MAINHACK

Viewing / Editing File: verifypayment.php

<?php 
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

include("functions.php");
if(!isset($_SESSION['index_no78897498'])){
header("location:index");
} else {

try {
    $db = new PDO('mysql:host=localhost;dbname=shsadmis_shsadmissions', 'shsadmis_shsadmissions', 'V0%=%m9l*sx[');
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
} catch (PDOException $e) {
    die(json_encode(['error' => 'Database connection failed: ' . $e->getMessage()]));
}

$reference = isset($_GET['reference']) ? $_GET['reference'] : null;
$email = isset($_GET['email']) ? trim(urldecode($_GET['email'])) : null;
$phone = isset($_GET['phone']) ? $_GET['phone'] : null;
$stu_code = $_SESSION['index_no78897498'];
$schoolID =  $_SESSION['student_id0023894'];
$myschoolcode = $_SESSION['myschoolcode'];

$selectme = mysqli_query($new,"SELECT * FROM enrol_details WHERE schoolID = '$schoolID' AND s_code = '$myschoolcode'");
$getpay = mysqli_fetch_array($selectme);
$myname = $getpay['student_name'];
$schoolID = $getpay['schoolID'];
$school_code = $getpay['s_code'];

if (!$reference) {
    die(json_encode(['error' => 'No transaction reference provided']));
}

if (!$email) {
    die(json_encode(['error' => 'No transaction reference provided']));
}

if (!$phone) {
    die(json_encode(['error' => 'No transaction reference provided']));
}

// Paystack secret key (replace with your live secret key for production)
$secret_key = 'sk_test_b7dd628e46ff7d0972dbed599619730aa01097b0';

$curl = curl_init();
curl_setopt_array($curl, [
    CURLOPT_URL => "https://api.paystack.co/transaction/verify/" . urlencode($reference),
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_HTTPHEADER => [
        "Authorization: Bearer $secret_key",
        "Content-Type: application/json"
    ],
]);

$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);

if ($err) {
    die(json_encode(['error' => 'cURL error: ' . $err]));
}
$result = json_decode($response, true);

if (!$result || !isset($result['status']) || !$result['status']) {
    die(json_encode(['error' => 'Verification failed: ' . ($result['message'] ?? 'Unknown error')]));
}
// Check transaction status and amount
$transaction_status = $result['data']['status'];
$transaction_amount = $result['data']['amount'] / 100; // Convert pesewas to GHS

function generateUniqueTicketCode($db) {
    $prefix = 'SHS-';
    $length = 6;
    $characters = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
    $max_attempts = 10;

for ($attempt = 1; $attempt <= $max_attempts; $attempt++) {
        $random = '';
        for ($i = 0; $i < $length; $i++) {
            $random .= $characters[rand(0, strlen($characters) - 1)];
        }
        $ticket_code = $prefix . $random;

try {
            $stmt = $db->prepare('SELECT COUNT(*) FROM resultpayment WHERE ticket_code = :ticket_code');
            $stmt->bindValue(':ticket_code', $ticket_code, PDO::PARAM_STR);
            $stmt->execute();
            $count = $stmt->fetchColumn();

if ($count == 0) {
                return $ticket_code;
            }
        } catch (PDOException $e) {
            die(json_encode(['error' => 'Database error in generateUniqueTicketCode: ' . $e->getMessage()]));
        }
    }

// Fallback unique code
    return 'SHS-' . substr(strtoupper(md5(uniqid(rand(), true))), 0, 6);
}

if ($transaction_status === 'success') {

$email = $result['data']['customer']['email'] ?? 'afoakwastephen80@gmail.com'; // Use email from Paystack or

$status = "Paid";
        $date = date("Y-m-d");
        $ticket_code = generateUniqueTicketCode($db);

$sql = "INSERT INTO resultpayment 
        (index_num, s_code, studentId, amount, ticket_code, transaction_reference, status, datepaid) 
        VALUES 
        (:index_num, :s_code, :studentId, :amount, :ticket_code, :transaction_reference, :status, :datepaid)";

$stmt = $db->prepare($sql);

$insert = $stmt->execute([
    ':index_num' => $stu_code,
    ':s_code' => $school_code,
    ':studentId' => $schoolID,
    ':amount' => $transaction_amount,
    ':ticket_code' => $ticket_code,
    ':transaction_reference' => $reference,
    ':status' => $status,
    ':datepaid' => $date
]);

$expi_date = date('Y-m-d', strtotime('+3 months'));

$updatesteve = mysqli_query($new, "UPDATE enrol_details SET access_code = '$ticket_code', codeexpired = '$expi_date' WHERE schoolID = '$schoolID' AND s_code = '$school_code'");

$senderID = "VITEGH"; // Replace with your desired sender ID

$data = json_encode([
'username' => "vitelogistics",
'password' => "vitelogis@2025",
'source' => $senderID,
'destination' => $phone,
'message' => "Your Access code : $ticket_code .Use the access code to view or download your report Contact 024 863 1259for support",
'ol' => false,
]);

$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => 'https://deywuro.com/api/sms',
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => '',
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_FOLLOWLOCATION => true,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => 'POST',
CURLOPT_POSTFIELDS => $data,
CURLOPT_HTTPHEADER => [
'Accept: application/json',
'Content-Type: application/json',
],
]);

$sms_response = curl_exec($curl);
$sms_err = curl_error($curl);
curl_close($curl);

// Log SMS errors (optional, for debugging)
if ($sms_err) {
error_log("SMS API error for ticket $ticket_code: $sms_err");
} else {
$sms_result = json_decode($sms_response, true);
if (!$sms_result || !isset($sms_result['status']) || $sms_result['status'] !== 'success') {
error_log("SMS API failed for ticket $ticket_code: " . ($sms_result['message'] ?? 'Unknown error'));
}
}

header("location: dashboard");

}

Cancel / Back

[ MAINHACK ]

Viewing / Editing File: verifypayment.php

Server Info

System Features

User Info