false, 'error' => 'Invalid method']); exit; } $input = json_decode(file_get_contents('php://input'), true); if (!$input || empty($input['items'])) { echo json_encode(['success' => false, 'error' => 'Cart is empty']); exit; } $name = trim($input['name'] ?? ''); $phoneInput = trim($input['phone'] ?? ''); $phone = normalize_oman_phone($phoneInput); $address = trim($input['address'] ?? ''); if ($name === '' || $phoneInput === '' || $address === '') { echo json_encode(['success' => false, 'error' => 'Missing customer details']); exit; } if ($phone === '') { echo json_encode(['success' => false, 'error' => 'Phone must be an 8-digit Oman number']); exit; } $items = $input['items']; $subtotal = 0; $totalVat = 0; // Recalculate total for security $db = db(); $processedItems = []; foreach ($items as $id => $item) { $qty = (int)$item['qty']; if ($qty <= 0) continue; // get price and vat from DB $stmt = $db->prepare("SELECT sku, name, price, vat FROM items WHERE id = ?"); $stmt->execute([$id]); $dbItem = $stmt->fetch(); if ($dbItem) { $price = (float)$dbItem['price']; $vatPercent = (float)($dbItem['vat'] ?? 0); $lineTotal = $price * $qty; $itemVat = $lineTotal * ($vatPercent / 100); $subtotal += $lineTotal; $totalVat += $itemVat; $processedItems[] = [ 'id' => $id, 'sku' => $dbItem['sku'], 'name' => $dbItem['name'], 'price' => $price, 'vat' => $vatPercent, 'vat_amount' => $itemVat, 'qty' => $qty, 'line_total' => $lineTotal ]; } } if (empty($processedItems)) { echo json_encode(['success' => false, 'error' => 'Invalid items']); exit; } $totalAmount = $subtotal + $totalVat; try { $stmt = $db->prepare("INSERT INTO online_orders (customer_name, customer_phone, customer_address, items_json, subtotal, vat_amount, total_amount) VALUES (?, ?, ?, ?, ?, ?, ?)"); $stmt->execute([ $name, $phone, $address, json_encode($processedItems, JSON_UNESCAPED_UNICODE), $subtotal, $totalVat, $totalAmount ]); // Optional: send telegram and WhatsApp notifications if configured try { $orderId = (int) $db->lastInsertId(); $orderData = [ 'id' => $orderId, 'customer_name' => $name, 'customer_phone' => $phone, 'customer_address' => $address, 'items' => $processedItems, 'subtotal' => $subtotal, 'vat_amount' => $totalVat, 'total_amount' => $totalAmount, 'status' => 'pending', 'created_at' => date('Y-m-d H:i:s'), ]; $msg = "🛒 *New Online Order #{$orderId}* "; $msg .= "👤 {$name} 📞 " . phone_display($phone) . " 📍 {$address} "; $msg .= "💰 Subtotal: " . currency($subtotal) . " "; $msg .= "🧾 VAT: " . currency($totalVat) . " "; $msg .= "💵 Total: " . currency($totalAmount) . " "; $botToken = getenv('TELEGRAM_BOT_TOKEN') ?: get_setting('telegram_bot_token'); $chatId = getenv('TELEGRAM_CHAT_ID') ?: get_setting('telegram_chat_id'); if ($botToken && $chatId) { $url = "https://api.telegram.org/bot{$botToken}/sendMessage"; $data = ['chat_id' => $chatId, 'text' => $msg, 'parse_mode' => 'Markdown']; $options = [ 'http' => [ 'header' => "Content-type: application/x-www-form-urlencoded ", 'method' => 'POST', 'content' => http_build_query($data) ] ]; $context = stream_context_create($options); @file_get_contents($url, false, $context); } if (wablas_is_configured()) { wablas_notify_online_order($orderData, 'created'); } } catch (Exception $e) { // ignore notification errors } echo json_encode(['success' => true]); } catch (Exception $e) { echo json_encode(['success' => false, 'error' => 'Database error: ' . $e->getMessage()]); }