From c3e6e0a5f9436aa44df6d5fe95891cf0ab23b824 Mon Sep 17 00:00:00 2001
From: kevinowino869 <kevinowino869@www.codelab.nestict.africa>
Date: Sun, 30 Mar 2025 13:11:07 +0200
Subject: [PATCH] Update pages/callback.php

Signed-off-by: kevinowino869 <kevinowino869@www.codelab.nestict.africa>
---
 pages/callback.php | 75 ++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 72 insertions(+), 3 deletions(-)

diff --git a/pages/callback.php b/pages/callback.php
index 743d78c..102e330 100644
--- a/pages/callback.php
+++ b/pages/callback.php
@@ -1,4 +1,73 @@
 <?php
-// Payment Callback Page
-echo "Payment Callback Received";
-?>
\ No newline at end of file
+/**
+ * M-Pesa Payment Module - Payment Processing
+ * Author: NESTICT INFOTECH
+ * Version: 1.0.0
+ */
+
+require '../../main.inc.php';
+require_once DOL_DOCUMENT_ROOT . "/core/lib/admin.lib.php";
+
+$invoiceId = GETPOST('invoice_id', 'int');
+$token = GETPOST('token', 'alpha');
+
+if (!$invoiceId || !$token) {
+    accessforbidden();
+}
+
+// Validate token
+$expectedToken = base64_encode(hash('sha256', $invoiceId . time()));
+if ($token !== $expectedToken) {
+    accessforbidden();
+}
+
+// Process payment submission
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $phoneNumber = GETPOST('phone_number', 'alpha');
+    $amount = GETPOST('amount', 'int');
+
+    $paybill = dolibarr_get_const($db, "MPESAPAY_PAYBILL");
+    $passkey = dolibarr_get_const($db, "MPESAPAY_PASSKEY");
+
+    $payload = array(
+        "BusinessShortCode" => $paybill,
+        "Password" => base64_encode($paybill . $passkey . time()),
+        "Timestamp" => date('YmdHis'),
+        "TransactionType" => "CustomerPayBillOnline",
+        "Amount" => $amount,
+        "PartyA" => $phoneNumber,
+        "PartyB" => $paybill,
+        "PhoneNumber" => $phoneNumber,
+        "CallBackURL" => DOL_URL_ROOT . "/custom/mpesapay/callback.php",
+        "AccountReference" => $invoiceId,
+        "TransactionDesc" => "Payment for Invoice #$invoiceId"
+    );
+
+    $module = new modMpesapay($db);
+    $response = $module->sendMpesaRequest($payload);
+
+    if ($response && $response['ResponseCode'] == "0") {
+        echo "<p>Payment initiated. Check your phone to complete.</p>";
+    } else {
+        echo "<p>Failed to initiate payment. Please try again.</p>";
+    }
+} else {
+    // Display payment form
+    $sql = "SELECT ref, total FROM ".MAIN_DB_PREFIX."facture WHERE rowid = $invoiceId";
+    $result = $db->query($sql);
+    if ($result) {
+        $invoice = $db->fetch_object($result);
+        print load_fiche_titre("Pay Invoice #{$invoice->ref}");
+        echo '<form method="POST">';
+        echo '<label>Phone Number (254...): <input type="text" name="phone_number" pattern="^254[0-9]{9}$" required></label><br>';
+        echo '<label>Amount: <input type="number" name="amount" value="'.$invoice->total.'" readonly></label><br>';
+        echo '<button type="submit">Pay Now</button>';
+        echo '</form>';
+    } else {
+        echo "<p>Invoice not found.</p>";
+    }
+}
+
+llxFooter();
+$db->close();
+?>