diff options
Diffstat (limited to 'php')
| -rw-r--r-- | php/order.php | 2 | ||||
| -rw-r--r-- | php/pay.php | 13 |
2 files changed, 12 insertions, 3 deletions
diff --git a/php/order.php b/php/order.php index aa77b3e..bc6d824 100644 --- a/php/order.php +++ b/php/order.php @@ -41,7 +41,7 @@ 'timestamp' => "/Date(" . $now->getTimestamp() . ")/", 'fulfillment_url' => - url_rel("/fulfillment.php"), + url_rel("/fulfillment.php?order_id=$order_id"), 'pay_url' => url_rel("/pay.php"), 'refund_deadline' => diff --git a/php/pay.php b/php/pay.php index e5bd268..25b2d6a 100644 --- a/php/pay.php +++ b/php/pay.php @@ -10,9 +10,18 @@ return; } // Get coins. - $body = file_get_contents('php://input'); - $response = post_to_backend("/pay", json_decode($body)); + $body = json_decode(file_get_contents('php://input')); + + if ($_SESSION["order_id"] != $body->order_id){ + echo build_error($response, + "Mismatch between the product ordered and the one attempted to be paid", + 406); + return; + } + + $response = post_to_backend("/pay", $body); http_response_code($response['status_code']); + if (200 != $response['status_code']){ echo build_error($response, "Could not send payment to backend", |