これが私のipn-security-ckeckの4番目の部分です。安全かどうかを確認する必要があります。
// Check number4 ---------------------------------------------------------
$product_id_string = $_POST['custom'];
$product_id_string = rtrim($product_id_string, ","); // remove last comma
// Explode string, make it an array; check payment !
$id_values = array();
$id_str_array = explode(",", $product_id_string);
$fullAmount = 0;
foreach ($id_str_array as $key => $value) {
$id_quantity_pair = explode("-", $value);
$product_id = $id_quantity_pair[0]; // Get the product ID
$product_quantity = $id_quantity_pair[1]; // Get the quantity
if (1 != intval($product_quantity)) {
// Somebody is manipulating the item´s quantity
$message = "Somebody is manipulating the item´s quantity";
mail("me@myemail.de", "Quantity Hack", $message, "From: me@myemail.de" );
exit()
}
// remember item´s ID
$id_values[$key] = intval($product_id);
}
$sql = 'SELECT price FROM products WHERE id IN ('.implode(',', $id_values).')';
while($row = mysql_fetch_array($sql)) {
$fullAmount += $row["price"];
}
$fullAmount = number_format($fullAmount, 2);
if (isset($_POST['mc_gross'])) {
$grossAmount = $_POST['mc_gross'];
} else
$grossAmount = 0;
$message = "grossAmount wurde = 0 gesetzt";
mail("me@myemail.de", "grossAmout Hack", $message, "From: my@myemail.de" );
exit();
if ( intval($fullAmount * 100) != intval($grossAmount *100) ) {
$message = "Possible Price Jack: " . $_POST['payment_gross'] . " != $fullAmount \n\n\n$req";
mail("me@myemail.de", "Price Jack or Bad Programming", $message, "From: me@myemail.de" );
exit(); // exit script
}
これは、プライスジャッキングを打ち負かすための適切なスクリプトですか? 私は何かを変更する必要がありますか?はいの場合、何ですか?挨拶と感謝