mirror of
https://github.com/myronblair/tomsjavajive
synced 2026-06-30 17:50:32 -05:00
2550ec5695
When using Stripe Checkout, both checkout.session.completed and payment_intent.succeeded fire for the same payment. After the stripe.php change propagated order_id into PI metadata, the PI handler also found an order_id and sent a second confirmation email. Fix: fetch the order first in payment_intent.succeeded and skip if already confirmed. Also records stripe_payment_intent in this path for direct PI flows that bypass checkout.session.completed.
172 lines
5.9 KiB
PHP
172 lines
5.9 KiB
PHP
<?php
|
|
/**
|
|
* Tom's Java Jive - Stripe Webhook Handler
|
|
* Uses cURL-based Stripe integration (no Composer required)
|
|
*/
|
|
|
|
require_once __DIR__ . '/../includes/functions.php';
|
|
require_once __DIR__ . '/../includes/stripe.php';
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
$payload = file_get_contents('php://input');
|
|
$sigHeader = $_SERVER['HTTP_STRIPE_SIGNATURE'] ?? '';
|
|
|
|
// Verify webhook signature (if secret is configured)
|
|
if (!empty(STRIPE_WEBHOOK_SECRET) && STRIPE_WEBHOOK_SECRET !== 'whsec_your_webhook_secret') {
|
|
try {
|
|
stripe()->verifyWebhookSignature($payload, $sigHeader, STRIPE_WEBHOOK_SECRET);
|
|
$event = json_decode($payload, true);
|
|
} catch (Exception $e) {
|
|
error_log('Stripe webhook signature verification failed: ' . $e->getMessage());
|
|
http_response_code(400);
|
|
exit();
|
|
}
|
|
} else {
|
|
$event = json_decode($payload, true);
|
|
if (!$event) {
|
|
http_response_code(400);
|
|
exit();
|
|
}
|
|
}
|
|
|
|
$eventType = $event['type'] ?? '';
|
|
$data = $event['data']['object'] ?? [];
|
|
|
|
switch ($eventType) {
|
|
|
|
case 'checkout.session.completed':
|
|
// Stripe Checkout (hosted page) — metadata is on the session
|
|
$orderId = $data['metadata']['order_id'] ?? '';
|
|
$paymentIntentId = $data['payment_intent'] ?? '';
|
|
if ($orderId && ($data['payment_status'] ?? '') === 'paid') {
|
|
db()->update('orders',
|
|
[
|
|
'payment_status' => 'paid',
|
|
'order_status' => 'confirmed',
|
|
'stripe_payment_intent' => $paymentIntentId,
|
|
],
|
|
'order_id = :id',
|
|
['id' => $orderId]
|
|
);
|
|
$order = db()->fetch("SELECT * FROM orders WHERE order_id = :id", ['id' => $orderId]);
|
|
if ($order) {
|
|
sendOrderConfirmationEmail($order);
|
|
}
|
|
}
|
|
break;
|
|
|
|
case 'payment_intent.succeeded':
|
|
// Payment Intent flow (embedded/direct) - skip if already confirmed by checkout.session.completed
|
|
$paymentIntentId = $data['id'] ?? '';
|
|
$orderId = $data['metadata']['order_id'] ?? '';
|
|
if ($orderId) {
|
|
$order = db()->fetch("SELECT * FROM orders WHERE order_id = :id", ['id' => $orderId]);
|
|
if ($order && $order['order_status'] !== 'confirmed') {
|
|
db()->update('orders',
|
|
[
|
|
'payment_status' => 'paid',
|
|
'order_status' => 'confirmed',
|
|
'stripe_payment_intent' => $paymentIntentId,
|
|
],
|
|
'order_id = :id',
|
|
['id' => $orderId]
|
|
);
|
|
$order = db()->fetch("SELECT * FROM orders WHERE order_id = :id", ['id' => $orderId]);
|
|
if ($order) {
|
|
sendOrderConfirmationEmail($order);
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
|
|
case 'payment_intent.payment_failed':
|
|
$orderId = $data['metadata']['order_id'] ?? '';
|
|
if ($orderId) {
|
|
db()->update('orders',
|
|
['payment_status' => 'failed'],
|
|
'order_id = :id',
|
|
['id' => $orderId]
|
|
);
|
|
}
|
|
break;
|
|
|
|
case 'charge.refunded':
|
|
$paymentIntentId = $data['payment_intent'] ?? '';
|
|
if ($paymentIntentId) {
|
|
db()->update('orders',
|
|
[
|
|
'payment_status' => 'refunded',
|
|
'order_status' => 'refunded',
|
|
],
|
|
'stripe_payment_intent = :pi',
|
|
['pi' => $paymentIntentId]
|
|
);
|
|
}
|
|
break;
|
|
}
|
|
|
|
http_response_code(200);
|
|
echo json_encode(['received' => true]);
|
|
|
|
/**
|
|
* Send order confirmation email
|
|
*/
|
|
function sendOrderConfirmationEmail($order) {
|
|
$items = json_decode($order['items'], true) ?? [];
|
|
$shippingAddress = json_decode($order['shipping_address'], true) ?? [];
|
|
|
|
$itemsHtml = '';
|
|
foreach ($items as $item) {
|
|
$itemsHtml .= sprintf(
|
|
'<tr><td>%s x%d</td><td style="text-align:right;">$%.2f</td></tr>',
|
|
htmlspecialchars($item['name']),
|
|
$item['quantity'],
|
|
$item['total']
|
|
);
|
|
}
|
|
|
|
$html = <<<HTML
|
|
<div style="font-family: Arial, sans-serif; max-width: 600px; margin: 0 auto;">
|
|
<div style="background: #8B4513; color: white; padding: 20px; text-align: center;">
|
|
<h1 style="margin: 0;">Tom's Java Jive</h1>
|
|
</div>
|
|
|
|
<div style="padding: 30px; background: #FDFBF7;">
|
|
<h2>Order Confirmed!</h2>
|
|
<p>Thank you for your order, {$order['customer_name']}!</p>
|
|
|
|
<div style="background: white; padding: 20px; border-radius: 8px; margin: 20px 0;">
|
|
<p><strong>Order #:</strong> {$order['order_number']}</p>
|
|
<p><strong>Total:</strong> \${$order['total']}</p>
|
|
</div>
|
|
|
|
<h3>Order Details</h3>
|
|
<table style="width: 100%; border-collapse: collapse;">
|
|
{$itemsHtml}
|
|
<tr style="border-top: 2px solid #ccc;">
|
|
<td><strong>Total</strong></td>
|
|
<td style="text-align:right;"><strong>\${$order['total']}</strong></td>
|
|
</tr>
|
|
</table>
|
|
|
|
<h3>Shipping To</h3>
|
|
<p>
|
|
{$shippingAddress['address']}<br>
|
|
{$shippingAddress['city']}, {$shippingAddress['state']} {$shippingAddress['zip']}
|
|
</p>
|
|
|
|
<p style="color: #666; font-size: 14px;">
|
|
We'll send you tracking information once your order ships.
|
|
</p>
|
|
</div>
|
|
|
|
<div style="padding: 20px; text-align: center; color: #666; font-size: 12px;">
|
|
<p>Tom's Java Jive | Premium Coffee</p>
|
|
</div>
|
|
</div>
|
|
HTML;
|
|
|
|
sendEmail($order['customer_email'], "Order Confirmed - #{$order['order_number']}", $html);
|
|
}
|