Merge pull request #1148 from itflow-org/stripe-autopay

Initial add Stripe Auto-payment with saved card

Author: johnnyq

admin_settings_online_payment_clients.php

@@ -0,0 +1,51 @@
+<?php
+
+require_once "includes/inc_all_admin.php";
+
+$stripe_clients_sql = mysqli_query($mysqli, "SELECT * FROM client_stripe LEFT JOIN clients ON client_stripe.client_id = clients.client_id");
+?>
+
+    <div class="card card-dark">
+        <div class="card-header py-3">
+            <h3 class="card-title"><i class="fas fa-fw fa-credit-card mr-2"></i>Online Payment - Client info</h3>
+        </div>
+
+        <div class="card-body">
+
+            <table class="table tabled-bordered border border-dark">
+                <thead class="thead-dark">
+                <tr>
+                    <th>Client</th>
+                    <th>Stripe Customer ID</th>
+                    <th>Stripe Payment ID</th>
+                </tr>
+                </thead>
+                <tbody>
+
+                <?php
+                while ($row = mysqli_fetch_array($stripe_clients_sql)) {
+                    $client_id = intval($row['client_id']);
+                    $client_name = sanitizeInput($row['client_name']);
+                    $stripe_id = sanitizeInput($row['stripe_id']);
+                    $stripe_pm = sanitizeInput($row['stripe_pm']);
+
+                    ?>
+
+                    <tr>
+                        <td><?php echo "$client_name ($client_id)" ?></td>
+                        <td><?php echo $stripe_id; ?></td>
+                        <td><?php echo $stripe_pm ?></td>
+                    </tr>
+
+                <?php } ?>
+
+                </tbody>
+            </table>
+
+        </div>
+
+    </div>
+
+<?php
+require_once "includes/footer.php";
+

database_updates.php

@@ -2404,10 +2404,16 @@ function processFile($file_path, $file_name, $mysqli) {
         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.7.5'");
     }
 
-    // if (CURRENT_DATABASE_VERSION == '1.7.5') {
-    //     // Insert queries here required to update to DB version 1.7.6
+     if (CURRENT_DATABASE_VERSION == '1.7.5') {
+         mysqli_query($mysqli, "CREATE TABLE `client_stripe` (`client_id` INT(11) NOT NULL, `stripe_id` VARCHAR(255) NOT NULL, `stripe_pm` varchar(255) NULL) ENGINE = InnoDB CHARSET=utf8mb4 COLLATE utf8mb4_unicode_ci; ");
+
+         mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.7.6'");
+     }
+
+    // if (CURRENT_DATABASE_VERSION == '1.7.6') {
+    //     // Insert queries here required to update to DB version 1.7.7
     //     // Then, update the database to the next sequential version
-    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.7.6'");
+    //     mysqli_query($mysqli, "UPDATE `settings` SET `config_current_database_version` = '1.7.7'");
     // }
 
 } else {

database_version.php

@@ -5,4 +5,4 @@
  * It is used in conjunction with database_updates.php
  */
 
-DEFINE("LATEST_DATABASE_VERSION", "1.7.5");
+DEFINE("LATEST_DATABASE_VERSION", "1.7.6");

db.sql

@@ -342,6 +342,17 @@ CREATE TABLE `client_notes` (
 ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_general_ci;
 /*!40101 SET character_set_client = @saved_cs_client */;
 
+--
+-- Table structure for table `client_stripe`
+--
+
+DROP TABLE IF EXISTS `client_stripe`;
+CREATE TABLE IF NOT EXISTS `client_stripe` (
+  `client_id` int(11) NOT NULL,
+  `stripe_id` varchar(255) NOT NULL,
+  `stripe_pm` varchar(255) NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci;
+
 --
 -- Table structure for table `client_tags`
 --

guest/guest_pay_invoice_stripe.php

@@ -279,7 +279,7 @@
 
     // Add Payment to History
     mysqli_query($mysqli, "INSERT INTO payments SET payment_date = '$pi_date', payment_amount = $pi_amount_paid, payment_currency_code = '$pi_currency', payment_account_id = $config_stripe_account, payment_method = 'Stripe', payment_reference = 'Stripe - $pi_id', payment_invoice_id = $invoice_id");
-    mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Paid', history_description = 'Payment added - $ip - $os - $browser', history_invoice_id = $invoice_id");
+    mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Paid', history_description = 'Online Payment added (client) - $ip - $os - $browser', history_invoice_id = $invoice_id");
 
     // Notify
     appNotify("Invoice Paid", "Invoice $invoice_prefix$invoice_number has been paid by $client_name - $ip - $os - $browser", "invoice.php?invoice_id=$invoice_id", $pi_client_id);
@@ -313,7 +313,7 @@
 
     if (!empty($config_smtp_host)) {
         $subject = "Payment Received - Invoice $invoice_prefix$invoice_number";
-        $body = "Hello $contact_name,<br><br>We have received your payment in the amount of " . $pi_currency . $pi_amount_paid . " for invoice <a href=\'https://$config_base_url/guest/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key\'>$invoice_prefix$invoice_number</a>. Please keep this email as a receipt for your records.<br><br>Amount: " . numfmt_format_currency($currency_format, $pi_amount_paid, $invoice_currency_code) . "<br>Balance: " . numfmt_format_currency($currency_format, '0', $invoice_currency_code) . "<br><br>Thank you for your business!<br><br><br>~<br>$company_name - Billing<br>$config_invoice_from_email<br>$company_phone";
+        $body = "Hello $contact_name,<br><br>We have received online payment for the amount of " . $pi_currency . $pi_amount_paid . " for invoice <a href=\'https://$config_base_url/guest/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key\'>$invoice_prefix$invoice_number</a>. Please keep this email as a receipt for your records.<br><br>Amount: " . numfmt_format_currency($currency_format, $pi_amount_paid, $invoice_currency_code) . "<br><br>Thank you for your business!<br><br><br>~<br>$company_name - Billing<br>$config_invoice_from_email<br>$company_phone";
 
         $data = [
             [
@@ -330,7 +330,7 @@
         // Email the internal notification address too
         if (!empty($config_invoice_paid_notification_email)) {
             $subject = "Payment Received - $client_name - Invoice $invoice_prefix$invoice_number";
-            $body = "Hello, <br><br>This is a notification that an invoice has been paid in ITFlow. Below is a copy of the receipt sent to the client:-<br><br>--------<br><br>Hello $contact_name,<br><br>We have received your payment in the amount of " . $pi_currency . $pi_amount_paid . " for invoice <a href=\'https://$config_base_url/guest/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key\'>$invoice_prefix$invoice_number</a>. Please keep this email as a receipt for your records.<br><br>Amount: " . numfmt_format_currency($currency_format, $pi_amount_paid, $invoice_currency_code) . "<br>Balance: " . numfmt_format_currency($currency_format, '0', $invoice_currency_code) . "<br><br>Thank you for your business!<br><br><br>~<br>$company_name - Billing<br>$config_invoice_from_email<br>$company_phone";
+            $body = "Hello, <br><br>This is a notification that an invoice has been paid in ITFlow. Below is a copy of the receipt sent to the client:-<br><br>--------<br><br>Hello $contact_name,<br><br>We have received online payment for the amount of " . $pi_currency . $pi_amount_paid . " for invoice <a href=\'https://$config_base_url/guest/guest_view_invoice.php?invoice_id=$invoice_id&url_key=$invoice_url_key\'>$invoice_prefix$invoice_number</a>. Please keep this email as a receipt for your records.<br><br>Amount: " . numfmt_format_currency($currency_format, $pi_amount_paid, $invoice_currency_code) . "<br><br>Thank you for your business!<br><br><br>~<br>$company_name - Billing<br>$config_invoice_from_email<br>$company_phone";
 
             $data[] = [
                 'from' => $config_invoice_from_email,

invoice.php

@@ -145,6 +145,17 @@
         $json_products = json_encode($products);
     }
 
+    // Payment with saved card (auto-pay)
+    if ($config_stripe_enable) {
+        $stripe_client_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM client_stripe WHERE client_id = $client_id LIMIT 1"));
+        if ($stripe_client_details) {
+            $stripe_id = sanitizeInput($stripe_client_details['stripe_id']);
+            $stripe_pm = sanitizeInput($stripe_client_details['stripe_pm']);
+        }
+    }
+
+
+
     ?>
 
     <ol class="breadcrumb d-print-none">
@@ -197,6 +208,11 @@
                         <a class="btn btn-success" href="#" data-toggle="modal" data-target="#addPaymentModal">
                             <i class="fa fa-fw fa-credit-card mr-2"></i>Add Payment
                         </a>
+                        <?php if ($invoice_status !== 'Partial' && $config_stripe_enable && $stripe_id && $stripe_pm) { ?>
+                            <a class="btn btn-primary confirm-link" href="post.php?add_payment_stripe&invoice_id=<?php echo $invoice_id; ?>&csrf_token=<?php echo $_SESSION['csrf_token']; ?>">
+                                <i class="fa fa-fw fa-credit-card mr-2"></i>Pay via saved card
+                            </a>
+                        <?php } ?>
                     <?php } ?>
 
                     <?php if (($invoice_status == 'Sent' || $invoice_status == 'Viewed') && $invoice_amount == 0 && $invoice_status !== 'Non-Billable') { ?>

js/autopay_setup_stripe.js

@@ -0,0 +1,23 @@
+// Initialize Stripe.js
+const stripe = Stripe('pk_test_51OTpmkHRGkC845Mqz0zM2A1pjnnXwOyD5tyPzWnRwVthuizNjuBIjoYgMHBMLQBuegrUXQpIyX4yr1fNMo7QzCs500bBnFJgEr');
+
+initialize();
+
+// Fetch Checkout Session and retrieve the client secret
+async function initialize() {
+    const fetchClientSecret = async () => {
+        const response = await fetch("/portal/portal_post.php?create_stripe_checkout", {
+            method: "POST",
+        });
+        const { clientSecret } = await response.json();
+        return clientSecret;
+    };
+
+    // Initialize Checkout
+    const checkout = await stripe.initEmbeddedCheckout({
+        fetchClientSecret,
+    });
+
+    // Mount Checkout
+    checkout.mount('#checkout');
+}

portal/autopay.php

@@ -0,0 +1,134 @@
+<?php
+/*
+ * Client Portal
+ * Auto-pay configuration for PTC/finance contacts
+ */
+
+require_once "inc_portal.php";
+
+if ($session_contact_primary == 0 && !$session_contact_is_billing_contact) {
+    header("Location: portal_post.php?logout");
+    exit();
+}
+
+// Initialize stripe
+require_once '../vendor/stripe-php-10.5.0/init.php';
+
+// Get Stripe vars
+$stripe_vars = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_stripe_enable, config_stripe_publishable, config_stripe_secret FROM settings WHERE company_id = 1"));
+$config_stripe_enable = intval($stripe_vars['config_stripe_enable']);
+$config_stripe_publishable = nullable_htmlentities($stripe_vars['config_stripe_publishable']);
+$config_stripe_secret = nullable_htmlentities($stripe_vars['config_stripe_secret']);
+
+// Get client's StripeID from database
+$stripe_client_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM client_stripe WHERE client_id = $session_client_id LIMIT 1"));
+if ($stripe_client_details) {
+    $stripe_id = sanitizeInput($stripe_client_details['stripe_id']);
+    $stripe_pm = sanitizeInput($stripe_client_details['stripe_pm']);
+}
+
+// Stripe not enabled in settings
+if (!$config_stripe_enable || !$config_stripe_publishable || !$config_stripe_secret) {
+    echo "Stripe payment error - Stripe is not enabled, please talk to your helpdesk for further information.";
+    include_once 'portal_footer.php';
+    exit();
+}
+
+?>
+
+    <h3>AutoPay</h3>
+    <div class="row">
+
+        <div class="col-md-10">
+
+            <!-- Setup pt1: Stripe ID not found / auto-payment not configured -->
+            <?php if (!$stripe_client_details || empty($stripe_id)) { ?>
+
+                <b>Save card details</b><br>
+                In order to set up automatic payments, you must create a customer record in Stripe.<br>
+                First, you must authorize Stripe to store your card details for the purpose of automatic payment.
+            <br><br>
+
+                <div class="col-5">
+                    <form action="portal_post.php" method="POST">
+
+                        <div class="form-group">
+                            <div class="custom-control custom-checkbox">
+                                <input class="custom-control-input" type="checkbox" id="consent" name="consent" value="1" required>
+                                <label for="consent" class="custom-control-label">
+                                    I grant consent for automatic payments
+                                </label>
+                            </div>
+                        </div>
+
+                        <div class="form-group">
+                            <button type="submit" class="form-control btn-success" name="create_stripe_customer">Create Stripe Customer Record</button>
+                        </div>
+                    </form>
+                </div>
+
+            <?php }
+
+            // Setup pt2: Stripe ID found / payment may be configured -->
+            elseif (empty($stripe_pm)) { ?>
+
+                <b>Save card details</b><br>
+                Please add the payment details you would like to save.<br>
+                By adding payment details here, you grant consent for future automatic payments of invoices.<br><br>
+
+                <script src="https://js.stripe.com/v3/"></script>
+                <script src="../js/autopay_setup_stripe.js"></script>
+            <input type="hidden" id="stripe_publishable_key" value="<?php echo $config_stripe_publishable ?>">
+                <div id="checkout">
+                    <!-- Checkout will insert the payment form here -->
+                </div>
+
+            <?php }
+
+            // Manage the saved card
+            else { ?>
+
+                <b>Manage saved card details</b>
+
+                <?php
+
+                try {
+                    // Initialize
+                    $stripe = new \Stripe\StripeClient($config_stripe_secret);
+
+                    // Get payment method info (last 4 digits etc)
+                    $payment_method = $stripe->customers->retrievePaymentMethod(
+                        $stripe_id,
+                        $stripe_pm,
+                        []
+                    );
+
+                } catch (Exception $e) {
+                    $error = $e->getMessage();
+                    error_log("Stripe payment error - encountered exception when fetching payment method info for $stripe_pm: $error");
+                    logApp("Stripe", "error", "Exception when fetching payment method info for $stripe_pm: $error");
+                }
+
+                $card_name = nullable_htmlentities($payment_method->billing_details->name);
+                $card_brand = nullable_htmlentities($payment_method->card->display_brand);
+                $card_last4 = nullable_htmlentities($payment_method->card->last4);
+                $card_expires = nullable_htmlentities($payment_method->card->exp_month) . "/" . nullable_htmlentities($payment_method->card->exp_year);
+
+                ?>
+
+                <ul><li><?php echo "$card_name - $card_brand card ending in $card_last4, expires $card_expires"; ?></li></ul>
+
+                <hr>
+                <b>Actions</b><br>
+                - <a href="portal_post.php?stripe_remove_card&pm=<?php echo $stripe_pm; ?>">Remove saved card</a>
+
+            <?php } ?>
+
+
+        </div>
+
+    </div>
+
+
+<?php
+require_once "portal_footer.php";

portal/index.php

@@ -8,7 +8,6 @@
 
 require_once "inc_portal.php";
 
-
 ?>
 <div class="col-md-2 offset-1">
     <a href="ticket_add.php" class="btn btn-primary btn-block">New ticket</a>

portal/portal_header.php

@@ -50,28 +50,34 @@
                 </li>
 
                 <?php if (($session_contact_primary == 1 || $session_contact_is_billing_contact) && $config_module_enable_accounting == 1) { ?>
-                    <li class="nav-item">
-                        <a class="nav-link <?php if (basename($_SERVER['PHP_SELF']) == "invoices.php") {echo "active";} ?>" href="invoices.php">Invoices</a>
-                    </li>
-                    <li class="nav-item">
-                        <a class="nav-link <?php if (basename($_SERVER['PHP_SELF']) == "quotes.php") {echo "active";} ?>" href="quotes.php">Quotes</a>
+                    <li class="nav-item dropdown">
+                        <a class="nav-link dropdown-toggle <?php echo in_array(basename($_SERVER['PHP_SELF']), ['invoices.php', 'quotes.php', 'autopay.php']) ? 'active' : ''; ?>" href="#" id="navbarDropdown1" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                            Finance
+                        </a>
+                        <div class="dropdown-menu" aria-labelledby="navbarDropdown1">
+                            <a class="dropdown-item" href="invoices.php">Invoices</a>
+                            <a class="dropdown-item" href="quotes.php">Quotes</a>
+                            <a class="dropdown-item" href="autopay.php">Auto Payment</a>
+                        </div>
                     </li>
                 <?php } ?>
+
                 <?php if ($config_module_enable_itdoc && ($session_contact_primary == 1 || $session_contact_is_technical_contact)) { ?>
-                    <li class="nav-item">
-                        <a class="nav-link <?php if (basename($_SERVER['PHP_SELF']) == "documents.php") {echo "active";} ?>" href="documents.php">Documents</a>
-                    </li>
-                    <li class="nav-item">
-                        <a class="nav-link <?php if (basename($_SERVER['PHP_SELF']) == "contacts.php") {echo "active";} ?>" href="contacts.php">Contacts</a>
-                    </li>
-                    <li class="nav-item">
-                        <a class="nav-link <?php if (basename($_SERVER['PHP_SELF']) == "domains.php") {echo "active";} ?>" href="domains.php">Domains</a>
-                    </li>
-                    <li class="nav-item">
-                        <a class="nav-link <?php if (basename($_SERVER['PHP_SELF']) == "certificates.php") {echo "active";} ?>" href="certificates.php">Certificates</a>
+                    <li class="nav-item dropdown">
+                        <a class="nav-link dropdown-toggle <?php echo in_array(basename($_SERVER['PHP_SELF']), ['documents.php', 'contacts.php', 'domains.php', 'certificates.php']) ? 'active' : ''; ?>" href="#" id="navbarDropdown2" role="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                            Technical
+                        </a>
+                        <div class="dropdown-menu" aria-labelledby="navbarDropdown2">
+                            <a class="dropdown-item" href="contacts.php">Contacts</a>
+                            <a class="dropdown-item" href="documents.php">Documents</a>
+                            <a class="dropdown-item" href="domains.php">Domains</a>
+                            <a class="dropdown-item" href="certificates.php">Certificates</a>
+                            <a class="dropdown-item" href="ticket_view_all.php">All tickets</a>
+                        </div>
                     </li>
                 <?php } ?>
-            </ul>
+
+            </ul><!-- End left nav -->
 
             <ul class="nav navbar-nav pull-right">
                 <li class="nav-item dropdown">
@@ -100,7 +106,6 @@
                 <img src="<?php echo "../uploads/clients/$session_client_id/$session_contact_photo"; ?>" alt="..." height="50" width="50" class="img-circle img-responsive">
 
             <?php } else { ?>
-
                 <span class="fa-stack fa-2x rounded-left">
                     <i class="fa fa-circle fa-stack-2x text-secondary"></i>
                     <span class="fa fa-stack-1x text-white"><?php echo $session_contact_initials; ?></span>