DoliPesa/pages/callback.php

<?php
/**
 * M-Pesa Payment Module - Payment Processing
 * Author: NESTICT INFOTECH
 * Version: 1.0.0
 */

require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT . "/core/lib/admin.lib.php";

$invoiceId = GETPOST('invoice_id', 'int');
$token = GETPOST('token', 'alpha');

if (!$invoiceId || !$token) {
    accessforbidden();
}

// Validate token
$expectedToken = base64_encode(hash('sha256', $invoiceId . time()));
if ($token !== $expectedToken) {
    accessforbidden();
}

// Process payment submission
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $phoneNumber = GETPOST('phone_number', 'alpha');
    $amount = GETPOST('amount', 'int');

    $paybill = dolibarr_get_const($db, "MPESAPAY_PAYBILL");
    $passkey = dolibarr_get_const($db, "MPESAPAY_PASSKEY");

    $payload = array(
        "BusinessShortCode" => $paybill,
        "Password" => base64_encode($paybill . $passkey . time()),
        "Timestamp" => date('YmdHis'),
        "TransactionType" => "CustomerPayBillOnline",
        "Amount" => $amount,
        "PartyA" => $phoneNumber,
        "PartyB" => $paybill,
        "PhoneNumber" => $phoneNumber,
        "CallBackURL" => DOL_URL_ROOT . "/custom/mpesapay/callback.php",
        "AccountReference" => $invoiceId,
        "TransactionDesc" => "Payment for Invoice #$invoiceId"
    );

    $module = new modMpesapay($db);
    $response = $module->sendMpesaRequest($payload);

    if ($response && $response['ResponseCode'] == "0") {
        echo "<p>Payment initiated. Check your phone to complete.</p>";
    } else {
        echo "<p>Failed to initiate payment. Please try again.</p>";
    }
} else {
    // Display payment form
    $sql = "SELECT ref, total FROM ".MAIN_DB_PREFIX."facture WHERE rowid = $invoiceId";
    $result = $db->query($sql);
    if ($result) {
        $invoice = $db->fetch_object($result);
        print load_fiche_titre("Pay Invoice #{$invoice->ref}");
        echo '<form method="POST">';
        echo '<label>Phone Number (254...): <input type="text" name="phone_number" pattern="^254[0-9]{9}$" required></label><br>';
        echo '<label>Amount: <input type="number" name="amount" value="'.$invoice->total.'" readonly></label><br>';
        echo '<button type="submit">Pay Now</button>';
        echo '</form>';
    } else {
        echo "<p>Invoice not found.</p>";
    }
}

llxFooter();
$db->close();
?>