MAINHACK

Viewing / Editing File: payment-return.php

<?php 
ob_start(); //for redirection
session_start();

$db['db_host'] = 'localhost';

$db['db_user'] = "shsadmis_shsadmissions";

$db['db_pass'] = 'V0%=%m9l*sx[';

$db['db_name'] = 'shsadmis_shsadmissions';

foreach ($db as $key => $values){

define(strtoupper($key) , $values);

}
$new = mysqli_connect(DB_HOST,DB_USER,DB_PASS,DB_NAME);

$indexNo    = mysqli_real_escape_string($new, trim($_GET['indexNo'] ?? ''));
$schoolCode = mysqli_real_escape_string($new, trim($_GET['schoolCode'] ?? ''));

if (strpos($schoolCode, '?') !== false) {
    $schoolCode = explode('?', $schoolCode, 2)[0];
}

if (empty($_GET['referenceId'])) {
    echo "<h3 class='text-danger text-center mt-5'>No reference ID received.</h3>";
    exit;
}

$referenceId = mysqli_real_escape_string($new, trim($_GET['referenceId']));

$url = "https://webpay.ghana.accessbankplc.com/Checkout/v1/Transaction/Status";

$data = [
    "ReferenceId" => $referenceId
];

$headers = [
    "Content-Type: application/json",
    "Authorization: TW5sM05FNXhRbWRhY1dkUS5wcm9kLlRFSnZiWEEwYjJGYVRWSm4=",
    "User-Agent: Mozilla/5.0"
];

$ch = curl_init();
curl_setopt_array($ch, [
    CURLOPT_URL => $url,
    CURLOPT_POST => true,
    CURLOPT_HTTPHEADER => $headers,
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_POSTFIELDS => json_encode($data),
    CURLOPT_TIMEOUT => 30,
    CURLOPT_SSL_VERIFYPEER => true,
    CURLOPT_SSL_VERIFYHOST => 2
]);

$response = curl_exec($ch);

if (curl_errno($ch)) {
    $errorMsg = "cURL Error: " . curl_error($ch);
    curl_close($ch);
    die("<h3 class='text-danger text-center mt-5'>$errorMsg</h3>");
}

$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

$result = json_decode($response, true);

$statusText = "Unable to verify transaction.";
$statusClass = "secondary";
$amount = $method = $transactionId = "";

if ($httpcode === 200 && isset($result['result']['transaction'])) {
    $transaction = $result['result']['transaction'];

$code   = $transaction['Code'] ?? '';
    $status = $transaction['Status'] ?? '';
    $amount = mysqli_real_escape_string($new, trim($transaction['Amount'] ?? ''));
    $method = mysqli_real_escape_string($new, trim($transaction['PaymentMethod'] ?? ''));
    $transactionId = mysqli_real_escape_string($new, trim($transaction['TransactionId'] ?? ''));

if ($code === "000" && strtoupper($status) === "S") {
        $statusText = "Payment Successful!";
        $statusClass = "success";

// Check for existing payment
        $indexxy = mysqli_query($new, "SELECT * FROM stud_payment WHERE indexNumber = '$indexNo'");
        if (!$indexxy) {
            error_log("Database query error: " . mysqli_error($new));
            die("<h3 class='text-danger text-center mt-5'>Database error while checking payment status.</h3>");
        }

if (mysqli_num_rows($indexxy) > 0) {
            // Log for debugging
            error_log("Payment already exists for indexNumber: $indexNo");
            header("Location: index");
            exit;
        }

// Insert payment record
        $pstatus = "Paid";
        $date = date("Y-m-d H:i:s");

$insertQuery = "INSERT INTO stud_payment 
            (s_code, indexNumber, amount, pstatus, datepaid, transaction_id, access_code) 
            VALUES 
            ('$schoolCode', '$indexNo', '$amount', '$pstatus', '$date', '$referenceId', '$transactionId')";

if (!mysqli_query($new, $insertQuery)) {
            error_log("Insert failed: " . mysqli_error($new));
            die("<h3 class='text-danger text-center mt-5'>Failed to save payment record: " . mysqli_error($new) . "</h3>");
        }

// Update enrol_generic
        $updateQuery = "UPDATE enrol_generic 
            SET access = '$transactionId' 
            WHERE indexNo = '$indexNo' AND s_code = '$schoolCode'";

if (!mysqli_query($new, $updateQuery)) {
            error_log("Update failed: " . mysqli_error($new));
            die("<h3 class='text-danger text-center mt-5'>Failed to update enrolment record: " . mysqli_error($new) . "</h3>");
        }

// Log success
        error_log("Payment recorded successfully for indexNumber: $indexNo, transactionId: $transactionId");
        header("Location: index?success=1");
        exit;
    } else {
        $statusText = "Payment Failed or Pending";
        $statusClass = "danger";
    }
} else {
    $statusText = "Could not verify transaction. Please try again later.";
    $statusClass = "warning";
}

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Payment Confirmation</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
    <style>
        body {
            background: linear-gradient(135deg, #f8f9fa, #e9ecef);
            min-height: 100vh;
            display: flex;
            align-items: center;
            justify-content: center;
        }
        .confirmation-card {
            max-width: 500px;
            border-radius: 20px;
            padding: 2rem;
        }
        .status-icon {
            font-size: 3rem;
        }
        .transaction-badge {
            font-size: 1.1rem;
            background-color: #f1f3f5;
            padding: 8px 15px;
            border-radius: 50px;
            display: inline-block;
            margin-top: 10px;
        }
    </style>
</head>
<body>
<div class="card confirmation-card shadow-lg text-center">
    <?php if ($statusClass === "success"): ?>
        <div class="status-icon text-success mb-3">✅</div>
    <?php else: ?>
        <div class="status-icon text-danger mb-3">❌</div>
    <?php endif; ?>

<?php if ($transactionId): ?>
        <p class="mt-3"><strong>Transaction ID:</strong></p>
        <div class="transaction-badge">
            <?php echo htmlspecialchars($transactionId); ?>
        </div>

<p class="mt-3 text-muted">
            Use this Access Code to log in to your portal.
        </p>
    <?php endif; ?>

<a href="login" class="btn btn-primary mt-4 px-4 rounded-pill">
        Go to Login
    </a>
</div>
</body>
</html>

Cancel / Back

[ MAINHACK ]

Viewing / Editing File: payment-return.php

Server Info

System Features

User Info