TwoTalesDev/4WDCSA.co.za
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mostly complete payment system

Browse Source
This commit is contained in:
twotalesanimation
2025-12-15 10:18:25 +02:00
parent f4934e9c13
commit d2c99e86b4
15 changed files with 223 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/images/logos/ikhokha.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 5.3 KiB

2
src/api/ikhokha_webhook.php
View File

@@ -251,7 +251,7 @@ if (in_array($normalized, ['PAID', 'SUCCESS', 'COMPLETED', 'SETTLED'], true)) {
$upd->bind_param('s', $localPaymentId); $upd->bind_param('s', $localPaymentId);
$upd->execute(); $upd->execute();
$upd->close(); $upd->close();
sendAdminNotification('4WDCSA.co.za - New Membership Application - '.getFullName($user_id) , 'A new member has signed up, '.getFullName($user_id)); sendAdminNotification('4WDCSA.co.za - Membership Payment Received - '.getFullName($user_id) , 'A Membership Payment has been received from '.getFullName($user_id));
} }
} }

83
src/config/functions.php
View File

@@ -1467,6 +1467,89 @@ function getInitialSurname($user_id)
} }
} }
function generatePaymentRef(string $type, ?int $course_trip_id, int $user_id): string
{
$conn = openDatabaseConnection();
// 1. Normalize type
$type = strtoupper($type);
// 2. Build prefix
switch ($type) {
case 'SUBS':
$year = (int)date('Y');
$month = (int)date('n');
// If December, subscriptions are for next year
if ($month === 12) {
$year++;
}
$prefix = "SUBS_" . $year;
break;
case 'COURSE':
if (!$course_trip_id) {
throw new Exception("course_trip_id is required for COURSE payments");
}
$stmt = $conn->prepare(
"SELECT code FROM courses WHERE course_id = ?"
);
$stmt->bind_param("i", $course_trip_id);
$stmt->execute();
$stmt->bind_result($code);
if (!$stmt->fetch()) {
throw new Exception("Invalid course_id: {$course_trip_id}");
}
$stmt->close();
$prefix = "COURSE_" . strtoupper($code);
break;
case 'TRIP':
if (!$course_trip_id) {
throw new Exception("course_trip_id is required for TRIP payments");
}
$stmt = $conn->prepare(
"SELECT trip_code FROM trips WHERE trip_id = ?"
);
$stmt->bind_param("i", $course_trip_id);
$stmt->execute();
$stmt->bind_result($trip_code);
if (!$stmt->fetch()) {
throw new Exception("Invalid trip_id: {$course_trip_id}");
}
$stmt->close();
$prefix = "TRIP_" . strtoupper($trip_code);
break;
default:
throw new Exception("Unknown payment type: {$type}");
}
// 3. Get user initials + surname
$namePart = strtoupper(getInitialSurname($user_id));
if (!$namePart) {
throw new Exception("User not found for user_id: {$user_id}");
}
// 4. Add short entropy (trimmed for aesthetics)
$entropy = substr(shortEntropy(), -3);
return "{$prefix}_{$namePart}_{$entropy}";
}
function shortEntropy(): string {
return strtoupper(base_convert((string)(microtime(true) * 1000), 10, 36));
}
function getLastName($user_id) function getLastName($user_id)
{ {
$conn = openDatabaseConnection(); $conn = openDatabaseConnection();

5
src/pages/bookings/bookings.php
View File

@@ -114,6 +114,7 @@ $user_id = $_SESSION['user_id'];
// Loop through each row // Loop through each row
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {
$booking_id = $row['booking_id']; $booking_id = $row['booking_id'];
$payment_id = $row['payment_id'];
$booking_type = $row['booking_type']; $booking_type = $row['booking_type'];
$from_date = $row['from_date']; $from_date = $row['from_date'];
$to_date = $row['to_date']; $to_date = $row['to_date'];
@@ -267,8 +268,8 @@ $user_id = $_SESSION['user_id'];
<div class="destination-footer"> <div class="destination-footer">
<span class="price"><span>Booking Total: R ' . number_format($amount, 2) . '</span></span>'; <span class="price"><span>Booking Total: R ' . number_format($amount, 2) . '</span></span>';
if ($status == "AWAITING PAYMENT") { if ($status == "AWAITING PAYMENT") {
echo '<a href="' . url('payment_confirmation') . '?token=' . encryptData($booking_id, $salt) . '" class="theme-btn style-two style-three"> echo '<a href="' . getPaymentLinkByPaymentId($payment_id) . '" class="theme-btn style-two style-three">
<span data-hover="PAYMENT INFO">' . $status . '</span> <span data-hover="PAY NOW">' . $status . '</span>
</a>'; </a>';
} else { } else {
echo '<a href="" class="theme-btn style-two style-three"> echo '<a href="" class="theme-btn style-two style-three">

5
src/pages/bookings/driver_training.php
View File

@@ -177,7 +177,7 @@ $page_id = 'driver_training';
</div> </div>
<input type="hidden" name="csrf_token" value="<?php echo generateCSRFToken(); ?>"> <input type="hidden" name="csrf_token" value="<?php echo generateCSRFToken(); ?>">
<?php <?php
$button_text = "Book Now"; $button_text = "PROCEED TO PAYMENT";
$button_disabled = ""; $button_disabled = "";
if (!$result || $result->num_rows == 0) { if (!$result || $result->num_rows == 0) {
$button_text = "No booking dates available"; $button_text = "No booking dates available";
@@ -189,8 +189,9 @@ $page_id = 'driver_training';
<i class="fal fa-arrow-right"></i> <i class="fal fa-arrow-right"></i>
</button> </button>
<div class="text-center"> <div class="text-center">
<a href="contact">Need some help?</a> <a href="contact">You will be redirected to iKhokha's Secure payment gateway.</a>
</div> </div>
<img src="assets/images/logos/ikhokha.png"alt="Secure Payment Badges" style="max-width: 200px; display: block; margin: 10px auto 0;">
</form> </form>
</div> </div>

5
src/pages/bookings/trip-details.php
View File

@@ -594,13 +594,14 @@ include_once(dirname(dirname(dirname(__DIR__))) . '/header.php');
</button> </button>
<?php else: ?> <?php else: ?>
<button type="submit" class="theme-btn style-two w-100 mt-15 mb-5"> <button type="submit" class="theme-btn style-two w-100 mt-15 mb-5">
<span data-hover="Book Now">Book Now</span> <span data-hover="PROCEED TO PAYMENT">PROCEED TO PAYMENT</span>
<i class="fal fa-arrow-right"></i> <i class="fal fa-arrow-right"></i>
</button> </button>
<?php endif; ?> <?php endif; ?>
<div class="text-center"> <div class="text-center">
<a href="contact">Need some help?</a> <a href="contact">You will be redirected to iKhokha's Secure payment gateway.</a>
</div> </div>
<img src="assets/images/logos/ikhokha.png" alt="Secure Payment Badges" style="max-width: 200px; display: block; margin: 10px auto 0;">
</form> </form>
</div> </div>

15
src/pages/memberships/membership_payment.php
View File

@@ -68,7 +68,15 @@ $stmt->fetch();
$stmt->close(); $stmt->close();
// If request includes payment_id, fetch provider paylink from payments table // If request includes payment_id, fetch provider paylink from payments table
$payment_id = $_GET['payment_id'] ?? null; if (!isset($_GET['token']) || empty($_GET['token'])) {
header("Location: membership_details");
exit();
}
$token = $_GET['token'];
// echo $token;
// Sanitize the trip_id to prevent SQL injection
$payment_id = decryptData($token, $_ENV['SALT']);
$payment_link = null; $payment_link = null;
if ($payment_id) { if ($payment_id) {
$pstmt = $conn->prepare("SELECT payment_link, amount, status, provider FROM payments WHERE payment_id = ? LIMIT 1"); $pstmt = $conn->prepare("SELECT payment_link, amount, status, provider FROM payments WHERE payment_id = ? LIMIT 1");
@@ -110,7 +118,10 @@ if ($payment_id) {
<span data-hover="Pay Now with iKhokha">Pay Now with iKhokha</span> <span data-hover="Pay Now with iKhokha">Pay Now with iKhokha</span>
<i class="fal fa-arrow-right"></i> <i class="fal fa-arrow-right"></i>
</a> </a>
<p style="margin-top:10px;">You will be redirected to iKhokha's Secure Payment Gateway.</p> <div class="text-center">
<p>You will be redirected to iKhokha's Secure payment gateway.</p>
</div>
<img src="assets/images/logos/ikhokha.png" alt="Secure Payment Badges" style="max-width: 200px; display: block; margin: 10px auto 0;">
<?php } else { ?> <?php } else { ?>
<p>Please upload your proof of payment below.</p> <p>Please upload your proof of payment below.</p>
<h5>Payment Details:</h5> <h5>Payment Details:</h5>

17
src/pages/memberships/renew_membership.php
View File

@@ -11,8 +11,20 @@ if (isset($_SESSION['user_id'])) {
exit(); // Stop further script execution exit(); // Stop further script execution
} }
//if membership_fees payment_status is PENDING RENEWAL, redirect to membership_details.php
$stmt = $conn->prepare("SELECT payment_status FROM membership_fees WHERE user_id = ? LIMIT 1");
$stmt->bind_param("i", $user_id);
$stmt->execute();
$stmt->bind_result($payment_status);
$stmt->fetch();
$stmt->close();
$payment_id = uniqid(); if ($payment_status === 'PENDING RENEWAL') {
header("Location: membership_details.php");
exit();
}
$payment_id = generatePaymentRef('SUBS', null, $user_id);
$payment_amount = getPriceByDescription('membership_fees'); $payment_amount = getPriceByDescription('membership_fees');
$payment_date = date('Y-m-d'); $payment_date = date('Y-m-d');
$renewal_period_end = getMembershipEndDate($user_id); $renewal_period_end = getMembershipEndDate($user_id);
@@ -65,8 +77,9 @@ if ($stmt->execute()) {
$publicRef = $publicRef ?? bin2hex(random_bytes(16)); $publicRef = $publicRef ?? bin2hex(random_bytes(16));
$resp = createIkhokhaPayment($payment_id, $payment_amount, $description, $publicRef); $resp = createIkhokhaPayment($payment_id, $payment_amount, $description, $publicRef);
$paylink = $resp['paylinkUrl'] ?? $resp['paylinkURL'] ?? $resp['paylink_url'] ?? null; $paylink = $resp['paylinkUrl'] ?? $resp['paylinkURL'] ?? $resp['paylink_url'] ?? null;
$token = encryptData($payment_id, $_ENV['SALT']);
if ($paylink) { if ($paylink) {
header('Location: membership_payment?payment_id=' . $payment_id); header('Location: membership_payment?token=' . $token);
exit(); exit();
} else { } else {
header("Location: membership_details"); header("Location: membership_details");

5
src/pages/other/bush_mechanics.php
View File

@@ -156,7 +156,7 @@ $page_id = 'bush_mechanics';
</div> </div>
<input type="hidden" name="csrf_token" value="<?php echo generateCSRFToken(); ?>"> <input type="hidden" name="csrf_token" value="<?php echo generateCSRFToken(); ?>">
<?php <?php
$button_text = "Book Now"; $button_text = "PROCEED TO PAYMENT";
$button_disabled = ""; $button_disabled = "";
if (!$result || $result->num_rows == 0) { if (!$result || $result->num_rows == 0) {
$button_text = "No booking dates available"; $button_text = "No booking dates available";
@@ -168,8 +168,9 @@ $page_id = 'bush_mechanics';
<i class="fal fa-arrow-right"></i> <i class="fal fa-arrow-right"></i>
</button> </button>
<div class="text-center"> <div class="text-center">
<a href="contact">Need some help?</a> <a href="contact">You will be redirected to iKhokha's Secure payment gateway.</a>
</div> </div>
<img src="assets/images/logos/ikhokha.png"alt="Secure Payment Badges" style="max-width: 200px; display: block; margin: 10px auto 0;">
</form> </form>
</div> </div>

4
src/pages/other/indemnity.php
View File

@@ -107,14 +107,14 @@ if (isset($_SESSION['user_id'])) {
if (response.status === 'success') { if (response.status === 'success') {
// If provider returned a direct paylink, go there immediately // If provider returned a direct paylink, go there immediately
if (response.paylinkUrl) { if (response.paylinkUrl) {
window.location.href = 'membership_payment.php?payment_id=' + encodeURIComponent(response.payment_id); window.location.href = 'membership_payment?token=' + encodeURIComponent(response.token);
return; return;
} }
// If we have a payment_id, redirect to membership_payment with it // If we have a payment_id, redirect to membership_payment with it
// if (response.payment_id) { // if (response.payment_id) {
// setTimeout(function() { // setTimeout(function() {
// window.location.href = 'membership_payment.php?payment_id=' + encodeURIComponent(response.payment_id); // window.location.href = 'membership_payment.php?payment_id=' + encodeURIComponent(response.token);
// }, 800); // }, 800);
// return; // return;
// } // }

6
src/pages/other/rescue_recovery.php
View File

@@ -154,7 +154,7 @@ $page_id = 'rescue_recovery';
</div> </div>
</div> </div>
<?php <?php
$button_text = "Book Now"; $button_text = "PROCEED TO PAYMENT";
$button_disabled = ""; $button_disabled = "";
if (!$result || $result->num_rows == 0) { if (!$result || $result->num_rows == 0) {
$button_text = "No booking dates available"; $button_text = "No booking dates available";
@@ -165,9 +165,11 @@ $page_id = 'rescue_recovery';
<span data-hover="<?php echo $button_text; ?>"><?php echo $button_text; ?></span> <span data-hover="<?php echo $button_text; ?>"><?php echo $button_text; ?></span>
<i class="fal fa-arrow-right"></i> <i class="fal fa-arrow-right"></i>
</button> </button>
<div class="text-center"> <div class="text-center">
<a href="mailto:info@4wdcsa.co.za">Need some help?</a> <a href="contact">You will be redirected to iKhokha's Secure payment gateway.</a>
</div> </div>
<img src="assets/images/logos/ikhokha.png"alt="Secure Payment Badges" style="max-width: 200px; display: block; margin: 10px auto 0;">
</form> </form>
</div> </div>

8
src/processors/process_application.php
View File

@@ -6,7 +6,7 @@ require_once($rootPath . "/src/config/connection.php");
require_once($rootPath . "/src/config/functions.php"); require_once($rootPath . "/src/config/functions.php");
$user_id = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : null; $user_id = isset($_SESSION['user_id']) ? $_SESSION['user_id'] : null;
$payment_id = uniqid(); $payment_id = generatePaymentRef('SUBS', null, $user_id);
$status = 'AWAITING PAYMENT'; $status = 'AWAITING PAYMENT';
// If current month is December, attribute the membership year to the next year // If current month is December, attribute the membership year to the next year
$currentYear = intval(date('Y')); $currentYear = intval(date('Y'));
@@ -210,9 +210,9 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
->format('Y-m-d'); ->format('Y-m-d');
} }
$stmt = $conn->prepare("INSERT INTO membership_fees (user_id, payment_amount, payment_date, membership_start_date, membership_end_date, payment_status, payment_id) $stmt = $conn->prepare("INSERT INTO membership_fees (user_id, payment_amount, payment_date, membership_start_date, membership_end_date, renewal_period_end, payment_status, payment_id)
VALUES (?, ?, ?, ?, ?, 'AWAITING PAYMENT', ?)"); VALUES (?, ?, ?, ?, ?, ?, 'AWAITING PAYMENT', ?)");
$stmt->bind_param("idssss", $user_id, $payment_amount, $payment_date, $membership_start_date, $membership_end_date, $payment_id); $stmt->bind_param("idsssss", $user_id, $payment_amount, $payment_date, $membership_start_date, $membership_end_date, $membership_end_date, $payment_id);
if ($stmt->execute()) { if ($stmt->execute()) {
// Commit the transaction // Commit the transaction

4
src/processors/process_course_booking.php
View File

@@ -93,11 +93,11 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$status = "AWAITING PAYMENT"; $status = "AWAITING PAYMENT";
$type = 'course'; $type = 'course';
$payment_id = uniqid(); $payment_id = generatePaymentRef('COURSE', $course_id, $user_id);
$publicRef = bin2hex(random_bytes(16)); $publicRef = bin2hex(random_bytes(16));
$num_vehicles = 1; $num_vehicles = 1;
$discountAmount = 0; $discountAmount = 0;
$eft_id = strtoupper("COURSE ".date("m-d", strtotime($date))." ".getInitialSurname($user_id)); $eft_id = $payment_id;
$notes = ""; $notes = "";
if ($pending_member){ if ($pending_member){
$notes = "Membership Payment pending at time of booking. Please confirm payment has been received."; $notes = "Membership Payment pending at time of booking. Please confirm payment has been received.";

6
src/processors/process_signature.php
View File

@@ -77,7 +77,7 @@ if (isset($_POST['signature'])) {
if ($mf && isset($mf['payment_amount'])) { if ($mf && isset($mf['payment_amount'])) {
$amount = floatval($mf['payment_amount']); $amount = floatval($mf['payment_amount']);
// Use existing payment_id or generate one // Use existing payment_id or generate one
$payment_id = $mf['payment_id'] ?? uniqid('mem_', true); $payment_id = $mf['payment_id'] ?? generatePaymentRef('SUBS', null, $user_id);;
if (empty($mf['payment_id'])) { if (empty($mf['payment_id'])) {
// Persist generated payment_id back to membership_fees // Persist generated payment_id back to membership_fees
@@ -128,6 +128,7 @@ if (isset($_POST['signature'])) {
$paylink = $resp['paylinkUrl'] ?? $resp['paylinkURL'] ?? $resp['paylink_url'] ?? null; $paylink = $resp['paylinkUrl'] ?? $resp['paylinkURL'] ?? $resp['paylink_url'] ?? null;
// After creating paylink, update paymentStatus to AWAITING PAYMENT // After creating paylink, update paymentStatus to AWAITING PAYMENT
$paymentStatus = $paylink ? 'AWAITING PAYMENT' : $paymentStatus; $paymentStatus = $paylink ? 'AWAITING PAYMENT' : $paymentStatus;
$token = encryptData($payment_id, $_ENV['SALT']);
} catch (Exception $e) { } catch (Exception $e) {
// Log but do not fail signature save // Log but do not fail signature save
error_log('iKhokha create error: ' . $e->getMessage()); error_log('iKhokha create error: ' . $e->getMessage());
@@ -140,7 +141,8 @@ if (isset($_POST['signature'])) {
$response = [ $response = [
'status' => 'success', 'status' => 'success',
'message' => 'Signature saved successfully!', 'message' => 'Signature saved successfully!',
'paymentStatus' => $paymentStatus 'paymentStatus' => $paymentStatus,
'token' => $token ?? null
]; ];
if (!empty($paylink)) { if (!empty($paylink)) {
$response['paylinkUrl'] = $paylink; $response['paylinkUrl'] = $paylink;

6
src/processors/process_trip_booking.php
View File

@@ -105,10 +105,10 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$status = "AWAITING PAYMENT"; $status = "AWAITING PAYMENT";
$description = $trip_name; $description = $trip_name;
$type = 'trip'; $type = 'trip';
$payment_id = uniqid(); $payment_id = generatePaymentRef('TRIP', $trip_id, $user_id);
$publicRef = bin2hex(random_bytes(16)); $publicRef = bin2hex(random_bytes(16));
// $eft_id = strtoupper(base_convert(time(), 10, 36)); // Convert timestamp to base36 // $eft_id = strtoupper(base_convert(time(), 10, 36)); // Convert timestamp to base36
$eft_id = strtoupper($trip_code." ".getInitialSurname($user_id)); // $eft_id = strtoupper($trip_code." ".getInitialSurname($user_id));
// Insert booking into the database // Insert booking into the database
@@ -147,7 +147,7 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
// Send invoice and admin notification // Send invoice and admin notification
// sendInvoice(getEmail($user_id), getFullName($user_id), $eft_id, formatCurrency($payment_amount), $description); // sendInvoice(getEmail($user_id), getFullName($user_id), $eft_id, formatCurrency($payment_amount), $description);
sendAdminNotification('New Trip Booking - '.getFullName($user_id), getFullName($user_id).' has booked for '.$description); // sendAdminNotification('New Trip Booking - '.getFullName($user_id), getFullName($user_id).' has booked for '.$description);
// Redirect to payment link if available // Redirect to payment link if available
$paylink = $resp['paylinkUrl'] ?? $resp['paylinkURL'] ?? $resp['paylink_url'] ?? null; $paylink = $resp['paylinkUrl'] ?? $resp['paylinkURL'] ?? $resp['paylink_url'] ?? null;