-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathdonate.php
More file actions
107 lines (87 loc) · 3.6 KB
/
donate.php
File metadata and controls
107 lines (87 loc) · 3.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
<?php
header('Content-Type: application/json');
require_once __DIR__ ."/db.php"; // Use PDO connection
require_once __DIR__ ."/process_donation.php";
// Get inputs
$frequency = trim($_POST['frequency'] ?? '');
$amount = (int)($_POST['amount'] ?? 0);
$first_name = trim($_POST['first_name'] ?? '');
$last_name = trim($_POST['last_name'] ?? '');
$email = trim($_POST['email'] ?? '');
$phone = trim($_POST['phone'] ?? '');
$message = trim($_POST['message'] ?? '');
// Format phone (remove + if it exists)
$phone = ltrim($phone, '+');
// Validate
if (!$frequency || !$amount || !$first_name || !$last_name || !$email || !$phone) {
echo json_encode(['status' => 'error', 'message' => 'All required fields must be filled']);
exit;
}
// Safaricom credentials
$consumerKey = 'YOUR_CONSUMER_KEY';
$consumerSecret = 'YOUR_CONSUMER_SECRET';
$BusinessShortCode = 'YOUR_SHORTCODE';
$Passkey = 'YOUR_PASSKEY';
// 1. Generate Access Token
$credentials = base64_encode($consumerKey . ':' . $consumerSecret);
$url = 'https://sandbox.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials';
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $url);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'Authorization: Basic ' . $credentials
));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($curl);
curl_close($curl);
$result = json_decode($response);
if (!isset($result->access_token)) {
echo json_encode(['status' => 'error', 'message' => 'Failed to get access token']);
exit;
}
$access_token = $result->access_token;
// 2. Initiate STK Push
$timestamp = date('YmdHis');
$password = base64_encode($BusinessShortCode . $Passkey . $timestamp);
$stkPushUrl = 'https://sandbox.safaricom.co.ke/mpesa/stkpush/v1/processrequest';
$callbackURL = 'https://yourdomain.com/callback.php'; // UPDATE this to your real callback URL
$stk_data = [
'BusinessShortCode' => $BusinessShortCode,
'Password' => $password,
'Timestamp' => $timestamp,
'TransactionType' => 'CustomerPayBillOnline',
'Amount' => $amount,
'PartyA' => $phone,
'PartyB' => $BusinessShortCode,
'PhoneNumber' => $phone,
'CallBackURL' => $callbackURL,
'AccountReference' => 'Donation',
'TransactionDesc' => 'Donation Payment'
];
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL, $stkPushUrl);
curl_setopt($curl, CURLOPT_HTTPHEADER, array(
'Content-Type: application/json',
'Authorization: Bearer ' . $access_token
));
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, json_encode($stk_data));
$stk_response = curl_exec($curl);
curl_close($curl);
$res = json_decode($stk_response, true);
if (!isset($res['CheckoutRequestID'])) {
echo json_encode(['status' => 'error', 'message' => 'STK push failed']);
exit;
}
$checkoutRequestID = $res['CheckoutRequestID'];
// 3. Save donation details + checkoutRequestID
$stmt = $pdo->prepare("INSERT INTO donations (frequency, amount, first_name, last_name, email, phone, message, checkout_request_id, status) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stmt->execute([
$frequency, $amount, $first_name, $last_name, $email, $phone, $message, $checkoutRequestID, 'PENDING'
]);
$insert_id = $pdo->lastInsertId();
// 4. (Optional) Send email
sendEmail($email, "Thank you for your donation", "Hi {$first_name},\n\nWe received your donation request of KES {$amount}. Kindly complete payment via M-PESA prompt.\n\n– ShieldMaidens Team");
// 5. Respond
echo json_encode(['status' => 'success', 'message' => 'Donation initiated. Complete payment via MPESA prompt!', 'db_id' => $insert_id]);
?>