[英]PayPal Donation CodeIgniter
I have paypal method on codeigniter and I saw someone modified price somehow with Inspect!我在 codeigniter 上有 paypal 方法,我看到有人用 Inspect 以某种方式修改了价格!
Problem is if I will edit with Inspect (Chrome, FF.etc.) and press to buy, automatically take info from that html page!问题是,如果我使用 Inspect(Chrome、FF.etc.)进行编辑并按下购买,会自动从该 html 页面获取信息!
Hope you understand what I mean.希望你明白我的意思。
view.donate.php view.donate.php
<?php
if(load::get('errors') != false){
foreach(load::get('errors') as $errors){
echo '<div class="notification-box notification-box-error">'.$errors.'</div>';
}
}
if(load::get('paypal') == false || load::get('paypal') == 0){
echo '<div class="notification-box notification-box-error">This donation method is disabled.</div>';
}
else{
foreach(load::get('paypal_packages') as $packages){
echo '<div style="margin-top: 10px; padding: 10px; background: rgb(11, 29, 39);
box-shadow: 0 0 4px rgba(0,0,0,.6), 0 1px 1px rgba(0,0,0,.5), inset 0 0 0 1px rgba(255,255,255,.015),
inset 0 1px 0 rgba(255,255,255,.05); z-index: 1;">
<div style="padding: 3px;float:left;width: 250px;"><h2>'.$packages['package'].'</h2></div>
<div style="width: 99px;float:left;"><span id="reward_'.$packages['id'].'">'.$packages['reward'].'</span> Mall Points (<span id="price_'.$packages['id'].'">'.number_format($packages['price'], 0, '.', ',').'</span> <span id="currency_'.$packages['id'].'">'.$packages['currency'].'</span>)</div>
<div style="float:right;"><button id="buy_'.$packages['id'].'" class="paypal_button" style="margin-top: 8px;" value="buy_'.$packages['id'].'">Buy Now</button></div>
<div style="clear: both;"></div>
</div>';
}
}
?>
<?php
load::view(load::get('tmp').DS.'footer');
?>
and my javascript code looks like that我的javascript代码看起来像那样
$('button[id^="buy_"]').click(function(){
var div_data = $(this).attr('id').split('_'),
reward = $('#reward_'+div_data[1]).text(),
price = $('#price_'+div_data[1]).text(),
currency = $('#currency_'+div_data[1]).text();
submit_paypal(div_data[1], reward, price, currency);
});
});
function submit_paypal(id, reward, price, currency){
$.ajax({
url: base_url+"ajax/paypal",
data: {process_paypal: id, reward: reward, price: price, currency: currency},
success: function(data){
if(data.error){
alert(data.error);
}
else{
var form = '<form action="https://www.paypal.com/cgi-bin/webscr" method="post">';
form += '<input type="hidden" name="cmd" value="_xclick" />';
form += '<input type="hidden" name="business" value="'+data.email+'" />';
form += '<input type="hidden" name="item_name" value="Donate for '+$('title').text()+'" />';
form += '<input type="hidden" name="item_number" value="'+data.item+'" />';
form += '<input type="hidden" name="currency_code" value="'+currency+'" />';
form += '<input type="hidden" name="amount" value="'+price+'" />';
form += '<input type="hidden" name="no_shipping" value="1" />';
form += '<input type="hidden" name="return" value="'+base_url+'" />';
form += '<input type="hidden" name="cancel_return" value="'+base_url+'" />';
form += '<input type="hidden" name="notify_url" value="'+base_url+'payment/paypal" />';
form += '<input type="hidden" name="custom" value="'+data.user+'" />';
form += '<input type="hidden" name="no_note" value="1" />';
form += '<input type="hidden" name="tax" value="0.00" />';
form += '<input class="button" type="submit" value="Donate">';
form += '</form>';
$(form).appendTo('body').submit();
}
}
});
}
To solve that you need to do some server side verification....要解决这个问题,您需要进行一些服务器端验证....
let say in your form price is $10 , you can submit that form first to some php file and in that php file you can verify the price and then forward that post request to https://www.paypal.com/cgi-bin/webscr
...假设您的表单价格为10 美元,您可以先将该表单提交到某个 php 文件,然后在该 php 文件中您可以验证价格,然后将该帖子请求转发到https://www.paypal.com/cgi-bin/webscr
...
hope this helps you希望这对你有帮助
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.