'Method not allowed'], 405); } $input = json_decode(file_get_contents('php://input'), true); $orderId = $input['order_id'] ?? ''; $originUrl = $input['origin_url'] ?? ''; if (empty($orderId)) { jsonResponse(['error' => 'Order ID required'], 400); } if (empty($originUrl)) { $originUrl = SITE_URL; } // Get order $order = db()->fetch( "SELECT * FROM orders WHERE order_id = :id", ['id' => $orderId] ); if (!$order) { jsonResponse(['error' => 'Order not found'], 404); } if ($order['payment_status'] === 'paid') { jsonResponse(['error' => 'Order already paid'], 400); } // Check if Stripe is configured if (!isStripeConfigured()) { // Demo mode - simulate successful payment db()->update('orders', [ 'payment_status' => 'paid', 'order_status' => 'confirmed', 'stripe_payment_intent' => 'demo_' . bin2hex(random_bytes(8)) ], 'order_id = :id', ['id' => $orderId] ); if (!empty($order['customer_id'])) { loyalty()->awardPoints( $order['customer_id'], (float) $order['total'], 'Order #' . $order['order_number'], $orderId ); } jsonResponse([ 'demo_mode' => true, 'message' => 'Payment simulated (Stripe not configured)', 'redirect' => '/order-confirmation.php?order=' . $orderId ]); } // Build line items from order $items = json_decode($order['items'], true) ?? []; $lineItems = []; foreach ($items as $item) { $lineItems[] = [ 'name' => $item['name'], 'price' => floatval($item['price']), 'quantity' => intval($item['quantity']), 'currency' => 'usd' ]; } // Add shipping if applicable if ($order['shipping_cost'] > 0) { $lineItems[] = [ 'name' => 'Shipping', 'price' => floatval($order['shipping_cost']), 'quantity' => 1, 'currency' => 'usd' ]; } // Build success/cancel URLs $successUrl = rtrim($originUrl, '/') . '/order-confirmation.php?order=' . $orderId . '&session_id={CHECKOUT_SESSION_ID}'; $cancelUrl = rtrim($originUrl, '/') . '/payment.php?order=' . $orderId . '&cancelled=1'; try { $session = stripe()->createCheckoutSession( $lineItems, $successUrl, $cancelUrl, [ 'customer_email' => $order['customer_email'], 'metadata' => [ 'order_id' => $orderId, 'order_number' => $order['order_number'] ] ] ); // Store checkout session ID db()->update('orders', ['stripe_session_id' => $session['id']], 'order_id = :id', ['id' => $orderId] ); jsonResponse([ 'url' => $session['url'], 'session_id' => $session['id'] ]); } catch (Exception $e) { error_log('Stripe Checkout error: ' . $e->getMessage()); jsonResponse(['error' => 'Failed to create checkout session: ' . $e->getMessage()], 500); }