You will be redirected to iKhokha's Secure Payment Gateway.
+
+ Please upload your proof of payment below.
+
diff --git a/src/pages/memberships/renew_membership.php b/src/pages/memberships/renew_membership.php
index f6d85f38..8b7ecab2 100644
--- a/src/pages/memberships/renew_membership.php
+++ b/src/pages/memberships/renew_membership.php
@@ -1,26 +1,78 @@
prepare("UPDATE membership_fees SET payment_amount = ?, payment_date = ?, membership_start_date = ?, membership_end_date = ?, payment_status = 'PENDING', payment_id = ? WHERE user_id = ?");
-$stmt->bind_param("dssssi", $payment_amount, $payment_date, $membership_start_date, $membership_end_date, $eft_id, $user_id);
+// Hardcode membership start date to 2026-03-01 per request
+$membership_start_date = '2026-03-01';
+
+// Set membership_end_date to the last day of February in the following year
+$nextYear = intval(date('Y')) + 1;
+$dt = new DateTime($nextYear . '-02-28');
+$membership_end_date = $dt->format('Y-m-t');
+
+$stmt = $conn->prepare("UPDATE membership_fees SET payment_amount = ?, payment_date = ?, membership_start_date = ?, membership_end_date = ?, payment_status = 'AWAITING PAYMENT', payment_id = ? WHERE user_id = ?");
+$stmt->bind_param("dssssi", $payment_amount, $payment_date, $membership_start_date, $membership_end_date, $payment_id, $user_id);
if ($stmt->execute()) {
// Commit the transaction
$conn->commit();
- addSubsEFT($eft_id, $user_id, $status, $payment_amount, $description);
+
+ $checkP = $conn->prepare("SELECT COUNT(*) AS cnt FROM payments WHERE payment_id = ? LIMIT 1");
+ if ($checkP) {
+ $checkP->bind_param('s', $payment_id);
+ $checkP->execute();
+ $r = $checkP->get_result()->fetch_assoc();
+ $exists = intval($r['cnt']) > 0;
+ $checkP->close();
+ } else {
+ $exists = false;
+ }
+
+ if (!$exists) {
+ $publicRef = bin2hex(random_bytes(16));
+ // If current month is December, attribute the membership year to the next year
+ $currentYear = intval(date('Y'));
+ $month = intval(date('n'));
+ if ($month === 12) {
+ $membershipYear = $currentYear + 1;
+ } else {
+ $membershipYear = $currentYear;
+ }
+ $description = 'Membership Fees ' . $membershipYear . ' ' . getInitialSurname($user_id);
+ $status = 'AWAITING PAYMENT';
+ $ins = $conn->prepare("INSERT INTO payments (payment_id, user_id, amount, status, description, public_ref) VALUES (?, ?, ?, ?, ?, ?)");
+ if ($ins) {
+ $ins->bind_param('sidsss', $payment_id, $user_id, $payment_amount, $status, $description, $publicRef);
+ $ins->execute();
+ $ins->close();
+ }
+ }
+
+ // Create iKhokha paylink via helper (functions.php)
+ try {
+ $publicRef = $publicRef ?? bin2hex(random_bytes(16));
+ $resp = createIkhokhaPayment($payment_id, $payment_amount, $description, $publicRef);
+ $paylink = $resp['paylinkUrl'] ?? $resp['paylinkURL'] ?? $resp['paylink_url'] ?? null;
+ if ($paylink) {
+ header('Location: membership_payment?payment_id=' . $payment_id);
+ exit();
+ } else {
+ header("Location: membership_details");
+ exit();
+ }
+ } catch (Exception $e) {
+ // Log but do not fail signature save
+ error_log('iKhokha create error: ' . $e->getMessage());
+ }
+
+
header("Location:membership_payment.php");
// Success message
$response = [
diff --git a/src/pages/other/indemnity.php b/src/pages/other/indemnity.php
index c6f1c43e..3fc42185 100644
--- a/src/pages/other/indemnity.php
+++ b/src/pages/other/indemnity.php
@@ -105,17 +105,29 @@ if (isset($_SESSION['user_id'])) {
response = JSON.parse(response);
}
if (response.status === 'success') {
- // Check if the user has paid
+ // If provider returned a direct paylink, go there immediately
+ if (response.paylinkUrl) {
+ window.location.href = 'membership_payment.php?payment_id=' + encodeURIComponent(response.payment_id);
+ return;
+ }
+
+ // If we have a payment_id, redirect to membership_payment with it
+ // if (response.payment_id) {
+ // setTimeout(function() {
+ // window.location.href = 'membership_payment.php?payment_id=' + encodeURIComponent(response.payment_id);
+ // }, 800);
+ // return;
+ // }
+
+ // Fallback behaviour: check paymentStatus
if (response.paymentStatus === 'PAID') {
- // Redirect to membership_details.php if paid
setTimeout(function() {
window.location.href = 'membership_details.php';
- }, 2000); // 2-second delay before redirecting
+ }, 1200);
} else {
- // Redirect to membership_payment.php if not paid
setTimeout(function() {
window.location.href = 'membership_payment.php';
- }, 2000); // 2-second delay before redirecting
+ }, 1200);
}
} else {
$('#responseMessage').html('
' + response.message + '
');
diff --git a/src/pages/payment/cancel.php b/src/pages/payment/cancel.php
new file mode 100644
index 00000000..0aab44f6
--- /dev/null
+++ b/src/pages/payment/cancel.php
@@ -0,0 +1,73 @@
+prepare("SELECT payment_id, amount, payment_link, status, provider, provider_payment_id, public_ref, description FROM payments WHERE public_ref = ? OR payment_id = ? LIMIT 1");
+ if ($stmt) {
+ $stmt->bind_param('ss', $ref, $ref);
+ $stmt->execute();
+ $res = $stmt->get_result();
+ if ($row = $res->fetch_assoc()) {
+ $payment = $row;
+ } else {
+ $error_message = 'Payment record not found for the supplied reference.';
+ }
+ $stmt->close();
+ } else {
+ $error_message = 'Database error: ' . $conn->error;
+ }
+} else {
+ $error_message = 'No reference supplied.';
+}
+
+$pageTitle = 'Payment Cancelled';
+$breadcrumbs = [['Home' => 'index.php'], ['Payment' => 'membership_payment.php']];
+require_once($rootPath . '/components/banner.php');
+?>
+
+
+
+
+
+ Payment Cancelled
+
Your payment was cancelled or you returned without completing it.
+
+
+
+
+
+
Your payment appears to have been cancelled. If this was a mistake you can try again below.
+
+ - Reference:
+ - Amount: R
+ - Description:
+
+
+
+
+ Retry Payment
+
+
+
+
+
Contact info@4wdcsa.co.za if you need assistance.
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/pages/payment/failure.php b/src/pages/payment/failure.php
new file mode 100644
index 00000000..1491b4ec
--- /dev/null
+++ b/src/pages/payment/failure.php
@@ -0,0 +1,75 @@
+prepare("SELECT payment_id, amount, payment_link, status, provider, provider_payment_id, public_ref, description FROM payments WHERE public_ref = ? OR payment_id = ? LIMIT 1");
+ if ($stmt) {
+ $stmt->bind_param('ss', $ref, $ref);
+ $stmt->execute();
+ $res = $stmt->get_result();
+ if ($row = $res->fetch_assoc()) {
+ $payment = $row;
+ } else {
+ $error_message = 'Payment record not found for the supplied reference.';
+ }
+ $stmt->close();
+ } else {
+ $error_message = 'Database error: ' . $conn->error;
+ }
+} else {
+ $error_message = 'No reference supplied.';
+}
+
+$pageTitle = 'Payment Failed';
+$breadcrumbs = [['Home' => 'index.php'], ['Payment' => 'membership_payment.php']];
+require_once($rootPath . '/components/banner.php');
+?>
+
+
+
+
+
+ Payment Failed
+
Unfortunately your payment could not be completed.
+
+
+
+
+
+
We were unable to process your payment. You can try again or contact support for assistance.
+
+ - Reference:
+ - Amount: R
+ - Provider:
+ - Description:
+ - Status:
+
+
+
+
+ Try Again
+
+
+
+
+
Or contact info@4wdcsa.co.za for help.
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/pages/payment/success.php b/src/pages/payment/success.php
new file mode 100644
index 00000000..11b36dad
--- /dev/null
+++ b/src/pages/payment/success.php
@@ -0,0 +1,84 @@
+prepare("SELECT payment_id, amount, payment_link, status, provider, provider_payment_id, public_ref, description, booking_id FROM payments WHERE public_ref = ? OR payment_id = ? LIMIT 1");
+ if ($stmt) {
+ $stmt->bind_param('ss', $ref, $ref);
+ $stmt->execute();
+ $res = $stmt->get_result();
+ if ($row = $res->fetch_assoc()) {
+ $payment = $row;
+ } else {
+ $error_message = 'Payment record not found for the supplied reference.';
+ }
+ $stmt->close();
+ } else {
+ $error_message = 'Database error: ' . $conn->error;
+ }
+} else {
+ $error_message = 'No reference supplied.';
+}
+
+$pageTitle = 'Payment Successful';
+$breadcrumbs = [['Home' => 'index.php'], ['Payment' => 'membership_payment.php']];
+require_once($rootPath . '/components/banner.php');
+?>
+
+
+
+
+
+ Payment Successful
+
Thank you — your payment was received.
+
+
+
MEMBERSHIP STATUS:
+
+
+
+
+
+
Your payment has been processed successfully. Below are the details we received:
+
+ - Reference:
+ - Amount: R
+ - Provider:
+ - Description:
+ - Status:
+
+
+
+
+ Go to Membership Details
+
+
+
+
+ Go to my Bookings
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/processors/process_application.php b/src/processors/process_application.php
index b3347e0b..d4045c4b 100644
--- a/src/processors/process_application.php
+++ b/src/processors/process_application.php
@@ -6,9 +6,17 @@ require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php");
$user_id = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : null;
-$eft_id = strtoupper($user_id." SUBS ".date("Y")." ".getInitialSurname($user_id));
+$payment_id = uniqid();
$status = 'AWAITING PAYMENT';
-$description = 'Membership Fees '.date("Y")." ".getInitialSurname($user_id);
+// If current month is December, attribute the membership year to the next year
+$currentYear = intval(date('Y'));
+$month = intval(date('n'));
+if ($month === 12) {
+ $membershipYear = $currentYear + 1;
+} else {
+ $membershipYear = $currentYear;
+}
+$description = 'Membership Fees ' . $membershipYear . ' ' . getInitialSurname($user_id);
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// CSRF Token Validation
@@ -203,15 +211,16 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
$stmt = $conn->prepare("INSERT INTO membership_fees (user_id, payment_amount, payment_date, membership_start_date, membership_end_date, payment_status, payment_id)
- VALUES (?, ?, ?, ?, ?, 'PENDING', ?)");
- $stmt->bind_param("idssss", $user_id, $payment_amount, $payment_date, $membership_start_date, $membership_end_date, $eft_id);
+ VALUES (?, ?, ?, ?, ?, 'AWAITING PAYMENT', ?)");
+ $stmt->bind_param("idssss", $user_id, $payment_amount, $payment_date, $membership_start_date, $membership_end_date, $payment_id);
if ($stmt->execute()) {
// Commit the transaction
$conn->commit();
- addSubsEFT($eft_id, $user_id, $status, $payment_amount, $description);
- sendInvoice(getEmail($user_id), getFullName($user_id), $eft_id, formatCurrency($payment_amount), $description);
- sendAdminNotification('4WDCSA.co.za - New Membership Application - '.$last_name , 'A new member has signed up, '.$first_name.' '.$last_name);
+ // Do not create legacy EFTs. Create a payments-ready membership fee and notify admin.
+ // Optionally send an invoice referencing the internal payment id
+ // sendInvoice(getEmail($user_id), getFullName($user_id), $payment_id, formatCurrency($payment_amount), $description);
+ // sendAdminNotification('4WDCSA.co.za - New Membership Application - '.$last_name , 'A new member has signed up, '.$first_name.' '.$last_name);
header("Location: indemnity");
// Success message
$response = [
diff --git a/src/processors/process_course_booking.php b/src/processors/process_course_booking.php
index 098abab0..7d2af6f0 100644
--- a/src/processors/process_course_booking.php
+++ b/src/processors/process_course_booking.php
@@ -94,6 +94,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$status = "AWAITING PAYMENT";
$type = 'course';
$payment_id = uniqid();
+ $publicRef = bin2hex(random_bytes(16));
$num_vehicles = 1;
$discountAmount = 0;
$eft_id = strtoupper("COURSE ".date("m-d", strtotime($date))." ".getInitialSurname($user_id));
@@ -125,11 +126,31 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
echo "Error processing booking: $error_message";
}
} else {
- addEFT($eft_id, $booking_id, $user_id, $status, $payment_amount, $description);
- sendInvoice(getEmail($user_id), getFullName($user_id), $eft_id, formatCurrency($payment_amount), $description);
+ // Create payments row
+ $pstmt = $conn->prepare("INSERT INTO payments (payment_id, user_id, amount, status, description, booking_id, public_ref) VALUES (?, ?, ?, ?, ?, ?, ?)");
+ if ($pstmt) {
+ $pstmt->bind_param('sidssis', $payment_id, $user_id, $payment_amount, $status, $description, $booking_id, $publicRef);
+ $pstmt->execute();
+ $pstmt->close();
+ }
+
+ // Create iKhokha payment link
+ $resp = createIkhokhaPayment($payment_id, $payment_amount, $description, $publicRef);
+
+ // Send invoice and admin notification (keep for records)
+ // sendInvoice(getEmail($user_id), getFullName($user_id), $eft_id, formatCurrency($payment_amount), $description);
sendAdminNotification('New Course Booking - '.getFullName($user_id), getFullName($user_id).' has booked for '.$description);
- header("Location: payment_confirmation?token=".encryptData($booking_id, $salt));
- exit(); // Ensure no further code is executed after the redirect
+
+ // Redirect user to payment link if available
+ $paylink = $resp['paylinkUrl'] ?? $resp['paylinkURL'] ?? $resp['paylink_url'] ?? null;
+ if ($paylink) {
+ header('Location: ' . $paylink);
+ exit();
+ } else {
+ // Fallback: redirect to legacy payment confirmation page
+ header("Location: payment_confirmation?token=".encryptData($booking_id, $salt));
+ exit();
+ }
}
} else {
// Handle error if insert fails and echo the MySQL error
diff --git a/src/processors/process_membership_payment.php b/src/processors/process_membership_payment.php
index cede548e..8d81ddfa 100644
--- a/src/processors/process_membership_payment.php
+++ b/src/processors/process_membership_payment.php
@@ -15,64 +15,92 @@ if (!$user_id) {
echo "";
exit();
}
-$is_member = getUserMemberStatus($user_id);
-$query = "SELECT payment_amount, payment_status, membership_end_date FROM membership_fees WHERE user_id = ?";
+// Fetch the membership fee record for this user
+$query = "SELECT fee_id, payment_amount, payment_status, membership_end_date FROM membership_fees WHERE user_id = ?";
$stmt = $conn->prepare($query);
+if (!$stmt) {
+ http_response_code(500);
+ echo json_encode(['error' => 'Server error preparing statement']);
+ exit();
+}
$stmt->bind_param('i', $user_id);
$stmt->execute();
$result = $stmt->get_result();
-// Check if trip exists
+// Check if membership fee exists
if ($result->num_rows === 0) {
- $response = ['error' => 'Application Fee not found.'];
+ $response = ['error' => 'Membership fee not found.'];
header('Content-Type: application/json');
echo json_encode($response);
exit();
}
-// Fetch trip details
+// Fetch fee details
$fee = $result->fetch_assoc();
+$fee_id = isset($fee['fee_id']) ? intval($fee['fee_id']) : null;
$payment_status = $fee['payment_status'];
$membership_end_date = $fee['membership_end_date'];
-$payment_amount = intval($fee['payment_amount']);
+$payment_amount = floatval($fee['payment_amount']);
+$publicRef = bin2hex(random_bytes(16));
$description = "4WDCSA: Membership Fee " . getFullName($user_id) . " " . date("Y");
$payment_id = uniqid();
-$eft_id = "SUBS 2025 ".getLastName($user_id);
-// Update the membership_fees table to set payment_id
-$stmt = $conn->prepare("UPDATE membership_fees SET payment_id = ? WHERE user_id = ?");
-if ($stmt) {
- $stmt->bind_param("ss", $payment_id, $user_id);
-
- if (!$stmt->execute()) {
- throw new Exception("Failed to update membership_fees table.");
+// Persist the generated payment_id back to the membership_fees row (use fee_id to be precise)
+$updateStmt = $conn->prepare("UPDATE membership_fees SET payment_id = ? WHERE fee_id = ?");
+if ($updateStmt) {
+ $updateStmt->bind_param("si", $payment_id, $fee_id);
+ if (!$updateStmt->execute()) {
+ throw new Exception("Failed to update membership_fees table: " . $updateStmt->error);
}
-
- $stmt->close();
- $conn->close();
+ $updateStmt->close();
} else {
throw new Exception("Failed to prepare statement for membership_fees table: " . $conn->error);
}
-// Get the current date
-$current_date = new DateTime();
+// If the amount is zero, treat as paid immediately
+if ($payment_amount < 1) {
+ if (processZeroPayment($payment_id, $payment_amount, $description)) {
+ // Update membership_fees status to PAID
+ $paidStmt = $conn->prepare("UPDATE membership_fees SET payment_status = 'PAID' WHERE fee_id = ?");
+ if ($paidStmt) {
+ $paidStmt->bind_param('i', $fee_id);
+ $paidStmt->execute();
+ $paidStmt->close();
+ }
+ echo "";
+ exit();
+ } else {
+ echo "";
+ exit();
+ }
+} else {
+ // Create payments row
+ $status = "AWAITING PAYMENT";
+ $pstmt = $conn->prepare("INSERT INTO payments (payment_id, user_id, amount, status, description, public_ref) VALUES (?, ?, ?, ?, ?, ?)");
+ if ($pstmt) {
+ $pstmt->bind_param('sidsss', $payment_id, $user_id, $payment_amount, $status, $description, $publicRef);
+ $pstmt->execute();
+ $pstmt->close();
+ }
-// Convert $membership_end_date to a DateTime object
-$membership_end_date_obj = DateTime::createFromFormat('Y-m-d', $membership_end_date);
+ // Create iKhokha payment link
+ $resp = createIkhokhaPayment($payment_id, $payment_amount, $description, $publicRef);
-// Check if the current date is after membership_end_date
-// OR if the current date is before or on membership_end_date AND payment_status is "PENDING"
-if (
- $current_date > $membership_end_date_obj ||
- ($current_date <= $membership_end_date_obj && $payment_status === "PENDING")
-) {
+ // Send invoice and admin notification if desired
+ // sendInvoice(getEmail($user_id), getFullName($user_id), 'MEMBERSHIP-'.date('Y'), formatCurrency($payment_amount), $description);
+ sendAdminNotification('Membership Payment Initiated - '.getFullName($user_id), getFullName($user_id).' initiated a membership payment.');
- // Call the processMembershipPayment function
- // processMembershipPayment($payment_id, $payment_amount, $description);
- addMembershipEFT($eft_id, $user_id, $status, $amount, $description, $membershipfee_id);
- header("Location: payment_confirmation?booking_id=" . $booking_id);
- exit(); // Ensure no further code is executed after the redirect
+ // Redirect user to payment link if available
+ $paylink = $resp['paylinkUrl'] ?? $resp['paylinkURL'] ?? $resp['paylink_url'] ?? null;
+ if ($paylink) {
+ header('Location: ' . $paylink);
+ exit();
+ } else {
+ // Fallback: redirect to a membership page with an encrypted token
+ header("Location: membership_confirmation?token=" . encryptData($payment_id, $salt));
+ exit();
+ }
}
diff --git a/src/processors/process_signature.php b/src/processors/process_signature.php
index c504b12c..7f1eaef9 100644
--- a/src/processors/process_signature.php
+++ b/src/processors/process_signature.php
@@ -59,13 +59,96 @@ if (isset($_POST['signature'])) {
// Check the payment status
$paymentStatus = checkMembershipPaymentStatus($user_id) ? 'PAID' : 'NOT_PAID';
- // Respond with the appropriate redirect URL based on the payment status
+ // If not paid, create a payments row (if missing) and initiate iKhokha paylink
+ $paylink = null;
+ if ($paymentStatus !== 'PAID') {
+ // Fetch the membership fee row to get amount and payment_id
+ $mfStmt = $conn->prepare("SELECT fee_id, payment_amount, payment_id FROM membership_fees WHERE user_id = ? ORDER BY fee_id DESC LIMIT 1");
+ if ($mfStmt) {
+ $mfStmt->bind_param('i', $user_id);
+ $mfStmt->execute();
+ $mfRes = $mfStmt->get_result();
+ $mf = $mfRes->fetch_assoc();
+ $mfStmt->close();
+ } else {
+ $mf = null;
+ }
+
+ if ($mf && isset($mf['payment_amount'])) {
+ $amount = floatval($mf['payment_amount']);
+ // Use existing payment_id or generate one
+ $payment_id = $mf['payment_id'] ?? uniqid('mem_', true);
+
+ if (empty($mf['payment_id'])) {
+ // Persist generated payment_id back to membership_fees
+ $u = $conn->prepare("UPDATE membership_fees SET payment_id = ? WHERE fee_id = ?");
+ if ($u) {
+ $u->bind_param('si', $payment_id, $mf['fee_id']);
+ $u->execute();
+ $u->close();
+ }
+ }
+
+ // Ensure a payments row exists
+ $checkP = $conn->prepare("SELECT COUNT(*) AS cnt FROM payments WHERE payment_id = ? LIMIT 1");
+ if ($checkP) {
+ $checkP->bind_param('s', $payment_id);
+ $checkP->execute();
+ $r = $checkP->get_result()->fetch_assoc();
+ $exists = intval($r['cnt']) > 0;
+ $checkP->close();
+ } else {
+ $exists = false;
+ }
+
+ if (!$exists) {
+ $publicRef = bin2hex(random_bytes(16));
+ // If current month is December, attribute the membership year to the next year
+ $currentYear = intval(date('Y'));
+ $month = intval(date('n'));
+ if ($month === 12) {
+ $membershipYear = $currentYear + 1;
+ } else {
+ $membershipYear = $currentYear;
+ }
+ $description = 'Membership Fees ' . $membershipYear . ' ' . getInitialSurname($user_id);
+ $status = 'AWAITING PAYMENT';
+ $ins = $conn->prepare("INSERT INTO payments (payment_id, user_id, amount, status, description, public_ref) VALUES (?, ?, ?, ?, ?, ?)");
+ if ($ins) {
+ $ins->bind_param('sidsss', $payment_id, $user_id, $amount, $status, $description, $publicRef);
+ $ins->execute();
+ $ins->close();
+ }
+ }
+
+ // Create iKhokha paylink via helper (functions.php)
+ try {
+ $publicRef = $publicRef ?? bin2hex(random_bytes(16));
+ $resp = createIkhokhaPayment($payment_id, $amount, $desc ?? ('Membership Fee ' . date('Y')), $publicRef);
+ $paylink = $resp['paylinkUrl'] ?? $resp['paylinkURL'] ?? $resp['paylink_url'] ?? null;
+ // After creating paylink, update paymentStatus to AWAITING PAYMENT
+ $paymentStatus = $paylink ? 'AWAITING PAYMENT' : $paymentStatus;
+ } catch (Exception $e) {
+ // Log but do not fail signature save
+ error_log('iKhokha create error: ' . $e->getMessage());
+ }
+ }
+ }
+
+ // Respond with the appropriate redirect URL and paylink (if created)
ob_end_clean();
- echo json_encode([
+ $response = [
'status' => 'success',
'message' => 'Signature saved successfully!',
- 'paymentStatus' => $paymentStatus // Send payment status
- ]);
+ 'paymentStatus' => $paymentStatus
+ ];
+ if (!empty($paylink)) {
+ $response['paylinkUrl'] = $paylink;
+ }
+ if (!empty($payment_id)) {
+ $response['payment_id'] = $payment_id;
+ }
+ echo json_encode($response);
} else {
ob_end_clean();
echo json_encode(['status' => 'error', 'message' => 'Database update failed']);
diff --git a/src/processors/process_trip_booking.php b/src/processors/process_trip_booking.php
index fe7916c8..5391d7e5 100644
--- a/src/processors/process_trip_booking.php
+++ b/src/processors/process_trip_booking.php
@@ -78,6 +78,8 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$member_discount = $cost_nonmembers - $cost_members;
$member_discount_pensioner = $cost_pensioner - $cost_pensioner_member;
$booking_fee = $trip['booking_fee'];
+ // Radio option (boolean/int) — ensure defined from POST
+ $radio = isset($_POST['radio']) ? intval($_POST['radio']) : 0;
$radioCost = $radio ? 50 : 0;
$start_date = $trip['start_date']; // Start date of the trip
$end_date = $trip['end_date']; // End date of the trip
@@ -104,6 +106,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$description = $trip_name;
$type = 'trip';
$payment_id = uniqid();
+ $publicRef = bin2hex(random_bytes(16));
// $eft_id = strtoupper(base_convert(time(), 10, 36)); // Convert timestamp to base36
$eft_id = strtoupper($trip_code." ".getInitialSurname($user_id));
@@ -131,11 +134,30 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
echo "Error processing booking: $error_message";
}
} else {
- addEFT($eft_id, $booking_id, $user_id, $status, $payment_amount, $description);
- sendInvoice(getEmail($user_id), getFullName($user_id), $eft_id, formatCurrency($payment_amount), $description);
- sendAdminNotification('New Trip Booking - '.getFullName($user_id), getFullName($user_id).' has booked for '.$description);
- header("Location: payment_confirmation?token=".encryptData($booking_id, $salt));
- exit(); // Ensure no further code is executed after the redirect
+ // Create payments row
+ $pstmt = $conn->prepare("INSERT INTO payments (payment_id, user_id, amount, status, description, booking_id, public_ref) VALUES (?, ?, ?, ?, ?, ?, ?)");
+ if ($pstmt) {
+ $pstmt->bind_param('sidssis', $payment_id, $user_id, $payment_amount, $status, $description, $booking_id, $publicRef);
+ $pstmt->execute();
+ $pstmt->close();
+ }
+
+ // Create iKhokha payment link
+ $resp = createIkhokhaPayment($payment_id, $payment_amount, $description, $publicRef);
+
+ // Send invoice and admin notification
+ // sendInvoice(getEmail($user_id), getFullName($user_id), $eft_id, formatCurrency($payment_amount), $description);
+ sendAdminNotification('New Trip Booking - '.getFullName($user_id), getFullName($user_id).' has booked for '.$description);
+
+ // Redirect to payment link if available
+ $paylink = $resp['paylinkUrl'] ?? $resp['paylinkURL'] ?? $resp['paylink_url'] ?? null;
+ if ($paylink) {
+ header('Location: ' . $paylink);
+ exit();
+ } else {
+ header("Location: payment_confirmation?token=".encryptData($booking_id, $salt));
+ exit();
+ }
}
} else {
// Handle error if insert fails and echo the MySQL error
diff --git a/test.php b/test.php
new file mode 100644
index 00000000..011cbbf8
--- /dev/null
+++ b/test.php
@@ -0,0 +1,41 @@
+IK-SIGN FROM WEBHOOK:
";
+echo "bb1702d488a40091ebd5414bc6f524e203e2c5e36b24a1b86e243dad440bb557
";
+
+$payloadToSign = $path . $raw;
+
+// Generate signature using hash_hmac directly on the constructed string
+$expected = hash_hmac('sha256', $payloadToSign, $secret);
+
+// --- Output debug info (UPDATED) ---
+echo "
DEBUG INFO";
+echo "Callback URL: $callbackUrl
";
+
+echo "
Payload to Sign (Un-escaped):";
+echo htmlspecialchars($payloadToSign) . "
";
+
+echo "
EXPECTED SIGNATURE:";
+echo $expected . "
";
\ No newline at end of file
diff --git a/test_payment.php b/test_payment.php
new file mode 100644
index 00000000..11759867
--- /dev/null
+++ b/test_payment.php
@@ -0,0 +1,60 @@
+ "4",
+ "externalEntityID" => "4",
+ "amount" => 1000,
+ "currency" => "ZAR",
+ "requesterUrl" => "https://beta.4wdcsa.co.za/requester",
+ "description" => "Test Description 1",
+ "paymentReference" => "4",
+ "mode" => "sandbox",
+ "externalTransactionID" => "5",
+ "urls" => [
+ "callbackUrl" => "https://beta.4wdcsa.co.za/callback",
+ "successPageUrl" => "https://beta.4wdcsa.co.za/success",
+ "failurePageUrl" => "https://beta.4wdcsa.co.za/failure",
+ "cancelUrl" => "https://beta.4wdcsa.co.za/cancel"
+ ]
+];
+function escapeString($str) {
+ $escaped = preg_replace(['/[\\"\'\"]/u', '/\x00/'], ['\\\\$0', '\\0'], (string)$str);
+ $cleaned = str_replace('\/', '/', $escaped);
+ return $cleaned;
+}
+function createPayloadToSign($urlPath, $body) {
+ $parsedUrl = parse_url($urlPath);
+ $basePath = $parsedUrl['path'];
+ if (!$basePath) {
+ throw new Exception("No path present in the URL");
+ }
+ $payload = $basePath . $body;
+ $escapedPayloadString = escapeString($payload);
+ return $escapedPayloadString;
+}
+function generateSignature($payloadToSign, $secret) {
+ return hash_hmac('sha256', $payloadToSign, $secret);
+}
+$stringifiedBody = json_encode($requestBody);
+$payloadToSign = createPayloadToSign($endpoint, $stringifiedBody);
+$ikSign = generateSignature($payloadToSign, $appSecret);
+// Initialize cURL session
+$ch = curl_init($endpoint);
+// Set cURL options
+curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
+curl_setopt($ch, CURLOPT_POSTFIELDS, $stringifiedBody);
+curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
+curl_setopt($ch, CURLOPT_HTTPHEADER, [
+ "Content-Type: application/json",
+ "IK-APPID: $appID",
+ "IK-SIGN: $ikSign"
+]);
+// Execute cURL session
+$response = curl_exec($ch);
+curl_close($ch);
+// Decode and output the response
+$responseData = json_decode($response, true);
+echo print_r($responseData, true);
+?>
diff --git a/uploads/signatures/signature_163.png b/uploads/signatures/signature_163.png
new file mode 100644
index 00000000..27bcf4f9
Binary files /dev/null and b/uploads/signatures/signature_163.png differ