diff options
| author | Marcello Stanisci <marcello.stanisci@inria.fr> | 2016-02-19 18:26:03 +0100 |
|---|---|---|
| committer | Marcello Stanisci <marcello.stanisci@inria.fr> | 2016-02-19 18:26:03 +0100 |
| commit | c6a8d634ca1d34cd4b73fd1f27df67a06bd46410 (patch) | |
| tree | 7a6276a680d9d98b31bae8c65d3a77004332fa17 /src | |
| parent | 5892fc9024a2a53b85ea046b8bb31ab178cc0518 (diff) | |
| download | merchant-c6a8d634ca1d34cd4b73fd1f27df67a06bd46410.tar.gz merchant-c6a8d634ca1d34cd4b73fd1f27df67a06bd46410.tar.bz2 merchant-c6a8d634ca1d34cd4b73fd1f27df67a06bd46410.zip | |
blog: checking if the article to be displayed's name matches what has
been payed
Diffstat (limited to 'src')
| -rw-r--r-- | src/frontend_blog/essay_contract.php | 1 | ||||
| -rw-r--r-- | src/frontend_blog/essay_fulfillment.php | 7 | ||||
| -rw-r--r-- | src/frontend_blog/essay_pay.php | 19 |
3 files changed, 19 insertions, 8 deletions
diff --git a/src/frontend_blog/essay_contract.php b/src/frontend_blog/essay_contract.php index 03ba6c17..4130d161 100644 --- a/src/frontend_blog/essay_contract.php +++ b/src/frontend_blog/essay_contract.php @@ -63,7 +63,6 @@ session_start(); $payments = &pull($_SESSION, "payments", array()); $payments[$article] = array("ispayed" => false); - log_string("ctr ".article_state_to_str($payments[$article])); echo $resp->body->toString(); } ?> diff --git a/src/frontend_blog/essay_fulfillment.php b/src/frontend_blog/essay_fulfillment.php index 7c0b4538..fdb8bb35 100644 --- a/src/frontend_blog/essay_fulfillment.php +++ b/src/frontend_blog/essay_fulfillment.php @@ -26,13 +26,12 @@ return; } session_start(); - $payments = get($_SESSION['payments'], array()); - $my_payment = get($payments[$article]); - log_string("ffil " . article_state_to_str($my_payment)); + $payments = &pull($_SESSION, 'payments', array()); + $my_payment = &pull($payments, $article, array()); $pay_url = url_rel("essay_pay.php"); $offering_url = url_rel("essay_offer.php", true); $offering_url .= "?article=$article"; - if (false == $my_payment['ispayed'] || null === $my_payment){ + if (false == $payments[$article]['ispayed'] || null === $my_payment){ $tid = get($_GET['tid']); $timestamp = get($_GET['timestamp']); // 1st time diff --git a/src/frontend_blog/essay_pay.php b/src/frontend_blog/essay_pay.php index d6611ad6..c8ad8497 100644 --- a/src/frontend_blog/essay_pay.php +++ b/src/frontend_blog/essay_pay.php @@ -29,6 +29,22 @@ } $deposit_permission = file_get_contents('php://input'); // FIXME check here if the deposit permission is associated + session_start(); + $payments = &pull($_SESSION, "payments", array()); + $dec_dep_perm = json_decode($deposit_permission, true); + if ($dec_dep_perm['H_contract'] != $payments[$article]['hc']){ + $json = json_encode( + array( + "error" => "ill behaved wallet", + "status" => 400, + "detail" => "article payed differs from article to be shown" + ) + ); + echo $json; + die(); + } + // FIXME put some control below + // with the article that's going to be payed $resp = give_to_backend($_SERVER['HTTP_HOST'], "backend/pay", @@ -45,8 +61,5 @@ echo $json; die(); } - session_start(); - $payments = &pull($_SESSION, "payments", array()); $payments[$article]['ispayed'] = true; - log_string("ispayed == true"); ?> |