C# 订单程序中的错误,在该程序中可以绕过付款
这个项目让客户首先创建一个订单,他们必须通过Braintree支付所述订单的费用,但是我得到的问题是,客户可以创建一个订单,然后他们关闭应用程序。这将导致订单仍然存在,但客户不必为订单付款。如果有人知道这方面的工作,我们将感谢他们的帮助。(订单和付款有效。我担心的只是这个bug) 订单控制员C# 订单程序中的错误,在该程序中可以绕过付款,c#,asp.net-mvc-5,payment,C#,Asp.net Mvc 5,Payment,这个项目让客户首先创建一个订单,他们必须通过Braintree支付所述订单的费用,但是我得到的问题是,客户可以创建一个订单,然后他们关闭应用程序。这将导致订单仍然存在,但客户不必为订单付款。如果有人知道这方面的工作,我们将感谢他们的帮助。(订单和付款有效。我担心的只是这个bug) 订单控制员 [HttpPost] [ValidateAntiForgeryToken] public async Task<ActionResult> FirstClassCrea
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<ActionResult> FirstClassCreate(FormCollection values)
{
var order = new Order();
TryUpdateModel(order);
var customer = db.Users.FirstOrDefault(x => x.Email == User.Identity.Name);
var cart = ShoppingCart.GetCart(this.HttpContext);
try
{
public ActionResult CreateFirstClass(FormCollection collection)
{
var gateway = config.GetGateway();
Decimal amount;
//Need to get the amount
try
{
amount = Convert.ToDecimal(Request["amount"]);
}
catch (FormatException e)
{
TempData["Flash"] = "Error: 81503: Amount is an invalid format.";
return RedirectToAction("New");
}
string nonceFromTheClient = collection["payment_method_nonce"];
var cart = ShoppingCart.GetCart(this.HttpContext);
//if (id == null)
//{
// return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
//}
//order = Orders.FindAsync(id);
var request = new TransactionRequest
{
Amount = cart.GetFirstClass(),
PaymentMethodNonce = nonceFromTheClient,
Options = new TransactionOptionsRequest
{
SubmitForSettlement = true
}
};
cart.EmptyCart();
Result<Transaction> result = gateway.Transaction.Sale(request);
if (result.IsSuccess())
{
Transaction transaction = result.Target;
return RedirectToAction("Show", new { id = transaction.Id });
}
else if (result.Transaction != null)
{
return RedirectToAction("Show", new { id = result.Transaction.Id });
}
else
{
string errorMessages = "";
foreach (ValidationError error in result.Errors.DeepAll())
{
errorMessages += "Error: " + (int)error.Code + " - " + error.Message + "\n";
}
TempData["Flash"] = errorMessages;
return RedirectToAction("New");
}
}
var请求=新事务处理请求
{
金额=购物车。GetFirstClass(),
PaymentMethodNonce=非客户,
选项=新事务选项请求
{
SubmitForSettlement=true
}
};
cart.EmptyCart();
结果=gateway.Transaction.Sale(请求);
if(result.issucess())
{
事务=结果。目标;
返回RedirectToAction(“Show”,new{id=transaction.id});
}
else if(result.Transaction!=null)
{
返回RedirectToAction(“Show”,new{id=result.Transaction.id});
}
其他的
{
字符串errorMessages=“”;
foreach(result.Errors.DeepAll()中的ValidationError错误)
{
errorMessages+=“Error:”+(int)Error.Code+“-”+Error.Message+“\n”;
}
TempData[“Flash”]=错误消息;
返回重定向操作(“新”);
}
}
#与其说这是一个代码问题,不如说是一个一般流程问题。基本上,您需要数据库中的某些内容来指示订单已付款,并且在付款之前您不会完成订单。创建后24小时(或类似时间)内未付款的任何订单都可以删除…嗯。收到付款后,是否更新记录?不要对尚未付款的记录采取行动?向应用程序后端添加一些内容(或制作一个单独的脚本),以检查数据库中是否有未付款的订单(我假设有某种方法让您知道这一点,如果不是肯定的话,也可以添加),然后删除它们。
public ActionResult CreateFirstClass(FormCollection collection)
{
var gateway = config.GetGateway();
Decimal amount;
//Need to get the amount
try
{
amount = Convert.ToDecimal(Request["amount"]);
}
catch (FormatException e)
{
TempData["Flash"] = "Error: 81503: Amount is an invalid format.";
return RedirectToAction("New");
}
string nonceFromTheClient = collection["payment_method_nonce"];
var cart = ShoppingCart.GetCart(this.HttpContext);
//if (id == null)
//{
// return new HttpStatusCodeResult(HttpStatusCode.BadRequest);
//}
//order = Orders.FindAsync(id);
var request = new TransactionRequest
{
Amount = cart.GetFirstClass(),
PaymentMethodNonce = nonceFromTheClient,
Options = new TransactionOptionsRequest
{
SubmitForSettlement = true
}
};
cart.EmptyCart();
Result<Transaction> result = gateway.Transaction.Sale(request);
if (result.IsSuccess())
{
Transaction transaction = result.Target;
return RedirectToAction("Show", new { id = transaction.Id });
}
else if (result.Transaction != null)
{
return RedirectToAction("Show", new { id = result.Transaction.Id });
}
else
{
string errorMessages = "";
foreach (ValidationError error in result.Errors.DeepAll())
{
errorMessages += "Error: " + (int)error.Code + " - " + error.Message + "\n";
}
TempData["Flash"] = errorMessages;
return RedirectToAction("New");
}
}