ONE PIECE HACKING

Ngiler SH3LL 360
: / home / tbf / sala_palatului / app / Http / Controllers / Api /

Information Server
MySQL : OFF Perl : OFF CURL : ON WGET : OFF PKEXEC : OFF

Directive	Local Value
IP Address	89.40.16.97
System	Linux server.atelieruldeit.ro 3.10.0-1160.el7.x86_64 #1 SMP Mon Oct 19 16:18:59 UTC 2020 x86_64
User	tbf
PHP Version	7.3.33
Software	Apache
Doc root	Writable

Edit File : PaymentController.php \| Size : 4.73 KB
<?php namespace App\Http\Controllers\Api; use Illuminate\Http\Request; use App\Http\Controllers\Controller; use App\Payment; class PaymentController extends Controller { public function index() { $payments = Payment::get(); return response()->json($payments); } public function paymentInfo($paymentId){ $payment = Payment::findOrFail($paymentId); $paymentData = [ 'status' => $payment->status, 'transaction_message' => $payment->transaction_message, ]; return response()->json($paymentData); } public function euplatesc_response(Request $request) { $euplatesc_response = [ 'amount' => addslashes(trim($request->amount)), //original amount 'curr' => addslashes(trim($request->curr)), //original currency 'ep_id' => addslashes(trim($request->ep_id)), //Euplatesc.ro unique id 'merch_id' => addslashes(trim($request->merch_id)), //your merchant id 'action' => addslashes(trim($request->action)), // if action == 0 transaction ok 'message' => addslashes(trim($request->message)),// transaction responce message 'approval' => addslashes(trim($request->approval)),// if action!=0 empty 'timestamp' => addslashes(trim($request->timestamp)),// meesage timestamp 'nonce' => addslashes(trim($request->nonce)), ]; $euplatesc_response['fp_hash'] = strtoupper(euplatesc_mac($euplatesc_response, config('app.euPlatesckey'))); $fp_hash = addslashes(trim($request->fp_hash)); $payment = Payment::findOrFail($euplatesc_response['invoice_id']); if($euplatesc_response['fp_hash'] === $fp_hash) { // start facem update in baza de date if($euplatesc_response['action'] == "0") { $payment->update([ 'euplatesc_customer_id' => $euplatesc_response['ep_id'], 'status' => 'paid', 'transaction_message' => $euplatesc_response['message'], ]); // // send payment notification mail // paymentMail($payment); }else{ $payment->update([ 'euplatesc_customer_id' => $euplatesc_response['ep_id'], 'status' => 'error', 'transaction_message' => $euplatesc_response['message'], ]); } }else{ $payment->update([ 'euplatesc_customer_id' => $euplatesc_response['ep_id'], 'status' => 'error', 'transaction_message' => 'invalid credentials', ]); } return redirect('/informatii-plata'); } function exchangeValue($amount){ $exchangeXmlLink = "https://www.bnr.ro/nbrfxrates.xml"; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $exchangeXmlLink); curl_setopt($ch, CURLOPT_FAILONERROR,1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1); curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_TIMEOUT, 15); $data = curl_exec($ch); curl_close($ch); $regex = '/<Rate currency="EUR">([0-9.,]+)<\/Rate>/'; $conversion = preg_match($regex, $data, $out) ? $out[1] : 4.7; $amount_with_tva = round(($amount * $conversion * 1.19),2); return $amount_with_tva; } public function preparePayment(Request $request){ $amount = $this->exchangeValue($request->amount); $payment = Payment::create([ 'name' => $request->name, 'email' => $request->email, 'phone' => $request->phone, 'company' => $request->company, 'amount' => $amount, ]); $dataAll = [ "amount" => $amount, "curr" => 'RON', "invoice_id" => $payment->id, "order_desc" => "EUCOM", "merch_id" => config('app.euPlatescMerchId'), "timestamp" => gmdate("YmdHis"), "nonce" => md5(microtime() . mt_rand()) ]; $dataAll += ["fp_hash" => strtoupper(euplatesc_mac($dataAll,config('app.euPlatesckey')))]; $dataAll += [ // 'lang' => '', 'fname' => $request->name, // 'lname' => '', 'country' => 'RO', // 'company' => $request->company, // 'city' => '', // 'zip_code' => 0, // 'add' => '', 'email' => $request->email, 'phone' => $request->phone, 'euplatesc_url' => "https://secure.euplatesc.ro/tdsprocess/tranzactd.php", ]; return response()->json($dataAll); } } Back

Edit File : PaymentController.php | Size : 4.73 KB

<?php

namespace App\Http\Controllers\Api;

use Illuminate\Http\Request;
use App\Http\Controllers\Controller;
use App\Payment;

class PaymentController extends Controller
{
    public function index() {
        $payments = Payment::get();

return response()->json($payments);
    }

public function paymentInfo($paymentId){
        $payment = Payment::findOrFail($paymentId);
        
        $paymentData = [
            'status' => $payment->status,
            'transaction_message' => $payment->transaction_message,
        ];

return response()->json($paymentData);
    }

public function euplatesc_response(Request $request) {
        $euplatesc_response = [
            'amount'        => addslashes(trim($request->amount)),  //original amount
            'curr'          => addslashes(trim($request->curr)),    //original currency
            'ep_id'         => addslashes(trim($request->ep_id)), //Euplatesc.ro unique id
            'merch_id'      => addslashes(trim($request->merch_id)), //your merchant id
            'action'        => addslashes(trim($request->action)), // if action == 0 transaction ok
            'message'       => addslashes(trim($request->message)),// transaction responce message
            'approval'      => addslashes(trim($request->approval)),// if action!=0 empty
            'timestamp'     => addslashes(trim($request->timestamp)),// meesage timestamp
            'nonce'         => addslashes(trim($request->nonce)),
        ];
        $euplatesc_response['fp_hash'] = strtoupper(euplatesc_mac($euplatesc_response, config('app.euPlatesckey')));
        $fp_hash = addslashes(trim($request->fp_hash));

$payment = Payment::findOrFail($euplatesc_response['invoice_id']);
        if($euplatesc_response['fp_hash'] === $fp_hash) {
            // start facem update in baza de date
            if($euplatesc_response['action'] == "0") {
                $payment->update([
                    'euplatesc_customer_id' => $euplatesc_response['ep_id'],
                    'status' => 'paid',
                    'transaction_message' => $euplatesc_response['message'],
                ]);
                // // send payment notification mail 
                // paymentMail($payment);
            }else{
                $payment->update([
                    'euplatesc_customer_id' => $euplatesc_response['ep_id'],
                    'status' => 'error',
                    'transaction_message' => $euplatesc_response['message'],
                ]);
            }
        }else{
            $payment->update([
                'euplatesc_customer_id' => $euplatesc_response['ep_id'],
                'status' => 'error',
                'transaction_message' => 'invalid credentials',
            ]);
        }

return redirect('/informatii-plata');
    }

function exchangeValue($amount){
        $exchangeXmlLink = "https://www.bnr.ro/nbrfxrates.xml";

$ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, $exchangeXmlLink);
        curl_setopt($ch, CURLOPT_FAILONERROR,1);
        curl_setopt($ch, CURLOPT_FOLLOWLOCATION,1);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
        curl_setopt($ch, CURLOPT_TIMEOUT, 15);
     
        $data = curl_exec($ch);
        curl_close($ch);

$regex = '/<Rate currency="EUR">([0-9.,]+)<\/Rate>/';
        $conversion = preg_match($regex, $data, $out) ? $out[1] : 4.7;
        $amount_with_tva = round(($amount * $conversion * 1.19),2);

return $amount_with_tva;
    }

public function preparePayment(Request $request){
        $amount = $this->exchangeValue($request->amount);

$payment = Payment::create([
            'name' => $request->name,
            'email' => $request->email,
            'phone' => $request->phone,
            'company' => $request->company,
            'amount' => $amount,
        ]);

$dataAll = [
            "amount" => $amount,
            "curr" => 'RON',
            "invoice_id" => $payment->id,
            "order_desc" => "EUCOM",
            "merch_id" => config('app.euPlatescMerchId'),
            "timestamp" => gmdate("YmdHis"),
            "nonce" => md5(microtime() . mt_rand())
        ];
        $dataAll += ["fp_hash" => strtoupper(euplatesc_mac($dataAll,config('app.euPlatesckey')))];
        
        $dataAll += [
            // 'lang' => '',
            'fname' => $request->name,
            // 'lname' => '',
            'country' => 'RO',
            // 'company' => $request->company,
            // 'city' => '',
            // 'zip_code' => 0,
            // 'add' => '',
            'email' => $request->email,
            'phone' => $request->phone,
            'euplatesc_url' => "https://secure.euplatesc.ro/tdsprocess/tranzactd.php",
        ];

return response()->json($dataAll);
    }

}

Back