49 lines
1.3 KiB
PHP
49 lines
1.3 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../../connect.php';
|
|
|
|
$driverID = filterRequest("driverID");
|
|
$amount = filterRequest("amount");
|
|
|
|
// Check if required fields are present
|
|
if ($driverID === null || $amount === null) {
|
|
jsonError("Missing required fields: driverID and amount must be provided");
|
|
exit;
|
|
}
|
|
|
|
// Generate a more secure token
|
|
$token = generateSecureToken($driverID, $amount);
|
|
|
|
// Store the token in the database
|
|
$stmt = $con->prepare("INSERT INTO payment_tokens (token, driverID, dateCreated, amount) VALUES (?, ?, NOW(), ?)");
|
|
|
|
try {
|
|
$stmt->execute([$token, $driverID, $amount]);
|
|
if ($stmt->rowCount() > 0) {
|
|
jsonSuccess($token);
|
|
} else {
|
|
jsonError("Failed to save record");
|
|
}
|
|
} catch (PDOException $e) {
|
|
jsonError("Database error: " . $e->getMessage());
|
|
}
|
|
|
|
function generateSecureToken($driverID, $amount) {
|
|
global $secretKey;
|
|
// Concatenate the parameters
|
|
$data = $driverID . $amount . time();
|
|
|
|
// Add the secret key from the environment variable
|
|
$data .= $secretKey;
|
|
|
|
// Generate a hash
|
|
$hash = hash('sha256', $data);
|
|
|
|
// Add some randomness
|
|
$randomBytes = bin2hex(random_bytes(16));
|
|
|
|
// Combine hash and random bytes
|
|
$token = $hash . $randomBytes;
|
|
|
|
// Truncate to a reasonable length (e.g., 64 characters)
|
|
return substr($token, 0, 64);
|
|
} |