32245fccdf
Remove v2 view-key payment monitor (privacy concern — nobody should enter their private view key on a website). Replace with TX proof verification where the sender provides TX Hash + TX Key from their wallet. The proof is cryptographically verified client-side and stored with the invoice for persistent "Paid" status. - Remove monitor.js and all view-key monitoring UI/logic - Add TX proof section: sender enters TX Hash + TX Key - Client-side verification via check_tx_key equivalent (noble-curves) - api/verify.php stores/retrieves payment proofs per invoice - Short URL redirect now includes invoice code for status lookup - Invoice link shows "Paid" badge once proof is verified - Deadline badges (7/14/30 days) for payment terms
29 lines
724 B
PHP
29 lines
724 B
PHP
<?php
|
|
$code = trim($_SERVER['PATH_INFO'] ?? $_GET['c'] ?? '', '/');
|
|
|
|
if (empty($code) || !preg_match('/^[a-z0-9]{4,10}$/', $code)) {
|
|
http_response_code(404);
|
|
echo 'Not found';
|
|
exit;
|
|
}
|
|
|
|
$dbFile = __DIR__ . '/data/urls.json';
|
|
if (!file_exists($dbFile)) {
|
|
http_response_code(404);
|
|
echo 'Not found';
|
|
exit;
|
|
}
|
|
|
|
$urls = json_decode(file_get_contents($dbFile), true) ?: [];
|
|
|
|
if (!isset($urls[$code])) {
|
|
http_response_code(404);
|
|
echo 'Not found';
|
|
exit;
|
|
}
|
|
|
|
$hash = $urls[$code]['hash'] ?? $urls[$code];
|
|
$base = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http') . '://' . $_SERVER['HTTP_HOST'];
|
|
header('Location: ' . $base . '/#' . $hash . '&c=' . $code, true, 302);
|
|
exit;
|