142 lines
5.3 KiB
PHP
142 lines
5.3 KiB
PHP
<?php
|
|
session_start();
|
|
require_once 'db/config.php';
|
|
require_once 'vendor/autoload.php';
|
|
require_once 'includes/api_keys.php';
|
|
|
|
if (!isset($_GET['session_id'])) {
|
|
header("Location: index.php");
|
|
exit();
|
|
}
|
|
|
|
$stripe_session_id = $_GET['session_id'];
|
|
$pdo = db();
|
|
$session_id = session_id();
|
|
|
|
\Stripe\Stripe::setApiKey($stripeSecretKey);
|
|
|
|
try {
|
|
$checkout_session = \Stripe\Checkout\Session::retrieve($stripe_session_id);
|
|
$metadata = $checkout_session->metadata;
|
|
$user_id = $metadata->user_id ?? null;
|
|
$is_guest = !$user_id;
|
|
|
|
if ($checkout_session->payment_status == 'paid') {
|
|
$delivery_address = null;
|
|
$phone_number = null;
|
|
$guest_name = null;
|
|
$guest_email = null;
|
|
$guest_token = null;
|
|
|
|
if ($is_guest) {
|
|
$guest_name = $metadata->guest_name ?? '';
|
|
$guest_email = $metadata->guest_email ?? '';
|
|
$delivery_address = $metadata->guest_address ?? 'N/A';
|
|
$phone_number = $metadata->guest_phone ?? 'N/A';
|
|
$cart_identifier = $session_id;
|
|
$cart_column = 'session_id';
|
|
$guest_token = $metadata->token ?? null; // Use token from metadata
|
|
} else {
|
|
$stmt = $pdo->prepare("SELECT address, phone FROM users WHERE id = ?");
|
|
$stmt->execute([$user_id]);
|
|
$user = $stmt->fetch();
|
|
$delivery_address = $user ? $user['address'] : 'N/A';
|
|
$phone_number = $user ? $user['phone'] : 'N/A';
|
|
$cart_identifier = $user_id;
|
|
$cart_column = 'user_id';
|
|
}
|
|
|
|
// Fetch cart items
|
|
$stmt = $pdo->prepare("SELECT c.*, mi.price, mi.restaurant_id FROM cart c JOIN menu_items mi ON c.menu_item_id = mi.id WHERE c.$cart_column = ?");
|
|
$stmt->execute([$cart_identifier]);
|
|
$cart_items = $stmt->fetchAll();
|
|
|
|
if (empty($cart_items)) {
|
|
header("Location: index.php");
|
|
exit();
|
|
}
|
|
|
|
$total_price = $_SESSION['total_price'] ?? 0;
|
|
$discount_amount = $_SESSION['discount_amount'] ?? 0;
|
|
$coupon_id = $metadata->coupon_id ?? null;
|
|
$restaurant_id = $cart_items[0]['restaurant_id']; // Assuming order from one restaurant
|
|
|
|
// Create order
|
|
$stmt = $pdo->prepare("INSERT INTO orders (user_id, restaurant_id, total_price, status, stripe_session_id, delivery_address, phone_number, coupon_id, discount_amount, guest_name, guest_email, token) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
$stmt->execute([$user_id, $restaurant_id, $total_price, 'paid', $stripe_session_id, $delivery_address, $phone_number, $coupon_id, $discount_amount, $guest_name, $guest_email, $guest_token]);
|
|
$order_id = $pdo->lastInsertId();
|
|
|
|
// Insert order items
|
|
$stmt = $pdo->prepare("INSERT INTO order_items (order_id, menu_item_id, quantity, price) VALUES (?, ?, ?, ?)");
|
|
foreach ($cart_items as $item) {
|
|
$stmt->execute([$order_id, $item['menu_item_id'], $item['quantity'], $item['price']]);
|
|
}
|
|
|
|
// Award points to the user
|
|
if (!$is_guest) {
|
|
$stmt = $pdo->prepare("SELECT points, tier FROM user_rewards WHERE user_id = ?");
|
|
$stmt->execute([$user_id]);
|
|
$user_reward = $stmt->fetch();
|
|
|
|
$current_points = $user_reward ? $user_reward['points'] : 0;
|
|
$current_tier = $user_reward ? $user_reward['tier'] : 'Bronze';
|
|
|
|
$multiplier = 1;
|
|
if ($current_tier === 'Silver') {
|
|
$multiplier = 1.2;
|
|
} elseif ($current_tier === 'Gold') {
|
|
$multiplier = 1.5;
|
|
}
|
|
|
|
$points_to_award = floor($total_price * $multiplier);
|
|
$new_total_points = $current_points + $points_to_award;
|
|
|
|
$new_tier = $current_tier;
|
|
if ($new_total_points >= 5000) {
|
|
$new_tier = 'Gold';
|
|
} elseif ($new_total_points >= 1000) {
|
|
$new_tier = 'Silver';
|
|
}
|
|
|
|
$reward_stmt = $pdo->prepare(
|
|
"INSERT INTO user_rewards (user_id, points, tier) VALUES (?, ?, ?) " .
|
|
"ON DUPLICATE KEY UPDATE points = VALUES(points), tier = VALUES(tier)"
|
|
);
|
|
$reward_stmt->execute([$user_id, $new_total_points, $new_tier]);
|
|
|
|
// Log the transaction in reward_history
|
|
$history_stmt = $pdo->prepare("INSERT INTO reward_history (user_id, points_change, reason) VALUES (?, ?, ?)");
|
|
$history_stmt->execute([$user_id, $points_to_award, 'Order completion']);
|
|
}
|
|
|
|
// Clear cart
|
|
$stmt = $pdo->prepare("DELETE FROM cart WHERE $cart_column = ?");
|
|
$stmt->execute([$cart_identifier]);
|
|
|
|
// Clear coupon session variables
|
|
unset($_SESSION['coupon_id']);
|
|
unset($_SESSION['coupon_code']);
|
|
unset($_SESSION['discount_percentage']);
|
|
unset($_SESSION['total_price']);
|
|
unset($_SESSION['discount_amount']);
|
|
unset($_SESSION['subtotal']);
|
|
|
|
$_SESSION['order_id'] = $order_id;
|
|
if ($is_guest) {
|
|
$_SESSION['token'] = $guest_token;
|
|
}
|
|
|
|
header("Location: order_confirmation.php");
|
|
exit();
|
|
|
|
} else {
|
|
header("Location: payment-cancel.php");
|
|
exit();
|
|
}
|
|
} catch (\Stripe\Exception\ApiErrorException $e) {
|
|
// Handle Stripe API errors
|
|
error_log($e->getMessage());
|
|
header("Location: payment-cancel.php");
|
|
exit();
|
|
}
|