Update: 2026-06-16 01:17:28
This commit is contained in:
Hamza-Ayed
@@ -5,30 +5,41 @@ require_once __DIR__ . '/../../connect.php';
|
||||
|
||||
header('Content-Type: application/json');
|
||||
|
||||
// 1. Authenticate user
|
||||
$decodedToken = authenticateJWT();
|
||||
if (!$decodedToken) {
|
||||
// 1. الـ Sender ID من JWT مباشرة (connect.php) — ممنوع استقباله من الـ request
|
||||
if (empty($user_id) || $role !== 'driver') {
|
||||
http_response_code(403);
|
||||
echo json_encode(['status' => 'error', 'message' => 'Unauthorized']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$senderID = filterRequest('driverID');
|
||||
$senderID = $user_id; // ✅ من JWT
|
||||
$receiverPhone = filterRequest('receiverPhone');
|
||||
$amount = filterRequest('amount');
|
||||
$country = filterRequest('country');
|
||||
|
||||
if (empty($senderID) || empty($receiverPhone) || empty($amount) || empty($country)) {
|
||||
if (empty($receiverPhone) || empty($amount) || empty($country)) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Missing required fields']);
|
||||
exit;
|
||||
}
|
||||
|
||||
// Ensure the sender matches the token
|
||||
if ($decodedToken->id != $senderID) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Unauthorized driver ID']);
|
||||
exit;
|
||||
// 2. حد أقصى للتحويل (حسب الدولة والعملة)
|
||||
$maxAmount = 1000000; // افتراضي
|
||||
$amountInt = (int)$amount;
|
||||
if ($amountInt <= 0) {
|
||||
echo json_encode(['status' => 'error', 'message' => 'Invalid amount']);
|
||||
exit;
|
||||
}
|
||||
$countryLower = strtolower($country);
|
||||
if ($countryLower === 'syria') $maxAmount = 500;
|
||||
elseif ($countryLower === 'jordan') $maxAmount = 15;
|
||||
elseif ($countryLower === 'egypt') $maxAmount = 1000;
|
||||
|
||||
if ($amountInt > $maxAmount) {
|
||||
echo json_encode(['status' => 'error', 'message' => "Transfer amount exceeds maximum limit of $maxAmount"]);
|
||||
exit;
|
||||
}
|
||||
|
||||
// 2. Fetch Receiver details
|
||||
// 3. Fetch Receiver details
|
||||
$stmt = $con->prepare("SELECT d.id as driver_id, dt.token as fcm_token, d.name_arabic
|
||||
FROM driver d
|
||||
LEFT JOIN driverToken dt ON d.id = dt.captain_id
|
||||
@@ -48,7 +59,7 @@ if ($receiverID == $senderID) {
|
||||
exit;
|
||||
}
|
||||
|
||||
// 3. Determine Payment Server URL based on Country
|
||||
// 4. Determine Payment Server URL based on Country
|
||||
$walletServer = "https://walletintaleq.intaleq.xyz"; // Default
|
||||
if (strtolower($country) === 'jordan') {
|
||||
$walletServer = getenv('WALLET_SERVER_JORDAN') ?: "https://walletintaleq.intaleq.xyz";
|
||||
@@ -69,14 +80,14 @@ $postData = [
|
||||
|
||||
// Generate Headers for Payment Server (Use internal payment key)
|
||||
$headers = [];
|
||||
$paymentKey = getenv('PAYMENT_KEY') ;
|
||||
$paymentKey = getenv('PAYMENT_KEY');
|
||||
|
||||
if (!empty($paymentKey)) {
|
||||
$headers[] = "payment-key: $paymentKey";
|
||||
} else {
|
||||
// Fallback just in case
|
||||
$headers[] = "payment-key: default_internal_secret_123";
|
||||
if (empty($paymentKey)) {
|
||||
error_log("CRITICAL: PAYMENT_KEY environment variable is not set. Transfer blocked.");
|
||||
echo json_encode(['status' => 'error', 'message' => 'Payment configuration error']);
|
||||
exit;
|
||||
}
|
||||
$headers[] = "payment-key: $paymentKey";
|
||||
|
||||
$ch = curl_init();
|
||||
curl_setopt($ch, CURLOPT_URL, $paymentServerUrl);
|
||||
@@ -91,7 +102,7 @@ curl_close($ch);
|
||||
|
||||
$paymentResponse = json_decode($paymentResponseRaw, true);
|
||||
|
||||
// 4. Handle Payment Server Response
|
||||
// 5. Handle Payment Server Response
|
||||
if ($httpCode === 200 && isset($paymentResponse['status']) && $paymentResponse['status'] === 'success') {
|
||||
// Transaction successful, send Push Notification
|
||||
if (!empty($receiver['fcm_token'])) {
|
||||
@@ -118,11 +129,11 @@ if ($httpCode === 200 && isset($paymentResponse['status']) && $paymentResponse['
|
||||
'receiver' => $receiver['name_arabic']
|
||||
]);
|
||||
} else {
|
||||
// Payment failed or server error
|
||||
// Payment failed or server error — ممنوع تسريب debug في الإنتاج
|
||||
error_log("[transfer] Payment server error | HTTP: $httpCode | Response: $paymentResponseRaw");
|
||||
echo json_encode([
|
||||
'status' => 'error',
|
||||
'message' => $paymentResponse['message'] ?? 'Payment server error',
|
||||
'debug' => $paymentResponseRaw
|
||||
'message' => $paymentResponse['message'] ?? 'Payment server error'
|
||||
]);
|
||||
}
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user