-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathipn.php
More file actions
156 lines (151 loc) · 6.95 KB
/
ipn.php
File metadata and controls
156 lines (151 loc) · 6.95 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
<?php
include_once(dirname(__FILE__).'/inc/functions.php');
include_once(dirname(__FILE__).'/inc/icdb.php');
include_once(dirname(__FILE__).'/inc/common.php');
header("Cache-Control: no-cache, no-store, must-revalidate");
header("Pragma: no-cache");
header("Expires: 0");
if (array_key_exists('payment', $_GET) && $_GET['payment'] == 'stripe') {
if (!class_exists("\Stripe\Stripe")) require_once(dirname(__FILE__).'/inc/stripe/init.php');
$payload = @file_get_contents('php://input');
$sig_header = $_SERVER['HTTP_STRIPE_SIGNATURE'];
$event = null;
try {
$event = \Stripe\Webhook::constructEvent($payload, $sig_header, $options['stripe-webhook-secret']);
} catch(\UnexpectedValueException $e) {
// Invalid payload
http_response_code(400);
exit;
} catch(\Stripe\Exception\SignatureVerificationException $e) {
// Invalid signature
http_response_code(400);
exit;
}
$post_data = json_decode($payload, true);
if (!in_array($post_data['type'], array('checkout.session.completed', 'invoice.paid', 'invoice.payment_failed'))) exit;
$stripe_customer = $wpdb->get_row("SELECT t1.*, t2.membership_id AS m_id, t2.membership_txn_id AS m_txn_id FROM ".$wpdb->prefix."user_customers t1
INNER JOIN ".$wpdb->prefix."users t2 ON t2.id = t1.user_id
WHERE t1.customer_id = '".esc_sql($post_data['data']['object']['customer'])."' AND t1.deleted != '1' AND t1.gateway = 'stripe'", ARRAY_A);
if (empty($stripe_customer)) exit;
switch($post_data['type']) {
case 'checkout.session.completed':
$client_reference_id = explode('-', $post_data['data']['object']['client_reference_id']);
if (sizeof($client_reference_id) && $client_reference_id[0] == 'membership') {
$membership_expires = 0;
$membership_price_id = intval($client_reference_id[1]);
$membership_price = $wpdb->get_row("SELECT t1.*, t2.uuid AS membership_uuid, t2.title AS membership_title, t2.options AS membership_options FROM ".$wpdb->prefix."membership_prices t1
INNER JOIN ".$wpdb->prefix."memberships t2 ON t2.id = t1.membership_id
WHERE t1.id = '".esc_sql($membership_price_id)."' AND t1.deleted != '1' AND t2.deleted != '1'", ARRAY_A);
if ($post_data['data']['object']['mode'] == 'subscription') {
$subscription_id = $post_data['data']['object']['subscription'];
try {
\Stripe\Stripe::setApiKey($options['stripe-secret-key']);
$subscription = \Stripe\Subscription::retrieve($subscription_id, []);
$membership_expires = $subscription->current_period_end + $options['membership-grace-period']*3600*24;
} catch(Exception $e) {
// TODO: Notify admin about API problem.
echo esc_html(rtrim($body['error']['message'], '.').'.');
exit;
}
} else $subscription_id = '';
if (array_key_exists('currency', $post_data['data']['object'])) $currency = strtoupper($post_data['data']['object']['currency']);
else $currency = strtoupper($post_data['data']['object']['display_items'][0]['currency']);
if (in_array($currency, $stripe_no_100)) $multiplier = 1;
else $multiplier = 100;
if (array_key_exists('amount_total', $post_data['data']['object'])) $price = number_format($post_data['data']['object']['amount_total']/$multiplier, 2, '.', '');
else $price = number_format($post_data['data']['object']['display_items'][0]['amount']/$multiplier, 2, '.', '');
$wpdb->query("INSERT INTO ".$wpdb->prefix."transactions (
gateway,
customer_id,
subscription_id,
details,
type,
price,
currency,
txn_id,
deleted,
created
) VALUES (
'stripe',
'".esc_sql($post_data['data']['object']['customer'])."',
'".esc_sql($subscription_id)."',
'".esc_sql(json_encode($post_data))."',
'checkout.session.completed',
'".esc_sql($price)."',
'".esc_sql($currency)."',
'".esc_sql($post_data['data']['object']['id'])."',
'0',
'".time()."'
)");
$txn_id = $wpdb->insert_id;
if (!empty($membership_price)) {
if ($stripe_customer['m_id'] > 0) {
// TODO: Notify admin about new subscription of subscribed user.
} else {
$wpdb->query("UPDATE ".$wpdb->prefix."users SET membership_id = '".esc_sql($membership_price['membership_id'])."', membership_expires = '".esc_sql($membership_expires)."', membership_txn_id = '".esc_sql($txn_id)."' WHERE id = '".esc_sql($stripe_customer['user_id'])."'");
}
} else {
// TODO: Notify admin about data inconsistency.
}
}
break;
case 'invoice.paid':
if (!empty($post_data['data']['object']['subscription'])) {
if (array_key_exists('currency', $post_data['data']['object'])) $currency = strtoupper($post_data['data']['object']['currency']);
else $currency = strtoupper($post_data['data']['object']['lines']['data'][0]['currency']);
if (in_array($currency, $stripe_no_100)) $multiplier = 1;
else $multiplier = 100;
if (array_key_exists('amount_paid', $post_data['data']['object'])) $price = number_format($post_data['data']['object']['amount_paid']/$multiplier, 2, '.', '');
else $price = number_format($post_data['data']['object']['lines']['data'][0]['amount']/$multiplier, 2, '.', '');
$wpdb->query("INSERT INTO ".$wpdb->prefix."transactions (
gateway,
customer_id,
subscription_id,
details,
type,
price,
currency,
txn_id,
deleted,
created
) VALUES (
'stripe',
'".esc_sql($post_data['data']['object']['customer'])."',
'".esc_sql($post_data['data']['object']['subscription'])."',
'".esc_sql(json_encode($post_data))."',
'invoice.paid',
'".esc_sql($price)."',
'".esc_sql($currency)."',
'".esc_sql($post_data['data']['object']['id'])."',
'0',
'".time()."'
)");
$checkout_transaction = $wpdb->get_row("SELECT t1.*, t3.id AS user_id FROM ".$wpdb->prefix."transactions t1
INNER JOIN ".$wpdb->prefix."user_customers t2 ON t2.customer_id = t1.customer_id
INNER JOIN ".$wpdb->prefix."users t3 ON t3.id = t2.user_id AND t3.membership_txn_id = t1.id
WHERE
t1.gateway = 'stripe' AND
t1.type = 'checkout.session.completed' AND
t1.customer_id = '".esc_sql($post_data['data']['object']['customer'])."' AND
t1.subscription_id = '".esc_sql($post_data['data']['object']['subscription'])."' AND
t2.gateway = 'stripe'
", ARRAY_A);
if (!empty($checkout_transaction) && !empty($checkout_transaction['user_id'])) {
try {
\Stripe\Stripe::setApiKey($options['stripe-secret-key']);
$subscription = \Stripe\Subscription::retrieve($post_data['data']['object']['subscription'], []);
$membership_expires = $subscription->current_period_end + $options['membership-grace-period']*3600*24;
$wpdb->query("UPDATE ".$wpdb->prefix."users SET membership_expires = '".esc_sql($membership_expires)."' WHERE id = '".esc_sql($checkout_transaction['user_id'])."'");
} catch(Exception $e) {
// TODO: Notify admin about API problem.
echo esc_html(rtrim($body['error']['message'], '.').'.');
exit;
}
}
}
break;
default:
break;
}
}
?>