ikan Uploader :
Directory : /var/www/html/shardahospital_old.org/hbackup/application/controllers/
Upload File : |
| Current File : /var/www/html/shardahospital_old.org/hbackup/application/controllers/Payment_backup.php |
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
class Payment extends CI_Controller {
/**
* Index Page for this controller.
*
* Maps to the following URL
* http://example.com/index.php/welcome
* - or -
* http://example.com/index.php/welcome/index
* - or -
* Since this controller is set as the default controller in
* config/routes.php, it's displayed at http://example.com/
*
* So any other public methods not prefixed with an underscore will
* map to /index.php/welcome/<method_name>
* @see https://codeigniter.com/user_guide/general/urls.html
*/
function __construct() {
parent::__construct();
$this->load->model('payment_model', 'payment');
$this->load->model('medical_package_model', 'package');
}
public function index()
{
$data = array();
$success = '';
$error_msg = '';
$post=$this->input->post();
$order_id = $this->generate_order_id('HOS'.date('Ymd'));
if($post){
$this->form_validation->set_rules('item_name', 'Item Name', 'required|trim');
$this->form_validation->set_rules('item_id', 'Item ID', 'trim|required|numeric');
$this->form_validation->set_rules('amount', 'Price', 'required|trim|numeric');
$this->form_validation->set_rules('currency_code', 'Currency Code', 'required|trim|alpha');
if ($this->form_validation->run() == FALSE)
{
$error = $this->form_validation->error_array();
$error_msg = implode('\n',$error);
$_SESSION['submit_status_msg'] = 'Your Request could not be processed:\n'.$error_msg;
echo '<script>console.log("Your Request could not be processed");</script>';
// redirect(site_url('MedicalPackage'));
}
else{
if($order_id&&($order_id!='')){
$data = array(
'OrderItemType' => 'Medical Package',
'OrderItemName' => $post['item_name'],
'OrderItemID' => $post['item_id'],
'OrderAmount' => $post['amount'],
'OrderCurrencyCode' => $post['currency_code'],
'OrderID' => $order_id
);
$success = $this->payment->insert_order($data);
$this->load->view('ccavenue_form',$data);
// $_SESSION['submit_status_msg'] = "Your Appointment Request has been submitted successfully. We will contact you soon!";
// redirect(base_url()."success");
}
else{
echo '<script>console.log("Unable to process your request. Kindly try again later.");</script>';
redirect(site_url('MedicalPackage'));
}
}
}
}
public function handle_request(){
$data = array();
$success = '';
$error_msg = '';
$post=$this->input->post();
if($post){
if($post['alternate_phone']==''){
$this->form_validation->set_rules('billing_name', 'Patient Name', 'required|trim');
$this->form_validation->set_rules('billing_address', 'Patient Address', 'trim|required');
$this->form_validation->set_rules('billing_city', 'Patient City', 'required|trim');
$this->form_validation->set_rules('billing_state', 'Patient State', 'required|trim');
$this->form_validation->set_rules('billing_country', 'Patient Country', 'required|trim');
$this->form_validation->set_rules('billing_zip', 'Patient Zip', 'required|trim');
$this->form_validation->set_rules('billing_tel', 'Patient Mobile Number', 'required|trim');
$this->form_validation->set_rules('billing_email', 'Patient Email-ID', 'required|trim');
if($this->form_validation->run() == FALSE)
{
$error = $this->form_validation->error_array();
$error_msg = implode('\n',$error);
$_SESSION['submit_status_msg'] = 'Your Request could not be processed:\n'.$error_msg;
echo '<script>console.log("Your Request could not be processed");</script>';
redirect(site_url('MedicalPackage'));
}
else{
$insert_data = array(
// 'OrderItemType' => $post['merchant_param4'],
// 'OrderItemName' => $post['merchant_param2'],
// 'OrderItemID' => $post['merchant_param3'],
// 'OrderAmount' => $post['amount'],
// 'OrderCurrencyCode' => $post['currency'],
// 'OrderID' => $post['order_id'],
'OrderPatientName' => $post['billing_name'],
'OrderPatientAddress' => $post['billing_address'],
'OrderPatientCity' => $post['billing_city'],
'OrderPatientState' => $post['billing_state'],
'OrderPatientZip' => $post['billing_zip'],
'OrderPatientCountry' => $post['billing_country'],
'OrderPatientMobile' => $post['billing_tel'],
'OrderPatientEmail' => $post['billing_email'],
'OrderTID' => $post['tid'],
);
//print_r($insert_data);
$post['merchant_param4'] = $post['merchant_param4'].' - '.$post['merchant_param2'];
$post['merchant_param2'] = $post['billing_tel'];
$post['merchant_param3'] = $post['billing_email'];
$post['merchant_param5'] = $post['order_id'];
$success = $this->payment->update_order($post['order_id'],$insert_data);
if(($success)&&($success!='')){
$data['post'] = $post;
$this->load->view('ccavenue/ccavRequestHandler',$data);
// $_SESSION['submit_status_msg'] = "Your Appointment Request has been submitted successfully. We will contact you soon!";
// redirect(base_url()."success");
}
else{
echo '<script>alert("Unable to submit your request. Kindly try again later.");</script>';
}
}
}
}
}
public function handle_response(){
$this->load->helper('ccavenue');
$data['workingKey']='92337578B1BEB60D3308787C704E9519'; //Working Key should be provided here.
$data['encResponse']=$_POST["encResp"]; //This is the response sent by the CCAvenue Server
$data['rcvdString']=decrypt($data['encResponse'],$data['workingKey']); //Crypto Decryption used as per the specified working key.
$data['order_status']="";
$data['decryptValues']=explode('&', $data['rcvdString']);
$data['dataSize']=sizeof($data['decryptValues']);
if($_POST[''])
$order_status='';
$bank_ref_num='';
$tracking_num='';
$order_id='';
$response = array();
for($i = 0; $i < $data['dataSize']; $i++)
{
$information=explode('=',$data['decryptValues'][$i]);
if($information[1]==null){
$information[1]='';
}
if($i==3)
$order_status=$information[1];
if($information[0]=='bank_ref_no'){
$bank_ref_num = $information[1];
}
else if($information[0]=='tracking_id'){
$tracking_num = $information[1];
}
else if($information[0]=='order_id'){
$order_id = $information[1];
}
else if($information[0]=='failure_message'){
$failure_msg = $information[1];
}
}
$data['order_status']=$order_status;
for($i = 0; $i < $data['dataSize']; $i++)
{
$information=explode('=',$data['decryptValues'][$i]);
if($information[1]==null){
$information[1]='';
}
$response[$information[0]] = $information[1];
}
/***** New code Activate ************/
/*if($order_status=="Success"){
$original_request = $this->payment->get_order($order_id);
if(!$original_request){
$response['order_status'] = 'Hacked';
$response['failure_msg'] = "Information Mismatch - OrderId tampered";
}
else
{
/*if(($original_request['OrderPatientName']==$response['billing_name'])||($original_request['OrderPatientAddress']==$response['billing_address'])||($original_request['OrderPatientCity']==$response['billing_city'])||($original_request['OrderPatientState']==$response['billing_state'])||($original_request['OrderPatientZip']==$response['billing_zip'])||($original_request['OrderPatientCountry']==$response['billing_country'])||($original_request['OrderPatientMobile']==$response['billing_tel'])||($original_request['OrderPatientEmail']==$response['billing_email'])||($original_request['OrderAmount']==$response['amount'])||($original_request['OrderCurrencyCode']==$response['currency']))*/
/*{
$response['order_status'] = 'Hacked';
$response['failure_msg'] = "Information Mismatch - One or more parameters have been tampered with";
}
}
}
*/
$update_data = array(
'orderPaymentStatus'=> $response['order_status'],
'BankRefNumber' => $bank_ref_num,
'PaymentTrackingNumber' => $tracking_num,
'PaymentFailureMsg' => $response['failure_msg']
);
$success = $this->payment->update_order($order_id,$update_data);
$response['TID'] = $this->payment->get_TID($order_id)['OrderTID'];
$data['response'] = $response;
/***************/
//print_r($data);
$query = $this->db->query("select * from `SH_PaymentOrders` where orderID='".$order_id."'")->row_array();
$r = $query['OrderID'];
$A = $query['OrderAmount'];
$response['order_status'];
$amount_split = $data['decryptValues'][10];
$prntamnt = explode('amount=',$data['decryptValues'][10]);
$prntamnt[1].'0';
/*if(($order_id==$r) and ($prntamnt[1].'0'==$A)){
echo "Success";
}*/
/*************END*****/
if(($order_status=='Success')&&($response['order_status']=='Hacked')){
$msg = $this->load->view("email_templates/payment", $data, TRUE);
send_email("praveen.kumar@shardatech.org", "", "", "Transaction Success|" . $response['merchant_param4'] . "|Date:" . $response['trans_date'], $msg);
// $msg = $this->load->view("email_templates/hacked_payment_reply", $data, TRUE);
// send_email($response['billing_email'], "", "info@shardahospital.org", "Receipt|".$response['merchant_param4']."|Date:".$response['trans_date'], $msg);
}
if($prntamnt[1].'0'!=$A){
//echo "Failed"; working
$order_status=='failure_message';
}
if(($order_status=='Success') && ($order_id==$r) && ($prntamnt[1].'0'==$A)){
$msg = $this->load->view("email_templates/payment", $data, TRUE);
send_email("praveen.kumar@shardatech.org", "", "", "Transaction Success|" . $response['merchant_param4'] . "|Date:" . $response['trans_date'], $msg);
$msg = $this->load->view("email_templates/payment_reply", $data, TRUE);
// send_email($response['billing_email'], "", "info@shardahospital.org", "Receipt|".$response['merchant_param4']."|Date:".$response['trans_date'], $msg);
send_email($response['billing_email'], "", "praveenpnf@gmail.com", "Receipt|".$response['merchant_param4']."|Date:".$response['trans_date'], $msg);
}
if(($order_status=='Success') && ($prntamnt[1].'0'!=$A)){
$msg = $this->load->view("email_templates/payment", $data, TRUE);
send_email("praveen.kumar@shardatech.org", "", "", "Transaction Failure|" . $response['merchant_param4'] . "|Date:" .
$response['trans_date'], $msg);
$msg = $this->load->view("email_templates/payment_reply", $data, TRUE);
// send_email($response['billing_email'], "", "info@shardahospital.org", "Receipt|".$response['merchant_param4']."|Date:".$response['trans_date'], $msg);
send_email($response['billing_email'], "", "praveenpnf@gmail.com", "Receipt|".$response['merchant_param4']."|Date:".$response['trans_date'], $msg);
}
$this->load->view('ccavenue/ccavResponseHandler',$data);
}
public function generate_order_id($base=''){
$this->load->helper('string');
$unique = false;
$order_id = '';
while(!$unique){
$order_id = $base.random_string('numeric',5);
$unique = $this->payment->is_unique_id($order_id);
}
return $order_id;
}
}
Kontol Shell Bypass