admin/34853-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
34853-vm/order_confirmation.php
Flatlogic Bot 222ac63dcc Auto commit: 2025-10-11T05:03:50.362Z
2025-10-11 05:03:50 +00:00

123 lines
6.4 KiB
PHP
Raw Blame History

<?php
require_once __DIR__ . '/vendor/autoload.php';
require_once __DIR__ . '/db/config.php';
// This is your test secret API key. Don't hardcode this in a real app.
\Stripe\Stripe::setApiKey('sk_test_51Hh9Y2L9s5P2Q8Z4sYgY8Z4sYgY8Z4sYgY8Z4sYgY8Z4sYgY8Z4sYgY8Z4sYgY8Z4sYgY8Z4sYgY8Z4');
$message = 'An error occurred.';
if (isset($_GET['payment_intent']) && isset($_GET['payment_intent_client_secret'])) {
$payment_intent_id = $_GET['payment_intent'];
try {
$paymentIntent = \Stripe\PaymentIntent::retrieve($payment_intent_id);
if ($paymentIntent->status == 'succeeded') {
// NOTE: In a real application, you should not trust the amount from the client.
// You should fetch the plan from your database based on a stored reference to ensure the price is correct.
// For this example, we'll assume the amount is correct.
$metadata = $paymentIntent->metadata;
$plan_id = $metadata->plan_id ?? null;
$customer_name = $metadata->customer_name ?? null;
$customer_address = $metadata->customer_address ?? null;
$customer_email = $paymentIntent->receipt_email;
if (empty($plan_id) || empty($customer_name) || empty($customer_address) || empty($customer_email)) {
// This indicates a problem, as the metadata or email was not set correctly.
// Flag for manual review.
error_log("Missing metadata or email for successful payment {$payment_intent_id}.");
$message = "Your payment was successful, but there was an error processing your order details. Please contact support.";
} else {
$pdo = db();
// Parse name into first and last
$name_parts = explode(' ', $customer_name, 2);
$first_name = $name_parts[0];
$last_name = $name_parts[1] ?? '';
// For address, we'll just put the whole thing in the street_address for now.
// A real app would use a proper address parser or separate fields on the form.
$street_address = $customer_address;
// Generate a temporary password hash. In a real app, you'd send a password reset link.
$temp_password = password_hash(bin2hex(random_bytes(16)), PASSWORD_DEFAULT);
// Check if customer already exists
$stmt = $pdo->prepare("SELECT id FROM customers WHERE email = ?");
$stmt->execute([$customer_email]);
$existing_customer = $stmt->fetch();
if ($existing_customer) {
$customer_id = $existing_customer['id'];
// Optional: Update customer details if they have changed
$update_stmt = $pdo->prepare("UPDATE customers SET first_name = ?, last_name = ?, street_address = ? WHERE id = ?");
$update_stmt->execute([$first_name, $last_name, $street_address, $customer_id]);
} else {
// Create new customer
$stmt = $pdo->prepare(
"INSERT INTO customers (first_name, last_name, email, password_hash, street_address) VALUES (?, ?, ?, ?, ?)"
);
$stmt->execute([$first_name, $last_name, $customer_email, $temp_password, $street_address]);
$customer_id = $pdo->lastInsertId();
}
// Create the order
$stmt = $pdo->prepare("INSERT INTO orders (customer_id, plan_id, stripe_payment_intent, status) VALUES (?, ?, ?, ?)");
$stmt->execute([$customer_id, $plan_id, $payment_intent_id, 'succeeded']);
$message = 'Payment succeeded! Your order has been placed.';
// Send confirmation email
require_once __DIR__ . '/mail/MailService.php';
$subject = 'Your Australia Broadband Internet Order Confirmation';
$html_body = "<h1>Welcome, " . htmlspecialchars($customer_name) . "!</h1>"
. "<p>Thank you for your order. Your new internet service is being processed.</p>"
. "<p><strong>Order Details:</strong></p>"
. "<ul>"
. "<li><strong>Plan ID:</strong> " . htmlspecialchars($plan_id) . "</li>"
. "<li><strong>Payment ID:</strong> " . htmlspecialchars($payment_intent_id) . "</li>"
. "</ul>"
. "<p>You will receive further updates from us shortly.</p>";
$text_body = "Welcome, " . $customer_name . "! Thank you for your order. Your new internet service is being processed. Order Details: Plan ID: " . $plan_id . ", Payment ID: " . $payment_intent_id . ". You will receive further updates from us shortly.";
MailService::sendMail($customer_email, $subject, $html_body, $text_body);
}
} else {
$message = "Payment was not successful. Status: {$paymentIntent->status}";
}
} catch (\Stripe\Exception\ApiErrorException $e) {
$message = 'Error retrieving payment intent: ' . $e->getMessage();
} catch (PDOException $e) {
// If the DB insert fails, we have a problem. The customer was charged but the order wasn't created.
// A real app needs robust error handling here, like logging the error and flagging for manual review.
error_log("Failed to create order in DB after successful payment {$payment_intent_id}: " . $e->getMessage());
$message = "Your payment was successful, but there was an error creating your order. Please contact support.";
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Order Confirmation</title>
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
<link rel="stylesheet" href="assets/css/custom.css">
</head>
<body>
<div class="container mt-5 text-center">
<div class="card mx-auto" style="max-width: 500px;">
<div class="card-body">
<h1 class="card-title">Order Confirmation</h1>
<p class="card-text"><?php echo htmlspecialchars($message); ?></p>
<a href="/" class="btn btn-primary">Back to Home</a>
</div>
</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink