貝寶捐贈 CodeIgniter
[英]PayPal Donation CodeIgniter
問題描述
我在 codeigniter 上有 paypal 方法,我看到有人用 Inspect 以某種方式修改了價格!
問題是,如果我使用 Inspect(Chrome、FF.etc.)進行編輯並按下購買,會自動從該 html 頁面獲取信息!
希望你明白我的意思。
view.donate.php
<?php
if(load::get('errors') != false){
foreach(load::get('errors') as $errors){
echo '<div class="notification-box notification-box-error">'.$errors.'</div>';
}
}
if(load::get('paypal') == false || load::get('paypal') == 0){
echo '<div class="notification-box notification-box-error">This donation method is disabled.</div>';
}
else{
foreach(load::get('paypal_packages') as $packages){
echo '<div style="margin-top: 10px; padding: 10px; background: rgb(11, 29, 39);
box-shadow: 0 0 4px rgba(0,0,0,.6), 0 1px 1px rgba(0,0,0,.5), inset 0 0 0 1px rgba(255,255,255,.015),
inset 0 1px 0 rgba(255,255,255,.05); z-index: 1;">
<div style="padding: 3px;float:left;width: 250px;"><h2>'.$packages['package'].'</h2></div>
<div style="width: 99px;float:left;"><span id="reward_'.$packages['id'].'">'.$packages['reward'].'</span> Mall Points (<span id="price_'.$packages['id'].'">'.number_format($packages['price'], 0, '.', ',').'</span> <span id="currency_'.$packages['id'].'">'.$packages['currency'].'</span>)</div>
<div style="float:right;"><button id="buy_'.$packages['id'].'" class="paypal_button" style="margin-top: 8px;" value="buy_'.$packages['id'].'">Buy Now</button></div>
<div style="clear: both;"></div>
</div>';
}
}
?>
<?php
load::view(load::get('tmp').DS.'footer');
?>
我的javascript代碼看起來像那樣
$('button[id^="buy_"]').click(function(){
var div_data = $(this).attr('id').split('_'),
reward = $('#reward_'+div_data[1]).text(),
price = $('#price_'+div_data[1]).text(),
currency = $('#currency_'+div_data[1]).text();
submit_paypal(div_data[1], reward, price, currency);
});
});
function submit_paypal(id, reward, price, currency){
$.ajax({
url: base_url+"ajax/paypal",
data: {process_paypal: id, reward: reward, price: price, currency: currency},
success: function(data){
if(data.error){
alert(data.error);
}
else{
var form = '<form action="https://www.paypal.com/cgi-bin/webscr" method="post">';
form += '<input type="hidden" name="cmd" value="_xclick" />';
form += '<input type="hidden" name="business" value="'+data.email+'" />';
form += '<input type="hidden" name="item_name" value="Donate for '+$('title').text()+'" />';
form += '<input type="hidden" name="item_number" value="'+data.item+'" />';
form += '<input type="hidden" name="currency_code" value="'+currency+'" />';
form += '<input type="hidden" name="amount" value="'+price+'" />';
form += '<input type="hidden" name="no_shipping" value="1" />';
form += '<input type="hidden" name="return" value="'+base_url+'" />';
form += '<input type="hidden" name="cancel_return" value="'+base_url+'" />';
form += '<input type="hidden" name="notify_url" value="'+base_url+'payment/paypal" />';
form += '<input type="hidden" name="custom" value="'+data.user+'" />';
form += '<input type="hidden" name="no_note" value="1" />';
form += '<input type="hidden" name="tax" value="0.00" />';
form += '<input class="button" type="submit" value="Donate">';
form += '</form>';
$(form).appendTo('body').submit();
}
}
});
}
1 個解決方案
解決方案1
0 已采納 2020-01-09 23:38:20
要解決這個問題,您需要進行一些服務器端驗證....
假設您的表單價格為10 美元,您可以先將該表單提交到某個 php 文件,然后在該 php 文件中您可以驗證價格,然后將該帖子請求轉發到https://www.paypal.com/cgi-bin/webscr ...
希望這對你有幫助
保護來自XSS的PayPal捐贈表格 - CodeIgniter
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.