merchant

Merchant backend to process payments, run by merchants
Log | Files | Refs | Submodules | README | LICENSE
commit c6a8d634ca1d34cd4b73fd1f27df67a06bd46410
parent 5892fc9024a2a53b85ea046b8bb31ab178cc0518
Author: Marcello Stanisci <marcello.stanisci@inria.fr>
Date:   Fri, 19 Feb 2016 18:26:03 +0100

blog: checking if the article to be displayed's name matches what has
been payed

Diffstat:

Msrc/frontend_blog/essay_contract.php | 1-


Msrc/frontend_blog/essay_fulfillment.php | 7+++----


Msrc/frontend_blog/essay_pay.php | 19++++++++++++++++---


3 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/src/frontend_blog/essay_contract.php b/src/frontend_blog/essay_contract.php
@@ -63,7 +63,6 @@
     session_start();
     $payments = &pull($_SESSION, "payments", array());
     $payments[$article] = array("ispayed" => false);
-    log_string("ctr ".article_state_to_str($payments[$article]));
     echo $resp->body->toString();
   }
 ?>
diff --git a/src/frontend_blog/essay_fulfillment.php b/src/frontend_blog/essay_fulfillment.php
@@ -26,13 +26,12 @@
     return;
   }
   session_start();
-  $payments = get($_SESSION['payments'], array());
-  $my_payment = get($payments[$article]);
-  log_string("ffil " . article_state_to_str($my_payment)); 
+  $payments = &pull($_SESSION, 'payments', array());
+  $my_payment = &pull($payments, $article, array());
   $pay_url = url_rel("essay_pay.php");
   $offering_url = url_rel("essay_offer.php", true);
   $offering_url .= "?article=$article";
-  if (false == $my_payment['ispayed'] || null === $my_payment){
+  if (false == $payments[$article]['ispayed'] || null === $my_payment){
     $tid = get($_GET['tid']);
     $timestamp = get($_GET['timestamp']);
     // 1st time
diff --git a/src/frontend_blog/essay_pay.php b/src/frontend_blog/essay_pay.php
@@ -29,6 +29,22 @@
   }
   $deposit_permission = file_get_contents('php://input');
   // FIXME check here if the deposit permission is associated
+  session_start();
+  $payments = &pull($_SESSION, "payments", array());
+  $dec_dep_perm = json_decode($deposit_permission, true);
+  if ($dec_dep_perm['H_contract'] != $payments[$article]['hc']){
+    $json = json_encode(
+      array(
+        "error" => "ill behaved wallet",
+        "status" => 400,
+        "detail" => "article payed differs from article to be shown"
+      )
+    );
+    echo $json;
+    die();
+  }
+  // FIXME put some control below
+
   // with the article that's going to be payed
   $resp = give_to_backend($_SERVER['HTTP_HOST'],
                           "backend/pay",
@@ -45,8 +61,5 @@
     echo $json;
     die();
   }
-  session_start();
-  $payments = &pull($_SESSION, "payments", array());
   $payments[$article]['ispayed'] = true;
-  log_string("ispayed == true");
 ?>