PHP WebShell
Текущая директория: /var/www/bitcardoApp/models/fiat
Просмотр файла: paystack_webhook_old.php
<?php
require_once '../../config/db_config.php'; // your DB connection file
if ($_SERVER["REQUEST_METHOD"] !== "POST") {
http_response_code(405);
exit("Method not allowed.");
}
// Log the raw payload for debugging
$payload = @file_get_contents("php://input");
file_put_contents(
__DIR__ . "/webhook_debug.log",
date('c') . " PAYLOAD:\n" . $payload . "\n\n",
FILE_APPEND
);
// Optional signature check (keep disabled for testing)
/*
$signature = $_SERVER["HTTP_X_PAYSTACK_SIGNATURE"] ?? '';
if (hash_hmac('sha512', $payload, $paystackSecret) !== $signature) {
http_response_code(401);
exit('Invalid signature');
}
*/
$event = json_decode($payload, true);
if (!is_array($event)) {
http_response_code(400);
exit("Invalid JSON payload.");
}
$eventType = $event["event"] ?? "";
// Only process relevant events
if ($eventType === "transfer.received" || $eventType === "charge.success") {
$data = $event["data"];
// Try all possible places account number could exist
$accountNumber =
$data["account_number"]
?? $data["metadata"]["receiver_account_number"]
?? $data["authorization"]["receiver_bank_account_number"]
?? null;
$accountName =
$data["account_name"]
?? $data["authorization"]["account_name"]
?? $data["customer"]["first_name"] . " " . $data["customer"]["last_name"]
?? null;
$bank =
$data["bank"]
?? $data["metadata"]["receiver_bank"]
?? $data["authorization"]["receiver_bank"]
?? null;
$reference = $data["reference"] ?? null;
$amountKobo = $data["amount"] ?? 0;
$amount = $amountKobo / 100;
$currency = $data["currency"] ?? "NGN";
if (!$accountNumber) {
http_response_code(400);
exit("Missing account number.");
}
// Find wallet_id and user_id via wallet_add
$stmt = $conn->prepare("
SELECT wallet_id, user_id
FROM user_wallets
WHERE wallet_add = ?
");
$stmt->bind_param("s", $accountNumber);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows === 0) {
http_response_code(404);
exit("Virtual account not found.");
}
$row = $result->fetch_assoc();
$walletId = $row["wallet_id"];
$userId = $row["user_id"];
// Check if reference already exists
$check = $conn->prepare("
SELECT ftrans_id
FROM fiat_transactions
WHERE reference = ?
");
$check->bind_param("s", $reference);
$check->execute();
$checkResult = $check->get_result();
if ($checkResult->num_rows === 0) {
$type = "credit";
$applied = 1;
$note = "Paystack Virtual Account Credit";
$insert = $conn->prepare("
INSERT INTO fiat_transactions
(wallet_id, user_id, reference, bank, account_name, account_number, curr, amount, type, applied, note, created_at)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())
");
$insert->bind_param(
"iisssssdsis",
$walletId,
$userId,
$reference,
$bank,
$accountName,
$accountNumber,
$currency,
$amount,
$type,
$applied,
$note
);
$insert->execute();
// Update wallet balance
$update = $conn->prepare("
UPDATE user_wallets
SET balance = balance + ?
WHERE wallet_id = ?
");
$update->bind_param("di", $amount, $walletId);
$update->execute();
http_response_code(200);
echo "Transaction recorded and balance updated.";
} else {
http_response_code(200);
echo "Duplicate transaction. Ignored.";
}
} else {
http_response_code(200);
echo "Event ignored.";
}
?>
Выполнить команду
Для локальной разработки. Не используйте в интернете!