Well, as you can see if you check the donation logs, it's possible to alter the form and donate any amount you want. Donating less than 1 euro results in it displaying 0, however. I decided to check this because it's a fairly common bug in paypal donation systems, but it's easy to fix.
All you really need is to modify the PHP a little bit. As you can see from the donation page, we have multiple amounts to choose from on the list. For now, because it's easier, let's take a few of them. "5, 7, 10, 15, 20, 30"
In the PHP code for where we handle the form submit (assuming it doesn't go straight to paypal, because it shouldn't! There should be a middle-man!), we should get the amount. It should be in, say, $_POST['amount']. All we need for this simple check an array. The array will contain the values from our list of possible donation amounts (as per before, we're only using up to 30 for now, for the sake of ease.) So we create an array with the amounts.
And since we're not allowing decimal donations, we can use the easier way to make the amount submitted "safe"
Now, all we need to do is check whether or not it's in the array of valid amounts or not!
So the final test code would look like this:
Display All
All you really need is to modify the PHP a little bit. As you can see from the donation page, we have multiple amounts to choose from on the list. For now, because it's easier, let's take a few of them. "5, 7, 10, 15, 20, 30"
In the PHP code for where we handle the form submit (assuming it doesn't go straight to paypal, because it shouldn't! There should be a middle-man!), we should get the amount. It should be in, say, $_POST['amount']. All we need for this simple check an array. The array will contain the values from our list of possible donation amounts (as per before, we're only using up to 30 for now, for the sake of ease.) So we create an array with the amounts.
And since we're not allowing decimal donations, we can use the easier way to make the amount submitted "safe"
Now, all we need to do is check whether or not it's in the array of valid amounts or not!
So the final test code would look like this:
PHP Source Code
- <?php
- $valid_amounts = array(5, 7, 10, 15, 20, 30);
- $donation_amount = intval('0.1');
- if (!in_array($donation_amount, $valid_amounts)) {
- // Do something about this!
- echo('Sorry, you\'ve attempted to donate an invalid amount! This has been logged!');
- //someLogFunction('invalid donation amount', $_SERVER['REMOTE_ADDR']);
- } else {
- echo('Thank you for your donation!');
- }
- ?>
