MAINHACK

Viewing / Editing File: reportpayment_callback.php

<?php
include("thisdb.php");

function fmtMoney($v) {
    if ($v === null || $v === '') return null;
    // Prefer BCMath if available for exact rounding
    if (function_exists('bcadd')) {
        // round to 2 using bc math: add 0 with 2 decimals
        $rounded = bcadd((string)$v, '0', 2);
        return $rounded; // string like "0.20"
    }
    // Fallback: normal float rounding, then stringify with 2dp
    return number_format((float)$v, 2, '.', ''); // e.g. "0.20"
}

$data = json_decode(file_get_contents("php://input"), true);
file_put_contents("hubtel_log.txt", "\n---- NEW CALLBACK ----\n", FILE_APPEND);
file_put_contents("hubtel_log.txt", print_r($data, true), FILE_APPEND);

// Hubtel credentials
$username = "73Q92DA";
$password = "609d0983e9344f74ac4c3a660dbda0e2";
$merchantAccountNumber = "2031762";

if (!empty($data['ResponseCode']) && $data['ResponseCode'] === "0000") {

$responseData = $data['Data'] ?? [];
    $reference = $responseData['ClientReference'] ?? '';
    $amount = $responseData['Amount'] ?? 0;
    $transaction_id = $responseData['SalesInvoiceId'] ?? uniqid('hubtel_');
    $payment_status = $responseData['Status'] ?? 'Pending';

// Parse reference: REF_indexNo_schoolCode_timestamp
    $parts = explode("_", $reference);
    if (count($parts) >= 4) {
        $indexNo = $parts[1];
        $schoolCode = $parts[2];
        file_put_contents("hubtel_log.txt", "Parsed: indexNo=$indexNo, schoolCode=$schoolCode\n", FILE_APPEND);
    } else {
        file_put_contents("hubtel_log.txt", "❌ Could not parse reference: $reference\n", FILE_APPEND);
        exit;
    }

// 🔍 1. OPTIONAL: Verify Transaction Status from Hubtel API
    $checkUrl = "https://api.hubtel.com/v2/merchantaccount/transactions/" . urlencode($reference);
    $auth = base64_encode("$username:$password");

$ch = curl_init($checkUrl);
    curl_setopt($ch, CURLOPT_HTTPHEADER, [
        "Authorization: Basic $auth",
        "Content-Type: application/json"
    ]);
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_TIMEOUT, 15);
    $hubtelResponse = curl_exec($ch);
    curl_close($ch);

$statusData = json_decode($hubtelResponse, true);

// Extract verified status (if API responded)
    if (isset($statusData['status'])) {
        $verifiedStatus = $statusData['status'];
        file_put_contents("hubtel_log.txt", "🔍 Hubtel API Verified Status: $verifiedStatus\n", FILE_APPEND);
    } elseif (isset($statusData['Data']['Status'])) {
        $verifiedStatus = $statusData['Data']['Status'];
        file_put_contents("hubtel_log.txt", "🔍 Hubtel API Verified Status (Data): $verifiedStatus\n", FILE_APPEND);
    } else {
        $verifiedStatus = $payment_status;
        file_put_contents("hubtel_log.txt", "⚠️ No verified status found, using callback status: $verifiedStatus\n", FILE_APPEND);
    }

// ---- Build & log a normalized verification payload ----
    $respCode = $data['ResponseCode'] ?? ($statusData['responseCode'] ?? null);
    $reference = $responseData['ClientReference'] ?? ($statusData['clientReference'] ?? $reference ?? null);

$normalizedLog = [

"message" => ($respCode === "0000" ? "Successful" : "Failed"),
    "responseCode" => $respCode,
    "data" => [
        "date" => $statusData['date']
            ?? ($statusData['Data']['Date'] ?? gmdate('c')),
        "status" => $statusData['status']
            ?? ($statusData['Data']['Status'] ?? ($verifiedStatus ?? $payment_status ?? 'Pending')),
        "transactionId" => $statusData['transactionId']
            ?? ($statusData['Data']['TransactionId'] ?? $transaction_id ?? null),
        "externalTransactionId" => $statusData['externalTransactionId']
            ?? ($responseData['externalTransactionId'] ?? ($responseData['ExternalTransactionId'] ?? null)),
        "paymentMethod" => $statusData['paymentMethod']
            ?? ($responseData['paymentMethod'] ?? ($responseData['PaymentMethod'] ?? null)),
        "clientReference" => $statusData['clientReference']
            ?? $reference,
        "currencyCode" => $statusData['currencyCode']
            ?? ($responseData['CurrencyCode'] ?? null),
        "amount" => fmtMoney(
            $statusData['amount']
                ?? ($responseData['Amount'] ?? $amount ?? 0)
        ),
        "charges" => ($statusData['charges'] ?? $responseData['Charges'] ?? null) !== null
            ? fmtMoney($statusData['charges'] ?? $responseData['Charges'])
            : null,
        "amountAfterCharges" => ($statusData['amountAfterCharges'] ?? $responseData['AmountAfterCharges'] ?? null) !== null
            ? fmtMoney($statusData['amountAfterCharges'] ?? $responseData['AmountAfterCharges'])
            : null,
        "isFulfilled" => $statusData['isFulfilled']
            ?? ($responseData['IsFulfilled'] ?? null),
    ]
];

file_put_contents(
    "hubtel_log.txt",
    "\n---- VERIFICATION (normalized) ----\n" .
    json_encode($normalizedLog, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES) . "\n",
    FILE_APPEND
);

// ✅ Continue DB update only if status is confirmed successful
    if (in_array(strtolower($verifiedStatus), ['successful', 'success', 'completed'])) {
        $pstatus  = "Paid";
        $datepaid = date("Y-m-d H:i:s");
        $thisamount = "0.5";
        $access_code = $indexNo;

// Prevent duplicate payments
        $check_sql = "SELECT * FROM resultpayment WHERE transaction_reference = '$transaction_id'";
        $check_result = mysqli_query($new, $check_sql);

if ($check_result && mysqli_num_rows($check_result) === 0) {
            $insert_sql = "
                INSERT INTO resultpayment 
                (index_num, s_code, studentId,amount,transaction_reference,status,datepaid) 
                VALUES 
                ('$indexNo','$schoolCode','$indexNo','$thisamount', '$transaction_id', '$pstatus', '$datepaid')";
    
    function generateAccessCode($length = 8) {
    return substr(str_shuffle(str_repeat('0123456789', $length)), 0, $length);
    }
    
    $ticket_code = generateAccessCode(); 
    $expi_date = date('Y-m-d', strtotime('+3 months'));
    $updatesteve = mysqli_query($new, "UPDATE enrol_details SET access_code = '$ticket_code', codeexpired = '$expi_date' WHERE (schoolID = '$indexNo' OR unique_student_code = '$indexNo') AND s_code = '$schoolCode'");

if (mysqli_query($new, $insert_sql)) {
                file_put_contents("hubtel_log.txt", "✅ INSERT successful for $indexNo ($schoolCode)\n", FILE_APPEND);
            } else {
                file_put_contents("hubtel_log.txt", "❌ INSERT failed: " . mysqli_error($new) . "\n", FILE_APPEND);
            }
        } else {
            file_put_contents("hubtel_log.txt", "⚠️ Duplicate transaction ignored for $indexNo ($schoolCode)\n", FILE_APPEND);
        }

if (mysqli_query($new, $update_sql)) {
            file_put_contents("hubtel_log.txt", "✅ UPDATE successful for $indexNo ($schoolCode)\n", FILE_APPEND);
        } else {
            file_put_contents("hubtel_log.txt", "❌ UPDATE failed: " . mysqli_error($new) . "\n", FILE_APPEND);
        }
    } else {
        file_put_contents("hubtel_log.txt", "⚠️ Payment not successful. Verified status: $verifiedStatus\n", FILE_APPEND);
    }
} else {
    file_put_contents("hubtel_log.txt", "⚠️ Invalid callback or ResponseCode not 0000\n", FILE_APPEND);
}
?>

Cancel / Back

[ MAINHACK ]

Viewing / Editing File: reportpayment_callback.php

Server Info

System Features

User Info