sixfold/app.sixfold.org
1
0
Fork 0
Code Activity

Separate document upload and payment processing

Browse source
This commit is contained in:
Ainsley Ellis 2024-11-18 14:26:48 -05:00
parent 8c751205d9
commit 68ac0c3c38
4 changed files with 69 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
www/assets/js/paypal.js
View file

@ -8,6 +8,7 @@
} }
const GAME_NAME = document.querySelector('input[id="game-name"]').value; const GAME_NAME = document.querySelector('input[id="game-name"]').value;
const GAME_ID = parseInt(document.querySelector('input[id="game-id"]').value);
// const CSRF_TOKEN = document.querySelector('meta[name="csrf-token"]').getAttribute('content'); // const CSRF_TOKEN = document.querySelector('meta[name="csrf-token"]').getAttribute('content');
window.paypal window.paypal
@ -70,7 +71,9 @@
method: "POST", method: "POST",
headers: { headers: {
// 'X-CSRF-TOKEN': CSRF_TOKEN, // 'X-CSRF-TOKEN': CSRF_TOKEN,
"Content-Type": "application/x-www-form-urlencoded"
}, },
body: `game_id=${GAME_ID}`
}); });
const orderData = await response.json(); const orderData = await response.json();
@ -101,14 +104,15 @@
`<b>Payment successful!</b> (Transaction ID: ${transaction.id})` `<b>Payment successful!</b> (Transaction ID: ${transaction.id})`
); );
document.querySelector("input[name='tx-id']").removeAttribute('disabled');
document.querySelector("input[name='tx-id']").value = transaction.id;
buttonsContainer.style.display = "none"; buttonsContainer.style.display = "none";
// console.log( // console.log(
// "Capture result", // "Capture result",
// orderData, // orderData,
// JSON.stringify(orderData, null, 2) // JSON.stringify(orderData, null, 2)
// ); // );
setTimeout(() => {
window.location.href = `/games/${GAME_ID}`;
}, 1000);
} }
} catch (error) { } catch (error) {
console.error(error); console.error(error);

5
www/games/game.php
View file

@ -104,10 +104,15 @@ include "partials/head.php";
<div class="flow"> <div class="flow">
<h2>Your Submission</h2> <h2>Your Submission</h2>
<?php <?php
$IS_PAID = $submission->transaction_id !== NULL;
switch ($participant_state) { switch ($participant_state) {
case 'GAME_OPEN_WITH_SUBMISSION': ?> case 'GAME_OPEN_WITH_SUBMISSION': ?>
<p><a href='/docs/<?= $submission->hash ?>'><?= $submission->title ?></a></p> <p><a href='/docs/<?= $submission->hash ?>'><?= $submission->title ?></a></p>
<?php if (!$IS_PAID) { ?><p>You have not yet paid for your submission.</p><?php } ?>
<p><a href="/games/<?= $game->id ?>/update" class='call-to-action'>Update submission</a></p> <p><a href="/games/<?= $game->id ?>/update" class='call-to-action'>Update submission</a></p>
<?php if (!$IS_PAID) { ?>
<p><a href="/games/<?= $game->id ?>/submit" class='call-to-action'>Pay submission fee</a></p>
<?php } ?>
<?php break; <?php break;
case 'GAME_OPEN_WITHOUT_SUBMISSION': ?> case 'GAME_OPEN_WITHOUT_SUBMISSION': ?>
<p>You haven't submitted work to this contest.</p> <p>You haven't submitted work to this contest.</p>

28
www/games/process-order.php
View file

@ -143,6 +143,7 @@ function createOrder($cart)
*/ */
function captureOrder($order_id) function captureOrder($order_id)
{ {
$game_id = $_POST["game_id"];
$url = PAYPAL_BASE_URL . "/v2/checkout/orders/{$order_id}/capture"; $url = PAYPAL_BASE_URL . "/v2/checkout/orders/{$order_id}/capture";
// Http::fake(function ($request) { // Http::fake(function ($request) {
// // Capture and log request headers // // Capture and log request headers
@ -175,9 +176,15 @@ function captureOrder($order_id)
curl_close($ch); curl_close($ch);
// Further processing ... // Further processing ...
if ($response_code === 200) { if ($response_code === 200 || $response_code === 201) {
header("Content-Type: application/json"); header("Content-Type: application/json");
$order_data = json_decode($response);
http_response_code($response_code); http_response_code($response_code);
$transaction_id =
$order_data->purchase_units[0]->payments->captures[0]->id ??
($order_data->purchase_units[0]->payments->authorizations[0]->id ??
"_");
update_submission($game_id, $transaction_id);
echo $response; echo $response;
die(); die();
} else { } else {
@ -188,6 +195,25 @@ function captureOrder($order_id)
} }
} }
/**
* @param string game_id
* @param string transaction_id
*/
function update_submission($game_id, $transaction_id)
{
global $db;
$sql = "UPDATE submissions SET transaction_id = :transaction_id
WHERE game_id = :game_id AND member_id = :member_id";
$stmt = $db["data"]->prepare($sql);
$stmt->execute([
"game_id" => $game_id,
"member_id" => $_SESSION["account"]->id,
"transaction_id" => $transaction_id,
]);
}
if ( if (
$_SERVER["REQUEST_METHOD"] === "POST" && $_SERVER["REQUEST_METHOD"] === "POST" &&
$_SERVER["REQUEST_URI"] === "/api/orders" $_SERVER["REQUEST_URI"] === "/api/orders"

64
www/games/submit.php
View file

@ -9,15 +9,23 @@ if (!LOGGED_IN) {
if (LOGGED_IN && isset($_GET["game"])) { if (LOGGED_IN && isset($_GET["game"])) {
$sql = "SELECT id FROM submissions $sql = "SELECT id FROM submissions
WHERE game_id = :game_id AND member_id = :member_id"; WHERE game_id = :game_id AND member_id = :member_id";
$stmt = $db["data"]->prepare($sql); $stmt = $db["data"]->prepare($sql);
$stmt->execute([ $stmt->execute([
"game_id" => $_GET["game"], "game_id" => $_GET["game"],
"member_id" => $_SESSION["account"]->id, "member_id" => $_SESSION["account"]->id,
]); ]);
$HAS_SUBMISSION = $stmt->fetch(PDO::FETCH_COLUMN) !== false; $HAS_SUBMISSION = $stmt->fetch(PDO::FETCH_COLUMN) !== false;
if ($HAS_SUBMISSION) {
$sql = "SELECT transaction_id FROM submissions
WHERE game_id = :game_id AND member_id = :member_id";
$stmt = $db["data"]->prepare($sql);
$stmt->execute([
"game_id" => $_GET["game"],
"member_id" => $_SESSION["account"]->id,
]);
$IS_PAID = $stmt->fetch(PDO::FETCH_COLUMN) !== NULL;
if ($HAS_SUBMISSION && $IS_PAID) {
http_response_code(303); http_response_code(303);
header("Location: /games/" . $_GET["game"] . "/update"); header("Location: /games/" . $_GET["game"] . "/update");
die(); die();
@ -25,7 +33,6 @@ if (LOGGED_IN && isset($_GET["game"])) {
$sql = "SELECT id, name, status_id FROM games $sql = "SELECT id, name, status_id FROM games
WHERE id = :id"; WHERE id = :id";
$stmt = $db["data"]->prepare($sql); $stmt = $db["data"]->prepare($sql);
$stmt->execute([ $stmt->execute([
"id" => $_GET["game"], "id" => $_GET["game"],
@ -92,10 +99,6 @@ if ($_SERVER["REQUEST_METHOD"] === "POST"):
$errors["game"] = "The chosen game doesn't exist."; $errors["game"] = "The chosen game doesn't exist.";
} }
if (!isset($_POST["tx-id"])) {
$errors["payment"] = "No transaction ID was provided.";
}
if (count($errors) > 0) { if (count($errors) > 0) {
if (!isset($errors["filesize"]) && !isset($errors["mimetype"])) { if (!isset($errors["filesize"]) && !isset($errors["mimetype"])) {
$errors["upload"] = $errors["upload"] =
@ -137,14 +140,14 @@ if ($_SERVER["REQUEST_METHOD"] === "POST"):
"hash" => $lookup_hash, "hash" => $lookup_hash,
"doc_is_public" => $show_doc, "doc_is_public" => $show_doc,
"name_is_public" => $show_name, "name_is_public" => $show_name,
"transaction_id" => $_POST["tx-id"], "transaction_id" => NULL,
"status" => 1, "status" => 1,
"is_freeroll" => 0, "is_freeroll" => 0,
"created_at" => date("Y-m-d\TH:i:s\Z"), "created_at" => date("Y-m-d\TH:i:s\Z"),
]); ]);
http_response_code(303); http_response_code(303);
header("Location: /games/" . $_GET["game"]); header("Location: /games/" . $_GET["game"] . "/submit");
} }
} catch (Exception $e) { } catch (Exception $e) {
http_response_code(500); http_response_code(500);
@ -166,7 +169,7 @@ include "partials/head.php";
</header> </header>
<?php if (!LOGGED_IN) { <?php if (!LOGGED_IN) {
include "partials/login-form.php"; include "partials/login-form.php";
} else { } else if (!$HAS_SUBMISSION) {
if ( if (
http_response_code() === 400 || http_response_code() === 400 ||
http_response_code() === 500 http_response_code() === 500
@ -180,7 +183,7 @@ include "partials/head.php";
<form action="<?= $_SERVER[ <form action="<?= $_SERVER[
"REQUEST_URI" "REQUEST_URI"
] ?>" method="post" enctype="multipart/form-data" class="flow"> ] ?>" method="post" enctype="multipart/form-data" class="flow">
<input type="hidden" id="game-name" value="<?= $game->name ?>" /> <p><b>After submitting you work, you will be redirected to a payment page. Payment is required for inclusion in the contest.</b></p>
<?php if ( <?php if (
isset($errors) && isset($errors) &&
isset($errors["account"]) isset($errors["account"])
@ -273,29 +276,24 @@ include "partials/head.php";
<span>Display my document in the public results</span> <span>Display my document in the public results</span>
</label> </label>
</fieldset> </fieldset>
<fieldset>
<legend>Payment</legend>
<div class="flow">
<p><b>Payment is required before a submission will be processed.</b></p>
<p><mark id='paypal-errors' aria-live='polite'><?php if (
isset($_POST["tx-id"])
) { ?><b>Payment successful!</b> (Transaction ID: <?= $_POST[
"tx-id"
] ?>)<?php } ?></mark></p>
<?php if (!isset($_POST["tx-id"])) { ?>
<input type="hidden" name="tx-id"/>
<div id="paypal-button-container"></div>
</div>
<!-- Initialize the JS-SDK -->
<script
src="https://www.paypal.com/sdk/js?merchant-id=LF2R8M5TKKHRL&client-id=<?= PAYPAL_CLIENT_ID ?>&currency=USD&components=buttons&enable-funding=card,venmo&disable-funding=paylater"
data-sdk-integration-source="developer-studio"></script>
<script src="/assets/js/paypal.js"></script>
<?php } ?>
</fieldset>
<button type="submit">Submit work</button> <button type="submit">Submit work</button>
</form> </form>
<?php <?php
} ?> } else if (!$IS_PAID) { ?>
<form class="flow">
<aside class="alert">
<p>Your manuscript submission has been processed.</p>
</aside>
<p><b>Payment is required for participation.</b></p>
<input type="hidden" id="game-name" value="<?= $game->name ?>" />
<input type="hidden" id="game-id" value="<?= $game->id ?>" />
<p><mark id='paypal-errors' aria-live='polite'></mark></p>
<div id="paypal-button-container"></div>
<script
src="https://www.paypal.com/sdk/js?merchant-id=LF2R8M5TKKHRL&client-id=<?= PAYPAL_CLIENT_ID ?>&currency=USD&components=buttons&enable-funding=card,venmo&disable-funding=paylater"
data-sdk-integration-source="developer-studio"></script>
<script src="/assets/js/paypal.js?ver=<?= time() ?>"></script>
</form>
<?php } ?>
</main> </main>
<?php include "partials/footer.php"; ?> <?php include "partials/footer.php"; ?>