50 lines
1.4 KiB
PHP
50 lines
1.4 KiB
PHP
<?php
|
|
include "../../connect.php";
|
|
//addPaymentToken.php
|
|
$driverID = filterRequest("driverID");
|
|
$amount = filterRequest("amount");
|
|
|
|
// Check if required fields are present
|
|
if ($driverID === null || $amount === null) {
|
|
printFailure("Missing required fields: driverID and amount must be provided");
|
|
exit;
|
|
}
|
|
|
|
// Generate a more secure token
|
|
$token = generateSecureToken($driverID, $amount);
|
|
|
|
// Store the token in the database
|
|
$stmt = $con->prepare("INSERT INTO payment_tokens (token, driverID, dateCreated, amount) VALUES (?, ?, NOW(), ?)");
|
|
|
|
try {
|
|
$stmt->execute([$token, $driverID, $amount]);
|
|
if ($stmt->rowCount() > 0) {
|
|
printSuccess($token);
|
|
} else {
|
|
printFailure("Failed to save record");
|
|
}
|
|
} catch (PDOException $e) {
|
|
error_log("[addPaymentToken] " . $e->getMessage());
|
|
printFailure("Database error");
|
|
}
|
|
|
|
function generateSecureToken($driverID, $amount) {
|
|
global $secretKey;
|
|
// Concatenate the parameters
|
|
$data = $driverID . $amount . time();
|
|
|
|
// Add the secret key from the environment variable
|
|
$data .= $secretKey;
|
|
|
|
// Generate a hash
|
|
$hash = hash('sha256', $data);
|
|
|
|
// Add some randomness
|
|
$randomBytes = bin2hex(random_bytes(16));
|
|
|
|
// Combine hash and random bytes
|
|
$token = $hash . $randomBytes;
|
|
|
|
// Truncate to a reasonable length (e.g., 64 characters)
|
|
return substr($token, 0, 64);
|
|
} |