From 68ac0c3c38415ba629d8031b6f438171d36643fc Mon Sep 17 00:00:00 2001 From: Ainsley Ellis Date: Mon, 18 Nov 2024 14:26:48 -0500 Subject: [PATCH] Separate document upload and payment processing --- www/assets/js/paypal.js | 8 +++-- www/games/game.php | 5 +++ www/games/process-order.php | 28 +++++++++++++++- www/games/submit.php | 64 ++++++++++++++++++------------------- 4 files changed, 69 insertions(+), 36 deletions(-) diff --git a/www/assets/js/paypal.js b/www/assets/js/paypal.js index dc79323..61e04a5 100644 --- a/www/assets/js/paypal.js +++ b/www/assets/js/paypal.js @@ -8,6 +8,7 @@ } const GAME_NAME = document.querySelector('input[id="game-name"]').value; + const GAME_ID = parseInt(document.querySelector('input[id="game-id"]').value); // const CSRF_TOKEN = document.querySelector('meta[name="csrf-token"]').getAttribute('content'); window.paypal @@ -70,7 +71,9 @@ method: "POST", headers: { // 'X-CSRF-TOKEN': CSRF_TOKEN, + "Content-Type": "application/x-www-form-urlencoded" }, + body: `game_id=${GAME_ID}` }); const orderData = await response.json(); @@ -101,14 +104,15 @@ `Payment successful! (Transaction ID: ${transaction.id})` ); - document.querySelector("input[name='tx-id']").removeAttribute('disabled'); - document.querySelector("input[name='tx-id']").value = transaction.id; buttonsContainer.style.display = "none"; // console.log( // "Capture result", // orderData, // JSON.stringify(orderData, null, 2) // ); + setTimeout(() => { + window.location.href = `/games/${GAME_ID}`; + }, 1000); } } catch (error) { console.error(error); diff --git a/www/games/game.php b/www/games/game.php index ef41890..8ae582f 100644 --- a/www/games/game.php +++ b/www/games/game.php @@ -104,10 +104,15 @@ include "partials/head.php";

Your Submission

transaction_id !== NULL; switch ($participant_state) { case 'GAME_OPEN_WITH_SUBMISSION': ?>

title ?>

+

You have not yet paid for your submission.

Update submission

+ +

Pay submission fee

+

You haven't submitted work to this contest.

diff --git a/www/games/process-order.php b/www/games/process-order.php index 61156cb..a574cb8 100644 --- a/www/games/process-order.php +++ b/www/games/process-order.php @@ -143,6 +143,7 @@ function createOrder($cart) */ function captureOrder($order_id) { + $game_id = $_POST["game_id"]; $url = PAYPAL_BASE_URL . "/v2/checkout/orders/{$order_id}/capture"; // Http::fake(function ($request) { // // Capture and log request headers @@ -175,9 +176,15 @@ function captureOrder($order_id) curl_close($ch); // Further processing ... - if ($response_code === 200) { + if ($response_code === 200 || $response_code === 201) { header("Content-Type: application/json"); + $order_data = json_decode($response); http_response_code($response_code); + $transaction_id = + $order_data->purchase_units[0]->payments->captures[0]->id ?? + ($order_data->purchase_units[0]->payments->authorizations[0]->id ?? + "_"); + update_submission($game_id, $transaction_id); echo $response; die(); } else { @@ -188,6 +195,25 @@ function captureOrder($order_id) } } +/** + * @param string game_id + * @param string transaction_id + */ +function update_submission($game_id, $transaction_id) +{ + global $db; + + $sql = "UPDATE submissions SET transaction_id = :transaction_id + WHERE game_id = :game_id AND member_id = :member_id"; + + $stmt = $db["data"]->prepare($sql); + $stmt->execute([ + "game_id" => $game_id, + "member_id" => $_SESSION["account"]->id, + "transaction_id" => $transaction_id, + ]); +} + if ( $_SERVER["REQUEST_METHOD"] === "POST" && $_SERVER["REQUEST_URI"] === "/api/orders" diff --git a/www/games/submit.php b/www/games/submit.php index dfa1586..014f387 100644 --- a/www/games/submit.php +++ b/www/games/submit.php @@ -9,15 +9,23 @@ if (!LOGGED_IN) { if (LOGGED_IN && isset($_GET["game"])) { $sql = "SELECT id FROM submissions WHERE game_id = :game_id AND member_id = :member_id"; - $stmt = $db["data"]->prepare($sql); $stmt->execute([ "game_id" => $_GET["game"], "member_id" => $_SESSION["account"]->id, ]); - $HAS_SUBMISSION = $stmt->fetch(PDO::FETCH_COLUMN) !== false; - if ($HAS_SUBMISSION) { + + $sql = "SELECT transaction_id FROM submissions + WHERE game_id = :game_id AND member_id = :member_id"; + $stmt = $db["data"]->prepare($sql); + $stmt->execute([ + "game_id" => $_GET["game"], + "member_id" => $_SESSION["account"]->id, + ]); + $IS_PAID = $stmt->fetch(PDO::FETCH_COLUMN) !== NULL; + + if ($HAS_SUBMISSION && $IS_PAID) { http_response_code(303); header("Location: /games/" . $_GET["game"] . "/update"); die(); @@ -25,7 +33,6 @@ if (LOGGED_IN && isset($_GET["game"])) { $sql = "SELECT id, name, status_id FROM games WHERE id = :id"; - $stmt = $db["data"]->prepare($sql); $stmt->execute([ "id" => $_GET["game"], @@ -92,10 +99,6 @@ if ($_SERVER["REQUEST_METHOD"] === "POST"): $errors["game"] = "The chosen game doesn't exist."; } - if (!isset($_POST["tx-id"])) { - $errors["payment"] = "No transaction ID was provided."; - } - if (count($errors) > 0) { if (!isset($errors["filesize"]) && !isset($errors["mimetype"])) { $errors["upload"] = @@ -137,14 +140,14 @@ if ($_SERVER["REQUEST_METHOD"] === "POST"): "hash" => $lookup_hash, "doc_is_public" => $show_doc, "name_is_public" => $show_name, - "transaction_id" => $_POST["tx-id"], + "transaction_id" => NULL, "status" => 1, "is_freeroll" => 0, "created_at" => date("Y-m-d\TH:i:s\Z"), ]); http_response_code(303); - header("Location: /games/" . $_GET["game"]); + header("Location: /games/" . $_GET["game"] . "/submit"); } } catch (Exception $e) { http_response_code(500); @@ -166,7 +169,7 @@ include "partials/head.php"; " method="post" enctype="multipart/form-data" class="flow"> - +

After submitting you work, you will be redirected to a payment page. Payment is required for inclusion in the contest.

Display my document in the public results -
- Payment -
-

Payment is required before a submission will be processed.

-

Payment successful! (Transaction ID: )

- - -
-
- - - - -
+ } else if (!$IS_PAID) { ?> +
+ +

Payment is required for participation.

+ + +

+
+ + +
+