issues when handling callback data with merchant API of faucetpay.io

Question

I am currently configuring my website to utilize faucetpay.io's merchant API from the https://faucetpay.io/merchant where there is also a short documentation, unfortunately not clear enough. I contacted their support, no response as of yet. I have implemented the following in my index.html:

<form action="https://faucetpay.io/merchant/webscr" method="post" autocomplete="off">
<input type="hidden" name="merchant_username" value="sanox">
<input type="hidden" name="item_description" value="RCP Webpage - buy 64 spesmilo points">
<input type="hidden" name="amount1" value="0.001">
<input type="hidden" name="currency1" value="USDT">
<input type="hidden" name="callback_url" value="https://example.com/callback.html">
<input type="hidden" name="success_url" value="https://example.com/callback.html">
<input type="hidden" name="cancel_url" value="https://example.com/index.html">
<input type="submit" class="w3-btn w3-purple" name="submit" value="Buy ₷64">

In my callback.html, I have implemented the following:

<?php
error_reporting(E_ALL ^ E_DEPRECATED ^ E_WARNING ^ E_NOTICE);
header("Content-Type: text/html; charset=UTF-8");
require('res/config.php');
session_start();

if (isset($_SESSION['app'])) {
    $user = $_SESSION['app'];

// Debugging
var_dump($_POST); // Check the entire POST data

$token = $_POST['token'];
echo "Token: " . $token;

$payment_info = json_decode(file_get_contents("https://faucetpay.io/merchant/get-payment/" . $token), true);
$token_status = $payment_info['valid'];
$merchant_username = $payment_info['merchant_username'];
$my_username = "sanox";

if ($my_username == $merchant_username && $token_status) {
    // Processing logic when validation is successful
    mysql_query("UPDATE crypto_users SET points = points + 64 WHERE `email` = '$user'");
    echo 'Thank you. Payment processed. ₷64 added to your account!';
} else {
    echo "Invalid payment attempt. TokenID: " . $token;
    echo " Merchant Username: " . $merchant_username;
}
} else {
    die('Please login first!');
}
?> 

I've noticed that during testing with my other user sanox1, the balance of 0.001 USDT is deducted correctly from his account, and I see the transaction in my merchants account sanox. However, in the output of callback.html, all the variables e.g. $token, $merchant_username etc. appear to be null or empty, I see array(0) { } Token: Invalid payment attempt. TokenID: Merchant Username: Could you please help me understand why this is happening ? Maybe I don't pass the token correctly? Also I don't quite understand what is the connection between https://faucetpay.io/merchant and https://faucetpay.io/merchant/get-payment/

Thank you in advance for your assistance.

Answer 1

<?php
// callback.php

// Retrieve the token from the URL parameters
$token = $_POST['token'];

// FaucetPay API endpoint
$apiEndpoint = "https://faucetpay.io/merchant/get-payment/$token";

// Make a GET request to FaucetPay API
$response = file_get_contents($apiEndpoint);

// Check if the request was successful and if the response is valid JSON
if ($response === false) {
    echo "Error fetching data from FaucetPay API.";
} else {
    $data = json_decode($response, true);

    if ($data === null) {
        echo "Error decoding JSON response from FaucetPay API.";
    } else {
        // Process the JSON response
        print_r($data);

        // Check if the payment is valid
        if ($data['valid']) {
            
 

                // Update the database if validation is successful
                $email = 'somemail@mail.com'; // Replace with your actual email field
                 

                // Your database connection code here
                $conn = new mysqli('localhost', 'user', 'pass', 'db');

                // Check the connection
                if ($conn->connect_error) {
                    die("Connection failed: " . $conn->connect_error);
                }

                // Prepare and execute the SQL statement
                $sql = "somesql here";
                if ($conn->query($sql) === TRUE) {
                    echo "Record updated successfully";
                }
            
            
            
 
        } else {
            echo "Invalid payment. Validation failed.";
        }
    }
}
?>

finally the following callback.php worked for me. I did some testing with https://webhook.site/ as advised by faucetpay's support and then changed from <input type="hidden" name="callback_url" value="https://webhook.site/MY_ID"> to <input type="hidden" name="callback_url" value="https://example.com/callback.php"> in the form