NID); $Pmethod = trim($Data->Pmethod); $Token = trim($Data->Token); if (!empty($Token)) { $res1 = $mysqli->query("SELECT * FROM `checkout` WHERE `Token` = '$Token' and `Delated` = '0'"); $Row = mysqli_num_rows($res1); if ($Row > 0) { $row1 = mysqli_fetch_array($res1); if ($row1['Status'] == 1) { $return["error"] = true; $resx14 = $mysqli->query("SELECT ReferenceNo,PolicyNo,RequestID FROM `projects` where `ProjectID` = '" . $row1['ProjectID'] . "'"); $row15 = mysqli_fetch_array($resx14); if (!empty($row15['ReferenceNo'])) { $ProjectRef = $row15['ReferenceNo']; } elseif (!empty($row15['PolicyNo'])) { $ProjectRef = $row15['PolicyNo']; } elseif (!empty($row15['RequestID'])) { $ProjectRef = $row15['RequestID']; } $Type = $row1['Type']; $return["message"] = $Type . "- Quotation for Reference No. '.$ProjectRef.' is Already Paid!"; } else { // ---------- BEGIN: ZATCA insert or checkout update based on invoiceType ---------- $invoiceType = isset($Data->invoiceType) ? trim($Data->invoiceType) : null; $customerData = isset($Data->customerData) ? $Data->customerData : null; if ($invoiceType === 'tax' && !empty($customerData)) { $c = is_object($customerData) ? (array)$customerData : (array)$customerData; $ProjectID = $mysqli->real_escape_string($row1['ProjectID']); $Name = isset($c['businessName']) ? $mysqli->real_escape_string((string)$c['businessName']) : $mysqli->real_escape_string($Name); $rawVat = isset($c['vatRegistrationNumber']) ? (string)$c['vatRegistrationNumber'] : (string)$VAT; $cleanVat = preg_replace('/\D+/', '', $rawVat); if (!preg_match('/^3\d{13}3$/', $cleanVat)) { $cleanVat = ''; } $Z_VAT = $mysqli->real_escape_string($cleanVat); $Z_UN = isset($c['UN']) ? $mysqli->real_escape_string((string)$c['UN']) : 'NULL'; $Z_NID = !empty($NID) ? $mysqli->real_escape_string($NID) : 'NULL'; $Z_Street = isset($c['streetName']) ? $mysqli->real_escape_string((string)$c['streetName']) : 'NULL'; $Z_BuildingNo = isset($c['buildingNumber']) ? $mysqli->real_escape_string((string)$c['buildingNumber']) : 'NULL'; $Z_Zip = isset($c['postalCode']) ? $mysqli->real_escape_string((string)$c['postalCode']) : 'NULL'; $Z_Additional = isset($c['secondaryOrUnitNumber']) ? $mysqli->real_escape_string((string)$c['secondaryOrUnitNumber']) : 'NULL'; // if not provided, stays NULL $Z_District = isset($c['district']) ? $mysqli->real_escape_string((string)$c['district']) : 'NULL'; $Z_City = isset($c['city']) ? $mysqli->real_escape_string((string)$c['city']) : 'NULL'; $Z_unit = isset($c['secondaryOrUnitNumber']) ? $mysqli->real_escape_string((string)$c['secondaryOrUnitNumber']) : 'NULL'; $Z_State = isset($c['province']) ? $mysqli->real_escape_string((string)$c['province']) : 'NULL'; $Email = isset($c['email']) ? $mysqli->real_escape_string((string)$c['email']) : $mysqli->real_escape_string($Email); $Z_ShortAddr = isset($c['shortAddress']) ? $mysqli->real_escape_string((string)$c['shortAddress']) : 'NULL'; $Phone = isset($c['phoneNumber']) ? $mysqli->real_escape_string((string)$c['phoneNumber']) : null; // Build INSERT (omit ZATCAID so it auto-increments; CreatedAt uses NOW()) $sqlZ = " INSERT INTO `ZATCA` (`ProjectID`, `Name`, `VAT`, `UN`, `NID`, `Street`, `BuildingNo`, `Zip`, `AdditionalN`, `District`, `City`, `unit`, `State`, `Email`, `shortAddress`, `CreatedAt`) VALUES ('$ProjectID', '$Name', " . ($Z_VAT === '' ? "NULL" : "'$Z_VAT'") . ", " . ($Z_UN === '' ? "NULL" : "'$Z_UN'") . ", " . ($Z_NID === 'NULL' ? "NULL" : "'$Z_NID'") . ", " . ($Z_Street === 'NULL' ? "NULL" : "'$Z_Street'") . ", " . ($Z_BuildingNo === 'NULL' ? "NULL" : "'$Z_BuildingNo'") . ", " . ($Z_Zip === 'NULL' ? "NULL" : "'$Z_Zip'") . ", " . ($Z_Additional === 'NULL' ? "NULL" : "'$Z_Additional'") . ", " . ($Z_District === 'NULL' ? "NULL" : "'$Z_District'") . ", " . ($Z_City === 'NULL' ? "NULL" : "'$Z_City'") . ", " . ($Z_unit === 'NULL' ? "NULL" : "'$Z_unit'") . ", " . ($Z_State === 'NULL' ? "NULL" : "'$Z_State'") . ", " . ($Email === '' ? "NULL" : "'$Email'") . ", " . ($Z_ShortAddr === 'NULL' ? "NULL" : "'$Z_ShortAddr'") . ", NOW() ) "; $insZ = $mysqli->query($sqlZ); if (!$insZ) { // optional: log error error_log("ZATCA insert failed: " . $mysqli->error); } } elseif ($invoiceType === 'simplified' && !empty($customerData)) { $c = is_object($customerData) ? (array)$customerData : (array)$customerData; $Name = isset($c['name']) ? trim((string)$c['name']) : null; $Email = isset($c['email']) ? trim((string)$c['email']) : null; $Phone = isset($c['phoneNumber']) ? trim((string)$c['phoneNumber']) : null; } // ---------- END ---------- $resx14 = $mysqli->query("SELECT ReferenceNo,PolicyNo,RequestID, Co FROM `projects` where `ProjectID` = '" . $row1['ProjectID'] . "'"); $row15 = mysqli_fetch_array($resx14); $return["error"] = false; $Co = $row15['Co']; $BAmount = $row1['Amount']; $merchant_reference = $row1['merchant_reference']; $Amount = $BAmount * 100; $Type = $row1['Type']; if (!empty($row15['ReferenceNo'])) { $ProjectRef = $row15['ReferenceNo']; } elseif (!empty($row15['PolicyNo'])) { $ProjectRef = $row15['PolicyNo']; } elseif (!empty($row15['RequestID'])) { $ProjectRef = $row15['RequestID']; } if (empty($Phone)) { $Phones = ' '; } else { $Phones = " ,`phone_number`='$Phone' "; } if (empty($VAT)) { $VATs = ' '; } else { $VATs = " ,`VAT`='$VAT' "; } if (empty($NID)) { $NIDs = ' '; } else { $NIDs = " ,`NID`='$NID' "; } if ($Type == 'AV') { $description = 'Additional Visit Fees for Proposal No: ' . $ProjectRef . ' رسوم الفحص الفني للزيارة الاضافيه للمشروع رقم'; } else if ($Type == 'RD7') { $description = 'RD7 Fees for Proposal No: ' . $ProjectRef . ' رسوم الفحص الفني للمشروع رقم'; } else if ($Type == 'RD0' or $Type == 'TIS' or $Type == 'TIS2') { $description = 'TIS Fees for Proposal No: ' . $ProjectRef . ' رسوم الفحص الفني للمشروع رقم'; } // if($Co == '1'){ if ($Pmethod == 'SADAD' and isset($merchant_reference) and is_numeric($merchant_reference)) { $return["error"] = false; $return["payment_Data"] = $merchant_reference; } else { if ($Pmethod == 'CC') { require_once(dirname(__FILE__) . '/Payment/PayfortARPaymentGenerator.php'); $paymentGenerator = new PayfortPaymentGenerator(); $GenerateCCPayment = $paymentGenerator->GenerateCCPayment($Email, $Amount, $description, $Type, $Token); header('Content-Type: application/json'); $return["payment_Data"] = json_encode($GenerateCCPayment); } else if ($Pmethod == 'SADAD') { require_once(dirname(__FILE__) . '/Payment/SadadARPaymentGenerator.php'); $paymentGenerator = new SadadPaymentGenerator(); $GenerateSadadPayment = $paymentGenerator->GenerateSadadPayment($NID, $Phone, $Name, $BAmount, $description, $Type, $Token); } else if ($Pmethod == 'STC') { require_once(dirname(__FILE__) . '/Payment/PayfortARPaymentGenerator.php'); $paymentGenerator = new PayfortPaymentGenerator(); $GenerateSTCPayment = $paymentGenerator->GenerateSTCPayment($Email, $Amount, $description, $Type, $Token); header('Content-Type: application/json'); $return["payment_Data"] = json_encode($GenerateSTCPayment); } if (isset($GenerateSadadPayment) and is_numeric($GenerateSadadPayment)) { $res = $mysqli->query("UPDATE `checkout` SET `Name`='$Name',`email`='$Email',`Pmethod`='$Pmethod', `merchant_reference` = '$GenerateSadadPayment' $Phones $VATs $NIDs WHERE `Token` = '$Token'"); if ($res) { $return["error"] = false; $return["payment_Data"] = $GenerateSadadPayment; } else { $return["error"] = true; $return["message"] = "Error!"; } } else if (isset($GenerateSadadPayment) and !is_numeric($GenerateSadadPayment)) { $return["error"] = true; $return["message"] = "$GenerateSadadPayment"; } else { $merchant_reference = " , `merchant_reference`'. = '$Type'.'-'.'$Token'"; $res = $mysqli->query("UPDATE `checkout` SET `Name`='$Name',`email`='$Email',`Pmethod`='$Pmethod' $Phones $VATs $NIDs WHERE `Token` = '$Token'"); if ($res) { $return["error"] = false; } else { $return["error"] = true; $return["message"] = "Error!"; } } } } } else { $return["error"] = true; $return["message"] = "Not Found!"; } } else { $return["error"] = true; $return["message"] = "Access denied!"; } header('Content-Type: application/json'); echo json_encode($return);