95 lines
4.1 KiB
PHP
95 lines
4.1 KiB
PHP
<?php
|
|
session_start();
|
|
require_once 'db/config.php';
|
|
require_once 'includes/api_keys.php';
|
|
require_once 'vendor/autoload.php';
|
|
|
|
$pdoconnection = db();
|
|
|
|
if (isset($_GET['session_id'])) {
|
|
\Stripe\Stripe::setApiKey(STRIPE_API_KEY);
|
|
$sessionId = $_GET['session_id'];
|
|
|
|
try {
|
|
$session = \Stripe\Checkout\Session::retrieve($sessionId);
|
|
|
|
if ($session->payment_status == 'paid') {
|
|
// Retrieve metadata
|
|
$metadata = $session->metadata;
|
|
$userId = $metadata->user_id;
|
|
$restaurantId = $metadata->restaurant_id;
|
|
$customerName = $metadata->customer_name;
|
|
$address = $metadata->address;
|
|
$phone = $metadata->phone;
|
|
$totalPrice = $session->amount_total / 100; // Convert from cents
|
|
|
|
// Check if order already exists for this session to prevent duplicates
|
|
$stmt = $pdoconnection->prepare("SELECT id FROM orders WHERE stripe_session_id = :session_id");
|
|
$stmt->bindParam(':session_id', $sessionId);
|
|
$stmt->execute();
|
|
if ($stmt->fetch()) {
|
|
// Order already processed
|
|
$message = "Your order has already been processed.";
|
|
} else {
|
|
// Create a new order
|
|
$stmt = $pdoconnection->prepare("INSERT INTO orders (user_id, restaurant_id, total_price, status, delivery_name, delivery_address, delivery_phone, stripe_session_id) VALUES (:user_id, :restaurant_id, :total_price, 'processing', :name, :address, :phone, :session_id)");
|
|
$stmt->bindParam(':user_id', $userId);
|
|
$stmt->bindParam(':restaurant_id', $restaurantId);
|
|
$stmt->bindParam(':total_price', $totalPrice);
|
|
$stmt->bindParam(':name', $customerName);
|
|
$stmt->bindParam(':address', $address);
|
|
$stmt->bindParam(':phone', $phone);
|
|
$stmt->bindParam(':session_id', $sessionId);
|
|
$stmt->execute();
|
|
$orderId = $pdoconnection->lastInsertId();
|
|
|
|
// Get cart items
|
|
$cartStmt = $pdoconnection->prepare("SELECT * FROM cart WHERE user_id = :user_id");
|
|
$cartStmt->bindParam(':user_id', $userId);
|
|
$cartStmt->execute();
|
|
$cartItems = $cartStmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
// Move cart items to order_items
|
|
$orderItemStmt = $pdoconnection->prepare("INSERT INTO order_items (order_id, menu_item_id, quantity, price) VALUES (:order_id, :menu_item_id, :quantity, :price)");
|
|
foreach ($cartItems as $item) {
|
|
$priceStmt = $pdoconnection->prepare("SELECT price FROM menu_items WHERE id = :menu_item_id");
|
|
$priceStmt->bindParam(':menu_item_id', $item['menu_item_id']);
|
|
$priceStmt->execute();
|
|
$menuItem = $priceStmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
$orderItemStmt->bindParam(':order_id', $orderId);
|
|
$orderItemStmt->bindParam(':menu_item_id', $item['menu_item_id']);
|
|
$orderItemStmt->bindParam(':quantity', $item['quantity']);
|
|
$orderItemStmt->bindParam(':price', $menuItem['price']);
|
|
$orderItemStmt->execute();
|
|
}
|
|
|
|
// Clear the cart
|
|
$clearCartStmt = $pdoconnection->prepare("DELETE FROM cart WHERE user_id = :user_id");
|
|
$clearCartStmt->bindParam(':user_id', $userId);
|
|
$clearCartStmt->execute();
|
|
|
|
$message = "Thank you for your order! Your payment was successful and your order (ID: $orderId) is now being processed.";
|
|
}
|
|
} else {
|
|
$message = "Payment was not successful. Please try again.";
|
|
}
|
|
} catch (Exception $e) {
|
|
$message = "An error occurred: " . $e->getMessage();
|
|
}
|
|
} else {
|
|
$message = "Invalid request.";
|
|
}
|
|
|
|
include 'header.php';
|
|
?>
|
|
|
|
<div class="container mt-5">
|
|
<div class="alert alert-info" role="alert">
|
|
<?php echo htmlspecialchars($message); ?>
|
|
</div>
|
|
<a href="index.php" class="btn btn-primary">Back to Home</a>
|
|
</div>
|
|
|
|
<?php include 'footer.php'; ?>
|