From ed904659b4a4b91531a92cfbe93214007b09c418 Mon Sep 17 00:00:00 2001
From: Ermias H <airmax.7@gmail.com>
Date: Fri, 9 Oct 2020 13:09:11 +0300
Subject: [PATCH] total amount check added on success url

---
 woo-yenepay.php | 16 ++++++++++------
 1 file changed, 10 insertions(+), 6 deletions(-)

diff --git a/woo-yenepay.php b/woo-yenepay.php
index 1e44751..3516bf2 100644
--- a/woo-yenepay.php
+++ b/woo-yenepay.php
@@ -230,11 +230,15 @@ public function success_webhook() {
 								//cURL used here to call yenepay's payment gateway API
 								$result = $checkoutHelper->RequestPDT($pdtModel);
 								if($result['result'] == 'SUCCESS' && ($result['Status'] == 'Paid' || $result['Status'] == 'Delivered' || $result['Status'] == 'Completed')){
-									// Payment complete
-									$order->payment_complete();
-									// Add order note
-									$order->add_order_note( sprintf( __( 'YenePay payment approved! Transaction ID: %s ', 'woocommerce' ), $transactionId ) );
-
+									if(floatval($result['TotalAmount']) == $order->get_total()){
+										// Payment complete
+										$order->payment_complete();
+										// Add order note
+										$order->add_order_note( sprintf( __( 'YenePay payment approved! Transaction ID: %s ', 'woocommerce' ), $transactionId ) );
+									}
+									else{
+										self::log("Total amount mismatch on PDT request for order: ".$order_id);
+									}
 								}
 								else{
 									self::log("failed PDT request. PDT result is: ".var_dump($result));
@@ -310,7 +314,7 @@ public function ipn_webhook(){
 			$helper = new CheckoutHelper();
 
 			//check if the order total here and the total amount sent via ipn match
-			if(floatval($_POST['TotalAmount']) == $wc_order->get_order_total){
+			if(floatval($_POST['TotalAmount']) == $wc_order->get_total()){
 				//Call yenepay's payment gateway API and check the IPN validity
 				//cURL used here to call yenepay's payment gateway API
 				if($helper->isIPNAuthentic($ipnModel))