35063-vm/webhook.php

<?php
require_once 'vendor/autoload.php';
require_once 'db/config.php';

// The webhook secret is necessary to verify that the request is coming from Stripe.
// It should be stored in an environment variable or a secure configuration file.
// You can find your webhook signing secret in your Stripe dashboard.
$webhookSecret = 'whsec_...'; // TODO: Replace with your webhook signing secret

\Stripe\Stripe::setApiKey('sk_live_51SJvpVAgq1ywLQy0jBRZsARLf9VGKH8LOW2l9GVHRXJ2KiG5dqYYRMFOw1DT');

$payload = @file_get_contents('php://input');
$sig_header = $_SERVER['HTTP_STRIPE_SIGNATURE'];
$event = null;

try {
    $event = \Stripe\Webhook::constructEvent(
        $payload, $sig_header, $webhookSecret
    );
} catch(\UnexpectedValueException $e) {
    // Invalid payload
    http_response_code(400);
    exit();
} catch(\Stripe\Exception\SignatureVerificationException $e) {
    // Invalid signature
    http_response_code(400);
    exit();
}

// Handle the event
switch ($event->type) {
    case 'payment_intent.succeeded':
        $paymentIntent = $event->data->object; // contains a \Stripe\PaymentIntent
        handlePaymentIntentSucceeded($paymentIntent);
        break;
    default:
        // Unexpected event type
        echo 'Received unknown event type ' . $event->type;
}

function handlePaymentIntentSucceeded($paymentIntent) {
    $pdo = db();

    // Update payment status in the database
    $stmt = $pdo->prepare("UPDATE payments SET status = ? WHERE stripe_payment_intent_id = ?");
    $stmt->execute(['succeeded', $paymentIntent->id]);

    // Get user_id from the payment
    $stmt = $pdo->prepare("SELECT user_id FROM payments WHERE stripe_payment_intent_id = ?");
    $stmt->execute([$paymentIntent->id]);
    $payment = $stmt->fetch();

    if ($payment) {
        $userId = $payment['user_id'];

        // Update user to premium
        $stmt = $pdo->prepare("UPDATE users SET is_premium = TRUE WHERE id = ?");
        $stmt->execute([$userId]);
    }
}

http_response_code(200);