question re: amt_paid != price in money event

If one hides the payment field and shows a single fast-pay button, is there any possible reason that the money event would be called with the amount_paid != fastpay_amount other than somebody using a bugged client (or one intentionally rigged to attempt theft)?

In scripting terms, why do this:

//-----------------------------
integer price = 100;

default {
state_entry() {
llSetPayPrice(PAY_HIDE,[price,PAY_HIDE,PAY_HIDE,PAY_HIDE]);
llRequestPermissions(llGetOwner(), PERMISSION_DEBIT);
}
run_time_permissions(integer perm) {
if(perm & PERMISSION_DEBIT) state active;
}
}

state active {
money(key customer, integer amt_paid) {
if(amt_paid != price) {
llGiveMoney(customer,amt_paid);
llInstantMessage(customer,"You paid the wrong amount.";
}else{
llGiveInventory(customer,"stuff";
llInstantMessage(customer,"Thanks for your purchase!";
}
}
}
//-----------------------------------

....instead of simply this.....

//~~~~~~~~~~~~~~~~~~~~~
integer price = 100;

default {
state_entry() {
llSetPayPrice(PAY_HIDE,[price,PAY_HIDE,PAY_HIDE,PAY_HIDE]);
}
money(key customer, integer amt_paid) {
if(amt_paid != price) {
llInstantMessage(customer,"Take your hacked client elsewhere. And thanks for the donation. Kthxbi.";
llTeleportAgentHome(customer);
}else{
llGiveInventory(customer,"stuff";
llInstantMessage(customer,"Thanks for your purchase!";
}
}
}

//~~~~~~~~~~~~~~~~~~~


Thoughts?

I have been wondering the same thing and I prefer the version without the 'PERMISSION_DEBIT',
but not with that wording In fact I do not check the amount. If some one exploits me I will not see it until I look in the transactions history.
It would be nice to know more about how safe the 'single fast-pay button' method is.

ALWAYS check the amount. Consider the fast-pay thing a way of 'suggesting' a price, but keep in mind that agents can pay any amount they want to, including 0.

QFT

This warning is also on-top of the llSetPayPrice wiki



.

I prefer logic such as:

logError(string message)
{
   // Or e-mail, HTTP, whatever
   llInstantMessage(llGetOwner(), message);
}

...

money(key id, integer amount)
{
   string payer = llKey2Name(id)+" ("+id+")";
   if (amount < PRICE)
   {
      llWhisper(
         "Sorry, that is not enough.  Please contact the vendor owner for a "+
         "refund.");
      logError(
         payer+" paid "+(string)amount+" for "+PRODUCT+" which costs "+
         (string)PRICE+".  Please check your transaction history and "+
         "consider giving a refund.");
   } else
   {
      if (amount > PRICE)
      {
         llWhisper(
            "You have overpaid by "+(integer)(PRICE-amount)+
            ".  Please contact the vendor owner for change.");
         logError(
            payer+" paid "+(string)amount+" for "+PRODUCT+" which only costs "+
            (string)PRICE+".  Please check your transaction history and "+
            "consider giving change.");
      }

      givePurchasedProductTo(id);
   }
}

Has anybody ever experienced a different payment than that set by fast pay?
when set to one price only: llSetPayPrice(PAY_HIDE,[payment,PAY_HIDE,PAY_HIDE,PAY_HIDE]);

No, but I could design a viewer modification to do it so I prefer the paranoid approach.

Well, in my vendors, I use something like this in the "money" event...





It was originally added to help me keep track of how much L$ I make per week, etc., but I realized it could also be a helpful feature for detecting theft.

If you get this message:

You know something's up.

also beware of comparing the price paid, to a variable based on the currently showing item... if someone pulls a pay dialog, and someone else(or even that specific buyer) then changes the displayed product, all sorts of oddness will ensue, the buyer could get the wrong item, or end up paying more/less, or a combination of those.

but then its too late


.