One Hat Cyber Team
Your IP :
216.73.216.186
Server IP :
93.127.173.44
Server :
Linux in-mum-web1837.main-hosting.eu 5.14.0-503.34.1.el9_5.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Mar 27 06:00:50 EDT 2025 x86_64
Server Software :
LiteSpeed
PHP Version :
8.2.28
Buat File
|
Buat Folder
Eksekusi
Dir :
~
/
home
/
u322583024
/
domains
/
awaha.in
/
public_html
/
View File Name :
place-order.php
<?php session_name('vaishnavi_awaha'); session_start(); require_once 'connect.inc.php'; // Enable error logging ini_set('log_errors', 1); ini_set('error_log', __DIR__ . '/error_log.txt'); ini_set('display_errors', 0); error_reporting(E_ALL); date_default_timezone_set('Asia/Kolkata'); // Set Indian timezone $indian_time = date('Y-m-d H:i:s'); // Get current time in IST header('Content-Type: application/json'); // Get JSON input $request_body = file_get_contents('php://input'); $data = json_decode($request_body, true); if (!$data) { echo json_encode(['success' => false, 'message' => 'Invalid JSON input.']); exit; } // Extract details $payment_method = $data['payment_method'] ?? null; $cart_items = $data['cart_items'] ?? []; $subtotal = $data['subtotal'] ?? 0; $billing_name = $data['billing_name'] ?? ''; $billing_address = $data['billing_address'] ?? ''; $billing_city = $data['billing_city'] ?? ''; $billing_state = $data['billing_state'] ?? ''; $billing_zip = $data['billing_zip'] ?? ''; $billing_phone = $data['billing_phone'] ?? ''; $company_name = $data['company_name'] ?? null; // Validate user session $user_id = $_SESSION['user_id'] ?? null; if (!$user_id) { echo json_encode(['success' => false, 'message' => 'User not logged in.']); exit; } // Fetch user's email $stmt = $pdo->prepare("SELECT email FROM users WHERE id = ?"); $stmt->execute([$user_id]); $user = $stmt->fetch(PDO::FETCH_ASSOC); $user_email = $user['email'] ?? null; if (!$user_email) { echo json_encode(['success' => false, 'message' => 'User email not found.']); exit; } // Generate unique order_id $prefix = 'AWAHA'; $stmt = $pdo->query("SELECT order_id FROM orders WHERE order_id LIKE '{$prefix}%' ORDER BY CAST(SUBSTRING(order_id, LENGTH('{$prefix}') + 1) AS UNSIGNED) DESC LIMIT 1"); $lastOrder = $stmt->fetch(PDO::FETCH_ASSOC); $lastNumericId = $lastOrder ? intval(substr($lastOrder['order_id'], strlen($prefix))) : 0; $order_id = $prefix . ($lastNumericId + 1); // Fetch cart IDs $stmt = $pdo->prepare("SELECT id FROM cart WHERE user_id = ?"); $stmt->execute([$user_id]); $cart_ids = $stmt->fetchAll(PDO::FETCH_COLUMN); if (empty($cart_ids)) { echo json_encode(['success' => false, 'message' => 'No items in cart.']); exit; } // Convert to JSON $cart_ids_json = json_encode($cart_ids); $products = json_encode($cart_items); try { $pdo->beginTransaction(); // Insert order $total_amount = $data['total_amount'] ?? $subtotal; // Use total_amount from JSON, fallback to subtotal if missing $stmt = $pdo->prepare("INSERT INTO orders (order_id, user_id, billing_name, billing_address, billing_city, billing_state, billing_zip, billing_phone, company_name, payment_method, total_amount, cart_ids, products, created_at, payment_done_on) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"); $stmt->execute([ $order_id, $user_id, $billing_name, $billing_address, $billing_city, $billing_state, $billing_zip, $billing_phone, $company_name, $payment_method, $total_amount, $cart_ids_json, $products, $indian_time, $indian_time ]); // Delete cart items $cart_ids_str = implode(',', array_map('intval', $cart_ids)); foreach (['cart'] as $table) { $deleteStmt = $pdo->prepare("DELETE FROM $table WHERE FIND_IN_SET(id, ?)"); $deleteStmt->execute([$cart_ids_str]); } $pdo->commit(); // Commit transaction if ($payment_method === 'cod') { // Customer Email $customer_subject = "Order Confirmation - $order_id"; $customer_message = " <html> <head> <title>Order Confirmation</title> </head> <body> <p>Dear $billing_name,</p> <p>Thank you for your order. Your order ID is <b>$order_id</b>.</p> <p>Payment Method: <b>Cash on Delivery</b></p> <p>Total Amount: <b>₹$subtotal</b></p> <p>Your order will be delivered to the following address:</p> <p>$billing_address, $billing_city, $billing_state - $billing_zip</p> <p>If you have any questions, please contact us.</p> <p>Best Regards,<br>Your Company</p> </body> </html> "; // Headers for HTML email $headers = "MIME-Version: 1.0" . "\r\n"; $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n"; $headers .= "From: support@awaha.com" . "\r\n"; // Send email to customer mail($user_email, $customer_subject, $customer_message, $headers); // Admin Email $admin_email = "admin@awaha.com"; // Replace with the actual admin email address $admin_subject = "New COD Order Received - $order_id"; $admin_message = " <html> <head> <title>New Order Notification</title> </head> <body> <p>Dear Admin,</p> <p>A new order has been placed with the following details:</p> <p>Order ID: <b>$order_id</b></p> <p>Customer Name: <b>$billing_name</b></p> <p>Payment Method: <b>Cash on Delivery</b></p> <p>Total Amount: <b>₹$subtotal</b></p> <p>Shipping Address:</p> <p>$billing_address, $billing_city, $billing_state - $billing_zip</p> <p>Please process this order accordingly.</p> <p>Best Regards,<br>Your Company</p> </body> </html> "; // Send email to admin mail($admin_email, $admin_subject, $admin_message, $headers); } echo json_encode(['success' => true, 'order_id' => $order_id, 'payment_method' => $payment_method, 'total_amount' => $subtotal]); } catch (PDOException $e) { $pdo->rollBack(); // Rollback transaction if an error occurs error_log('Database error: ' . $e->getMessage()); echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]); } catch (Exception $e) { error_log('General error: ' . $e->getMessage()); echo json_encode(['success' => false, 'message' => 'Error: ' . $e->getMessage()]); } ?>