个人中心
gpt4 book ai didi

javascript - 防止用户更改付款页面上收取的金额

转载 作者:行者123 更新时间:2023-11-28 10:36:52 27 4
gpt4 key购买 nike

我正在尝试在我的网站上集成支付网关。共有三门类(class),每门类(class)的价格不同。我将金额和包的值传递给 form.php 并且我已将输入字段设置为只读,但用户仍然可以更改检查元素中的金额并将其设置为 0 并传递该值并免费获得类(class)。如何阻止用户更改值?或者还有其他方法来传递值吗?或者加密然后再次解密?

这是我的代码index.php

<div id="outer">
        <div class="box">
            <h4>Rs. 9,900/-</h4>
            <ul>
                <li>2-Days Classroom Training</li>
                <li>E-Learning Course</li>
            </ul>
            <form action="form.php" method="post">
                <input type="hidden" name="amount" value="9900" readonly="readonly">
                <input type="hidden" name="package" value="basic" readonly="readonly">
                <input type="submit" name="BUY NOW" value="BUY NOW">
            </form>
        </div>
        <div class="box">
            <h4>Rs. 11,900/-</h4>
            <ul>
                <li>4-Days Classroom Training</li>
                <li>E-Learning Course</li>
            </ul>
            <form action="form.php" method="post">
                <input type="hidden" name="amount" value="11900" readonly="readonly">
                <input type="hidden" name="package" value="standard" readonly="readonly">
                <input type="submit" name="BUY NOW" value="BUY NOW">
            </form> 
        </div>
        <div class="box">
            <h4>Rs. 14,900/-</h4>
            <ul>
                <li>4-Days Classroom Training</li>
                <li>E-Learning Course</li>
                <li>5 Hours Personal Session With The Trainer</li>
            </ul>
            <form action="form.php" method="post">
                <input type="hidden" name="amount" value="14900" readonly="readonly">
                <input type="hidden" name="package" value="pro" readonly="readonly">
                <input type="submit" name="BUY NOW" value="BUY NOW">
            </form>
        </div>
    </div>

form.php

<body>
    <?php
        if (isset($_POST['amount']) && isset($_POST['package'])) {
            $amount = $_POST['amount'];
            $package = $_POST['package'];
        }
    ?>

<div>
<table>
    <form name="postForm" action="form_process.php" method="POST" >
    <tr><td>txnid</td><td><input type="text" name="txnid" readonly="readonly" value="<?php echo $txnid=time().rand(1000,99999); ?>" /></td></tr>
    <tr><td>amount</td><td><input type="text" name="amount" readonly="readonly" value="<?php echo $amount; ?>" /></td></tr>
    <tr><td>firstname</td><td><input type="text" name="firstname" value="" /></td></tr>
    <tr><td>email</td><td><input type="text" name="email" value="" /></td></tr>
    <tr><td>phone</td><td><input type="text" name="phone" value="" /></td></tr>
    <tr><td>Package</td><td><input type="text" name="productinfo" readonly="readonly" value="<?php echo $package; ?>"/></td></tr>
    <tr><td colspan="3"><input type="hidden" name="service_provider" value="payu_paisa" size="64" /></td></tr>
    <tr><td><input type="hidden" name="surl" value="http://localhost/payment/success.php" size="64" readonly="readonly" /></td></tr>
    <tr><td><input type="hidden" name="furl" value="http://localhost/payment/failure.php" size="64" readonly="readonly" /></td></tr>
    <tr><td><input type="submit" /></td><td><input type="reset" /></td></tr>
    </form>
</table>
</div>
</body>

form_process.php

<script>
    function submitForm() {
      var postForm = document.forms.postForm;
      postForm.submit();
    }
</script>
</head>
<?php 
if(!isset($_POST['firstname'])){header("location: form.php");}
// Change the Merchant key here as provided by Payumoney
$MERCHANT_KEY = "*******";

// Change the Merchant Salt as provided by Payumoney
$SALT = "********";


    $firstname =$_POST['firstname'];
    $email =$_POST['email'];
    $phone =$_POST['phone'];
    $productinfo =$_POST['productinfo'];
    $service_provider =$_POST['service_provider'];
    $amount =$_POST['amount'];
    $txnid =$_POST['txnid'];
    $productinfo =$_POST['productinfo'];
    $surl =$_POST['surl'];
    $furl =$_POST['furl'];
    

    //$ =$_POST[''];

    $hashseq=$MERCHANT_KEY.'|'.$txnid.'|'.$amount.'|'.$productinfo.'|'.$firstname.'|'.$email.'|||||||||||'.$SALT;
    $hash =strtolower(hash("sha512", $hashseq)); 
    
?>

<body onload="submitForm();">

<div>
<h2>Payment Gateway Testing Sample</h2>
<table>
<tr><td>Transaction Id</td><td><strong><?php echo $_POST['txnid']; ?></strong></td><td>Amount: </td><td><strong>Rs. <?php echo $_POST['amount']; ?></strong></td>
</table>
<div >
<p>In this page we will genrate hash and send it to payumoney.</p>
<br>
<p>Please be patient. this process might take some time,<br />please do not hit refresh or browser back button or close this window</p>
</div>
</div>

<div>
    <form name="postForm" action="https://sandboxsecure.payu.in/_payment" method="POST" >
        <input type="hidden" name="key" value="<?php echo $MERCHANT_KEY; ?>" />
        <input type="hidden" name="hash" value="<?php echo $hash;  ?>"/>
        <input type="hidden" name="txnid" value="<?php echo $_POST['txnid'];  ?>" />
        <input type="hidden" name="amount" value="<?php echo $_POST['amount'];  ?>" />
        <input type="hidden" name="firstname" value="<?php echo $_POST['firstname'];  ?>" />
        <input type="hidden" name="email" value="<?php echo $_POST['email'];  ?>" />
        <input type="hidden" name="phone" value="<?php echo $_POST['phone'];  ?>" />
        <input type="hidden" name="productinfo" value="<?php echo $_POST['productinfo'];  ?>" />
        <input type="hidden" name="service_provider" value="payu_paisa" size="64" />
        <input type="hidden" name="surl" value="<?php echo $_POST['surl'];  ?>" />
        <input type="hidden" name="furl" value="<?php echo $_POST['furl'];  ?>" />
    </form>
</div>
</body>

成功.php

<body>
    <script>var time = 5;
setInterval(function() {
  var seconds = time % 60;
  var minutes = (time - seconds) / 60;
  if (seconds.toString().length == 1) {
    seconds = "0" + seconds;
  }
  if (minutes.toString().length == 1) {
    minutes = "0" + minutes;
  }
  document.getElementById("time").innerHTML = minutes + ":" + seconds;
  time--;
  if (time == 0) {
    window.location.href = "index.php";
  }
}, 1000);
</script>

    <div>
        <h2>Payment Success</h2>
    </div>

    <div>
        <?php 
            if(isset($_POST['status'])){
                if($_POST['status']=="success"){
                    echo "<p>Payment Done Successfully.<br>Details Are Below.</p>";
                    echo "<p>Txn Id: ".$_POST['txnid']."</p>";
                    echo "<p>Name: ".$_POST['firstname']."</p>";
                    echo "<p>Email: ".$_POST['email']."</p>";
                    echo "<p>Amount: ".$_POST['amount']."</p>";
                    echo "<p>Phone No: ".$_POST['phone']."</p>";
                    echo "<p>Product Info: ".$_POST['productinfo']."</p>";
                    echo "<p>encryptedPaymentId: ".$_POST['encryptedPaymentId']."</p>";
                }
            }

            ?>
    </div>
    <div>Redirecting to home page in <span id="time"></span></div>

最佳答案

永远不要让用户发送价格。每个类(class)都有一个 ID。让我们假设一下:

  • 类(class) 1,ID = 1,价格 = 499,名称 = 2 天类培训
  • 类(class) 2,ID = 2,价格 = 999,名称 = 4 天类培训

在您的付款页面上的 <forms> 内仅发送course_id = X .

在接收请求的 PHP 脚本中,您知道 course_id = Xprice = Y ...这是您要收取的价格。

// index.php
<form action="form.php" method="post">
    <input type="hidden" name="course_id" value="1" readonly="readonly">
    <label>
        2-days learning course
    </label>
    <input type="submit" name="BUY NOW" value="BUY NOW">
</form>


//form.php
if (isset($_POST['course_id']){
   if ($_POST['course_id'] == 1){
       $amount = 499;
   }
} else {
    echo 'invalid request'; exit();
}

关于javascript - 防止用户更改付款页面上收取的金额,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60258123/

27 4 0
文章推荐: javascript - 更改类名JS
文章推荐: javascript - 将 jQuery 的 UI 小部件与我的 topNav 混合会破坏水平对齐
文章推荐: javascript - 检索 .textContent 包括伪元素
文章推荐: html - CSS3 - HTML Navlist 背景问题
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com