PK
<?php
include "conn.php";
require('razorpay/Razorpay.php');
use Razorpay\Api\Api;
use Razorpay\Api\Errors\SignatureVerificationError;
// echo "<pre>"; print_r($_POST); print_r($_SESSION);echo "</pre>";
if($_POST['payment_mode']=="razorpay"){
$keyId = 'rzp_live_ZzlSSwkpCRmlHp';
$keySecret = 'EAwdD4CyPtfeMxaZZSK5JehO';
$api = new Api($keyId, $keySecret);
$success = false;
$error = "Payment Failed";
if (!empty($_POST['razorpay_payment_id']) && !empty($_POST['razorpay_order_id']) && !empty($_POST['razorpay_signature'])) {
try {
$attributes = array(
'razorpay_payment_id' => $_POST['razorpay_payment_id'],
'razorpay_order_id' => $_POST['razorpay_order_id'],
'razorpay_signature' => $_POST['razorpay_signature']
);
$api->utility->verifyPaymentSignature($attributes);
$success = true;
} catch(SignatureVerificationError $e) {
$error = 'Razorpay Error: ' . $e->getMessage();
}
}
if ($success) {
// Get payment details
$payment = $api->payment->fetch($_POST['razorpay_payment_id']);
// Insert order into database
$order_id = uniqid('ORD');
$total = $payment->amount / 100; // Convert from paise to rupees
// Get address details
$address_query = "SELECT * FROM member_address WHERE address_id = '" . $_POST['address_id_val'] . "'";
$address_result = mysqli_query($conn, $address_query);
$address = mysqli_fetch_array($address_result);
$cart_total=getCartTotal();
// echo "cart_total: $cart_total<br>";die;
if($_SESSION['coupon']!=""){
$ar=validate_coupon($_SESSION['coupon'], $cart_total);
$disc=$ar['disc'];
// $grand_total=number_format($cart_total-$disc, 2, '.', '');
}
$ar=explode(" ",$address['name']);
$fname=$ar[0];
$lname=$ar[1];
// Insert order
$sql = "INSERT INTO orders SET
rand_order_id = '$order_id',
member_id = '$_SESSION[member_id]',
address_id = '$_POST[address_id_val]',
fname = '$fname',
lname = '$lname',
email = '$_SESSION[user_email]',
mobile = '$address[mobile]',
phone = '$address[phone]',
address = '" . $address['address1'] . "',
address1 = '" . $address['address2'] . "',
city = '" . $address['user_city'] . "',
state = '" . $address['user_state'] . "',
country = '" . $address['user_country'] . "',
postcode = '" . $address['pincode'] . "',
comments = '$_POST[comments]',
coupon = '$_SESSION[coupon]',
coupon_discount = '$disc',
shipping = '$_POST[shipping_charges]',
cart_total = '$cart_total',
total = '$total',
payment_method = '".$_POST['payment_mode']."',
razorpay_payment_id = '" . $_POST['razorpay_payment_id'] . "',
razorpay_order_id = '" . $_POST['razorpay_order_id'] . "',
razorpay_signature = '" . $_POST['razorpay_payment_id'] . "',
payment_status = '".$success."',
payment_response = '" . json_encode($payment->toArray()) . "',
dt = NOW()
";
// echo "$sql <br>"; die;
mysqli_query($conn, $sql) or die(mysqli_error($conn));
$order_primary_id = mysqli_insert_id($conn);
// print_r($payment);
// die($order_primary_id.' - '.$success." - aaaaaaaaa");
// Insert order items
$cart_query = "SELECT * FROM cart
INNER JOIN prd ON prd.pid = cart.product_id
WHERE (member_id = '" . $_SESSION['member_id'] . "' OR session_id = '" . session_id() . "')";
$cart_result = mysqli_query($conn, $cart_query);
while ($item = mysqli_fetch_array($cart_result)) {
$price = ($item['dprice'] > 0) ? $item['dprice'] : $item['price'];
$sql = "INSERT INTO order_details SET
order_id = '$order_id',
pid = '" . $item['product_id'] . "',
color = '" . $item['color'] . "',
qty = '" . $item['qty'] . "',
price = '$price'
";
mysqli_query($conn, $sql);
}
// Clear cart
mysqli_query($conn, "DELETE FROM cart WHERE (member_id = '" . $_SESSION['member_id'] . "' OR session_id = '" . session_id() . "')");
$qi="SELECT * from orders where order_id='$order_id'";
$qi=mysqli_query($GLOBALS["conn"], $qi) or die(mysqli_error($GLOBALS["conn"]));
if($r=mysqli_fetch_array($qi)){
$sql = "SELECT * FROM order_details WHERE order_id='$r[order_id]'";
$sql=mysqli_query($GLOBALS["conn"], $sql) or die(mysqli_error($GLOBALS["conn"]));
while($prd=mysqli_fetch_array($sql)){
$q="UPDATE prd set stock_qty=stock_qty-$qty where pid='$prd[pid]'";
mysqli_query($GLOBALS["conn"], $q) or die(mysqli_error($GLOBALS["conn"]));
}
}
// Clear session variables
unset($_SESSION['coupon']);
unset($_SESSION['razorpay_order_id']);
send_order_email_sms($order_primary_id);
// Redirect to success page
$_SESSION['success'] = "Thank you for your order! Your order ID is: " . $order_primary_id;
header("Location: charge.php?order_id=$order_primary_id");
exit();
} else {
$_SESSION['error'] = $error;
header("Location: checkout.php");
exit();
}
}elseif($_POST['payment_mode']=="cod"){
// Get address details
$address_query = "SELECT * FROM member_address WHERE address_id = '" . $_POST['address_id_val'] . "'";
$address_result = mysqli_query($conn, $address_query);
$address = mysqli_fetch_array($address_result);
$grand_total=$cart_total=getCartTotal();
// echo "cart_total: $cart_total<br>";die;
if($_SESSION['coupon']!=""){
$ar=validate_coupon($_SESSION['coupon'], $cart_total);
$disc=$ar['disc'];
$grand_total=number_format($cart_total-$disc, 2, '.', '');
}
$grand_total+=$_POST['shipping_charges'];
$ar=explode(" ",$address['name']);
$fname=$ar[0];
$lname=$ar[1];
// Insert order
$sql = "INSERT INTO orders SET
rand_order_id = '$order_id',
member_id = '$_SESSION[member_id]',
address_id = '$_POST[address_id_val]',
fname = '$fname',
lname = '$lname',
email = '$_SESSION[user_email]',
mobile = '$address[mobile]',
phone = '$address[phone]',
address = '" . $address['address1'] . "',
address1 = '" . $address['address2'] . "',
city = '" . $address['user_city'] . "',
state = '" . $address['user_state'] . "',
country = '" . $address['user_country'] . "',
postcode = '" . $address['pincode'] . "',
comments = '$_POST[comments]',
coupon = '$_SESSION[coupon]',
coupon_discount = '$disc',
shipping = '$_POST[shipping_charges]',
cart_total = '$cart_total',
total = '$grand_total',
payment_method = '".$_POST['payment_mode']."',
dt = NOW()
";
// echo "$sql <br>"; die;
mysqli_query($conn, $sql) or die(mysqli_error($conn));
$order_id = mysqli_insert_id($conn);
// print_r($payment);
// die($order_id.' - '.$success." - aaaaaaaaa");
// Insert order items
$cart_query = "SELECT * FROM cart
INNER JOIN prd ON prd.pid = cart.product_id
WHERE (member_id = '" . $_SESSION['member_id'] . "' OR session_id = '" . session_id() . "')";
$cart_result = mysqli_query($conn, $cart_query);
while ($item = mysqli_fetch_array($cart_result)) {
$price = ($item['dprice'] > 0) ? $item['dprice'] : $item['price'];
$sql = "INSERT INTO order_details SET
order_id = '$order_id',
pid = '" . $item['product_id'] . "',
color = '" . $item['color'] . "',
qty = '" . $item['qty'] . "',
price = '$price'
";
mysqli_query($conn, $sql);
}
// Clear cart
mysqli_query($conn, "DELETE FROM cart WHERE (member_id = '" . $_SESSION['member_id'] . "' OR session_id = '" . session_id() . "')");
$qi="SELECT * from orders where order_id='$order_id'";
$qi=mysqli_query($GLOBALS["conn"], $qi) or die(mysqli_error($GLOBALS["conn"]));
if($r=mysqli_fetch_array($qi)){
$sql = "SELECT * FROM order_details WHERE order_id='$r[order_id]'";
$sql=mysqli_query($GLOBALS["conn"], $sql) or die(mysqli_error($GLOBALS["conn"]));
while($prd=mysqli_fetch_array($sql)){
$q="UPDATE prd set stock_qty = stock_qty-$prd[qty] where pid='$prd[pid]' ";
mysqli_query($GLOBALS["conn"], $q) or die(mysqli_error($GLOBALS["conn"]));
}
}
// Clear session variables
unset($_SESSION['coupon']);
unset($_SESSION['coupon_msg']);
//////////////////////////////// SEND MAIL N SMS START //////////////////////////////////////
send_order_email_sms($order_id);
//////////////////////////////// SEND MAIL N SMS END //////////////////////////////////////
// Redirect to success page
header("Location: charge.php?order_id=$order_id");
die;
}
?>
PK 99