Initial commit

.gitignore

@@ -0,0 +1,3 @@
+vendor
+composer.lock
+config.php

composer.json

@@ -0,0 +1,6 @@
+{
+    "require": {
+        "mollie/mollie-api-php": "^2.0",
+        "chillerlan/php-qrcode": "^3.4"
+    }
+}

config.php.example

@@ -0,0 +1,6 @@
+<?php
+
+$mollie_apikey_live = "live_...";
+$mollie_apikey_test = "test_...";
+
+$mollie_test = true;  # set to false to use the live environment

index.php

@@ -0,0 +1,124 @@
+<!DOCTYPE html>
+<meta charset=UTF-8>
+<link rel=icon href=/favicon.png type=image/png>
+<meta name=robots content=noindex,nofollow>
+<title>RevBank Deposit</title>
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<style>
+body, a {
+    background: black;
+    color: lime;
+    font-family: monospace;
+}
+input {
+    appearance: none;
+    -webkit-appearance: none;
+}
+input[type="submit"] {
+    margin: 1em;
+    padding: 1em;
+    width: 10em;
+    border: 2px solid lime;
+    background: black;
+    color: lime;
+    cursor: pointer;
+}
+input[type="submit"]:hover {
+    background: lime;
+    color: black;
+}
+input[type="text"] {
+    background: black;
+    color: lime;
+    border: 0;
+    border-bottom: 2px solid lime;
+}
+#insufficient {
+    color: black;
+    background: lime;
+    visibility: hidden;
+    line-height: 200%;
+    padding: 1ex;
+    display: inline-block;
+}
+footer {
+    margin-top: 4em;
+    border-top: 2px solid lime;
+    padding-top: 1ex;
+    text-align: center;
+}
+footer a { text-decoration: none }
+footer a:hover { text-decoration: underline }
+</style>
+<script>
+function ch(e) {
+    document.getElementById("insufficient").style.visibility = e.value && e.value < 13.37 ? "visible" : "hidden";
+    return true;
+}
+function x() {
+    document.getElementById("custom").value = "";
+}
+</script>
+<?php
+
+use chillerlan\QRCode\{QRCode, QROptions};
+require_once __DIR__ . "/vendor/autoload.php";
+
+if (isset($_REQUEST["id"])) {
+    $id = $_REQUEST["id"];
+    if (! preg_match("/^tr_\\w+\z/", $id)) die("Nope");
+    #$payment = $mollie->payments->get($id);
+    $options = new QROptions(['imageTransparent' => false]);
+    ?>
+	<h1>Step 3</h1>
+        In RevBank, scan 
+        <?php echo '<img src="' . (new QRCode($options))->render($id) . '" alt="QR Code" align=middle>'; ?>
+        (or type <tt><?php echo $id; ?></tt>) and then enter your account name to complete your deposit.
+	<p>
+	This code can be used only once. If you can't scan it right now, bookmark/save/screenshot this page and finish this step within 3 days.
+
+        <script>
+            let h = localStorage["history"];
+            try { h = JSON.parse(h); } catch {}
+            let id = "<?php echo $id; ?>";
+            if (!h) h = new Array();
+            if (! (h.length && h[0]["id"] == id)) h.unshift({ id: id, dt: (new Date()).toISOString() });
+            localStorage["history"] = JSON.stringify(h);
+        </script>
+	<p>
+	<form method=get action=/><input type=submit value=back></form>
+
+    <?php
+
+} else {
+
+?>
+
+<h1>Deposit</h1>
+Here, you can buy a QR code that you can scan to add money to your RevBank account.
+<form method=post action=mollie.php>
+Amount: <input id=custom type=text size=6 maxlength=6 style="width:6ch" name=amount pattern="(?:[0-9]+(?:[,.][0-9]{2})?)?" title="42 or 42.00 or 42,00" onkeyup="return ch(this)"> <input type=submit value=ok><br>
+<div id=insufficient>Note: the minimum amount is 13.37 because of transaction fees that we can't (legally) pass on to you.</div>
+<p>
+Or pick a preset:<br>
+<input type=submit name=amount value=13.37 onclick="return x()">
+<input type=submit name=amount value=19.84 onclick="return x()">
+<input type=submit name=amount value=32 onclick="return x()">
+<input type=submit name=amount value=42 onclick="return x()">
+<input type=submit name=amount value=64 onclick="return x()">
+<input type=submit name=amount value=100 onclick="return x()">
+</form>
+<script>
+let h = localStorage["history"];
+if (h) {
+    document.write("<h1>History</h1><ul>");
+    JSON.parse(h).forEach(e => document.write("<li><a href='/?id=" + e.id +"'>" + e.id + "</a> @ " + e.dt));
+    document.write("</ul>The history is stored in your browser and might not survive clearing the cache or deleting cookies.")
+}
+</script>
+<?php } ?>
+
+<footer>
+<a href="https://revspace.nl/">RevSpace = Stichting Revelation Space</a><br>
+<a href="https://revspace.nl/Contact">Contact</a> &middot; <a href="https://revspace.nl/Reglement">Rules</a> &middot; <a href="https://revspace.nl/Privacy">Privacy</a>
+</footer>

mollie.php

@@ -0,0 +1,95 @@
+<?php
+
+require_once __DIR__ . "/vendor/autoload.php";
+include('config.php');
+
+$mollie = new \Mollie\Api\MollieApiClient();
+if ($mollie_test || isset($_POST["test"])) {
+    $mollie->setApiKey($mollie_apikey_test);
+} else {
+    $mollie->setApiKey($mollie_apikey_live);
+}
+
+if ($_SERVER["REQUEST_METHOD"] == "POST") {
+    if (isset($_POST["id"])) {
+	// client is revbank plugin
+
+        $id = $_POST["id"];
+        if (! preg_match("/^tr_\\w+\\z/", $id)) die("Nope");
+
+        $payment = $mollie->payments->get($id);
+        header("Content-Type: application/json; charset=US-ASCII");
+
+        if (! $payment->isPaid()) {
+            print json_encode(["ok" => false, "message" => "payment " . $payment->status]);
+            exit();
+        }
+        if (! $payment->metadata->revbank_status) {
+            print json_encode(["ok" => false, "message" => "not a RevBank transaction"]);
+            exit();
+        }
+        if ($payment->amount->currency != "EUR") {
+            print json_encode(["ok" => false, "status" => "unknown currency (shouldn't happen)"]);
+            exit();
+        }
+        if (isset($_POST["action"])) {
+            if ($_POST["action"] == "abort") {
+                if ($payment->metadata->revbank_status != "pending") {
+                    print json_encode(["ok" => false, "message" => "can't cancel non-pending"]);
+                    exit();
+                }
+                $payment->metadata = ["revbank_status" => "unspent"];
+                $payment->update();
+                print json_encode(["ok" => true]);
+                exit();
+            }
+            if ($_POST["action"] == "finalize") {
+                $payment->metadata = ["revbank_status" => "spent"];
+                $payment->update();
+                print json_encode(["ok" => true]);
+                exit();
+            }
+            die("Unsupported action.");
+        }
+
+        if ($payment->metadata->revbank_status != "unspent") {
+            print json_encode(["ok" => false, "message" => "already spent"]);
+            exit();
+        }
+        $payment->metadata = ["revbank_status" => "pending"];
+        $payment->update();
+
+        $amount = $payment->amount->value;
+        if ($amount < 0) die("Negative?!");
+
+        if ($payment->mode == "test") {
+            print json_encode(["ok" => true, "amount" => "0.00", "test_amount" => $amount]);
+        } else {
+            print json_encode(["ok" => true, "amount" => $amount]);
+        }
+        exit();
+    } else {
+	// client is user
+
+        $amount = $_POST["amount"];
+        if (! preg_match("/^[0-9]+(?:[,.][0-9]{2})?\\z/", $amount)) die("Invalid amount");
+        $amount = preg_replace("/,/", ".", $amount);
+        if (! preg_match("/\\./", $amount)) $amount .= ".00";
+
+        if ($amount < 13.37) die("Minimum 13.37");
+        if ($amount > 150) die("Maximum 150.00");
+
+        $payment = $mollie->payments->create([
+            "amount" => [ "value" => $amount, "currency" => "EUR" ],
+            "description" => "RevBank deposit",
+            "redirectUrl" => "https://deposit.revspace.nl/?id=",
+            "metadata" => [ "revbank_status" => "unspent" ],
+        ]);
+        $payment->redirectUrl .= $payment->id;
+        $payment->update();
+        header("Location: " . $payment->getCheckoutUrl(), true, 303);
+        exit();
+    }
+}
+
+?>