PNG  IHDR pHYs   OiCCPPhotoshop ICC profilexڝSgTS=BKKoR RB&*! J!QEEȠQ, !{kּ> H3Q5 B.@ $pd!s#~<<+"x M0B\t8K@zB@F&S`cbP-`'{[! eDh;VEX0fK9-0IWfH  0Q){`##xFW<+*x<$9E[-qWW.(I+6aa@.y24x6_-"bbϫp@t~,/;m%h^ uf@Wp~<5j>{-]cK'Xto(hw?G%fIq^D$.Tʳ?D*A, `6B$BB dr`)B(Ͱ*`/@4Qhp.U=pa( Aa!ڈbX#!H$ ɈQ"K5H1RT UH=r9\F;2G1Q= C7F dt1r=6Ыhڏ>C03l0.B8, c˱" VcϱwE 6wB aAHXLXNH $4 7 Q'"K&b21XH,#/{C7$C2'ITFnR#,4H#dk9, +ȅ3![ b@qS(RjJ4e2AURݨT5ZBRQ4u9̓IKhhitݕNWGw Ljg(gwLӋT071oUX**| J&*/Tު UUT^S}FU3S ԖUPSSg;goT?~YYLOCQ_ cx,!k u5&|v*=9C3J3WRf?qtN (~))4L1e\kXHQG6EYAJ'\'GgSSݧ M=:.kDwn^Loy}/TmG X $ <5qo</QC]@Caaᄑ.ȽJtq]zۯ6iܟ4)Y3sCQ? 0k߬~OCOg#/c/Wװwa>>r><72Y_7ȷOo_C#dz%gA[z|!?:eAAA!h쐭!ΑiP~aa~ 'W?pX15wCsDDDޛg1O9-J5*>.j<74?.fYXXIlK9.*6nl {/]py.,:@LN8A*%w% yg"/6шC\*NH*Mz쑼5y$3,幄'L Lݛ:v m2=:1qB!Mggfvˬen/kY- BTZ(*geWf͉9+̳ې7ᒶKW-X潬j9(xoʿܔĹdff-[n ڴ VE/(ۻCɾUUMfeI?m]Nmq#׹=TR+Gw- 6 U#pDy  :v{vg/jBFS[b[O>zG499?rCd&ˮ/~јѡ򗓿m|x31^VwwO| (hSЧc3- cHRMz%u0`:o_F@8N ' p @8N@8}' p '#@8N@8N pQ9p!i~}|6-ӪG` VP.@*j>[ K^<֐Z]@8N'KQ<Q(`s" 'hgpKB`R@Dqj '  'P$a ( `D$Na L?u80e J,K˷NI'0eݷ(NI'؀ 2ipIIKp`:O'`ʤxB8Ѥx Ѥx $ $P6 :vRNb 'p,>NB 'P]-->P T+*^h& p '‰a ‰ (ĵt#u33;Nt̵'ޯ; [3W ~]0KH1q@8]O2]3*̧7# *p>us p _6]/}-4|t'|Smx= DoʾM×M_8!)6lq':l7!|4} '\ne t!=hnLn (~Dn\+‰_4k)0e@OhZ`F `.m1} 'vp{F`ON7Srx 'D˸nV`><;yMx!IS钦OM)Ե٥x 'DSD6bS8!" ODz#R >S8!7ّxEh0m$MIPHi$IvS8IN$I p$O8I,sk&I)$IN$Hi$I^Ah.p$MIN$IR8I·N "IF9Ah0m$MIN$IR8IN$I 3jIU;kO$ɳN$+ q.x* tEXtComment

Viewing File: /home/u423589436/domains/kingshomeandcomfort.com/public_html/insert-payment.php

<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
include("connection.php");

function sanitize($data) {
    return htmlspecialchars(strip_tags($data));
}

if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $transaction_id = sanitize($_GET['transaction_id'] ?? '');

    if (!$transaction_id) {
        http_response_code(400);
        echo "<script>alert('Missing transaction ID');</script>";
        exit;
    }

    $secretKey = 'FLWSECK-0d2c5dbdf37e9e593e1bec83fd26603c-1974160ac65vt-X';

    $curl = curl_init();
    curl_setopt_array($curl, array(
        CURLOPT_URL => "https://api.flutterwave.com/v3/transactions/$transaction_id/verify",
        CURLOPT_RETURNTRANSFER => true,
        CURLOPT_CUSTOMREQUEST => "GET",
        CURLOPT_HTTPHEADER => array(
            "Authorization: Bearer $secretKey"
        ),
    ));

    $response = curl_exec($curl);
    $err = curl_error($curl);
    curl_close($curl);

    if ($err) {
        echo "<script>alert('cURL Error: $err');</script>";
        exit;
    }

    $responseData = json_decode($response, true);

    if (
        isset($responseData['status']) &&
        $responseData['status'] === 'success' &&
        $responseData['data']['status'] === 'successful'
    ) {
        // Get parameters from URL
        $full_name = sanitize($_GET['full_name'] ?? '');
        $email = sanitize($_GET['email'] ?? '');
        $shipping_address = sanitize($_GET['shipping_address'] ?? '');
        $amount = sanitize($_GET['amount'] ?? 0);
        $product_name = sanitize($_GET['product_name'] ?? '');
        $quantity = intval($_GET['quantity'] ?? 1);
        $reference = sanitize($responseData['data']['tx_ref']);
        $username = sanitize($_GET['username'] ?? 'guest');

        // Insert order into orders table
        $query = "INSERT INTO orders (username, reference, full_name, email, shipping_address, amount, product_name, quantity, created_at) 
                  VALUES ('$username', '$reference', '$full_name', '$email', '$shipping_address', '$amount', '$product_name', '$quantity', NOW())";

        if (mysqli_query($conn, $query)) {

            // Update stock in products table
            $update_stock = "UPDATE products 
                             SET stock_quantity = stock_quantity - $quantity 
                             WHERE product_name = '$product_name' AND stock_quantity >= $quantity";

            if (mysqli_query($conn, $update_stock)) {
                $affected = mysqli_affected_rows($conn);

                if ($affected > 0) {
                    // Stock updated successfully
                    session_start();
                    if (isset($_SESSION['user_id'])) {
                        $empty_cart = "DELETE FROM cart_tb WHERE user_id='{$_SESSION['user_id']}'";
                        mysqli_query($conn, $empty_cart);
                    }

                    echo "<script>window.location='thank-you.php'</script>";
                } else {
                    // No rows updated (stock too low or product name mismatch)
                    echo "<script>alert('Stock was not updated. Product may not exist or insufficient stock.');</script>";
                    echo "<pre>SQL: $update_stock\nAffected Rows: $affected</pre>";
                }
            } else {
                // SQL failed to execute
                http_response_code(500);
                echo "Failed to update stock: " . mysqli_error($conn);
                echo "<br><strong>SQL:</strong> $update_stock";
            }

        } else {
            http_response_code(500);
            echo "Database error: " . mysqli_error($conn);
        }

    } else {
        http_response_code(400);
        echo "<script>alert('Payment not successful');</script>";
    }

} else {
    http_response_code(405);
    echo "<script>alert('Invalid request method');</script>";
}

mysqli_close($conn);
?>
Back to Directory=ceiIENDB`