CORE_V5 // vfa

PATH: home / u865795251 / domains / whatisnewis.com / public_html / vfa /

Editing: create-order.php

<?php
// PHP Endpoint to generate Razorpay orders or handle mock fallbacks securely
require_once __DIR__ . '/db.php';

header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: Content-Type');

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    exit(0);
}

// Read JSON payload
$input = json_decode(file_get_contents('php://input'), true);

$name = isset($input['name']) ? trim($input['name']) : '';
$email = isset($input['email']) ? trim($input['email']) : '';
$phone = isset($input['phone']) ? trim($input['phone']) : '';
$countryCode = isset($input['countryCode']) ? trim($input['countryCode']) : '91';
$message = isset($input['message']) ? trim($input['message']) : '';
$reminderAdded = isset($input['reminderAdded']) ? ($input['reminderAdded'] ? 1 : 0) : 0;

if (empty($name) || empty($email) || empty($phone)) {
    http_response_code(400);
    echo json_encode(['error' => 'Required parameters missing.']);
    exit;
}

// Fetch active pricing config from the settings database securely
$settingsStmt = $db->query("SELECT key, value FROM settings");
$settingsRaw = $settingsStmt->fetchAll();
$settings = [];
foreach ($settingsRaw as $row) {
    $settings[$row['key']] = floatval($row['value']);
}
$webinarPrice = isset($settings['webinar_price']) ? $settings['webinar_price'] : 289.00;
$reminderPrice = isset($settings['reminder_price']) ? $settings['reminder_price'] : 40.00;

// Calculate secure pricing matrices on server-side
$subtotal = $webinarPrice;
if ($reminderAdded) {
    $subtotal += $reminderPrice;
}
$gst = round($subtotal * 0.18, 2);
$amount = $subtotal + $gst;

// Determine if we should activate Mock Mode
$hasSecret = defined('RAZORPAY_KEY_SECRET') && 
              RAZORPAY_KEY_SECRET !== 'YOUR_RAZORPAY_KEY_SECRET' && 
              trim(RAZORPAY_KEY_SECRET) !== '';

if (!$hasSecret) {
    error_log("⚠️ [RAZORPAY PHP MOCK MODE]: Missing key secret. Running mock sequence.");
    generateMockPHPOrder($db, $amount, $subtotal, $gst, $name, $email, $phone, $countryCode, $message, $reminderAdded);
    exit;
}

try {
    $amountInPaise = round($amount * 100);
    $receiptId = "rcpt_" . time();

// Prepare Razorpay API Curl Call
    $curl = curl_init();
    curl_setopt_array($curl, [
        CURLOPT_URL => "https://api.razorpay.com/v1/orders",
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_POST => true,
        CURLOPT_POSTFIELDS => json_encode([
            "amount" => $amountInPaise,
            "currency" => "INR",
            "receipt" => $receiptId
        ]),
        CURLOPT_HTTPHEADER => [
            "Content-Type: application/json",
            "Authorization: Basic " . base64_encode(RAZORPAY_KEY_ID . ":" . RAZORPAY_KEY_SECRET)
        ],
        CURLOPT_TIMEOUT => 15
    ]);

$response = curl_exec($curl);
    $httpCode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
    curl_close($curl);

$order = json_decode($response, true);

if ($httpCode !== 200) {
        // Automatically fallback to mock mode if credentials are unverified (401)
        if ($httpCode === 401) {
            error_log("⚠️ [RAZORPAY PHP FALLBACK]: Authentication failed. Falling back to Mock Mode...");
            generateMockPHPOrder($db, $amount, $subtotal, $gst, $name, $email, $phone, $countryCode, $message, $reminderAdded);
            exit;
        }
        throw new Exception("Razorpay API error: " . ($order['error']['description'] ?? 'Unknown Error'));
    }

// Insert as Pending
    $stmt = $db->prepare("INSERT INTO users (name, email, phone, country_code, message, reminder_added, subtotal, gst_amount, amount_paid, razorpay_order_id, payment_status) 
                          VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 'Pending')");
    $stmt->execute([
        $name, $email, $phone, $countryCode, $message, $reminderAdded,
        number_format($subtotal, 2, '.', ''), number_format($gst, 2, '.', ''), number_format($amount, 2, '.', ''),
        $order['id']
    ]);

echo json_encode([
        'order_id' => $order['id'],
        'amount' => $order['amount'],
        'key_id' => RAZORPAY_KEY_ID
    ]);

} catch (Exception $e) {
    http_response_code(500);
    echo json_encode(['error' => $e->getMessage()]);
}

function generateMockPHPOrder($db, $amount, $subtotal, $gst, $name, $email, $phone, $countryCode, $message, $reminderAdded) {
    $mockId = "order_mock_" . time() . "_" . rand(1000, 9999);
    
    $stmt = $db->prepare("INSERT INTO users (name, email, phone, country_code, message, reminder_added, subtotal, gst_amount, amount_paid, razorpay_order_id, payment_status) 
                          VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 'Pending')");
    $stmt->execute([
        $name, $email, $phone, $countryCode, $message, $reminderAdded,
        number_format($subtotal, 2, '.', ''), number_format($gst, 2, '.', ''), number_format($amount, 2, '.', ''),
        $mockId
    ]);

echo json_encode([
        'order_id' => $mockId,
        'amount' => round($amount * 100),
        'key_id' => RAZORPAY_KEY_ID,
        'mock' => true
    ]);
}

CANCEL