MIF_E31212274/application/controllers/Midtrans.php

<?php
defined('BASEPATH') or exit('No direct script access allowed');

class Midtrans extends CI_Controller
{
    public function charge()
    {
        // Set your server key (Note: Server key for sandbox and production mode are different)
        $server_key = 'SB-Mid-server-ivKu-7p6XoJPylTwPIh1xwcd';
        // Set true for production, set false for sandbox
        $is_production = false;

        $api_url = $is_production ?
            'https://app.midtrans.com/snap/v1/transactions' :
            'https://app.sandbox.midtrans.com/snap/v1/transactions';


        // Check if request doesn't contains `/charge` in the url/path, display 404
        if (!strpos($_SERVER['REQUEST_URI'], '/charge')) {
            http_response_code(404);
            echo "wrong path, make sure it's `/charge`";
            exit();
        }
        // Check if method is not HTTP POST, display 404
        if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
            http_response_code(404);
            echo "Page not found or wrong HTTP request method is used";
            exit();
        }

        // get the HTTP POST body of the request
        $request_body = file_get_contents('php://input');
        // set response's content type as JSON
        header('Content-Type: application/json');
        // call charge API using request body passed by mobile SDK
        $charge_result = $this->chargeAPI($api_url, $server_key, $request_body);
        // set the response http status code
        http_response_code($charge_result['http_code']);
        // then print out the response body
        echo $charge_result['body'];
    }

    /**
     * call charge API using Curl
     * @param string  $api_url
     * @param string  $server_key
     * @param string  $request_body
     */
    private function chargeAPI($api_url, $server_key, $request_body)
    {
        $ch = curl_init();
        $curl_options = array(
            CURLOPT_URL => $api_url,
            CURLOPT_RETURNTRANSFER => 1,
            CURLOPT_POST => 1,
            CURLOPT_HEADER => 0,
            // Add header to the request, including Authorization generated from server key
            CURLOPT_HTTPHEADER => array(
                'Content-Type: application/json',
                'Accept: application/json',
                'Authorization: Basic ' . base64_encode($server_key . ':')
            ),
            CURLOPT_POSTFIELDS => $request_body
        );
        curl_setopt_array($ch, $curl_options);
        $result = array(
            'body' => curl_exec($ch),
            'http_code' => curl_getinfo($ch, CURLINFO_HTTP_CODE),
        );
        return $result;
    }

    public function callback()
    {
        $data = json_decode($this->security->xss_clean($this->input->raw_input_stream));
        $res = new stdClass();
        if ($data->transaction_status == "settlement" || $data->transaction_status == "capture" && ($data->fraud_status == "accept" && $data->status_code == "200")) {
            $this->Model_api->updatePayment($data->order_id);
            $res->status = "success";
        } else {
            $res->status = "failed";
        }
        echo json_encode($res);
    }
}