Issues in Mpesa.php (master) - Issues in master - konectdigital/mpesa - Measure and Improve Code Quality continuously with Scrutinizer

Issues (15)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Mpesa.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Konectdigital\Mpesa;

use Exception;
use Illuminate\Support\Facades\File;


class Mpesa
{
    /**
     * The common part of the MPesa API endpoints
     * @var string $base_url
     */
    private $base_url;
    /**
     * The consumer key
     * @var string $consumer_key
     */
    public $consumer_key;
    /**
     * The consumer key secret
     * @var string $consumer_secret
     */
    public $consumer_secret;
    /**
     * The MPesa Paybill number
     * @var int $paybill
     */
    public $paybill;
    /**
     * The Lipa Na MPesa paybill number
     * @var int $lipa_na_mpesa
     */
    public $lipa_na_mpesa;
    /**
     * The Lipa Na MPesa paybill number SAG Key
     * @var string $lipa_na_mpesa_key
     */
    public $lipa_na_mpesa_key;
    /**
     * The Mpesa portal Username
     * @var string $initiator_username
     */
    public $initiator_username;
    /**
     * The Mpesa portal Password
     * @var string $initiator_password
     */
    public $initiator_password;
    /**
     * The Callback common part of the URL eg "https://domain.com/callbacks/"
     * @var string $initiator_password
     */
    private $callback_baseurl;
    /**
     * The test phone number provided by safaricom. For developers
     * @var string $test_msisdn
     */
    private $test_msisdn;
    /**
     * The signed API credentials
     * @var string $cred
     */
    private $cred;
    private $access_token;

    /*Callbacks*/
    public $bctimeout;
    public $bcresult;
    public $bbtimeout;
    public $bbresult;
    public $baltimeout;
    public $balresult;
    public $statustimeout;
    public $statusresult;
    public $reversetimeout;
    public $reverseresult;
    public $cbvalidate;
    public $cbconfirm;
    public $lnmocallback;
    /**
     * Construct method
     *
     * Initializes the class with an array of API values.
     *
     * @param array $config
     * @return void
     * @throws exception if the values array is not valid
     */




    public function __construct()
    {
        if (config('mpesa.mpesa_env') == 'sandbox') {
            $this->base_url = 'https://sandbox.safaricom.co.ke/mpesa/';
        } else {
            $this->base_url = 'https://api.safaricom.co.ke/mpesa/';
        }
        //Base URL for the API endpoints. This is basically the 'common' part of the API endpoints
        $this->consumer_key = config('mpesa.consumer_key');
        $this->consumer_secret = config('mpesa.consumer_secret');
        $this->paybill = config('mpesa.paybill');
        $this->lipa_na_mpesa = config('mpesa.lipa_na_mpesa');
        $this->lipa_na_mpesa_key = config('mpesa.lipa_na_mpesa_passkey');
        $this->initiator_username = config('mpesa.initiator_username');
        $this->initiator_password = config('mpesa.initiator_password');

        $this->callback_baseurl = config('mpesa.lnmocallback');
        $this->lnmocallback = config('mpesa.lnmocallback');
        $this->test_msisdn = config('mpesa.test_msisdn');

        // c2b the urls
        $this->cbvalidate = config('mpesa.c2b_validate_callback');
        $this->cbconfirm = config('mpesa.c2b_confirm_callback');

        // b2c URLs
        $this->bctimeout = config('mpesa.b2c_timeout');
        $this->bcresult = config('mpesa.b2c_result');

        //Set up access token
        $this->access_token = $this->getAccessToken();
    }

    /**
     * Submit Request
     *
     * Handles submission of all API endpoints queries
     *
     * @param string $url The API endpoint URL
     * @param json $data The data to POST to the endpoint $url
     * @return object|boolean Curl response or FALSE on failure
     * @throws exception if the Access Token is not valid
     */

    public function setCred()
    {
        if (config('mpesa.mpesa_env') == 'sandbox') {

            $pubkey = File::get(__DIR__ . '/cert/sandbox.cer');
        } else {
            $pubkey = File::get(__DIR__ . '/cert/production.cer');
        }
        openssl_public_encrypt($this->initiator_password, $output, $pubkey, OPENSSL_PKCS1_PADDING);
        $this->cred = base64_encode($output);
    }


    public function getAccessToken()
    {
        $credentials = base64_encode($this->consumer_key . ':' . $this->consumer_secret);
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, 'https://sandbox.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials');
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
        curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Basic ' . $credentials, 'Content-Type: application/json'));
        $response = curl_exec($ch);
        $info = curl_getinfo($ch);
        curl_close($ch);
        $response = json_decode($response);

        if ($info["http_code"] == 200) {
            $access_token = $response->access_token;
            $this->access_token = $access_token;
            return $access_token;
        } else {
            //throw new Exception("Invalid Consumer key or secret");
            return false;
        }
    }

    private function submit_request($url, $data)
    { // Returns cURL response

        if (isset($this->access_token)) {
            $access_token = $this->access_token;
        } else {
            $access_token = $this->getAccessToken();
        }

        if ($access_token != '' || $access_token !== FALSE) {
            $curl = curl_init();
            curl_setopt($curl, CURLOPT_URL, $url);
            curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Authorization: Bearer ' . $access_token));

            curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
            curl_setopt($curl, CURLOPT_POST, TRUE);
            curl_setopt($curl, CURLOPT_POSTFIELDS, $data);

            $response = curl_exec($curl);
            curl_close($curl);
            return $response;
        } else {
            return FALSE;
        }
    }

    /**
     * Business to Client
     *
     * This method is used to send money to the clients Mpesa account.
     *
     * @param int $amount The amount to send to the client
     * @param int $phone The phone number of the client in the format 2547xxxxxxxx
     * @return object Curl Response from submit_request, FALSE on failure
     */

    public function b2c($amount, $phone, $command_id, $remarks)
    {
        //this function will set b2c credentials
        $this->setCred();
        $request_data = array(
            'InitiatorName' => $this->initiator_username,
            'SecurityCredential' => $this->cred,
            'CommandID' => $command_id,
            'Amount' => $amount,
            'PartyA' => $this->paybill,
            'PartyB' => $phone,
            'Remarks' => $remarks,
            'QueueTimeOutURL' => $this->bctimeout,
            'ResultURL' => $this->bcresult,
            'Occasion' => '' //Optional
        );
        $data = json_encode($request_data);
        $url = $this->base_url . 'b2c/v1/paymentrequest';
        $response = $this->submit_request($url, $data);
        return $response;
    }

    /**
     * Business to Business
     *
     * This method is used to send money to other business Mpesa paybills.
     *
     * @param int $amount The amount to send to the business
     * @param int $shortcode The shortcode of the business to send to
     * @return object Curl Response from submit_request, FALSE on failure
     */

    public function b2b($amount, $shortcode)
    {
        $request_data = array(
            'Initiator' => $this->initiator_username,
            'SecurityCredential' => $this->cred,
            'CommandID' => 'BusinessToBusinessTransfer',
            'SenderIdentifierType' => 'Shortcode',
            'RecieverIdentifierType' => 'Shortcode',
            'Amount' => 100,
            'PartyA' => $this->paybill,
            'PartyB' => 600000,
            'AccountReference' => 'Bennito',
            'Remarks' => 'This is a test comment or remark',
            'QueueTimeOutURL' => $this->bbtimeout,
            'ResultURL' => $this->bbresult,
        );
        $data = json_encode($request_data);
        $url = $this->base_url . 'b2b/v1/paymentrequest';
        $response = $this->submit_request($url, $data);
        return $response;
    }

    /**
     * Client to Business
     *
     * This method is used to register URLs for callbacks when money is sent from the MPesa toolkit menu
     *
     * @param string $confirmURL The local URL that MPesa calls to confirm a payment
     * @param string $ValidationURL The local URL that MPesa calls to validate a payment
     * @return object Curl Response from submit_request, FALSE on failure
     */

    public function c2bRegisterUrls()
    {
        $request_data = array(
            'ShortCode' => $this->paybill,
            'ResponseType' => 'Completed',
            'ConfirmationURL' => $this->cbconfirm,
            'ValidationURL' => $this->cbvalidate
        );
        $data = json_encode($request_data);
        //header('Content-Type: application/json');

        $url = $this->base_url . 'c2b/v1/registerurl';
        $response = $this->submit_request($url, $data);
        //\Log::info($response);
        return $response;
    }

    /**
     * C2B Simulation
     *
     * This method is used to simulate a C2B Transaction to test your ConfirmURL and ValidationURL in the Client to Business method
     *
     * @param int $amount The amount to send to Paybill number
     * @param int $msisdn A dummy Safaricom phone number to simulate transaction in the format 2547xxxxxxxx
     * @param string $ref A reference name for the transaction
     * @return object Curl Response from submit_request, FALSE on failure
     */

    public function simulateC2B($amount, $msisdn, $ref)
    {
        $data = array(
            'ShortCode' => $this->paybill,
            'CommandID' => 'CustomerPayBillOnline',
            'Amount' => $amount,
            'Msisdn' => $msisdn,
            'BillRefNumber' => $ref
        );
        $data = json_encode($data);
        $url = $this->base_url . 'c2b/v1/simulate';
        $response = $this->submit_request($url, $data);
        return $response;
    }

    /**
     * Check Balance
     *
     * Check Paybill balance
     *
     * @return object Curl Response from submit_request, FALSE on failure
     */
    public function check_balance()
    {
        $data = array(
            'CommandID' => 'AccountBalance',
            'PartyA' => $this->paybill,
            'IdentifierType' => '4',
            'Remarks' => 'Remarks or short description',
            'Initiator' => $this->initiator_username,
            'SecurityCredential' => $this->cred,
            'QueueTimeOutURL' => $this->baltimeout,
            'ResultURL' => $this->balresult
        );
        $data = json_encode($data);
        $url = $this->base_url . 'accountbalance/v1/query';
        $response = $this->submit_request($url, $data);
        return $response;
    }

    /**
     * Transaction status request
     *
     * This method is used to check a transaction status
     *
     * @param string $transaction ID eg LH7819VXPE
     * @return object Curl Response from submit_request, FALSE on failure
     */

    public function status_request($transaction = 'LH7819VXPE')
    {
        $data = array(
            'CommandID' => 'TransactionStatusQuery',
            'PartyA' => $this->paybill,
            'IdentifierType' => 4,
            'Remarks' => 'Testing API',
            'Initiator' => $this->initiator_username,
            'SecurityCredential' => $this->cred,
            'QueueTimeOutURL' => $this->statustimeout,
            'ResultURL' => $this->statusresult,
            'TransactionID' => $transaction,
            'Occassion' => 'Test'
        );
        $data = json_encode($data);
        $url = $this->base_url . 'transactionstatus/v1/query';
        $response = $this->submit_request($url, $data);
        return $response;
    }

    /**
     * Transaction Reversal
     *
     * This method is used to reverse a transaction
     *
     * @param int $receiver Phone number in the format 2547xxxxxxxx
     * @param string $trx_id Transaction ID of the Transaction you want to reverse eg LH7819VXPE
     * @param int $amount The amount from the transaction to reverse
     * @return object Curl Response from submit_request, FALSE on failure
     */

    public function reverse_transaction($receiver, $trx_id, $amount)
    {
        $data = array(
            'CommandID' => 'TransactionReversal',
            'ReceiverParty' => $this->test_msisdn,
            'RecieverIdentifierType' => 1, //1=MSISDN, 2=Till_Number, 4=Shortcode
            'Remarks' => 'Testing',
            'Amount' => $amount,
            'Initiator' => $this->initiator_username,
            'SecurityCredential' => $this->cred,
            'QueueTimeOutURL' => $this->reversetimeout,
            'ResultURL' => $this->reverseresult,
            'TransactionID' => 'LIE81C8EFI'
        );
        $data = json_encode($data);
        $url = $this->base_url . 'reversal/v1/request';
        $response = $this->submit_request($url, $data);
        return $response;
    }

    /*********************************************************************
     *
     * 	LNMO APIs
     *
     * *******************************************************************/

    public function express($amount, $phone, $ref = "Payment", $desc = "Payment")
    {
        if (!is_numeric($amount) || $amount < 1 || !is_numeric($phone)) {
            throw new Exception("Invalid amount and/or phone number. Amount should be 10 or more, phone number should be 07xxxxxxxxx");
            return FALSE;
        }

        $phone     = (substr($phone, 0, 1) == "+") ? str_replace("+", "", $phone) : $phone;
        $phone     = (substr($phone, 0, 1) == "0") ? preg_replace("/^0/", "254", $phone) : $phone;
        $phone     = (substr($phone, 0, 1) == "7") ? "254{$phone}" : $phone;

        $timestamp = date('YmdHis');
        $passwd = base64_encode($this->lipa_na_mpesa . $this->lipa_na_mpesa_key . $timestamp);
        $data = array(
            'BusinessShortCode' => $this->lipa_na_mpesa,
            'Password' => $passwd,
            'Timestamp' => $timestamp,
            'TransactionType' => 'CustomerPayBillOnline',
            'Amount' => $amount,
            'PartyA' => $phone,
            'PartyB' => $this->lipa_na_mpesa,
            'PhoneNumber' => $phone,
            'CallBackURL' => $this->lnmocallback,
            'AccountReference' => $ref,
            'TransactionDesc' => $desc,
        );
        $data = json_encode($data);
        $url = $this->base_url . 'stkpush/v1/processrequest';
        $response = $this->submit_request($url, $data);

        if (isset($response)) {
            return $response;
        } else {
            return false;
        }
    }

    private function lnmoQuery($checkoutRequestID = null)
    {
        $timestamp = date('YmdHis');
        $passwd = base64_encode($this->lipa_na_mpesa . $this->lipa_na_mpesa_key . $timestamp);

        if ($checkoutRequestID == null || $checkoutRequestID == '') {
            //throw new Exception("Checkout Request ID cannot be null");
            return FALSE;
        }

        $data = array(
            'BusinessShortCode' => $this->lipa_na_mpesa,
            'Password' => $passwd,
            'Timestamp' => $timestamp,
            'CheckoutRequestID' => $checkoutRequestID
        );
        $data = json_encode($data);
        $url = $this->base_url . 'stkpushquery/v1/query';
        $response = $this->submit_request($url, $data);
        return $response;
    }
}


1		<?php
2
3		namespace Konectdigital\Mpesa;
4
5		use Exception;
6		use Illuminate\Support\Facades\File;
7
8
9		class Mpesa
10		{
11		/**
12		* The common part of the MPesa API endpoints
13		* @var string $base_url
14		*/
15		private $base_url;
16		/**
17		* The consumer key
18		* @var string $consumer_key
19		*/
20		public $consumer_key;
21		/**
22		* The consumer key secret
23		* @var string $consumer_secret
24		*/
25		public $consumer_secret;
26		/**
27		* The MPesa Paybill number
28		* @var int $paybill
29		*/
30		public $paybill;
31		/**
32		* The Lipa Na MPesa paybill number
33		* @var int $lipa_na_mpesa
34		*/
35		public $lipa_na_mpesa;
36		/**
37		* The Lipa Na MPesa paybill number SAG Key
38		* @var string $lipa_na_mpesa_key
39		*/
40		public $lipa_na_mpesa_key;
41		/**
42		* The Mpesa portal Username
43		* @var string $initiator_username
44		*/
45		public $initiator_username;
46		/**
47		* The Mpesa portal Password
48		* @var string $initiator_password
49		*/
50		public $initiator_password;
51		/**
52		* The Callback common part of the URL eg "https://domain.com/callbacks/"
53		* @var string $initiator_password
54		*/
55		private $callback_baseurl;
56		/**
57		* The test phone number provided by safaricom. For developers
58		* @var string $test_msisdn
59		*/
60		private $test_msisdn;
61		/**
62		* The signed API credentials
63		* @var string $cred
64		*/
65		private $cred;
66		private $access_token;
67
68		/Callbacks/
69		public $bctimeout;
70		public $bcresult;
71		public $bbtimeout;
72		public $bbresult;
73		public $baltimeout;
74		public $balresult;
75		public $statustimeout;
76		public $statusresult;
77		public $reversetimeout;
78		public $reverseresult;
79		public $cbvalidate;
80		public $cbconfirm;
81		public $lnmocallback;
82		/**
83		* Construct method
84		*
85		* Initializes the class with an array of API values.
86		*
87		* @param array $config
88		* @return void
89		* @throws exception if the values array is not valid
90		*/
91
		0 ignored issues – show Comprehensibility Best Practice introduced 2020-05-18 19:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Adding a `@return` annotation to a constructor is not recommended, since a constructor does not have a meaningful return value. Please refer to the PHP core documentation on constructors. Loading history...
92
93
94		public function __construct()
95		{
96		if (config('mpesa.mpesa_env') == 'sandbox') {
97		$this->base_url = 'https://sandbox.safaricom.co.ke/mpesa/';
98		} else {
99		$this->base_url = 'https://api.safaricom.co.ke/mpesa/';
100		}
101		//Base URL for the API endpoints. This is basically the 'common' part of the API endpoints
102		$this->consumer_key = config('mpesa.consumer_key');
103		$this->consumer_secret = config('mpesa.consumer_secret');
104		$this->paybill = config('mpesa.paybill');
105		$this->lipa_na_mpesa = config('mpesa.lipa_na_mpesa');
106		$this->lipa_na_mpesa_key = config('mpesa.lipa_na_mpesa_passkey');
107		$this->initiator_username = config('mpesa.initiator_username');
108		$this->initiator_password = config('mpesa.initiator_password');
109
110		$this->callback_baseurl = config('mpesa.lnmocallback');
111		$this->lnmocallback = config('mpesa.lnmocallback');
112		$this->test_msisdn = config('mpesa.test_msisdn');
113
114		// c2b the urls
115		$this->cbvalidate = config('mpesa.c2b_validate_callback');
116		$this->cbconfirm = config('mpesa.c2b_confirm_callback');
117
118		// b2c URLs
119		$this->bctimeout = config('mpesa.b2c_timeout');
120		$this->bcresult = config('mpesa.b2c_result');
121
122		//Set up access token
123		$this->access_token = $this->getAccessToken();
124		}
125
126		/**
127		* Submit Request
128		*
129		* Handles submission of all API endpoints queries
130		*
131		* @param string $url The API endpoint URL
132		* @param json $data The data to POST to the endpoint $url
133		* @return object\|boolean Curl response or FALSE on failure
134		* @throws exception if the Access Token is not valid
135		*/
136
137		public function setCred()
138		{
139		if (config('mpesa.mpesa_env') == 'sandbox') {
140
141		$pubkey = File::get(__DIR__ . '/cert/sandbox.cer');
142		} else {
143		$pubkey = File::get(__DIR__ . '/cert/production.cer');
144		}
145		openssl_public_encrypt($this->initiator_password, $output, $pubkey, OPENSSL_PKCS1_PADDING);
146		$this->cred = base64_encode($output);
147		}
148
149
150		public function getAccessToken()
151		{
152		$credentials = base64_encode($this->consumer_key . ':' . $this->consumer_secret);
153		$ch = curl_init();
154		curl_setopt($ch, CURLOPT_URL, 'https://sandbox.safaricom.co.ke/oauth/v1/generate?grant_type=client_credentials');
155		curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
156		curl_setopt($ch, CURLOPT_HTTPHEADER, array('Authorization: Basic ' . $credentials, 'Content-Type: application/json'));
157		$response = curl_exec($ch);
158		$info = curl_getinfo($ch);
159		curl_close($ch);
160		$response = json_decode($response);
161
162		if ($info["http_code"] == 200) {
163		$access_token = $response->access_token;
164		$this->access_token = $access_token;
165		return $access_token;
166		} else {
167		//throw new Exception("Invalid Consumer key or secret");
168		return false;
169		}
170		}
171
172		private function submit_request($url, $data)
173		{ // Returns cURL response
174
175		if (isset($this->access_token)) {
176		$access_token = $this->access_token;
177		} else {
178		$access_token = $this->getAccessToken();
179		}
180
181		if ($access_token != '' \|\| $access_token !== FALSE) {
182		$curl = curl_init();
183		curl_setopt($curl, CURLOPT_URL, $url);
184		curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json', 'Authorization: Bearer ' . $access_token));
185
186		curl_setopt($curl, CURLOPT_RETURNTRANSFER, TRUE);
187		curl_setopt($curl, CURLOPT_POST, TRUE);
188		curl_setopt($curl, CURLOPT_POSTFIELDS, $data);
189
190		$response = curl_exec($curl);
191		curl_close($curl);
192		return $response;
193		} else {
194		return FALSE;
195		}
196		}
197
198		/**
199		* Business to Client
200		*
201		* This method is used to send money to the clients Mpesa account.
202		*
203		* @param int $amount The amount to send to the client
204		* @param int $phone The phone number of the client in the format 2547xxxxxxxx
205		* @return object Curl Response from submit_request, FALSE on failure
206		*/
207
208		public function b2c($amount, $phone, $command_id, $remarks)
209		{
210		//this function will set b2c credentials
211		$this->setCred();
212		$request_data = array(
213		'InitiatorName' => $this->initiator_username,
214		'SecurityCredential' => $this->cred,
215		'CommandID' => $command_id,
216		'Amount' => $amount,
217		'PartyA' => $this->paybill,
218		'PartyB' => $phone,
219		'Remarks' => $remarks,
220		'QueueTimeOutURL' => $this->bctimeout,
221		'ResultURL' => $this->bcresult,
222		'Occasion' => '' //Optional
223		);
224		$data = json_encode($request_data);
225		$url = $this->base_url . 'b2c/v1/paymentrequest';
226		$response = $this->submit_request($url, $data);
227		return $response;
228		}
229
230		/**
231		* Business to Business
232		*
233		* This method is used to send money to other business Mpesa paybills.
234		*
235		* @param int $amount The amount to send to the business
236		* @param int $shortcode The shortcode of the business to send to
237		* @return object Curl Response from submit_request, FALSE on failure
238		*/
239
240		public function b2b($amount, $shortcode)
241		{
242		$request_data = array(
243		'Initiator' => $this->initiator_username,
244		'SecurityCredential' => $this->cred,
245		'CommandID' => 'BusinessToBusinessTransfer',
246		'SenderIdentifierType' => 'Shortcode',
247		'RecieverIdentifierType' => 'Shortcode',
248		'Amount' => 100,
249		'PartyA' => $this->paybill,
250		'PartyB' => 600000,
251		'AccountReference' => 'Bennito',
252		'Remarks' => 'This is a test comment or remark',
253		'QueueTimeOutURL' => $this->bbtimeout,
254		'ResultURL' => $this->bbresult,
255		);
256		$data = json_encode($request_data);
257		$url = $this->base_url . 'b2b/v1/paymentrequest';
258		$response = $this->submit_request($url, $data);
259		return $response;
260		}
261
262		/**
263		* Client to Business
264		*
265		* This method is used to register URLs for callbacks when money is sent from the MPesa toolkit menu
266		*
267		* @param string $confirmURL The local URL that MPesa calls to confirm a payment
268		* @param string $ValidationURL The local URL that MPesa calls to validate a payment
269		* @return object Curl Response from submit_request, FALSE on failure
270		*/
271
272		public function c2bRegisterUrls()
273		{
274		$request_data = array(
275		'ShortCode' => $this->paybill,
276		'ResponseType' => 'Completed',
277		'ConfirmationURL' => $this->cbconfirm,
278		'ValidationURL' => $this->cbvalidate
279		);
280		$data = json_encode($request_data);
281		//header('Content-Type: application/json');
282
283		$url = $this->base_url . 'c2b/v1/registerurl';
284		$response = $this->submit_request($url, $data);
285		//\Log::info($response);
286		return $response;
287		}
288
289		/**
290		* C2B Simulation
291		*
292		* This method is used to simulate a C2B Transaction to test your ConfirmURL and ValidationURL in the Client to Business method
293		*
294		* @param int $amount The amount to send to Paybill number
295		* @param int $msisdn A dummy Safaricom phone number to simulate transaction in the format 2547xxxxxxxx
296		* @param string $ref A reference name for the transaction
297		* @return object Curl Response from submit_request, FALSE on failure
298		*/
299
300		public function simulateC2B($amount, $msisdn, $ref)
301		{
302		$data = array(
303		'ShortCode' => $this->paybill,
304		'CommandID' => 'CustomerPayBillOnline',
305		'Amount' => $amount,
306		'Msisdn' => $msisdn,
307		'BillRefNumber' => $ref
308		);
309		$data = json_encode($data);
310		$url = $this->base_url . 'c2b/v1/simulate';
311		$response = $this->submit_request($url, $data);
312		return $response;
313		}
314
315		/**
316		* Check Balance
317		*
318		* Check Paybill balance
319		*
320		* @return object Curl Response from submit_request, FALSE on failure
321		*/
322		public function check_balance()
323		{
324		$data = array(
325		'CommandID' => 'AccountBalance',
326		'PartyA' => $this->paybill,
327		'IdentifierType' => '4',
328		'Remarks' => 'Remarks or short description',
329		'Initiator' => $this->initiator_username,
330		'SecurityCredential' => $this->cred,
331		'QueueTimeOutURL' => $this->baltimeout,
332		'ResultURL' => $this->balresult
333		);
334		$data = json_encode($data);
335		$url = $this->base_url . 'accountbalance/v1/query';
336		$response = $this->submit_request($url, $data);
337		return $response;
338		}
339
340		/**
341		* Transaction status request
342		*
343		* This method is used to check a transaction status
344		*
345		* @param string $transaction ID eg LH7819VXPE
346		* @return object Curl Response from submit_request, FALSE on failure
347		*/
348
349	View Code Duplication	public function status_request($transaction = 'LH7819VXPE')
350		{
351		$data = array(
352		'CommandID' => 'TransactionStatusQuery',
353		'PartyA' => $this->paybill,
354		'IdentifierType' => 4,
355		'Remarks' => 'Testing API',
356		'Initiator' => $this->initiator_username,
357		'SecurityCredential' => $this->cred,
358		'QueueTimeOutURL' => $this->statustimeout,
359		'ResultURL' => $this->statusresult,
360		'TransactionID' => $transaction,
361		'Occassion' => 'Test'
362		);
363		$data = json_encode($data);
364		$url = $this->base_url . 'transactionstatus/v1/query';
365		$response = $this->submit_request($url, $data);
366		return $response;
367		}
368
369		/**
370		* Transaction Reversal
371		*
372		* This method is used to reverse a transaction
373		*
374		* @param int $receiver Phone number in the format 2547xxxxxxxx
375		* @param string $trx_id Transaction ID of the Transaction you want to reverse eg LH7819VXPE
376		* @param int $amount The amount from the transaction to reverse
377		* @return object Curl Response from submit_request, FALSE on failure
378		*/
379
380	View Code Duplication	public function reverse_transaction($receiver, $trx_id, $amount)
381		{
382		$data = array(
383		'CommandID' => 'TransactionReversal',
384		'ReceiverParty' => $this->test_msisdn,
385		'RecieverIdentifierType' => 1, //1=MSISDN, 2=Till_Number, 4=Shortcode
386		'Remarks' => 'Testing',
387		'Amount' => $amount,
388		'Initiator' => $this->initiator_username,
389		'SecurityCredential' => $this->cred,
390		'QueueTimeOutURL' => $this->reversetimeout,
391		'ResultURL' => $this->reverseresult,
392		'TransactionID' => 'LIE81C8EFI'
393		);
394		$data = json_encode($data);
395		$url = $this->base_url . 'reversal/v1/request';
396		$response = $this->submit_request($url, $data);
397		return $response;
398		}
399
400		/*********************************************************************
401		*
402		* LNMO APIs
403		*
404		* *******************************************************************/
405
406		public function express($amount, $phone, $ref = "Payment", $desc = "Payment")
407		{
408		if (!is_numeric($amount) \|\| $amount < 1 \|\| !is_numeric($phone)) {
409		throw new Exception("Invalid amount and/or phone number. Amount should be 10 or more, phone number should be 07xxxxxxxxx");
410		return FALSE;
411		}
412
413		$phone = (substr($phone, 0, 1) == "+") ? str_replace("+", "", $phone) : $phone;
414		$phone = (substr($phone, 0, 1) == "0") ? preg_replace("/^0/", "254", $phone) : $phone;
415		$phone = (substr($phone, 0, 1) == "7") ? "254{$phone}" : $phone;
416
417		$timestamp = date('YmdHis');
418		$passwd = base64_encode($this->lipa_na_mpesa . $this->lipa_na_mpesa_key . $timestamp);
419		$data = array(
420		'BusinessShortCode' => $this->lipa_na_mpesa,
421		'Password' => $passwd,
422		'Timestamp' => $timestamp,
423		'TransactionType' => 'CustomerPayBillOnline',
424		'Amount' => $amount,
425		'PartyA' => $phone,
426		'PartyB' => $this->lipa_na_mpesa,
427		'PhoneNumber' => $phone,
428		'CallBackURL' => $this->lnmocallback,
429		'AccountReference' => $ref,
430		'TransactionDesc' => $desc,
431		);
432		$data = json_encode($data);
433		$url = $this->base_url . 'stkpush/v1/processrequest';
434		$response = $this->submit_request($url, $data);
435
436		if (isset($response)) {
437		return $response;
438		} else {
439		return false;
440		}
441		}
442
443		private function lnmoQuery($checkoutRequestID = null)
444		{
445		$timestamp = date('YmdHis');
446		$passwd = base64_encode($this->lipa_na_mpesa . $this->lipa_na_mpesa_key . $timestamp);
447
448		if ($checkoutRequestID == null \|\| $checkoutRequestID == '') {
449		//throw new Exception("Checkout Request ID cannot be null");
450		return FALSE;
451		}
452
453		$data = array(
454		'BusinessShortCode' => $this->lipa_na_mpesa,
455		'Password' => $passwd,
456		'Timestamp' => $timestamp,
457		'CheckoutRequestID' => $checkoutRequestID
458		);
459		$data = json_encode($data);
460		$url = $this->base_url . 'stkpushquery/v1/query';
461		$response = $this->submit_request($url, $data);
462		return $response;
463		}
464		}
465

konectdigital / mpesa

Issues (15)

Security Analysis no request data

src/Mpesa.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like