104 lines
3.4 KiB
PHP
104 lines
3.4 KiB
PHP
<?php
|
|
session_start();
|
|
require_once 'db/config.php';
|
|
require_once 'includes/api_keys.php';
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
if (!isset($_SESSION['user_id']) || !isset($_POST['orderID'])) {
|
|
echo json_encode(['error' => 'Invalid request.']);
|
|
exit();
|
|
}
|
|
|
|
$orderID = $_POST['orderID'];
|
|
$user_id = $_SESSION['user_id'];
|
|
|
|
// Helper function to get PayPal access token
|
|
function get_paypal_access_token($clientId, $secret, $apiBase) {
|
|
$ch = curl_init();
|
|
curl_setopt($ch, CURLOPT_URL, "$apiBase/v1/oauth2/token");
|
|
curl_setopt($ch, CURLOPT_HEADER, false);
|
|
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
|
|
curl_setopt($ch, CURLOPT_POST, true);
|
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
|
curl_setopt($ch, CURLOPT_USERPWD, "$clientId:$secret");
|
|
curl_setopt($ch, CURLOPT_POSTFIELDS, "grant_type=client_credentials");
|
|
$result = curl_exec($ch);
|
|
curl_close($ch);
|
|
|
|
if (empty($result)) return null;
|
|
|
|
$json = json_decode($result);
|
|
return $json->access_token ?? null;
|
|
}
|
|
|
|
$accessToken = get_paypal_access_token($paypalClientId, $paypalSecret, $paypalApiBase);
|
|
|
|
if (!$accessToken) {
|
|
echo json_encode(['error' => 'Could not authenticate with PayPal.']);
|
|
exit();
|
|
}
|
|
|
|
// Capture payment
|
|
$ch = curl_init();
|
|
curl_setopt($ch, CURLOPT_URL, "$paypalApiBase/v2/checkout/orders/$orderID/capture");
|
|
curl_setopt($ch, CURLOPT_POST, true);
|
|
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
|
|
curl_setopt($ch, CURLOPT_HTTPHEADER, [
|
|
"Content-Type: application/json",
|
|
"Authorization: Bearer $accessToken"
|
|
]);
|
|
|
|
$result = curl_exec($ch);
|
|
curl_close($ch);
|
|
$details = json_decode($result);
|
|
|
|
if (isset($details->status) && $details->status == 'COMPLETED') {
|
|
$pdo = db();
|
|
|
|
// Fetch cart items
|
|
$stmt = $pdo->prepare("SELECT c.*, mi.price, mi.restaurant_id FROM cart c JOIN menu_items mi ON c.menu_item_id = mi.id WHERE c.user_id = ?");
|
|
$stmt->execute([$user_id]);
|
|
$cart_items = $stmt->fetchAll();
|
|
|
|
if (empty($cart_items)) {
|
|
echo json_encode(['error' => 'Your cart is empty.']);
|
|
exit();
|
|
}
|
|
|
|
$total_price = 0;
|
|
$restaurant_id = null;
|
|
foreach ($cart_items as $item) {
|
|
$total_price += $item['price'] * $item['quantity'];
|
|
$restaurant_id = $item['restaurant_id'];
|
|
}
|
|
$delivery_fee = 5.00;
|
|
$total_price += $delivery_fee;
|
|
|
|
$delivery_name = $_POST['name'];
|
|
$delivery_address = $_POST['address'];
|
|
$delivery_phone = $_POST['phone'];
|
|
|
|
// Create order
|
|
$stmt = $pdo->prepare("INSERT INTO orders (user_id, restaurant_id, total_price, status, stripe_session_id, delivery_name, delivery_address, delivery_phone) VALUES (?, ?, ?, ?, ?, ?, ?, ?)");
|
|
$stmt->execute([$user_id, $restaurant_id, $total_price, 'paid', $orderID, $delivery_name, $delivery_address, $delivery_phone]);
|
|
$order_id = $pdo->lastInsertId();
|
|
|
|
// Insert order items
|
|
$stmt = $pdo->prepare("INSERT INTO order_items (order_id, menu_item_id, quantity, price) VALUES (?, ?, ?, ?)");
|
|
foreach ($cart_items as $item) {
|
|
$stmt->execute([$order_id, $item['menu_item_id'], $item['quantity'], $item['price']]);
|
|
}
|
|
|
|
// Clear cart
|
|
$stmt = $pdo->prepare("DELETE FROM cart WHERE user_id = ?");
|
|
$stmt->execute([$user_id]);
|
|
|
|
$_SESSION['order_id'] = $order_id;
|
|
echo json_encode(['success' => true]);
|
|
|
|
} else {
|
|
error_log('PayPal Capture Failed: ' . print_r($details, true));
|
|
echo json_encode(['error' => 'Payment failed. Please try again.']);
|
|
}
|