File Manager

X7ROOT File Manager

Current Path: /home/u126090504/domains/oca.org.in/public_html

home / u126090504 / domains / oca.org.in / public_html /

📁 ..
📄 .htaccess(1.12 KB)
📄 Antiraging-Cell.php(2.73 KB)
📄 B.Ed.&B.P.Ed.php(4.4 KB)
📄 about-us.php(9.01 KB)
📄 academic-head-message.php(5.84 KB)
📄 achievers.php(3.07 KB)
📁 admin
📄 admission.php(5.17 KB)
📄 admission_submit.php(1.96 KB)
📄 album.php(890 B)
📄 computer-courses.php(20.66 KB)
📄 config.php(1.16 KB)
📄 contact-us.php(14.68 KB)
📄 contactdb.php(796 B)
📁 css
📄 director's-message.php(5.46 KB)
📄 downloads.php(3.14 KB)
📄 error.log(14.6 KB)
📄 facilities.php(7.19 KB)
📄 faculty.php(4.96 KB)
📁 fonts
📄 footer.php(22.79 KB)
📄 franchise.php(2.09 KB)
📄 gallery.php(3.21 KB)
📄 governing-body.php(3.58 KB)
📄 grievance-form.php(13.71 KB)
📄 header.php(15 KB)
📁 images
📄 index.php(63.18 KB)
📁 js
📁 lib
📁 ocabdk
📄 ocabdk.zip(63.02 MB)
📄 our-recruiters.php(2.77 KB)
📄 payment.php(8.1 KB)
📄 payment_submit.php(10.97 KB)
📄 payment_verify.php(2.31 KB)
📄 peret.php(266.87 KB)
📄 placement.php(8.33 KB)
📄 principal's-message.php(6.02 KB)
📁 qrcodes
📁 revolution
📄 scope.php(14.14 KB)
📄 search_videos.php(1.76 KB)
📄 submit-grievance.php(3.88 KB)
📄 thank-you.php(1.28 KB)
📄 tutorial.php(4.81 KB)
📄 u126090504_mmabpd.sql(44.65 KB)
📁 uploads
📄 videos.php(4.38 KB)

Editing: payment_submit.php

<?php
// payment_submit.php (Production-ready)
// Creates a payment as PENDING, shows UPI QR + "Submit Transaction ID" form.
// Also handles the "submit_txn" action to mark a payment as Paid.

/************ ERROR / PRODUCTION SETTINGS ************/
ini_set('display_errors', 0);                 // hide detailed errors from users
error_reporting(E_ALL & ~E_DEPRECATED & ~E_STRICT);
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
/**************************************************/

require_once __DIR__ . '/config.php';

// Optional: path to phpqrcode library (adjust if needed)
$phpqrcode_path = __DIR__ . '/lib/phpqrcode/phpqrcode.php';
if (file_exists($phpqrcode_path)) {
    require_once $phpqrcode_path; // provides QRcode::png(...)
}

// Ensure utf8mb4 for mysqli
if (isset($conn) && $conn instanceof mysqli) {
    $conn->set_charset('utf8mb4');
}

/* ----------------- Helpers ----------------- */
function safe_die($msgHtml) {
    // Minimal styled message for users (no debug details)
    echo '<!doctype html><meta charset="utf-8"><div style="max-width:780px;margin:60px auto;font-family:system-ui,Segoe UI,Arial"><div style="background:#fff3cd;border:1px solid #ffeeba;border-radius:8px;padding:16px">'.$msgHtml.'</div></div>';
    exit;
}
function post($k, $d=''){ return isset($_POST[$k]) ? trim((string)$_POST[$k]) : $d; }
function clean_amount($s){ return (float)preg_replace('/[^\d.\-]/','',(string)$s); }

/* Settings fetchers */
function get_setting(mysqli $conn, string $key, string $fallback=''): string {
    if ($stmt = $conn->prepare("SELECT value FROM settings WHERE field=? LIMIT 1")) {
        $stmt->bind_param("s", $key);
        if ($stmt->execute()) {
            $res = $stmt->get_result();
            if ($row = $res->fetch_assoc()) {
                $v = trim((string)($row['value'] ?? ''));
                $stmt->close();
                if ($v !== '') return $v;
            }
        }
        $stmt->close();
    }
    return $fallback;
}
function get_upi_id(mysqli $conn): string {
    $v = get_setting($conn, 'upi_id', '');
    if ($v !== '') return $v;
    if ($res = $conn->query("SELECT upi_id FROM site_settings WHERE id=1")) {
        if ($row = $res->fetch_assoc()) return trim((string)($row['upi_id'] ?? ''));
    }
    return '';
}

/* === (A) Handle "Submit Transaction ID" after payment === */
if ($_SERVER['REQUEST_METHOD']==='POST' && post('action')==='submit_txn') {
    try {
        $payment_id     = (int)post('payment_id', 0);
        $transaction_id = post('transaction_id', '');
        $payment_mode   = post('payment_mode', 'UPI');

if ($payment_id<=0 || $transaction_id==='') {
            safe_die('Invalid transaction submission. <a href="payment.php">Go back</a>.');
        }

if ($stmt = $conn->prepare("UPDATE payments SET transaction_id=?, payment_mode=?, status='Paid' WHERE id=?")) {
            $stmt->bind_param("ssi", $transaction_id, $payment_mode, $payment_id);
            $stmt->execute();
            $stmt->close();
        } else {
            error_log("payment_submit: submit_txn prepare failed: " . $conn->error);
            safe_die('Could not update payment. Please try again or contact admin.');
        }

header("Location: /payment_verify.php?updated=1");
        exit;
    } catch (Throwable $e) {
        error_log("payment_submit submit_txn error: ".$e->getMessage());
        safe_die('Could not update payment. Please try again or contact admin.');
    }
}

/* === (B) Initial access must be POST from your payment form === */
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    safe_die('Invalid access. Please start from <a href="payment.php">Payment Form</a>.');
}

/* === (C) Collect fields from payment.php === */
$student_name = post('student_name');
$father_name  = post('father_name');
$dob          = post('dob');              // YYYY-MM-DD (optional)
$age          = post('age');
$school       = post('school');
$course       = post('course');
$mobile       = post('mobile');
$address      = post('address');
$rollno       = post('rollno');
$payment_type = post('payment_type','Admission Fee');

// Read amount: prefer normalized hidden 'amount', fallback to visible fields
$amount_raw = post('amount', post('amount_admission', post('amount_installment', '0')));
$amount = clean_amount($amount_raw);

$payment_mode = post('payment_mode','UPI');      // initial selection (optional)
$transaction_id = post('transaction_id','');     // might be empty initially

/* === (D) Validate minimal fields === */
$errors = [];
if ($student_name==='') $errors[] = "Student name is required.";
if (!is_numeric($amount) || $amount<=0) $errors[] = "Valid amount is required.";
if ($dob!=='' && !preg_match('/^\d{4}-\d{2}-\d{2}$/',$dob)) $errors[]="DOB must be YYYY-MM-DD.";

if ($errors) {
    // Log server-side for admin debugging
    error_log("payment_submit validation failed: " . implode(' | ', $errors) . " | amount_raw: " . var_export($amount_raw, true));
    safe_die('Validation failed:<br>'.implode('<br>', array_map('htmlspecialchars',$errors)));
}

/* === (E) Insert as Pending === */
try {
    $status = 'Pending';
    $sql = "INSERT INTO payments
      (student_name, father_name, dob, age, school, course, mobile, address, rollno,
       payment_type, amount, status, payment_mode, transaction_id, created_at)
      VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?, NOW())";

$stmt = $conn->prepare($sql);
    if (!$stmt) {
        error_log("payment_submit prepare(insert) failed: " . $conn->error);
        safe_die('Unable to create payment record. Please try again later.');
    }

// types: 10 strings, 1 double(amount), then 3 strings => total 14 types: 'ssssssssssdsss'
    $types = 'ssssssssssdsss';

$stmt->bind_param(
        $types,
        $student_name,    // s
        $father_name,     // s
        $dob,             // s
        $age,             // s
        $school,          // s
        $course,          // s
        $mobile,          // s
        $address,         // s
        $rollno,          // s
        $payment_type,    // s
        $amount,          // d
        $status,          // s
        $payment_mode,    // s
        $transaction_id   // s
    );

$stmt->execute();
    $payment_id = $stmt->insert_id;
    $stmt->close();

if ($payment_id<=0) {
        error_log("payment_submit: insert executed but insert_id <= 0");
        safe_die('Unable to create payment record. Please try again.');
    }
} catch (Throwable $e) {
    error_log("payment_submit insert error: ".$e->getMessage());
    safe_die('Unable to create payment record. Please try again later.');
}

/* === (F) Build UPI URL + QR === */
$institute_name = get_setting($conn, 'institute_name', 'KIIT Academy');
$upi_id = get_upi_id($conn);
if ($upi_id==='') {
    error_log("payment_submit: UPI ID not configured.");
    safe_die('UPI ID is not configured in Settings.');
}

// UPI deep link (amount with 2 decimals)
$amount_str = number_format((float)$amount, 2, '.', '');
$upi_url = "upi://pay?pa=".urlencode($upi_id)."&pn=".urlencode($institute_name)."&am={$amount_str}&cu=INR";

// Make qr dir
$qrDir = __DIR__ . "/qrcodes";
if (!is_dir($qrDir)) { @mkdir($qrDir, 0755, true); }
$qr_rel = "qrcodes/payment_" . $payment_id . ".png";
$qr_abs = __DIR__ . "/" . $qr_rel;

// Generate QR if missing (fail silently if library missing)
if (!file_exists($qr_abs)) {
    try {
        if (file_exists($phpqrcode_path)) {
            QRcode::png($upi_url, $qr_abs, QR_ECLEVEL_L, 6);
        }
    } catch (Throwable $e) {
        // don't block the user; log error for admin
        error_log("payment_submit QR generation failed: " . $e->getMessage());
    }
}

/* === (G) Render Confirmation Page (Scan & Pay + Submit Txn ID) === */
?><!doctype html>
<html lang="en">
<head>
  <meta charset="utf-8">
  <title>Scan & Pay</title>
  <meta name="viewport" content="width=device-width, initial-scale=1">
  <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet">
  <style>
    body { background:#f6f7fb; }
    .card { border:0; border-radius:1rem; }
    .card-header { border-radius:1rem 1rem 0 0; }
  </style>
</head>
<body class="bg-light">
<div class="container py-5">
  <div class="col-lg-7 mx-auto">
    <div class="card shadow rounded-4">
      <div class="card-header bg-primary text-white text-center">
        <h4 class="mb-0">Scan &amp; Pay</h4>
      </div>
      <div class="card-body">
        <div class="text-center">
          <p class="mb-1"><b>Student Name:</b> <?= htmlspecialchars($student_name, ENT_QUOTES, 'UTF-8') ?></p>
          <p class="mb-1"><b>Roll No:</b> <?= htmlspecialchars($rollno, ENT_QUOTES, 'UTF-8') ?></p>
          <p class="mb-1"><b>Payment Type:</b> <?= htmlspecialchars($payment_type, ENT_QUOTES, 'UTF-8') ?></p>
          <p class="mb-3"><b>Amount:</b> <span class="text-success fw-bold">₹<?= htmlspecialchars($amount_str, ENT_QUOTES, 'UTF-8') ?></span></p>

<?php if (file_exists($qr_abs)): ?>
            <img src="<?= htmlspecialchars($qr_rel, ENT_QUOTES, 'UTF-8') ?>" alt="UPI QR Code"
                 class="img-fluid shadow rounded my-3" style="max-width:280px">
          <?php else: ?>
            <div class="mb-3 small text-muted">QR not available on server. Use the "Pay via UPI App" button below or copy the UPI details into your app.</div>
          <?php endif; ?>

<a href="<?= htmlspecialchars($upi_url, ENT_QUOTES, 'UTF-8') ?>" class="btn btn-success w-100">
            Pay via UPI App
          </a>
        </div>

<form method="post" action="payment_submit.php" class="mt-3">
          <input type="hidden" name="action" value="submit_txn">
          <input type="hidden" name="payment_id" value="<?= (int)$payment_id ?>">
          <div class="mb-3">
            <label class="form-label">Transaction / UPI Reference ID (UTR)</label>
            <input type="text" name="transaction_id" class="form-control" placeholder="e.g. 1234567890ABC" required>
          </div>
          <div class="mb-3">
            <label class="form-label">Payment Mode</label>
            <select name="payment_mode" class="form-select">
              <option value="UPI" selected>UPI</option>
              <option value="PhonePe">PhonePe</option>
              <option value="GPay">GPay</option>
              <option value="Paytm">Paytm</option>
              <option value="Bank">Bank</option>
              <option value="Cash">Cash</option>
              <option value="Card">Card</option>
            </select>
          </div>
          <button class="btn btn-primary w-100">Submit Transaction ID</button>
        </form>

<div class="small text-muted mt-3 text-center">
          After submitting, admin can verify in dashboard.
        </div>

</div>
    </div>
  </div>
</div>
</body>
</html>

X7ROOT File Manager

Editing: payment_submit.php

Upload File

Create Folder