53 lines
1.6 KiB
PHP
53 lines
1.6 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../../connect.php';
|
|
|
|
$passengerId = filterRequest("passengerId");
|
|
$amount = filterRequest("amount");
|
|
|
|
// Check if required fields are present
|
|
if ($passengerId === null || $amount === null) {
|
|
jsonError("Missing required fields: passengerId and amount must be provided");
|
|
exit;
|
|
}
|
|
|
|
// Generate the token using current time
|
|
$token = generateSecureToken($passengerId, $amount, date('Y-m-d H:i:s', time()));
|
|
|
|
// Store the token in the database, using NOW() for dateCreated
|
|
$stmt = $con->prepare("INSERT INTO payment_tokens_passenger (token, passengerId, dateCreated, amount) VALUES (?, ?, NOW(), ?)");
|
|
|
|
try {
|
|
$stmt->execute([$token, $passengerId, $amount]);
|
|
if ($stmt->rowCount() > 0) {
|
|
jsonSuccess($token);
|
|
} else {
|
|
jsonError("Failed to save record");
|
|
}
|
|
} catch (PDOException $e) {
|
|
jsonError("Database error: " . $e->getMessage());
|
|
}
|
|
|
|
// Rest of your code including the generateSecureToken function...
|
|
|
|
// Rest of your code including the generateSecureToken function...
|
|
|
|
function generateSecureToken($passengerId, $amount, $dateCreated) {
|
|
global $secretKey;
|
|
// Concatenate the parameters
|
|
$data = $passengerId . $amount . $dateCreated;
|
|
|
|
// Add the secret key from the environment variable
|
|
$data .= $secretKey;
|
|
|
|
// Generate a hash
|
|
$hash = hash('sha256', $data);
|
|
|
|
// Add some randomness
|
|
$randomBytes = bin2hex(random_bytes(16));
|
|
|
|
// Combine hash and random bytes
|
|
$token = $hash . $randomBytes;
|
|
|
|
// Truncate to a reasonable length (e.g., 64 characters)
|
|
return substr($token, 0, 64);
|
|
} |