adapt PHP shop

2 files changed, 5 insertions, 12 deletions

diff --git a/php/pay.php b/php/pay.php
index fd9dcee..fabb415 100644
--- a/php/pay.php
+++ b/php/pay.php
@@ -13,17 +13,10 @@
   $body = json_decode(file_get_contents("php://input"));
 
   $response = post_to_backend("/pay", $body);
-  $proposal_data = json_decode($response["body"])->proposal_data;
-  /**
-   * NOTE: the order id is fetched from the data returned by the
-   * backend. This information is then shown in the final page from
-   * the fulfillment URL. This way, if a malicious wallet sends a
-   * old deposit permission for a new donation, then the user can
-   * still detect that, since the old order id would be shown on
-   * the fulfillment page.
-   */
-  $_SESSION["order_id"] = $proposal_data->order_id;
+  $body = json_decode($response["body"]);
+  $_SESSION["order_id"] = $body->contract_terms->order_id;
   http_response_code($response["status_code"]);
+  header("Content-Type: application/json");
 
   if (200 != $response["status_code"]){
     echo build_error($response,
@@ -33,5 +26,6 @@
   }
   // Payment went through!
   $_SESSION["paid"] = true;
+  echo json_encode($body);
   return;
 ?>
diff --git a/php/track-transaction.php b/php/track-transaction.php
index c1c4ba6..d148e04 100644
--- a/php/track-transaction.php
+++ b/php/track-transaction.php
@@ -30,8 +30,7 @@
   if (202 == $response["status_code"]){
     $pretty_date = get_pretty_date($decoded->details->execution_time);
     echo "<p>The exchange accepted the transaction.
-          The estimated time for when the related wire transfer
-          is to be performed is: $pretty_date</p>";
+          The exchange will attempt the payment on: $pretty_date</p>";
     return;
   }