diff options
Diffstat (limited to 'src/frontend')
-rw-r--r-- | src/frontend/checkout.php | 2 | ||||
-rw-r--r-- | src/frontend/fulfillment.php | 1 | ||||
-rw-r--r-- | src/frontend/generate_taler_contract.php | 3 | ||||
-rw-r--r-- | src/frontend/pay.php | 22 |
4 files changed, 17 insertions, 11 deletions
diff --git a/src/frontend/checkout.php b/src/frontend/checkout.php index 5168e91a..4d9f628e 100644 --- a/src/frontend/checkout.php +++ b/src/frontend/checkout.php @@ -142,7 +142,7 @@ function taler_pay(form) { var contract_request = new XMLHttpRequest(); /* Note that the URL we give here is specific to the Demo-shop - and not required by the protocol: each web shop can + and not dictated by the protocol: each web shop can have its own way of generating and transmitting the contract, there just must be a way to get the contract and to pass it to the wallet when the user selects 'Pay'. */ diff --git a/src/frontend/fulfillment.php b/src/frontend/fulfillment.php index 48f441f5..f1dc5636 100644 --- a/src/frontend/fulfillment.php +++ b/src/frontend/fulfillment.php @@ -74,6 +74,7 @@ session_start(); $payments = get($_SESSION['payments'], array()); $my_payment = get($payments[$hc]); +// This will keep the query parameters. $pay_url = url_rel("pay.php"); if (null === $my_payment) diff --git a/src/frontend/generate_taler_contract.php b/src/frontend/generate_taler_contract.php index ee6a5173..00bf53a7 100644 --- a/src/frontend/generate_taler_contract.php +++ b/src/frontend/generate_taler_contract.php @@ -59,7 +59,8 @@ $fulfillment_url = url_rel("fulfillment.php") . '&receiver=' . urlencode($receiver) . '&aval=' . urlencode($amount_value) . '&afrac=' . urlencode($amount_fraction) - . '&acurr=' . urlencode($currency); + . '&acurr=' . urlencode($currency) + . '&tid=' . $transaction_id; // pack the JSON for the contract $contract = array( diff --git a/src/frontend/pay.php b/src/frontend/pay.php index e45c6891..6f0f0c0d 100644 --- a/src/frontend/pay.php +++ b/src/frontend/pay.php @@ -19,7 +19,6 @@ include '../frontend_lib/util.php'; $hc = get($_GET["uuid"]); - if (empty($hc)) { http_response_code(400); @@ -30,20 +29,19 @@ if (empty($hc)) return; } -session_start(); - -$payments = &pull($_SESSION, 'payments', array()); - -if (!isset($payments[$hc])) +// TODO: check if contract body matches URL parameters, +// so we won't generate a response for the wrong receiver. +$receiver = get($_GET["receiver"]); +if (empty($receiver)) { http_response_code(400); echo json_encode(array( - "error" => "no session active", + "error" => "missing parameter", + "parameter" => "receiver" )); return; } -$my_payment = &$payments[$hc]; $post_body = file_get_contents('php://input'); $deposit_permission = json_decode ($post_body, true); @@ -83,6 +81,12 @@ if ($status_code != 200) die(); } -$my_payment["is_payed"] = true; +session_start(); + +$payments = &pull($_SESSION, "payments", array()); +$payments[$hc] = array( + 'receiver' => $receiver, + 'is_payed' => true +); ?> |