diff options
Diffstat (limited to 'php/pay.php')
| -rw-r--r-- | php/pay.php | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/php/pay.php b/php/pay.php index e5bd268..25b2d6a 100644 --- a/php/pay.php +++ b/php/pay.php @@ -10,9 +10,18 @@ return; } // Get coins. - $body = file_get_contents('php://input'); - $response = post_to_backend("/pay", json_decode($body)); + $body = json_decode(file_get_contents('php://input')); + + if ($_SESSION["order_id"] != $body->order_id){ + echo build_error($response, + "Mismatch between the product ordered and the one attempted to be paid", + 406); + return; + } + + $response = post_to_backend("/pay", $body); http_response_code($response['status_code']); + if (200 != $response['status_code']){ echo build_error($response, "Could not send payment to backend", |