Thanks for getting back to me! I'm not sure if I did that right... Here is the code I used:
if(!JSession::checkToken('request')) {
$tmpl = hikaInput::get()->getCmd('tmpl', '');
if(in_array($tmpl, array('ajax', 'raw'))) {
echo '401';
var_dump($_REQUEST);
if(!headers_sent())
header('X-Robots-Tag: noindex');
exit;
}
jexit('Invalid Token');
}
When implemented, and I enter the username/password and click Login, it first resulted in showing the full page nested in the main component column. When I refreshed and tried again, it seemed to log me in, but also showed the following:
401array(14) { ["login"]=> array(2) { ["username"]=> string(10) "XXXXXXXXXX" ["passwd"]=> string(10) "YYYYYYYY" } ["data"]=> array(2) { ["register"]=> array(6) { ["email"]=> string(0) "" ["email_confirm"]=> string(0) "" ["password"]=> string(0) "" ["password2"]=> string(0) "" ["id"]=> string(1) "0" ["gid"]=> string(1) "0" } ["address"]=> array(10) { ["address_firstname"]=> string(0) "" ["address_lastname"]=> string(0) "" ["address_company"]=> string(0) "" ["address_street"]=> string(0) "" ["address_city"]=> string(0) "" ["address_post_code"]=> string(0) "" ["address_telephone"]=> string(0) "" ["address_telephone2"]=> string(0) "" ["address_state"]=> string(18) "state_Alabama_4261" ["address_country"]=> string(36) "country_United_States_of_America_223" } } ["data_address_address_state_default_value"]=> string(17) "state_Rh__ne_1375" ["login_view_action"]=> string(5) "login" ["blocktask"]=> string(5) "login" ["cid"]=> string(1) "1" ["c642adcff8d4ae0f73312132a57d41c6"]=> string(1) "1" ["Itemid"]=> string(3) "457" ["option"]=> string(12) "com_hikashop" ["ctrl"]=> string(8) "checkout" ["task"]=> string(11) "submitblock" ["tmpl"]=> string(3) "raw" ["hikashop_front_end_main"]=> int(1) ["view"]=> string(8) "checkout" }
Ultimately, clicking "Finish" just refreshed the page, like before.
I did try to create a new menu item with no login modules and changed the overall template to protostar. Here is the new menu folder:
/index.php/hika3
/index.php/hika3/checkout
It resulted in the same refresh.