merchant

Merchant backend to process payments, run by merchants
Log | Files | Refs | Submodules | README | LICENSE
commit 10c9c4b258a7f99f3cd034f3e15921e8f3f17a4d
parent 4099ae57bcdb86d4a844937ffc6be76f0df6df34
Author: Florian Dold <florian.dold@gmail.com>
Date:   Mon,  1 Feb 2016 11:41:49 +0100

handle re-payment correctly

Diffstat:

Msrc/frontend/checkout.php | 2+-


Msrc/frontend/fulfillment.php | 1+


Msrc/frontend/generate_taler_contract.php | 3++-


Msrc/frontend/pay.php | 22+++++++++++++---------


4 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/src/frontend/checkout.php b/src/frontend/checkout.php
@@ -142,7 +142,7 @@ function taler_pay(form) {
   var contract_request = new XMLHttpRequest();
 
   /* Note that the URL we give here is specific to the Demo-shop
-     and not required by the protocol: each web shop can
+     and not dictated by the protocol: each web shop can
      have its own way of generating and transmitting the
      contract, there just must be a way to get the contract
      and to pass it to the wallet when the user selects 'Pay'. */
diff --git a/src/frontend/fulfillment.php b/src/frontend/fulfillment.php
@@ -74,6 +74,7 @@ session_start();
 $payments = get($_SESSION['payments'], array());
 $my_payment = get($payments[$hc]);
 
+// This will keep the query parameters.
 $pay_url = url_rel("pay.php");
 
 if (null === $my_payment)
diff --git a/src/frontend/generate_taler_contract.php b/src/frontend/generate_taler_contract.php
@@ -59,7 +59,8 @@ $fulfillment_url = url_rel("fulfillment.php")
   . '&receiver=' . urlencode($receiver)
   . '&aval=' . urlencode($amount_value)
   . '&afrac=' . urlencode($amount_fraction)
-  . '&acurr=' . urlencode($currency);
+  . '&acurr=' . urlencode($currency)
+  . '&tid=' . $transaction_id;
 
 // pack the JSON for the contract 
 $contract = array(
diff --git a/src/frontend/pay.php b/src/frontend/pay.php
@@ -19,7 +19,6 @@
 include '../frontend_lib/util.php';
 
 $hc = get($_GET["uuid"]);
-
 if (empty($hc))
 {
   http_response_code(400);
@@ -30,20 +29,19 @@ if (empty($hc))
   return;
 }
 
-session_start();
-
-$payments = &pull($_SESSION, 'payments', array());
-
-if (!isset($payments[$hc]))
+// TODO: check if contract body matches URL parameters,
+// so we won't generate a response for the wrong receiver.
+$receiver = get($_GET["receiver"]);
+if (empty($receiver))
 {
   http_response_code(400);
   echo json_encode(array(
-    "error" => "no session active",
+    "error" => "missing parameter",
+    "parameter" => "receiver"
   ));
   return;
 }
 
-$my_payment = &$payments[$hc];
 
 $post_body = file_get_contents('php://input');
 $deposit_permission = json_decode ($post_body, true);
@@ -83,6 +81,12 @@ if ($status_code != 200)
   die();
 }
 
-$my_payment["is_payed"] = true;
+session_start();
+
+$payments = &pull($_SESSION, "payments", array());
+$payments[$hc] = array(
+  'receiver' => $receiver,
+  'is_payed' => true
+);
 
 ?>