1 files changed, 14 insertions, 29 deletions

diff --git a/src/frontend/pay.php b/src/frontend/pay.php
index 508a83f4..be4c25bc 100644
--- a/src/frontend/pay.php
+++ b/src/frontend/pay.php
@@ -19,7 +19,6 @@
 include '../frontend_lib/util.php';
 
 $hc = get($_GET["uuid"]);
-
 if (empty($hc))
 {
   http_response_code(400);
@@ -30,42 +29,22 @@ if (empty($hc))
   return;
 }
 
-session_start();
-
-$payments = &pull($_SESSION, 'payments', array());
-
-if (!isset($payments[$hc]))
+// TODO: check if contract body matches URL parameters,
+// so we won't generate a response for the wrong receiver.
+$receiver = get($_GET["receiver"]);
+if (empty($receiver))
 {
   http_response_code(400);
   echo json_encode(array(
-    "error" => "no session active",
+    "error" => "missing parameter",
+    "parameter" => "receiver"
   ));
   return;
 }
 
-$my_payment = &$payments[$hc];
-
 $post_body = file_get_contents('php://input');
-
-$now = new DateTime('now');
-$edate = array (
-  'edate' =>
-  "/Date(" . $now->add(new DateInterval('P2W'))->getTimestamp() . ")/");
-
 $deposit_permission = json_decode ($post_body, true);
 
-$to_add = array(
-  'max_fee' => array(
-    'value' => 3,
-    'fraction' => 8,
-    'currency' => $_SESSION['currency']),
-  'amount' => array('value' => $_SESSION['amount_value'],
-  'fraction' => $_SESSION['amount_fraction'],
-  'currency' => $_SESSION['currency']));
-
-$new_deposit_permission = array_merge($deposit_permission, $to_add);
-$new_deposit_permission_edate = array_merge($new_deposit_permission, $edate);
-
 /* Craft the HTTP request, note that the backend
   could be on an entirely different machine if
   desired. */
@@ -76,7 +55,7 @@ $url = url_rel("backend/pay");
 $req = new http\Client\Request("POST",
                                $url,
                                array("Content-Type" => "application/json"));
-$req->getBody()->append (json_encode ($new_deposit_permission));
+$req->getBody()->append (json_encode ($deposit_permission));
 
 // Execute the HTTP request
 $client = new http\Client;
@@ -101,6 +80,12 @@ if ($status_code != 200)
   die();
 }
 
-$my_payment["is_payed"] = true;
+session_start();
+
+$payments = &pull($_SESSION, "payments", array());
+$payments[$hc] = array(
+  'receiver' => $receiver,
+  'is_payed' => true
+);
 
 ?>