Files
citrus/app/Http/Controllers/PaymentController.php
T

171 lines
7.0 KiB
PHP
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<?php
namespace App\Http\Controllers;
use App\Models\Page;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Log;
use Illuminate\Support\Facades\Validator;
class PaymentController extends Controller
{
public function process(Request $request)
{
$validator = Validator::make($request->all(), [
'name' => 'required|string|max:255',
'surname' => 'required|string|max:255',
'email' => 'required|email|max:255',
'phone' => 'required|string|max:20',
'price' => 'required|numeric|min:1',
'address' => 'required|string',
'agreement' => 'accepted',
], [
'name.required' => 'Lütfen adınızı giriniz.',
'surname.required' => 'Lütfen soyadınızı giriniz.',
'email.required' => 'Lütfen e-posta adresinizi giriniz.',
'email.email' => 'Geçerli bir e-posta adresi giriniz.',
'phone.required' => 'Lütfen telefon numaranızı giriniz.',
'price.required' => 'Lütfen ödeme tutarını giriniz.',
'price.min' => 'Ödeme tutarı en az 1 TL olmalıdır.',
'address.required' => 'Lütfen ödeme açıklamasını giriniz.',
'agreement.accepted' => 'Lütfen sözleşmeyi onaylayınız.',
]);
if ($validator->fails()) {
Log::info('Payment Validation Failed', $validator->errors()->toArray());
return back()->withErrors($validator)->withInput();
}
$merchant_id = '127117';
$merchant_key = 's9GH5FMuxFtqjxyJ';
$merchant_salt = 'qTHTx3j4FjieXPP3';
$price = $request->input('price') * 100; // Krş cinsinden
// Get user IP (handling Cloudflare or standard)
if (isset($_SERVER['HTTP_CLIENT_IP'])) {
$ip = $_SERVER['HTTP_CLIENT_IP'];
} elseif (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) {
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
} else {
$ip = $_SERVER['REMOTE_ADDR'];
}
$user_ip = $ip;
$merchant_oid = time(); // Benzersiz sipariş no
$email = $request->input('email');
$payment_amount = $price;
$currency = 'TL'; // Default
$test_mode = 0; // Canlı mod
$user_name = $request->input('name').' '.$request->input('surname');
$user_address = $request->input('address'); // Note field used as address
$user_phone = $request->input('phone');
// Callbacks should ideally be routes we define, but user provided specific URLs.
// We will use routes relative to current domain or the ones user specified if they are absolute?
// The user script had: "https://www.truncgil.com.tr/pay.php?ok"
// I should probably use the current app's URL.
$merchant_ok_url = route('payment.success');
$merchant_fail_url = route('payment.fail');
$user_basket = base64_encode(json_encode([
['Web / Mobil Yazılım', $payment_amount, 1],
]));
$no_installment = 0;
$max_installment = 9;
$debug_on = 1;
$timeout_limit = 30;
$hash_str = $merchant_id.$user_ip.$merchant_oid.$email.$payment_amount.$user_basket.$no_installment.$max_installment.$currency.$test_mode;
$paytr_token = base64_encode(hash_hmac('sha256', $hash_str.$merchant_salt, $merchant_key, true));
$post_vals = [
'merchant_id' => $merchant_id,
'user_ip' => $user_ip,
'merchant_oid' => $merchant_oid,
'email' => $email,
'lang' => 'tr',
'payment_amount' => $payment_amount,
'paytr_token' => $paytr_token,
'user_basket' => $user_basket,
'debug_on' => $debug_on,
'no_installment' => $no_installment,
'max_installment' => $max_installment,
'user_name' => $user_name,
'user_address' => $user_address,
'user_phone' => $user_phone,
'merchant_ok_url' => $merchant_ok_url,
'merchant_fail_url' => $merchant_fail_url,
'timeout_limit' => $timeout_limit,
'currency' => $currency,
'test_mode' => $test_mode,
];
// Curl request
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://www.paytr.com/odeme/api/get-token');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_vals);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 20);
$result = @curl_exec($ch);
if (curl_errno($ch)) {
return back()->with('error', 'PAYTR connection error. err:'.curl_error($ch));
}
curl_close($ch);
$result = json_decode($result, 1);
if ($result['status'] == 'success') {
$token = $result['token'];
// Re-render the online-payment page but with the token
// We need to fetch the page content again
// Assuming the slug is 'online-odeme' or similar, or we can just pass a dummy page object
// if we are lazy, but correct way is to fetch the page associated with the route.
// Since we are POSTing here, we don't know the Page model context unless we fetch it.
// Let's try to assume 'online-odeme' which is common.
$page = Page::where('template', 'online-payment')->orWhere('slug', 'online-odeme')->first();
if (! $page) {
$page = new Page(['title' => 'Online Ödeme', 'content' => '', 'excerpt' => 'Please complete your payment below.']);
}
return view('templates.corporate.online-payment', [
'page' => $page,
'paytr_token' => $token,
]);
} else {
return back()->with('error', 'PAYTR failed. reason:'.$result['reason']);
}
}
public function success(Request $request)
{
$page = Page::where('template', 'online-payment')->orWhere('slug', 'online-odeme')->first();
if ($page) {
return redirect()->route('page.show', $page->slug)->with('success', 'Your payment has been charged successfully. This will appear on your credit card statement as "PAYTR ODEME HIZMETLERI"');
}
return redirect()->route('home')->with('success', 'Your payment has been charged successfully.');
}
public function fail(Request $request)
{
$page = Page::where('template', 'online-payment')->orWhere('slug', 'online-odeme')->first();
if ($page) {
return redirect()->route('page.show', $page->slug)->with('error', 'Your payment has not been charged successfully! Please check your credit card information.');
}
return redirect()->route('home')->with('error', 'Your payment has not been charged successfully! Please check your credit card information.');
}
}