diff options
-rw-r--r-- | php/pay.php | 14 | ||||
-rw-r--r-- | php/track-transaction.php | 3 |
2 files changed, 5 insertions, 12 deletions
diff --git a/php/pay.php b/php/pay.php index fd9dcee..fabb415 100644 --- a/php/pay.php +++ b/php/pay.php @@ -13,17 +13,10 @@ $body = json_decode(file_get_contents("php://input")); $response = post_to_backend("/pay", $body); - $proposal_data = json_decode($response["body"])->proposal_data; - /** - * NOTE: the order id is fetched from the data returned by the - * backend. This information is then shown in the final page from - * the fulfillment URL. This way, if a malicious wallet sends a - * old deposit permission for a new donation, then the user can - * still detect that, since the old order id would be shown on - * the fulfillment page. - */ - $_SESSION["order_id"] = $proposal_data->order_id; + $body = json_decode($response["body"]); + $_SESSION["order_id"] = $body->contract_terms->order_id; http_response_code($response["status_code"]); + header("Content-Type: application/json"); if (200 != $response["status_code"]){ echo build_error($response, @@ -33,5 +26,6 @@ } // Payment went through! $_SESSION["paid"] = true; + echo json_encode($body); return; ?> diff --git a/php/track-transaction.php b/php/track-transaction.php index c1c4ba6..d148e04 100644 --- a/php/track-transaction.php +++ b/php/track-transaction.php @@ -30,8 +30,7 @@ if (202 == $response["status_code"]){ $pretty_date = get_pretty_date($decoded->details->execution_time); echo "<p>The exchange accepted the transaction. - The estimated time for when the related wire transfer - is to be performed is: $pretty_date</p>"; + The exchange will attempt the payment on: $pretty_date</p>"; return; } |