diff options
Diffstat (limited to 'src/frontend/pay.php')
-rw-r--r-- | src/frontend/pay.php | 43 |
1 files changed, 14 insertions, 29 deletions
diff --git a/src/frontend/pay.php b/src/frontend/pay.php index 508a83f4..be4c25bc 100644 --- a/src/frontend/pay.php +++ b/src/frontend/pay.php @@ -19,7 +19,6 @@ include '../frontend_lib/util.php'; $hc = get($_GET["uuid"]); - if (empty($hc)) { http_response_code(400); @@ -30,42 +29,22 @@ if (empty($hc)) return; } -session_start(); - -$payments = &pull($_SESSION, 'payments', array()); - -if (!isset($payments[$hc])) +// TODO: check if contract body matches URL parameters, +// so we won't generate a response for the wrong receiver. +$receiver = get($_GET["receiver"]); +if (empty($receiver)) { http_response_code(400); echo json_encode(array( - "error" => "no session active", + "error" => "missing parameter", + "parameter" => "receiver" )); return; } -$my_payment = &$payments[$hc]; - $post_body = file_get_contents('php://input'); - -$now = new DateTime('now'); -$edate = array ( - 'edate' => - "/Date(" . $now->add(new DateInterval('P2W'))->getTimestamp() . ")/"); - $deposit_permission = json_decode ($post_body, true); -$to_add = array( - 'max_fee' => array( - 'value' => 3, - 'fraction' => 8, - 'currency' => $_SESSION['currency']), - 'amount' => array('value' => $_SESSION['amount_value'], - 'fraction' => $_SESSION['amount_fraction'], - 'currency' => $_SESSION['currency'])); - -$new_deposit_permission = array_merge($deposit_permission, $to_add); -$new_deposit_permission_edate = array_merge($new_deposit_permission, $edate); - /* Craft the HTTP request, note that the backend could be on an entirely different machine if desired. */ @@ -76,7 +55,7 @@ $url = url_rel("backend/pay"); $req = new http\Client\Request("POST", $url, array("Content-Type" => "application/json")); -$req->getBody()->append (json_encode ($new_deposit_permission)); +$req->getBody()->append (json_encode ($deposit_permission)); // Execute the HTTP request $client = new http\Client; @@ -101,6 +80,12 @@ if ($status_code != 200) die(); } -$my_payment["is_payed"] = true; +session_start(); + +$payments = &pull($_SESSION, "payments", array()); +$payments[$hc] = array( + 'receiver' => $receiver, + 'is_payed' => true +); ?> |