· 5 years ago · Nov 10, 2020, 07:24 PM
1<?php
2
3session_start();
4include('../../php/connection_pdo.php');
5include('../../php/api/security.php');
6include_once('api/products.php');
7include_once('../../vendor/stripe/init.php');
8define('STRIPE_KEY', 'sk_test_51HUFMiGTrkOZKNrh0jQVlFyx0ChkOfs3CIxt9s8Ra2nXy6AlWtLAexa3y9EgIAeas6U8Vd3LWEODIp9GULfmZV0i00kMZwbfQj');
9
10$security = new Seguranca();
11$security->proteger();
12
13
14function getUserIP() {
15 $ipaddress = '';
16 if (isset($_SERVER['HTTP_CLIENT_IP']))
17 $ipaddress = $_SERVER['HTTP_CLIENT_IP'];
18 else if(isset($_SERVER['HTTP_X_FORWARDED_FOR']))
19 $ipaddress = $_SERVER['HTTP_X_FORWARDED_FOR'];
20 else if(isset($_SERVER['HTTP_X_FORWARDED']))
21 $ipaddress = $_SERVER['HTTP_X_FORWARDED'];
22 else if(isset($_SERVER['HTTP_X_CLUSTER_CLIENT_IP']))
23 $ipaddress = $_SERVER['HTTP_X_CLUSTER_CLIENT_IP'];
24 else if(isset($_SERVER['HTTP_FORWARDED_FOR']))
25 $ipaddress = $_SERVER['HTTP_FORWARDED_FOR'];
26 else if(isset($_SERVER['HTTP_FORWARDED']))
27 $ipaddress = $_SERVER['HTTP_FORWARDED'];
28 else if(isset($_SERVER['REMOTE_ADDR']))
29 $ipaddress = $_SERVER['REMOTE_ADDR'];
30 else
31 $ipaddress = "";
32 return $ipaddress;
33}
34
35$ip = getUserIP();
36
37
38if(!isset($_POST['product']) || !isset($_POST['name']) || !isset($_POST['plan']) || !isset($_POST['stripeToken'])) {
39 exit();
40}
41
42$product = $_POST['product'];
43$card_name = $_POST['name'];
44$plan = $_POST['plan'];
45$stripe_token = $_POST['stripeToken'];
46
47if(empty($product) || empty($card_name) || empty($plan) || empty($stripe_token)) {
48 $_SESSION['empty_values'] = true;
49 header('Location: ../profile');
50 exit();
51}
52
53if(!isset($_POST['terms'])) {
54 $_SESSION['terms_error'] = true;
55 header('Location: ../profile');
56 exit();
57}
58
59if(!isset($_SESSION['account_id']) || !isset($_SESSION['account_email'])) {
60 $_SESSION['disconnected'] = true;
61 header('Location: ../profile');
62 exit();
63}
64
65if(isset($_POST['coupon'])) {
66 if(!empty($_POST['coupon'])) {
67 if(strlen($_POST['coupon']) > 10) {
68 $_SESSION['coupoun_invalid'] = true;
69 header('Location: ../profile');
70 exit();
71 }
72 }
73}
74
75$user = $_SESSION['account_id'];
76$user_email = $_SESSION['account_email'];
77
78$stmtProduct = $db->prepare("SELECT * FROM products WHERE id = :productid AND enabled = 1");
79$stmtProduct->bindParam(':productid', $product);
80$stmtProduct->execute();
81
82if($stmtProduct->rowCount() > 0) {
83 // o produto existe
84
85 $resultProduct = $stmtProduct->fetch(PDO::FETCH_ASSOC);
86
87 $product_id = $resultProduct['id'];
88 $product_name = $resultProduct['name'];
89 $product_price = $resultProduct['price'];
90 $product_percent = $resultProduct['percent'];
91 $product_date = $resultProduct['date'];
92 $product_enabled = $resultProduct['enabled'];
93
94 if($plan == 'Monthly') {
95
96 $percent_new = $product_percent / 100;
97 $sub = $product_price * $percent_new;
98 $product_price = $product_price - $sub;
99
100 }
101
102
103 // checar se o usuario possui o produto
104 $products_api = new Products();
105 if($products_api->hasProduct($user, $product_id, $db)) {
106 if(!$_SESSION['account_admin']) {
107
108 $_SESSION['already_has_product'] = true;
109 header('Location: ../profile');
110 exit();
111
112 }
113 }
114
115 $currency = "USD";
116
117 // Set API key
118 \Stripe\Stripe::setApiKey(STRIPE_KEY);
119 // Add customer to stripe
120 try {
121 $customer = \Stripe\Customer::create(array(
122 'email' => $user_email,
123 'source' => $stripe_token
124 ));
125 } catch (Exception $e) {
126 $api_error = $e->getMessage();
127
128 $_SESSION['invalid_card_details'] = true;
129 header('Location: ../profile');
130 exit();
131
132 }
133
134 if($customer) {
135
136 if(isset($_POST['coupon'])) {
137 if(!empty($_POST['coupon'])) {
138 $stmtCoupon = $db->prepare("SELECT * FROM coupons WHERE coupon = :coupon AND enabled = 1");
139 $stmtCoupon->bindParam(':coupon', $_POST['coupon']);
140 $stmtCoupon->execute();
141
142 if($stmtCoupon->rowCount() > 0) {
143 // o cupom existe
144 $resultCoupon = $stmtCoupon->fetch(PDO::FETCH_ASSOC);
145 $coupon_date = $resultCoupon['valid_time'];
146 $coupon_percent = $resultCoupon['percent'];
147
148 // checar se o cupom ja expirou
149
150 $coupoun_date_time = strtotime($coupon_date);
151 $time_check = strtotime('now', time());
152
153 if($time_check < $coupoun_date_time) {
154 // cupom ainda é valido
155
156 $percent_new_coupon = $coupon_percent / 100;
157 $sub_coupon = $product_price * $percent_new_coupon;
158 $product_price = $product_price - $sub_coupon;
159
160
161 } else {
162 // cupom não é mais valido
163 $_SESSION['coupoun_invalid'] = true;
164 header('Location: ../profile');
165 exit();
166 }
167
168 } else {
169 // o cupom nao existe
170 $_SESSION['coupoun_invalid'] = true;
171 header('Location: ../profile');
172 exit();
173 }
174 }
175
176
177 }
178
179 // Convert price to cents
180 $itemPriceCents = ($product_price * 100);
181
182 // Charge a credit or a debit card
183 try {
184 $charge = \Stripe\Charge::create(array(
185 'customer' => $customer->id,
186 'amount' => $itemPriceCents,
187 'currency' => $currency,
188 'description' => $product_name
189 ));
190 } catch (Exception $e) {
191 $api_error = $e->getMessage();
192
193 $_SESSION['charge_creation_failed'] = true;
194 header('Location: ../profile');
195 exit();
196
197 }
198
199 if($charge) {
200
201 $chargeJson = $charge->jsonSerialize();
202
203 if($chargeJson['amount_refunded'] == 0 && empty($chargeJson['failure_code']) && $chargeJson['paid'] == 1 && $chargeJson['captured'] == 1) {
204 // pagamento foi realizado
205
206 $last_four = $chargeJson['payment_method_details']['card']['last4'];
207 $city = $chargeJson['billing_details']['address']['city'];
208 $country = $chargeJson['billing_details']['address']['country'];
209 $postal_code = $chargeJson['billing_details']['address']['postal_code'];
210
211 $transactionID = $chargeJson['balance_transaction'];
212 $paidAmount = $chargeJson['amount'];
213 $paidAmount = ($paidAmount / 100);
214 $paidCurrency = $chargeJson['currency'];
215 $payment_status = $chargeJson['status'];
216
217 if(isset($_POST['coupon'])) {
218 $stmtLog = $db->prepare("INSERT INTO payment_logs(user,name,email,product,price, plan,currency,txn_id, status, date, plataform, coupon) VALUES(:userid, :username, :useremail, :productid, :price, :plan, :currency, :txn_id, :status, NOW(), 'Stripe', :coupon)");
219 $stmtLog->bindParam(':userid', $user);
220 $stmtLog->bindParam(':username', $card_name);
221 $stmtLog->bindParam(':useremail', $user_email);
222 $stmtLog->bindParam(':productid', $product_id);
223 $stmtLog->bindParam(':price', $paidAmount);
224 $stmtLog->bindParam(':plan', $plan);
225 $stmtLog->bindParam(':currency', $currency);
226 $stmtLog->bindParam(':txn_id', $transactionID);
227 $stmtLog->bindParam(':status', $payment_status);
228 $stmtLog->bindParam(':coupon', $_POST['coupon']);
229 $stmtLog->execute();
230 } else {
231 $stmtLog = $db->prepare("INSERT INTO payment_logs(user,name,email,product,price, plan,currency,txn_id, status, date, plataform) VALUES(:userid, :username, :useremail, :productid, :price, :plan, :currency, :txn_id, :status, NOW(), 'Stripe')");
232 $stmtLog->bindParam(':userid', $user);
233 $stmtLog->bindParam(':username', $card_name);
234 $stmtLog->bindParam(':useremail', $user_email);
235 $stmtLog->bindParam(':productid', $product_id);
236 $stmtLog->bindParam(':price', $paidAmount);
237 $stmtLog->bindParam(':plan', $plan);
238 $stmtLog->bindParam(':currency', $currency);
239 $stmtLog->bindParam(':txn_id', $transactionID);
240 $stmtLog->bindParam(':status', $payment_status);
241 $stmtLog->execute();
242 }
243
244
245 if($payment_status == 'succeeded') {
246
247 if($_SESSION['account_admin']) {
248 $permission = 1;
249 } else {
250 $permission = 0;
251 }
252
253 if($plan == 'Monthly') {
254 $product_type = 0;
255 } else {
256 $product_type = 1;
257 }
258
259 $stmtInsert = $db->prepare("INSERT INTO payments(user, product, token, time, product_type, permission, blocked) VALUES(:userid, :productid, :token, NOW(), :producttype, :permission, 0)");
260 $stmtInsert->bindParam(':userid', $user);
261 $stmtInsert->bindParam(':productid', $product_id);
262 $stmtInsert->bindParam(':token', $stripe_token);
263 $stmtInsert->bindParam(':producttype', $product_type);
264 $stmtInsert->bindParam(':permission', $permission);
265 $stmtInsert->execute();
266
267 // Enviar pagamento para o discord
268
269 $message = "**User**: `".$_SESSION['account_username']."`\n";
270 $message .= "**Email**: `".$_SESSION['account_email']."`\n\n";
271 $message .= "> **Value**: $".$paidAmount."\n";
272 $message .= "> **Currency**: ".$currency."\n";
273 $message .= "> **Product**: ".$product_name."\n";
274 if(isset($_POST['coupon'])) {
275 if(!empty($_POST['coupon'])) {
276 $message .= "> **Coupon**: ".strtoupper($_POST['coupon'])."\n";
277 }
278 }
279 $message .= "> **Plan**: ".$plan."\n\n";
280 $message .= "> **Card name**: ".$card_name."\n";
281 $message .= "> **Card last digits**: ".$last_four."\n";
282 $message .= "> **Plataform**: Stripe\n\n";
283 $message .= "> **ZIP Code**: ".$postal_code."\n";
284 $message .= "> **IP**: ||".$ip."||\n\n";
285
286 $date = date('d M, Y', strtotime('now'));
287 $data = ['content' => '<@&540208540401532939>','embeds' => [['title' => ':white_check_mark: Novo pagamento realizado!',
288 'footer' => ["text" => $date,
289 "icon_url" => "https://pbs.twimg.com/profile_images/1293434950071484416/pGgHpn1a_400x400.jpg"],
290 'type' => 'rich', 'description' => $message, 'color' => hexdec("615de0")]]];
291 $options = [
292 'http' => [
293 'method' => 'POST',
294 'header' => 'Content-Type: application/json',
295 'content' => json_encode($data)
296 ]
297 ];
298
299 $context = stream_context_create($options);
300 $result = file_get_contents('https://discordapp.com/api/webhooks/767906421320450089/tPB0nIlMuF75F61bv_CXJOQ-z3ecGFckGZCAmMCoWxV4KZ5AP8qWPXf4Xyofss_JmT9z', false, $context);
301
302 $_SESSION['payed'] = true;
303 header('Location: ../profile');
304 exit();
305
306
307 } else {
308
309 $_SESSION['payment_failed'] = true;
310 header('Location: ../profile');
311 exit();
312 }
313
314 } else {
315
316 $_SESSION['transaction_failed'] = true;
317 header('Location: ../profile');
318 exit();
319
320 }
321
322 } else {
323
324 $_SESSION['api_error'] = true;
325 header('Location: ../profile');
326 exit();
327 }
328
329 } else {
330
331 $_SESSION['customer_error'] = true;
332 header('Location: ../profile');
333 exit();
334 }
335
336
337} else {
338 // o produto não existe
339 $_SESSION['product_exist_error'] = true;
340 header('Location: ../profile');
341 exit();
342}
343
344?>