ch3ric
commented
10 years ago thanks @pawellen, I think you're right..
@ClementGautier what do you think about it? Do you remember why we used 'orginal_amout' instead of 'amount'?
Open pawellen opened 10 years ago
ch3ric
commented
10 years ago thanks @pawellen, I think you're right..
@ClementGautier what do you think about it? Do you remember why we used 'orginal_amout' instead of 'amount'?
pawellen
commented
10 years ago I have made some changes with amount parameter, also added support for case when dotpay send to urlc first faild status and then in next success status (dotpay support told me that this situatiion happens when user cancel transaction in bank and then hit back button couple of times to back dotpay page and then again try to pay for example in another bank). My change:
https://github.com/pawellen/ETSPaymentDotpayBundle/blob/master/Controller/CallbackController.php
Maby this will be usefull for you :) I an going to do merge request but I have to some test's, git squash and I havent finshed them yet. ...to much work.
ch3ric
commented
10 years ago Thanks a lot @pawellen Looking forward to seeing your pull request.
Hi, in CallbackController You are using a orginal_amount parameter to approveAndDeposit method. Why You chose this parameter instead of amount parameter? I interested about it becouse this parameter is not involved in md5 pin verification process so it is unsecure I guess. The second thing is that I read documentation from DotPay and I found that this value is always total value of payment but user pay only part of total amount by dotpay. In this case dotpay will send for example amount: 1.00 but orginal_amount: 1000.00 but Your plugin will think that 1000 was paid? (Translation from polish doc about orginal_amount parameter: "Kwota transakcji (pobrana z parametru amount przesłanego w przekierowaniu)" - amount of transaction (it is taken from parameter amount while redirecting). If I am not wrong this cound be potential dangerous? What do You think about it?