confirms it.
Now here's the problem: when they access the download page with the correct variables the count gets updated by +1, but for some reason this sql query is run twice and I get +2 in my database actually. I have already changed it a bit to check the value first and then change accordingly (to see if that fixes the error) but the error still isn't fixed.
I personally think that maybe me calling a file to download makes the script run twice or am I wrong here?
This is the code:
<?php
include ('../storescripts/connect_to_mysql.php');
// Looks first if the post variables have been set
if(!isset($_GET['id']) && ($_GET['lcn'])){
// Error output
echo 'The big PHP monster will not accept you into his cave without bringing an offering of variables!';
} else {
// Set the variables
$id = $_GET['id'];
$license_number = $_GET['lcn'];
// Check if there is such a thing (Yes, aliens) as the given id and license number
$sql = mysql_query("SELECT * FROM secure_downloads WHERE product_id ='$id' AND license_number ='$license_number' LIMIT 1");
$result = mysql_num_rows($sql);
if($result > 0){
// Now update the download count
// Check first if the count is 0
// Make a variable from the count sql
$sql_count = mysql_query("SELECT * FROM secure_downloads WHERE product_id='$id' AND license_number='$license_number' LIMIT 1");
while($row = mysql_fetch_assoc($sql_count)){
$count = $row['count'];
}
// Check if the count is above two
if ($count >= 2){
// Download has already been downloaded 2 times, do not allow download
echo 'The download limit for this file has been reached.';
exit();
} else if ($count = 0) {
// Everything is alright, start downloading
// Force the file download
$file = 'test.jpg';
// Change the count to 1
mysql_query("UPDATE secure_downloads SET count=1 WHERE product_id = '$id' AND license_number = '$license_number'");
readfile($file);
exit();
} else if ($count = 1) {
// Everything is alright, start downloading
// Force the file download
$file = 'test.jpg';
// Change the count to 2
mysql_query("UPDATE secure_downloads SET count=2 WHERE product_id = '$id' AND license_number = '$license_number'");
header('Content-Description: File Transfer');
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename='.basename($file));
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
ob_clean();
flush();
readfile($file);
exit();
}
} else {
// It doesn't exist, tell the user either the variables were wrong or the
// download limit has been reached
echo 'Cannot download the file, either the link is wrong or the download limit has been reached';
}
}
?>
} else if ($count = 0) {
Change that to ==. Looks like you're assigning 0 to the variable count on each loop, which will probably be the cause of your woes.
There's another issue here:
} else if ($count = 1) {
Make sure all of your if statements use == (or ===) to compare, rather than = to assign.
Take a look at the server logs to see if you are actually getting two requests on the download URL? I have seen cases where certain browsers (particularly mobile browsers) actually make a HEAD request before doing the actual GET. If your code cannot differentiate between these two request types, it will execute twice.
In my case it was a missing path reference on favicon.ico ie. href="/favicon.ico" (good) vs href="favicon.ico" (bad).
The Ignas comment below Mike's answer helped, but it was confirmed in the logs. The missing path reference caused Apache2 mod_rewrite to map /controller/view/id as /controller/view/favicon.ico which of course led to a slew of PHP errors in the log like "PHP Notice: Undefined index: bar in foo.php line 83". I knew the index existed and I could see the value printed out right there in front of me.
Some tools to help others debug/confirm the issue.
<?php error_log($_SERVER['REQUEST_URI']); ?>
Use the command line to track the error. eg.
$ tail -F /var/log/apache2/error.log
Refresh and you'll notice something like this in your log twice (maybe more?).
Example:
[Thu Jan 11 03:20:44.211993 2018] [:error] [pid 21161] [client 192.168.0.1:34254] /controller/view/11, referer: http://localhost/controller/view/11
**NOTE: NO ERRORS HERE**
[Thu Jan 11 03:20:44.211993 2018] [:error] [pid 21161] [client 192.168.0.1:34254] /controller/view/favicon.ico, referer: http://localhost/controller/view/11
**NOTE: ERRORS START HERE** The line above is the culprit.
[Thu Jan 11 03:20:44.211993 2018] [:error] [pid 21161] [client 192.168.0.1:34254] PHP Notice: Undefined index: bar in foo.php line 83
[Thu Jan 11 03:20:44.211993 2018] [:error] [pid 21161] [client 192.168.0.1:34254] PHP Notice: Undefined index: bar2 in foo.php line 84
[Thu Jan 11 03:20:44.211993 2018] [:error] [pid 21161] [client 192.168.0.1:34254] PHP Notice: Undefined index: bar3 in foo.php line 85
It's a silly mistake, but that was not fun to fix. +1 for tailing the log file while working on your code. Thanks to Ignas and Mike as well. This is an older question, but it's the only Stack answer when you Google, "php script executing twice" so I thought I would contribute and expand on the other two ideas.