stackoom
  简体   繁体   中英

PayPal Donation CodeIgniter

 原文  2020-01-09 23:29:53       php/ codeigniter/ paypal

Question

I have paypal method on codeigniter and I saw someone modified price somehow with Inspect!

Problem is if I will edit with Inspect (Chrome, FF.etc.) and press to buy, automatically take info from that html page!

Hope you understand what I mean.

view.donate.php 


            <?php 
                if(load::get('errors') != false){
                    foreach(load::get('errors') as $errors){
                        echo '<div class="notification-box notification-box-error">'.$errors.'</div>';
                    }
                }
                if(load::get('paypal') == false || load::get('paypal') == 0){
                    echo '<div class="notification-box notification-box-error">This donation method is disabled.</div>';
                }
                else{
                    foreach(load::get('paypal_packages') as $packages){
                        echo '<div style="margin-top: 10px;    padding: 10px;        background: rgb(11, 29, 39);   
                        box-shadow: 0 0 4px rgba(0,0,0,.6), 0 1px 1px rgba(0,0,0,.5), inset 0 0 0 1px rgba(255,255,255,.015), 
                        inset 0 1px 0 rgba(255,255,255,.05);                    z-index: 1;">
                                <div style="padding: 3px;float:left;width: 250px;"><h2>'.$packages['package'].'</h2></div>
                                <div style="width: 99px;float:left;"><span id="reward_'.$packages['id'].'">'.$packages['reward'].'</span> Mall Points (<span id="price_'.$packages['id'].'">'.number_format($packages['price'], 0, '.', ',').'</span> <span id="currency_'.$packages['id'].'">'.$packages['currency'].'</span>)</div>
                                <div style="float:right;"><button id="buy_'.$packages['id'].'" class="paypal_button" style="margin-top: 8px;" value="buy_'.$packages['id'].'">Buy Now</button></div>
                                <div style="clear: both;"></div>
                            </div>';
                    }   
                }
            ?>

<?php
load::view(load::get('tmp').DS.'footer');   
?>

and my javascript code looks like that

$('button[id^="buy_"]').click(function(){
        var div_data = $(this).attr('id').split('_'),
            reward = $('#reward_'+div_data[1]).text(),
            price = $('#price_'+div_data[1]).text(),
            currency = $('#currency_'+div_data[1]).text();
        submit_paypal(div_data[1], reward, price, currency);
    });
});

function submit_paypal(id, reward, price, currency){
    $.ajax({
        url: base_url+"ajax/paypal", 
        data: {process_paypal: id, reward: reward, price: price, currency: currency},
        success: function(data){ 
            if(data.error){
                alert(data.error);
            } 
            else{
                var form = '<form action="https://www.paypal.com/cgi-bin/webscr" method="post">';
                    form += '<input type="hidden" name="cmd" value="_xclick" />';
                    form += '<input type="hidden" name="business" value="'+data.email+'" />';
                    form += '<input type="hidden" name="item_name" value="Donate for '+$('title').text()+'" />';
                    form += '<input type="hidden" name="item_number" value="'+data.item+'" />';
                    form += '<input type="hidden" name="currency_code" value="'+currency+'" />';
                    form += '<input type="hidden" name="amount" value="'+price+'" />';
                    form += '<input type="hidden" name="no_shipping" value="1" />';
                    form += '<input type="hidden" name="return" value="'+base_url+'" />';
                    form += '<input type="hidden" name="cancel_return" value="'+base_url+'" />';
                    form += '<input type="hidden" name="notify_url" value="'+base_url+'payment/paypal" />';
                    form += '<input type="hidden" name="custom" value="'+data.user+'" />';
                    form += '<input type="hidden" name="no_note" value="1" />';
                    form += '<input type="hidden" name="tax" value="0.00" />';
                    form += '<input class="button" type="submit" value="Donate">';
                    form += '</form>';
                $(form).appendTo('body').submit();
            }
        }
    });
}

1 answers

solution1
 0 ACCPTED  2020-01-09 23:38:20

To solve that you need to do some server side verification....

let say in your form price is $10 , you can submit that form first to some php file and in that php file you can verify the price and then forward that post request to https://www.paypal.com/cgi-bin/webscr ...

hope this helps you

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Protecting PayPal donation form from XSS - CodeIgniter Paypal Donation button? PHP verify PayPal Donation PayPal Donation - Transaction Details PayPal Donation Button Minimum donation amount Paypal donation tracking with progress bar PayPal donation integration with laravel 5.1 Paypal choose a donation and redirect to file How to update donation bar when someone makes donation via PayPal? Get the donation value back from Paypal donation button?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM