Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Best Practices Sending Money Amount to Checkout
Sending Money Amount to Checkout
  • Offline Peregrine
    Newbie
  • *
  • Posts: 6
    Threads: 3
    Joined: Dec 2015
    Reputation: 0
#1
02-23-2016, 10:07 AM

Hi all,

I don't think this is explicitly a CodeIgniter question, but I'm using CodeIgniter for it, so here I am Tongue

I'm setting up an e-commerce site and need to send information to a hosted checkout solution (Mijireh, for those interested). So basically, the user will add items to their cart, then when they click 'Checkout' in their cart, they'll be redirected to Mijireh's hosted checkout along with information pertaining to their order, like the items in their order, and those items' prices.

Here's the thing: I can't seem to come up with a fool-proof way to actually send that information TO Mijireh without the possibility of that info being changed by unscrupulous users. For example, my first impulse was to simply put the prices and items in hidden form elements that would be submitted when they clicked 'Checkout', but using Inspect Element, they could go into the form and change that value before submitting. Putting the values in a SESSION or COOKIE variable still allows those values to be changed by the particularly driven user. How can I send information to a hosted checkout like Mijireh without ANY possibility of unscrupulous users editing the information before it gets there?

Thanks!
Reply
  • Offline PaulD
    Posting Freak
  • *****
  • Posts: 1,061
    Threads: 42
    Joined: Mar 2015
    Reputation: 73
#2
02-23-2016, 12:34 PM

Hi,

Your prices and subtotals etc should never be in a post field for exactly the reason you have described. They should be read from your product table in your database, or calculated from the users basket, or order table, however you have chosen to do this.

Usually with a payment processor they give you the fields you need to include in a url, including any encryption requirements. Presuming you have that all in hand, do not make the final 'Confirm Payment' or 'Pay Now' buttons as forms. Simply have them as buttons. Your controller can then calculate all the relevant fields and send the info off to the payment processor. (You would also have for instance your merchant id, codes etc that you would not want to reveal either.)

On successful return to your site from the payment processor a different controller would interpret the return code and present the success screen or the error/problem information.

Most payment processors will provide you with example code, so take a good look at all the relevant documentation.

Hope that helps,

Paul.
Reply




Theme © iAndrew 2016 - Forum software by © MyBB