Refactor payment page layout and perform security cleanup

This commit is contained in:
Muhammet Güler
2026-02-18 11:53:39 +03:00
parent 452d05f4a1
commit 42357c4dbb
4 changed files with 261 additions and 280 deletions
+39 -7
View File
@@ -17,7 +17,7 @@ class PaymentController extends Controller
'email' => 'required|email|max:255',
'phone' => 'required|string|max:20',
'price' => 'required|numeric|min:1',
'address' => 'required|string',
'address' => 'nullable|string',
'agreement' => 'accepted',
], [
'name.required' => 'Lütfen adınızı giriniz.',
@@ -60,7 +60,7 @@ class PaymentController extends Controller
$test_mode = 0; // Canlı mod
$user_name = $request->input('name').' '.$request->input('surname');
$user_address = $request->input('address'); // Note field used as address
$user_address = $request->input('address') ?: 'Adres Belirtilmemiş'; // Fallback if not provided
$user_phone = $request->input('phone');
// Callbacks should ideally be routes we define, but user provided specific URLs.
@@ -104,6 +104,15 @@ class PaymentController extends Controller
'test_mode' => $test_mode,
];
// Log request for debugging
Log::info('PayTR Request', [
'merchant_id' => $merchant_id,
'merchant_oid' => $merchant_oid,
'email' => $email,
'payment_amount' => $payment_amount,
'user_ip' => $user_ip,
]);
// Curl request
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.paytr.com/odeme/api/get-token');
@@ -114,15 +123,38 @@ class PaymentController extends Controller
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 20);
$result = @curl_exec($ch);
if (curl_errno($ch)) {
return back()->with('error', 'PAYTR connection error. err:'.curl_error($ch));
}
$result = curl_exec($ch);
$curlError = curl_error($ch);
$curlErrno = curl_errno($ch);
curl_close($ch);
if ($curlErrno) {
Log::error('PayTR cURL error', ['errno' => $curlErrno, 'error' => $curlError]);
return back()->with('error', 'PAYTR bağlantı hatası. Lütfen tekrar deneyin.');
}
if ($result === false || empty($result)) {
Log::error('PayTR returned empty response');
return back()->with('error', 'Ödeme sisteminden yanıt alınamadı. Lütfen tekrar deneyin.');
}
// Log the raw response for debugging
Log::info('PayTR Raw Response', ['response' => $result]);
$result = json_decode($result, 1);
// Check if result is valid
if (!$result || !is_array($result)) {
Log::error('PayTR API returned invalid response', ['response' => $result]);
return back()->with('error', 'Ödeme sisteminden geçersiz yanıt alındı. Lütfen tekrar deneyin.');
}
if (!isset($result['status'])) {
Log::error('PayTR API response missing status', ['response' => $result]);
return back()->with('error', 'Ödeme sisteminden beklenmeyen yanıt alındı. Lütfen tekrar deneyin.');
}
if ($result['status'] == 'success') {
$token = $result['token'];