OwlCyberSecurity - MANAGER

Edit File: iPayController.php

<?php

namespace App\Http\Controllers;

use App\Sportpesa\Modules\Subscription\Model\Subscription;
use App\Sportpesa\Modules\User\Model\User;
use Illuminate\Http\Request;
use DateTime;

class iPayController extends Controller
{
    public function getPayment($category, $planName){
        $user = currentUser();

$sub = Subscription::whereCategory($category)->where('planName', $planName)->first();

$price = $sub->keshPrice;
        $cur = 'KES';
        $uri = 'https://payments.ipayafrica.com/v3/ke';
        $uid = strtolower('pevah');
        $hashh = '342DAC123xCAzePeV';

$live = 1;
        $order_id = str_slug("$user->id/$category/$sub->accessTime", '_');
        $invoice = str_slug("$user->id/$category", '_');
        $total = "$price.00";
        $phone = $user->phone;
        $email = $user->email;
        $vid = $uid;
        $curr = $cur;
        $p1 = $user->id;
        $p2 = $sub->id;
        $p3 = $sub->accessTime;
        $cbk = url('ipay/status');
        $cst = 1;
        $crl = 0;

$datastring =  $live.$order_id.$invoice.$total.$phone.$email.$vid.$curr.$p1.$p2.$p3.$cbk.$cst.$crl;
        /**********************************************************************************************************/
        $hashkey = $hashh; //Supply to us during iPay account registration;
        $hashid = hash_hmac("sha1", $datastring, $hashkey); //Set hashing algorithm to SHA1;
        /**********************************************************************************************************/

return view('ipay', compact('sub', 'hashid', 'cur', 'uri', 'uid', 'order_id', 'invoice'));
    }

public function getPaymentStatus(Request $request)
    {
        // Get the payment ID before session clear
        $user = currentUser();

$sub_time = $request->input('p3');
        $sub_plan = $request->input('p2');

$sub = Subscription::find($sub_plan);

$date = new DateTime();
        $today = $date->format('Y-m-d H:i:s');
        $nextdue = date('Y-m-d H:i:s', strtotime('+'.$sub_time));

if ($user->subscription_status=='0')
        {
            User::where('id', $user->id)->update(
                [
                    'subscription_id'=>$sub->id,
                    'subscription_type'=>$sub->planName,
                    'subscription_status'=>'1',
                    'date_subscribed'=>$today,
                    'next_due_date'=>$nextdue
                ]);
            User::where('id', $user->id)->increment('sub_count');
        }
        else{
            $next = strtotime('+'.$sub_time, strtotime($user->next_due_date));
            $nextdue = date("Y-m-d H:i:s", $next);

User::where('id', $user->id)->update(
                [
                    'subscription_id'=>$sub->id,
                    'subscription_type'=>$sub->planName,
                    'subscription_status'=>'1',
                    'date_subscribed'=>$today,
                    'next_due_date'=>$nextdue
                ]
            );
            User::where('id', $user->id)->increment('sub_count');
        }

session()->flash('PAYMENT SUCCESSFUL/ACCOUNT UPGRADED');
        return redirect('/my_pesa/index');

}
}