admin/38394-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38394-vm/checkout.php
Flatlogic Bot cfd8ea5733 Autosave: 20260213-074012
2026-02-13 07:40:13 +00:00

103 lines
3.7 KiB
PHP
Raw Blame History

<?php
require_once 'db/config.php';
require_once 'db/thawani_config.php';
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
header('Location: index.php');
exit;
}
$case_id = (int)$_POST['case_id'];
$amount = (float)$_POST['amount'];
$donor_name = $_POST['donor_name'] ?? 'Anonymous';
$donor_email = $_POST['donor_email'] ?? '';
$donor_phone = $_POST['donor_phone'] ?? '';
if ($amount <= 0) {
die("Invalid amount");
}
$pdo = db();
// Fetch case details
$stmt = $pdo->prepare("SELECT * FROM cases WHERE id = ?");
$stmt->execute([$case_id]);
$case = $stmt->fetch();
if (!$case) {
die("Case not found");
}
// Create pending donation
$stmt = $pdo->prepare("INSERT INTO donations (case_id, amount, status, donor_name, donor_email, donor_phone) VALUES (?, ?, 'pending', ?, ?, ?)");
$stmt->execute([$case_id, $amount, $donor_name, $donor_email, $donor_phone]);
$donation_id = $pdo->lastInsertId();
// Thawani Checkout Session Request
$payload = [
'client_reference_id' => (string)$donation_id,
'products' => [
[
'name' => $case['title_en'],
'unit_amount' => (int)($amount * 1000), // Thawani uses OMR baiza (1 OMR = 1000 baiza)
'quantity' => 1
]
],
'success_url' => 'http://' . $_SERVER['HTTP_HOST'] . '/success.php?session_id={CHECKOUT_SESSION_ID}',
'cancel_url' => 'http://' . $_SERVER['HTTP_HOST'] . '/index.php',
'metadata' => [
'donation_id' => $donation_id,
'case_id' => $case_id
]
];
// In a real scenario, we'd use CURL to call Thawani API.
// Since we don't have real keys, we'll mock the redirect or show a simulation.
if (THAWANI_SECRET_KEY === 'rRQ26GcsZ60u9Y9v9876543210' || empty(THAWANI_SECRET_KEY)) {
// Simulation Mode
?>
<!DOCTYPE html>
<html>
<head><title>Simulating Thawani Checkout</title><link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.min.css"></head>
<body class="bg-light p-5 text-center">
<div class="card mx-auto" style="max-width: 500px;">
<div class="card-body">
<img src="https://checkout.thawani.om/logo.png" alt="Thawani" height="50" class="mb-4">
<h3>Thawani Checkout Simulation</h3>
<p>Donation ID: #<?= $donation_id ?></p>
<p>Amount: OMR <?= number_format($amount, 3) ?></p>
<div class="alert alert-info small">This is a simulation because no valid Thawani keys are configured in <code>db/thawani_config.php</code>.</div>
<form action="success.php" method="GET">
<input type="hidden" name="session_id" value="mock_session_<?= time() ?>">
<input type="hidden" name="donation_id" value="<?= $donation_id ?>">
<button type="submit" class="btn btn-success w-100">Simulate Success Payment</button>
</form>
<a href="index.php" class="btn btn-link mt-2">Cancel</a>
</div>
</div>
</body>
</html>
<?php
exit;
}
// REAL CURL CALL (if keys were valid)
/*
$ch = curl_init(THAWANI_API_URL . '/checkout/session');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($payload));
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Content-Type: application/json',
'Thawani-Api-Key: ' . THAWANI_SECRET_KEY
]);
$response = curl_exec($ch);
$data = json_decode($response, true);
if (isset($data['data']['session_id'])) {
$session_id = $data['data']['session_id'];
header("Location: https://checkout.thawani.om/pay/" . $session_id . "?key=" . THAWANI_PUBLISHABLE_KEY);
} else {
echo "Thawani Error: " . ($data['description'] ?? 'Unknown error');
}
*/
Reference in New Issue View Git Blame Copy Permalink