Ecart 5 - Paypal Standard - Clearing the Cart on Success
I have setup a cart using Ecart 5 and PayPal standard payments.
I have got the IPN working and updating my cart by passing the order_id in the "custom" field and then using this to update my orders.
On the checkout_success.php page, I have included the code outlined on http://www.webassist.com/forums/posts.php?id=20025, which works a treat. (My cart is a basic one at the moment - I'm not worried abut users logging in and storing their details at present).
My issue is that once a customer makes a payment, if they choose not to return to the checkout_success.php file by typing the URL of my shopping cart into a browser, their cart is still populated. What is worse is that now they can add extra items to their order, and because a payment has been made for that order id, they could add items to their order, press "checkout", and the system thinks they have items that they haven't paid for.
What I am after is if there is a way to clear the cart if an order_id is set in the session on load of the cart, will this work?
Or, I can set some validation on the checkout button (or confirm.php page), where the system checks the status based on the order id and maybe throws and exception or clears the session at that point to prevent anyone manipulating this flaw.
Or, I could use the mc_gross field recieved from the IPN, store this in the DB, and then flag up a possible security issue in the administration system, but this seems a bit messy to me.
I've been looking at the forums, and can't find any similar issue on the forums, hopefully this an easy fix.