Update pages/payment.php

Signed-off-by: kevinowino869 <kevinowino869@www.codelab.nestict.africa>

pages/payment.php

@@ -1,56 +1,122 @@
 <?php
 /**
- * M-Pesa Payment Module - Callback Handler
+ * Dolipesa - M-Pesa Payment Module Payment Initiation
  * Author: NESTICT INFOTECH
- * Version: 1.0.0
+ * Version: 1.0.1
+ * License: GNU General Public License v3.0
  */
 
 require '../../main.inc.php';
-require_once DOL_DOCUMENT_ROOT . "/core/lib/admin.lib.php";
+require_once DOL_DOCUMENT_ROOT . '/core/lib/admin.lib.php';
+require_once DOL_DOCUMENT_ROOT . '/compta/facture/class/facture.class.php';
 
-header('Content-Type: application/json');
+// Load translations
+$langs->load('dolipesa@dolipesa');
 
-// Retrieve M-Pesa callback data
+// Security check
-$callbackData = json_decode(file_get_contents('php://input'), true);
+$invoiceId = GETPOST('invoice_id', 'int');
+$token = GETPOST('token', 'alpha');
 
-if (!$callbackData) {
+if (!$invoiceId || !$token) {
-    http_response_code(400);
+    accessforbidden($langs->trans('MissingParameters'));
-    echo json_encode(["error" => "Invalid callback data"]);
-    exit;
 }
 
-// Extract data from callback
+// Validate token (simple example; enhance for production)
-$invoiceId = $callbackData['AccountReference'] ?? null;
+$expectedToken = md5($invoiceId . $conf->global->MAIN_SECURITY_SALT);
-$transactionId = $callbackData['MpesaReceiptNumber'] ?? null;
+if ($token !== $expectedToken) {
-$resultCode = $callbackData['ResultCode'] ?? 1;
+    accessforbidden($langs->trans('InvalidToken'));
-$resultDesc = $callbackData['ResultDesc'] ?? "Unknown error";
-
-if (!$invoiceId || !$transactionId) {
-    http_response_code(400);
-    echo json_encode(["error" => "Missing invoice or transaction ID"]);
-    exit;
 }
 
-// Handle successful transaction
+// Load invoice
-if ($resultCode == 0) {
+$invoice = new Facture($db);
-    $sql = "UPDATE ".MAIN_DB_PREFIX."facture SET transaction_number = '$transactionId', paye = 1 WHERE rowid = $invoiceId";
+if ($invoice->fetch($invoiceId) <= 0 || $invoice->statut != 1) { // Validated status
+    accessforbidden($langs->trans('InvoiceNotFoundOrNotValidated'));
+}
+
+// Process payment submission
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $phoneNumber = GETPOST('phone_number', 'alpha');
+    $amount = floatval($invoice->total_ttc); // Use invoice total including tax
+
+    // Validate phone number (Kenyan format: 2547XXXXXXXX)
+    if (!preg_match('/^254[0-9]{9}$/', $phoneNumber)) {
+        setEventMessages($langs->trans('InvalidPhoneNumber'), null, 'errors');
+    } else {
+        // Load M-Pesa credentials
+        $consumerKey = $conf->global->MPESAPAY_CONSUMER_KEY;
+        $consumerSecret = dol_decrypt($conf->global->MPESAPAY_CONSUMER_SECRET);
+        $shortcode = $conf->global->MPESAPAY_SHORTCODE;
+        $passkey = dol_decrypt($conf->global->MPESAPAY_PASSKEY);
+        $callbackUrl = $conf->global->MPESAPAY_CALLBACK_URL ?: DOL_MAIN_URL_ROOT . '/custom/dolipesa/callback.php';
+
+        if (empty($consumerKey) || empty($consumerSecret) || empty($shortcode) || empty($passkey)) {
+            setEventMessages($langs->trans('ModuleNotConfigured'), null, 'errors');
+        } else {
+            // Generate OAuth token
+            $credentials = base64_encode($consumerKey . ':' . $consumerSecret);
+            $tokenResponse = dol_http_get('https://sandbox.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials', [
+                'Authorization: Basic ' . $credentials
+            ]);
+            $tokenData = json_decode($tokenResponse, true);
+            $accessToken = $tokenData['access_token'] ?? null;
+
+            if (!$accessToken) {
+                setEventMessages($langs->trans('FailedToGetMpesaToken'), null, 'errors');
+            } else {
+                // Prepare STK Push payload
+                $timestamp = date('YmdHis');
+                $password = base64_encode($shortcode . $passkey . $timestamp);
+                $payload = [
+                    'BusinessShortCode' => $shortcode,
+                    'Password' => $password,
+                    'Timestamp' => $timestamp,
+                    'TransactionType' => 'CustomerPayBillOnline',
+                    'Amount' => $amount,
+                    'PartyA' => $phoneNumber,
+                    'PartyB' => $shortcode,
+                    'PhoneNumber' => $phoneNumber,
+                    'CallBackURL' => $callbackUrl,
+                    'AccountReference' => $invoice->ref,
+                    'TransactionDesc' => $langs->trans('PaymentForInvoice', $invoice->ref)
+                ];
+
+                // Send STK Push request
+                $response = dol_http_post('https://sandbox.safaricom.co.ke/mpesa/stkpush/v1/processrequest', json_encode($payload), [
+                    'Authorization: Bearer ' . $accessToken,
+                    'Content-Type: application/json'
+                ]);
+                $responseData = json_decode($response, true);
+
+                if ($responseData && $responseData['ResponseCode'] == '0') {
+                    // Store CheckoutRequestID for callback mapping
+                    $checkoutRequestID = $responseData['CheckoutRequestID'];
+                    $sql = "INSERT INTO " . MAIN_DB_PREFIX . "dolipesa_transactions (checkout_request_id, fk_invoice, datec) ";
+                    $sql .= "VALUES ('" . $db->escape($checkoutRequestID) . "', " . $invoice->id . ", NOW())";
                     $db->query($sql);
 
-    // Log payment in Dolibarr
+                    setEventMessages($langs->trans('PaymentInitiated'), null, 'mesgs');
-    $sqlPayment = "INSERT INTO ".MAIN_DB_PREFIX."paiement (facid, amount, datep, num_payment) VALUES ($invoiceId, (SELECT total FROM ".MAIN_DB_PREFIX."facture WHERE rowid = $invoiceId), NOW(), '$transactionId')";
+                } else {
-    $db->query($sqlPayment);
+                    setEventMessages($langs->trans('PaymentInitiationFailed') . ': ' . ($responseData['errorMessage'] ?? 'Unknown error'), null, 'errors');
-
+                }
-    // Update invoice status
+            }
-    $sqlUpdateInvoice = "UPDATE ".MAIN_DB_PREFIX."facture SET statut = 2 WHERE rowid = $invoiceId"; // Paid status
+        }
-    $db->query($sqlUpdateInvoice);
+    }
-
-    http_response_code(200);
-    echo json_encode(["success" => "Payment successful", "transaction_id" => $transactionId]);
-} else {
-    // Handle failed transaction
-    http_response_code(400);
-    echo json_encode(["error" => $resultDesc]);
 }
 
+// Display payment form
+print load_fiche_titre($langs->trans('PayInvoice', $invoice->ref));
+print '<form method="POST" action="' . $_SERVER['PHP_SELF'] . '?invoice_id=' . $invoiceId . '&token=' . $token . '">';
+print '<table class="noborder centpercent">';
+print '<tr class="oddeven"><td><label for="phone_number">' . $langs->trans('PhoneNumber') . ' (254...):</label></td>';
+print '<td><input type="text" name="phone_number" id="phone_number" pattern="^254[0-9]{9}$" value="254" required></td></tr>';
+print '<tr class="oddeven"><td><label for="amount">' . $langs->trans('Amount') . ' (KES):</label></td>';
+print '<td><input type="number" name="amount" id="amount" value="' . price($invoice->total_ttc, 0, '', 1, -1, -1, 'KES') . '" readonly></td></tr>';
+print '</table>';
+print '<div class="center" style="margin-top: 20px;">';
+print '<input type="submit" class="button" value="' . $langs->trans('PayNow') . '">';
+print '</div>';
+print '</form>';
+
+llxFooter();
 $db->close();
 ?>