'error', 'message' => 'Unauthorized']); exit; } $senderID = $user_id; // ✅ من JWT $receiverPhone = filterRequest('receiverPhone'); $amount = filterRequest('amount'); $country = filterRequest('country'); if (empty($receiverPhone) || empty($amount) || empty($country)) { echo json_encode(['status' => 'error', 'message' => 'Missing required fields']); exit; } // 2. حد أقصى للتحويل (حسب الدولة والعملة) $maxAmount = 1000000; // افتراضي $amountInt = (int)$amount; if ($amountInt <= 0) { echo json_encode(['status' => 'error', 'message' => 'Invalid amount']); exit; } $countryLower = strtolower($country); if ($countryLower === 'syria') $maxAmount = 500; elseif ($countryLower === 'jordan') $maxAmount = 15; elseif ($countryLower === 'egypt') $maxAmount = 1000; if ($amountInt > $maxAmount) { echo json_encode(['status' => 'error', 'message' => "Transfer amount exceeds maximum limit of $maxAmount"]); exit; } // 3. Fetch Receiver details $stmt = $con->prepare("SELECT d.id as driver_id, dt.token as fcm_token, d.name_arabic FROM driver d LEFT JOIN driverToken dt ON d.id = dt.captain_id WHERE d.phone = :phone LIMIT 1"); $stmt->execute([':phone' => $receiverPhone]); $receiver = $stmt->fetch(PDO::FETCH_ASSOC); if (!$receiver) { echo json_encode(['status' => 'error', 'message' => 'Receiver not found']); exit; } $receiverID = $receiver['driver_id']; if ($receiverID == $senderID) { echo json_encode(['status' => 'error', 'message' => 'Cannot transfer to yourself']); exit; } // 4. Determine Payment Server URL based on Country $walletServer = "https://walletintaleq.intaleq.xyz"; // Default if (strtolower($country) === 'jordan') { $walletServer = getenv('WALLET_SERVER_JORDAN') ?: "https://walletintaleq.intaleq.xyz"; } elseif (strtolower($country) === 'egypt') { $walletServer = getenv('WALLET_SERVER_EGYPT') ?: "https://walletintaleq.intaleq.xyz"; } elseif (strtolower($country) === 'syria') { $walletServer = getenv('WALLET_SERVER_SYRIA') ?: "https://walletintaleq.intaleq.xyz"; } $paymentServerUrl = "$walletServer/v2/main/ride/driverWallet/transfer.php"; $postData = [ 'senderID' => $senderID, 'receiverID' => $receiverID, 'amount' => $amount, 'country' => $country ]; // Generate Headers for Payment Server (Use internal payment key) $headers = []; $paymentKey = getenv('PAYMENT_KEY'); if (empty($paymentKey)) { error_log("CRITICAL: PAYMENT_KEY environment variable is not set. Transfer blocked."); echo json_encode(['status' => 'error', 'message' => 'Payment configuration error']); exit; } $headers[] = "payment-key: $paymentKey"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $paymentServerUrl); curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query($postData)); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HTTPHEADER, $headers); $paymentResponseRaw = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); $paymentResponse = json_decode($paymentResponseRaw, true); // 5. Handle Payment Server Response if ($httpCode === 200 && isset($paymentResponse['status']) && $paymentResponse['status'] === 'success') { // Transaction successful, send Push Notification if (!empty($receiver['fcm_token'])) { $senderName = $decodedToken->name ?? 'A driver'; // Optional: Fetch sender name $fcmBody = "You have received a transfer of " . $amount . " from " . $senderName; // Arabic fallback if name available $fcmBodyAr = "لقد تلقيت حوالة بقيمة " . $amount . " من " . $senderName; sendFCM_Internal( $receiver['fcm_token'], "Transfer Received", $fcmBodyAr, ['type' => 'transfer', 'amount' => $amount], 'Transfer', false, 'ding' ); } echo json_encode([ 'status' => 'success', 'message' => 'Transfer completed successfully', 'receiver' => $receiver['name_arabic'] ]); } else { // Payment failed or server error — ممنوع تسريب debug في الإنتاج error_log("[transfer] Payment server error | HTTP: $httpCode | Response: $paymentResponseRaw"); echo json_encode([ 'status' => 'error', 'message' => $paymentResponse['message'] ?? 'Payment server error' ]); } ?>