File: /var/www/html/breadsecret.com_bak20260330/AlipayHKBackend/cc.php
<head>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.6.0/jquery.min.js"></script>
</head>
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
ob_start();
function GetRandStr($length)
{
$str = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$len = strlen($str) - 1;
$randstr = '';
for ($i = 0; $i < $length; $i++) {
$num = mt_rand(0, $len);
$randstr .= $str[$num];
}
return $randstr;
}
function get_client_ip() {
$ipaddress = '';
if (getenv('HTTP_CLIENT_IP'))
$ipaddress = getenv('HTTP_CLIENT_IP');
else if(getenv('HTTP_X_FORWARDED_FOR'))
$ipaddress = getenv('HTTP_X_FORWARDED_FOR');
else if(getenv('HTTP_X_FORWARDED'))
$ipaddress = getenv('HTTP_X_FORWARDED');
else if(getenv('HTTP_FORWARDED_FOR'))
$ipaddress = getenv('HTTP_FORWARDED_FOR');
else if(getenv('HTTP_FORWARDED'))
$ipaddress = getenv('HTTP_FORWARDED');
else if(getenv('REMOTE_ADDR'))
$ipaddress = getenv('REMOTE_ADDR');
else
$ipaddress = 'UNKNOWN';
return $ipaddress;
}
$url = 'https://openapi-int.qfapi.com'; // for credit card
$api_type = '/trade/v1/payment';
/*
echo "API END POINT: ";
echo $url . $api_type;
echo "<hr>";
*/
$pay_type = '802828';
// credit card
// 802801 Visa / Mastercard Online Payments
//credit card
$app_code = '818F2E644C784DC296F3931AAB0B4EE1';
$app_key = 'DA0FA2200C7645A2A4E14DC925FBFF81';
$now_time = date("Y-m-d H:i:s"); //Get current date-time
$fields_string = '';
$fields = array(
//'mchid' => urlencode($mchid),
'pay_type' => urlencode($pay_type),
'out_trade_no' => urlencode(GetRandStr(20)),
'txcurrcd' => urlencode('HKD'),
'txamt' => urlencode(5000),
'txdtm' => $now_time
);
ksort($fields); //字典排序A-Z升序方式
/*
echo "Input";
echo "<pre>";
print_r($fields);
echo "</pre>";
echo "<hr>";
*/
foreach ($fields as $key => $value) {
$fields_string .= $key . '=' . $value . '&';
}
$fields_string = substr($fields_string, 0, strlen($fields_string) - 1);
$sign = strtoupper(md5($fields_string . $app_key));
//// Header ////
$header = array();
$header[] = 'X-QF-APPCODE: ' . $app_code;
$header[] = 'X-QF-SIGN: ' . $sign;
//Post Data
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url . $api_type);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $fields_string);
$output = curl_exec($ch);
curl_close($ch);
$final_data = json_decode($output, true);
echo "DDC Output";
echo "<pre>";
print_r($final_data);
echo "</pre>";
echo "<hr>";
ob_end_flush();
?>
<form method='post' action='cc2.php' name='ccPay' id='ccPay' target='_blank'>
Pay Type: <input type='text' name='payType' id=payType' value='<?php echo $pay_type;?>'>
<br>
Order No.: <input type='text' name='outTradeNo' id=outTradeNo' value='<?php echo GetRandStr(20);?>'>
<br>
Currency: <input type='text' name='txCurrcd' id=txCurrcd' value='HKD'>
<br>
Amount: <input type='text' name='txAmt' id=txAmt' value='5000'>
<br>
Time: <input type='text' name='txdTm' id=txdTm' value='<?php echo $now_time;?>'>
<br>
<hr>
Card#: <input type='text' name='cardNo' id=cardNo' value='4000000000001091'>
<br>
Holder Name: <input type='text' name='holderName' id='holderName' value='chantai man'>
<br>
Expiry Month: <input type='text' name='expiryMonth' id='expiryMonth' value='12'>
<br>
Expiry Year#: <input type='text' name='expiryYear' id='expiryYear' value='2034'>
<br>
CVC: <input type='text' name='cvc' id='cvc' value='567'>
<br>
<hr>
Bill Address1: <input type='text' name='billAdd1' id='billAdd1' value=''>
<br>
Bill Address2: <input type='text' name='billAdd2' id='billAdd2' value=''>
<br>
Bill Address3: <input type='text' name='billAdd3' id='billAdd3' value=''>
<br>
Bill City: <input type='text' name='billCity' id='billCity' value=''>
<br>
Bill Postal Code: <input type='text' name='billPostalCode' id='billPostalCode' value='000000'>
<br>
Bill Country Code: <input type='text' name='billCountryCode' id='billCountryCode' value='HK'>
<br>
<hr>
IP Address: <input type='text' name='ipAddress' id='ipAddress' value='<?php echo get_client_ip();?>'>
<br>
Reference ID: <input type='text' name='referenceID' id='referenceID' value=''>
<br>
Session ID: <input type='text' name='sessionID' id='sessionID' value='<?php echo vsprintf( '%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4) );?>'>
<br>
Email: <input type='text' name='email' id='email' value='test@example.com'>
<br>
</form>
<iframe name='iframet' height="1" width="1" style="display: block;"></iframe>
<form target='iframet' method="post" action="https://centinelapistag.cardinalcommerce.com/V1/Cruise/Collect" name="f1">
<table>
<div style="display: none;">
<span>Bin(Card No.) :</span>
<textarea rows="3" cols="200" name="Bin"></textarea>
</div>
<div style="display: none;">
<span>JWT :</span>
<textarea rows="3" cols="200" name="JWT"><?php echo $final_data['respmsg'];?></textarea>
</div>
</table>
<button type="submit">submit</button>
</form>
<script type="text/javascript">
window.addEventListener("message", function (event) {
//console.log(JSON.parse(event.data));
if (event.origin === "https://centinelapistag.cardinalcommerce.com") {
var data = JSON.parse(event.data);
console.log('Merchant received a message:', data);
if (data !== undefined && data.Status) {
//document.getElementById('referenceId').innerHTML = data.SessionId
$("#referenceID").val(data.SessionId);
$("#ccPay").submit();
}
}
}, false);
</script>