· 6 years ago · Oct 02, 2019, 10:38 AM
1<?php
2/*
3UserSpice 4
4An Open Source PHP User Management System
5by the UserSpice Team at http://UserSpice.com
6
7This program is free software: you can redistribute it and/or modify
8it under the terms of the GNU General Public License as published by
9the Free Software Foundation, either version 3 of the License, or
10(at your option) any later version.
11
12This program is distributed in the hope that it will be useful,
13but WITHOUT ANY WARRANTY; without even the implied warranty of
14MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15GNU General Public License for more details.
16
17You should have received a copy of the GNU General Public License
18along with this program. If not, see <http://www.gnu.org/licenses/>.
19*/
20
21
22//typical userspice includes
23require_once '../../../../users/init.php';
24require_once $abs_us_root.$us_url_root.'users/includes/template/prep.php';
25//This block of code will allow only https connections
26include "../plugin_info.php";
27pluginActive($plugin_name);
28$use_sts = true;
29
30// iis sets HTTPS to 'off' for non-SSL requests
31if ($use_sts && isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
32 header('Strict-Transport-Security: max-age=31536000');
33} elseif ($use_sts) {
34 header('Location: https://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'], true, 301);
35 // we are in cleartext at the moment, prevent further execution and output
36 die("Your connection is not secure.");
37}
38
39//end stripe-specific security statements
40
41if (!securePage($_SERVER['PHP_SELF'])){die();}
42
43?>
44
45<!-- The generic stripe javascript hosted on stripe.com and specific jquery -->
46<script type="text/javascript" src="https://js.stripe.com/v2/"></script>
47<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
48
49<?php
50//The PHP class for stripe.com
51require_once $abs_us_root.$us_url_root.'usersc/plugins/stripe/assets/stripe-php/init.php';
52?>
53
54<div id="page-wrapper">
55 <div class="container-fluid">
56 <?php
57 if ($_POST) {
58 $token = $_POST['csrf'];
59 if(!Token::check($token)){
60 include($abs_us_root.$us_url_root.'usersc/scripts/token_error.php');
61 }
62 $fname = Input::get('fname');
63 $lname = Input::get('lname');
64 $fullname = $fname." ".$lname;
65 $email = Input::get('email');
66 $rawAmount = Input::get('amount');
67 $amount = $rawAmount * 100; //note that stripe expects the payment amount to be in pennies so we're converting it
68 $note = Input::get('note');
69
70 \Stripe\Stripe::setApiKey($settings->stripe_private);
71
72 // Get the credit card details submitted by the form
73
74 $token = $_POST['stripeToken'];
75 // Add email address to metadata to make it searchable in the dashboard
76
77 $metadata = array(
78 "cardholder_name"=>$fullname,
79 "email"=>$email,
80 "by"=>$user->data()->id,
81 "note"=>$note,
82 );
83
84
85 // Add email address to description for risk scoring
86 $description = $settings->site_name;
87
88
89 // Create the charge on Stripe's servers - this will charge the user's card
90 try {
91 $charge = \Stripe\Charge::create(array(
92 "amount" => $amount, // amount in cents
93 "currency" => "usd",
94 "source" => $token,
95 "description" => $description,
96 "metadata" => $metadata,
97 ));
98 $chargeID = $charge['id']; //from the stripe API
99
100 $fields = array(
101 'user' => $user->data()->id,
102 'amount' => $rawAmount,
103 'email' => $email,
104 'notes' => $note,
105 'fname' => $fname,
106 'lname' => $lname,
107 'charge_id' => $chargeID,
108 'card_type' => Input::get('type'),
109 );
110 $db->insert('stripe_transactions',$fields);
111 logger($user->data()->id,"User","Credit Card - $fullname.");
112 bold("Card processed successfully");
113 } catch(\Stripe\Error\Card $e) {
114 // Since it's a decline, \Stripe\Error\Card will be caught
115 $body = $e->getJsonBody();
116 $err = $body['error'];
117 print('Status is:' . $e->getHttpStatus() . "\n");
118 print('Type is:' . $err['type'] . "\n");
119 print('Code is:' . $err['code'] . "\n");
120 // param is '' in this case
121 print('Param is:' . $err['param'] . "\n");
122 print('Message is:' . $err['message'] . "\n");
123 } catch (\Stripe\Error\RateLimit $e) {
124 // Too many requests made to the API too quickly
125 } catch (\Stripe\Error\InvalidRequest $e) {
126 // Invalid parameters were supplied to Stripe's API
127 } catch (\Stripe\Error\Authentication $e) {
128 // Authentication with Stripe's API failed
129 // (maybe you changed API keys recently)
130 } catch (\Stripe\Error\ApiConnection $e) {
131 // Network communication with Stripe failed
132 } catch (\Stripe\Error\Base $e) {
133 // Display a very generic error to the user, and maybe send
134 // yourself an email
135 } catch (Exception $e) {
136 // Something else happened, completely unrelated to Stripe
137 }
138 }
139 $token = Token::generate();
140 ?>
141 <div class="row">
142 <div class="col-xs-3"></div>
143 <div class="col-xs-6">
144 <form action="" method="POST" id="payment-form">
145 <input type="hidden" name="csrf" $value=<?=$token;?>" />
146 <span class="payment-errors"></span>
147 <div class="form-row">
148 <label>
149 <span>Amount to charge</span>
150 <input class="form-control" type = 'number' min="0.01" step="0.01" size="10" name="amount" value="" />
151 </label>
152 </div>
153 <div class="form-row">
154 <label>
155 <span>Card Number</span>
156 <input class="form-control" type="text" size="20" data-stripe="number" value="" id="account" />
157 </label>
158 </div>
159 <label>
160 <span>Card Type</span>
161 <select class="form-control" name="type" id="type">
162 <option value="">(Select card type)</option>
163 <option value="amex">American Express</option>
164 <option value="visa">Visa</option>
165 <option value="mastercard">MasterCard</option>
166 <option value="discover">Discover</option>
167 </select></label>
168
169 <div class="form-row">
170 <label>
171 <span>Expiration Month(MM)</span>
172 <input class="form-control"type="text" size="2" data-stripe="exp-month" id="expMonth" value="" />
173 </label>
174 <span> / </span>
175 <label>
176 <span>Expiration Year(YY)</span>
177 <input class="form-control" type="text" size="2" data-stripe="exp-year" value="" id="expYear" />
178 </label>
179 </div>
180 <div class="form-row">
181 <label>
182 <span>Cardholder First Name</span>
183 <input class="form-control" type="text" size="50" name="firstname" value="" id="firstName"/>
184 </label>
185 <label>
186 <span>Cardholder Last Name</span>
187 <input class="form-control" type="text" size="50" name="lastname" data-stripe="name" value="" id="lastName"/>
188 </label>
189 </div>
190
191 <div class="form-row">
192 <label>
193 <span><font color="red">CVC</font></span>
194 <input class="form-control" type="text" size="4" data-stripe="cvc" value="" />
195 </label>
196 </div>
197
198 <div class="form-row">
199 <label>
200 <span>Customer Email</span>
201 <input type="text" size="50" name="email" value="" />
202 </label>
203 </div>
204 <div class="form-row">
205 <label>
206 <span>Notes</span>
207 <input type="text" size="50" name="notes" value="" />
208 </label>
209 </div>
210
211 <button type="submit">Submit Payment</button>
212 </form>
213 <!-- Content Ends Here -->
214 </div> <!-- /.col -->
215 </div> <!-- /.row -->
216 </div> <!-- /.container -->
217</div> <!-- /.wrapper -->
218
219
220<?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?>
221<script>
222// PART 1 - Client Side
223// Create the card token using Stripe.js
224// set Stripe publishable key: remember to change this to your live secret key in production
225// See your keys here https://dashboard.stripe.com/account/apikeys
226Stripe.setPublishableKey("<?=$settings->stripe_public?>");
227// grab payment form
228var paymentForm = document.getElementById("payment-form");
229// listen for submit
230paymentForm.addEventListener("submit", processForm, false);
231/* Methods */
232// process form on submit
233function processForm(evt) {
234 // prevent form submission
235 evt.preventDefault();
236 // create stripe token
237 Stripe.card.createToken(paymentForm, stripeResponseHandler);
238};
239// handle response back from Stripe
240function stripeResponseHandler(status, response) {
241 // if an error
242 if (response.error) {
243 // respond in some way
244 alert("Error: " + response.error.message);
245 }
246 // if everything is alright
247 else {
248 // creates a token input element and add that to the payment form
249 var token = document.createElement("input");
250 token.name = "stripeToken";
251 token.value = response.id; // token value from Stripe.card.createToken
252 token.type = "hidden"
253 paymentForm.appendChild(token);
254 // resubmit form
255 //alert("Form will submit!\n\nToken ID = " + response.id);
256 // uncomment below to actually submit
257 paymentForm.submit();
258 }
259};
260</script>
261
262
263<?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?>