PK

<?php
header("Pragma: no-cache");
header("Cache-Control: no-cache");
header("Expires: 0");

// following files need to be included
require_once("./lib/config_paytm.php");
require_once("./lib/encdec_paytm.php");
ob_start();
//error_reporting(E_ALL ^ E_NOTICE);
@session_start();
if(empty($_SESSION['userId'])){
header("Location: ../index.php");
exit();
}
ini_set('allow_url_include',1);    
date_default_timezone_set("Asia/Kolkata");
set_time_limit(600);
ini_set('max_execution_time',600);

require_once '../admin/includes/settings/PDODB.php';
include '../admin/includes/modules/functions.php';
include '../admin/includes/settings/constant.php';

$function = new FUNCTIONS();
$uid =$_SESSION['userId'];
$id = $_SESSION['paylogId'];

//print_r($id);
//exit;

$discountperiod = $function->getDiscountPeriod($id=NULL,$date_to=NULL,$date_from=NULL);

$date_to = $discountperiod[0]['date_to'];
$date_from = $discountperiod[0]['date_from'];

$diff2 = abs(strtotime($date_from) - strtotime($date_to));
$years2 = 0;
$months2 = 0;
//$years = floor($diff / (365*60*60*24));
//$months = floor(($diff - $years * 365*60*60*24) / (30*60*60*24));
$days2 = floor(($diff2 - $years2 * 365*60*60*24 - $months2*30*60*60*24)/ (60*60*24));

$account = $function->getAccountDetails($uid,NULL);
$bal = 0;
for($i=0;$i<count($account);$i++){
  $bal += $account[$i]['debit']-$account[$i]['credit'];
}
$bal = $bal-500;

$paytmChecksum = "";
$paramList = array();
$isValidChecksum = "FALSE";

//print_r($_POST); exit;
$paramList = $_POST;
$paytmChecksum = isset($_POST["CHECKSUMHASH"]) ? $_POST["CHECKSUMHASH"] : ""; //Sent by Paytm pg

//Verify all parameters received from Paytm pg to your application. Like MID received from paytm pg is same as your application�s MID, TXN_AMOUNT and ORDER_ID are same as what was sent by you to Paytm PG for initiating transaction etc.
$isValidChecksum = verifychecksum_e($paramList, PAYTM_MERCHANT_KEY, $paytmChecksum); //will return TRUE or FALSE string.

$ORDERID=!empty($_POST['ORDERID'])?trim($_POST['ORDERID']):"";
$TXNID=!empty($_POST['TXNID'])?trim($_POST['TXNID']):"";
$TXNAMOUNT=!empty($_POST['TXNAMOUNT'])?(int)trim($_POST['TXNAMOUNT']):"";
$PAYMENTMODE=!empty($_POST['PAYMENTMODE'])?trim($_POST['PAYMENTMODE']):"";
$CURRENCY=!empty($_POST['CURRENCY'])?trim($_POST['CURRENCY']):"";
//$TXNDATE=!empty($_POST['TXNDATE'])?trim($_POST['TXNDATE']):"";
$STATUS=!empty($_POST['STATUS'])?trim($_POST['STATUS']):"";
$RESPCODE=!empty($_POST['RESPCODE'])?trim($_POST['RESPCODE']):"";
$RESPMSG=!empty($_POST['RESPMSG'])?trim($_POST['RESPMSG']):"";
$GATEWAYNAME=!empty($_POST['GATEWAYNAME'])?trim($_POST['GATEWAYNAME']):"";
$BANKTXNID=!empty($_POST['BANKTXNID'])?trim($_POST['BANKTXNID']):"";
$BANKNAME=!empty($_POST['BANKNAME'])?trim($_POST['BANKNAME']):"";
$CHECKSUMHASH=!empty($_POST['CHECKSUMHASH'])?trim($_POST['CHECKSUMHASH']):"";
$ipaddress = $function->getRealIpAddr();
$TXNDATE = date('Y-m-d H:i:s');

$pdodb = PDODB::getInstance();
$sql = "UPDATE payment_loger SET orderid='".$ORDERID."',txnid='".$TXNID."',currency='".$CURRENCY."',txndate='".$TXNDATE."',status='".$STATUS."',respcode='".$RESPCODE."',respmsg='".$RESPMSG."',gatewayname='".$GATEWAYNAME."',checksumhash='".$CHECKSUMHASH."'  WHERE id='$id'";
//exit;
$result = $pdodb->query($sql);
PDODB::closeInstance();

$_SESSION['orderid'] = $ORDERID;

if($isValidChecksum == "TRUE") {
	echo "<b>Checksum matched and following are the transaction details:</b>" . "<br/>";
	if ($_POST["STATUS"] == "TXN_SUCCESS") {
		echo "<b>Transaction status is success</b>" . "<br/>";
		//Process your transaction here as success transaction.
		//Verify amount & order id received from Payment gateway with your application's order id and amount.
		//echo "success page";

		$sql = "SELECT * FROM `demand` WHERE uid=".$uid." ORDER by demand_id DESC";
		//exit;
		$pdodb = PDODB::getInstance();
		if(!empty($pdodb)){
		 $result = $pdodb->query($sql); 
		 $start_date = $result[0]['demand_date'];
		 PDODB::closeInstance();
		}else{
		 echo 'Not Connected<br/>';
		}

		$current_date = date("Y-m-d H:i:s");
		//$current_date = "2019-05-30 14:07:45";
		$diff = abs(strtotime($current_date) - strtotime($start_date));
		$years = 0;
		$months = 0;
		//$years = floor($diff / (365*60*60*24));
		//$months = floor(($diff - $years * 365*60*60*24) / (30*60*60*24));
		$days = floor(($diff - $years * 365*60*60*24 - $months*30*60*60*24)/ (60*60*24));
		//print_r($days); exit;
		//30th april = 29
      	//15th may = 44
      	//15th june = 75
		if ($TXNAMOUNT==$bal && $days<=$days2) {
			//echo "yes"; exit;
			$dic_amt = 500;
			$dis_particular = "Discount";
			$sql1 = "INSERT INTO transaction SET uid='".$uid."',orderid='".$ORDERID."',txnid='".$TXNID."',txnamount='".$TXNAMOUNT."',paymentmode='".$PAYMENTMODE."',currency='".$CURRENCY."',txndate='".$TXNDATE."',status='".$STATUS."',respcode='".$RESPCODE."',respmsg='".$RESPMSG."',gatewayname='".$GATEWAYNAME."',banktxnid='".$BANKTXNID."',bankname='".$BANKNAME."',checksumhash='".$CHECKSUMHASH."',ipaddress='".$ipaddress."'";
        
	        $result = $pdodb->query($sql1);

	        $sql2 = "INSERT INTO accounts SET uid='".$uid."',orderid='".$ORDERID."',transaction_id='".$TXNID."',credit='".$TXNAMOUNT."',paymentmode='".$PAYMENTMODE."',txndate='".$TXNDATE."',ipaddress='".$ipaddress."'";

	        $result2 = $pdodb->query($sql2);

	        $sql3 = "INSERT INTO accounts SET uid='".$uid."',particular='".$dis_particular."',credit='".$dic_amt."',txndate='".$TXNDATE."',ipaddress='".$ipaddress."'";

	        $result3 = $pdodb->query($sql3);
	        //print_r($result2); exit;
	        PDODB::closeInstance();

	        header("Location: ../invoice-d.php");
		} else {
			//echo "no"; exit;
			$sql1 = "INSERT INTO transaction SET uid='".$uid."',orderid='".$ORDERID."',txnid='".$TXNID."',txnamount='".$TXNAMOUNT."',paymentmode='".$PAYMENTMODE."',currency='".$CURRENCY."',txndate='".$TXNDATE."',status='".$STATUS."',respcode='".$RESPCODE."',respmsg='".$RESPMSG."',gatewayname='".$GATEWAYNAME."',banktxnid='".$BANKTXNID."',bankname='".$BANKNAME."',checksumhash='".$CHECKSUMHASH."',ipaddress='".$ipaddress."'";
        
	        $result = $pdodb->query($sql1);

	        $sql2 = "INSERT INTO accounts SET uid='".$uid."',orderid='".$ORDERID."',transaction_id='".$TXNID."',credit='".$TXNAMOUNT."',paymentmode='".$PAYMENTMODE."',txndate='".$TXNDATE."',ipaddress='".$ipaddress."'";

	        $result2 = $pdodb->query($sql2);
	        //print_r($result2); exit;
	        PDODB::closeInstance();

	        header("Location: ../invoice-p.php");
		}

	}
	else {
		echo "<b>Transaction status is failure</b>" . "<br/>";
		echo "failure page";
		header("Location: ../failure.php");

	}
	if (isset($_POST) && count($_POST)>0 )
	{ 
		foreach($_POST as $paramName => $paramValue) {
			echo "<br/>" . $paramName . " = " . $paramValue;
		}
	}
}
else {
	echo "<b>Checksum mismatched.</b>";
	//Process transaction as suspicious.
}

?>

PK 99