Paypal智能按钮服务器端php
一般来说,我对支付网关不熟悉,我不确定我在做什么,所以我想做的是检查客户端是否更改了服务器端支付的金额,这是智能按钮脚本,
<div id="smart-button-container">
<div style="text-align: center;">
<div id="paypal-button-container"></div>
</div>
</div>
<script src="https://www.paypal.com/sdk/js?client-id=sb&enable-
funding=venmo¤cy=USD"
data-sdk-integration-source="button-factory"></script>
<script>
function initPayPalButton() {
paypal.Buttons({
style: {
shape: 'rect',
color: 'gold',
layout: 'vertical',
label: 'paypal',
},
createOrder: function(data, actions) {
return actions.order.create({
purchase_units: [{"amount":{"currency_code":"USD","value":50}}]
});
},
onApprove: function(data, actions) {
return actions.order.capture().then(function(orderData) {
// Full available details
console.log('Capture result', orderData, JSON.stringify(orderData, null, 2));
// Show a success message within this page, e.g.
const element = document.getElementById('paypal-button-container');
element.innerHTML = '';
element.innerHTML = '<h3>Thank you for your payment!</h3>';
// Or go to another URL: actions.redirect('thank_you.html');
});
},
onError: function(err) {
console.log(err);
}
}).render('#paypal-button-container');
}
initPayPalButton();
</script>
正如您所看到的,客户端可以更改“值”:50 任意数量 我怎样才能防止这种情况我尝试了很多搜索,但没有找到关于如何保护它的好视频
i’m new to payment gateways in general im not sure what im doing so what im trying to do is check if the client changed the amount of money to pay on the server side this is the smart button script
<div id="smart-button-container">
<div style="text-align: center;">
<div id="paypal-button-container"></div>
</div>
</div>
<script src="https://www.paypal.com/sdk/js?client-id=sb&enable-
funding=venmo¤cy=USD"
data-sdk-integration-source="button-factory"></script>
<script>
function initPayPalButton() {
paypal.Buttons({
style: {
shape: 'rect',
color: 'gold',
layout: 'vertical',
label: 'paypal',
},
createOrder: function(data, actions) {
return actions.order.create({
purchase_units: [{"amount":{"currency_code":"USD","value":50}}]
});
},
onApprove: function(data, actions) {
return actions.order.capture().then(function(orderData) {
// Full available details
console.log('Capture result', orderData, JSON.stringify(orderData, null, 2));
// Show a success message within this page, e.g.
const element = document.getElementById('paypal-button-container');
element.innerHTML = '';
element.innerHTML = '<h3>Thank you for your payment!</h3>';
// Or go to another URL: actions.redirect('thank_you.html');
});
},
onError: function(err) {
console.log(err);
}
}).render('#paypal-button-container');
}
initPayPalButton();
</script>
As you can see client can change the "value":50 to any amount how can i prevent this i tried searching alot and i didn’t find good videos on how to secure it
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
您的代码是客户端 JS SDK 集成。要控制订单创建和捕获,您需要从服务器执行这些操作。
遵循 PayPal Checkout 集成 指南并在您的服务器上创建 2 条路由,其中一条一个用于“创建订单”,一个用于“捕获订单”(请参阅“添加和修改代码”中的可选步骤 5)。这两个路由都应仅返回 JSON 数据(无 HTML 或文本)。在第二条路线中,当捕获 API 成功时,您应该将其生成的付款详细信息存储在数据库中(特别是
purchase_units[0]. payments.captures[0].id,这是 PayPal 交易 ID )并在将返回的 JSON 转发给前端调用者之前立即执行任何必要的业务逻辑(例如发送确认电子邮件或预订产品)。将这 2 条路由与前端审批流程配对:https://developer.paypal。 com/demo/checkout/#/pattern/server
如果您需要将任何数据从客户端传输到服务器,请将
body对象添加到获取参数。这将成为服务器路由的 JSON 输入(查找如何在 PHP 中读取 JSON 输入 - 您不使用 $_POST 来实现此目的,即用于表单编码输入)。您的服务器在将响应传播回客户端 JS 之前,会在创建路由中验证/控制订单创建的金额,并在捕获路由中验证是否成功支付了正确的金额。
Your code is a client-side JS SDK integration. To have control over order creation and captures, you need to perform those operations from a server.
Follow the PayPal Checkout integration guide and make 2 routes on your server, one for 'Create Order' and one for 'Capture Order' (see the optional step 5 in 'Add and modify the code'). Both of these routes should return only JSON data (no HTML or text). Inside the 2nd route, when the capture API is successful you should store its resulting payment details in your database (particularly
purchase_units[0].payments.captures[0].id, which is the PayPal transaction ID) and perform any necessary business logic (such as sending confirmation emails or reserving product) immediately before forwarding your return JSON to the frontend caller.Pair those 2 routes with the frontend approval flow: https://developer.paypal.com/demo/checkout/#/pattern/server
If you need to transfer any data from the client to the server, add a
bodyobject to the fetch parameters. This will become JSON input to your server route (look up how to read JSON input in PHP--you do not use $_POST for this, that is for form encoded inputs).Your server verifies/controls the amount of the order creation in the create route, and verifies successful payment for the correct amount in the capture route, before propagating the response back to the client JS.