'missing order_id']); exit; } $api = $sandbox ? 'https://api-m.sandbox.paypal.com' : 'https://api-m.paypal.com'; $ch = curl_init("$api/v1/oauth2/token"); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_POST => true, CURLOPT_POSTFIELDS => 'grant_type=client_credentials', CURLOPT_HTTPHEADER => ['Accept: application/json'], CURLOPT_USERPWD => $client_id . ':' . $client_secret, ]); $tok = curl_exec($ch); $http = curl_getinfo($ch, CURLINFO_HTTP_CODE); curl_close($ch); if ($http !== 200) { http_response_code(500); echo json_encode(['error'=>'oauth_fail']); exit; } $access = json_decode($tok, true)['access_token'] ?? null; $ch = curl_init("$api/v2/checkout/orders/$order_id/capture"); curl_setopt_array($ch, [ CURLOPT_RETURNTRANSFER => true, CURLOPT_POST => true, CURLOPT_HTTPHEADER => [ 'Content-Type: application/json', 'Authorization: Bearer ' . $access ], ]); $res = curl_exec($ch); $http = curl_getinfo($ch, CURLINFO_HTTP_CODE); $curl_err = curl_error($ch); curl_close($ch); // Ensure logs folder exists and provide a helper to write debug info $logDir = __DIR__ . '/../logs'; if (!is_dir($logDir)) @mkdir($logDir, 0755, true); $logFile = $logDir . '/paypal_capture.log'; function capture_log($label, $data) { global $logFile; $entry = '[' . date('Y-m-d H:i:s') . '] ' . $label . "\n"; if (is_array($data) || is_object($data)) $entry .= print_r($data, true); else $entry .= (string)$data; $entry .= "\n---\n"; @file_put_contents($logFile, $entry, FILE_APPEND | LOCK_EX); } // Log the raw curl response for debugging capture_log('paypal_curl_response_http_' . $http, $res === false ? "(curl failed) " . $curl_err : $res); // Normalize response: ensure we always return valid JSON to the caller if ($res === false || $res === '') { // Curl-level failure or empty body http_response_code(502); $out = ['error' => 'paypal_empty_response', 'http' => $http, 'curl_error' => $curl_err]; capture_log('paypal_empty_response', $out); echo json_encode($out); exit; } // Attempt to decode PayPal response $capture = json_decode($res, true); if (json_last_error() !== JSON_ERROR_NONE) { // PayPal returned non-JSON / malformed response — return it as raw string inside JSON http_response_code(502); $out = ['error' => 'paypal_invalid_json', 'http' => $http, 'raw' => $res]; capture_log('paypal_invalid_json', $out); echo json_encode($out); exit; } if ($http !== 201 && $http !== 200) { http_response_code($http); // Return structured JSON with PayPal's decoded response $out = ['error' => 'paypal_capture_failed', 'http' => $http, 'response' => $capture]; capture_log('paypal_capture_failed', $out); echo json_encode($out); exit; } // Extract payment details $txid = null; capture_log('paypal_capture_success', $capture); echo json_encode($capture); if (isset($capture['purchase_units'][0]['payments']['captures'][0])) { $txid = $capture['purchase_units'][0]['payments']['captures'][0]['id'] ?? null; } // Get custom_id (should be invoice_id from cart.php) $custom_id = $capture['purchase_units'][0]['custom_id'] ?? null; if ($captureStatus === 'COMPLETED' && $custom_id) { // Connect to database $db = createDatabaseConnection($db_host, $db_user, $db_pass, $db_name, $db_port); if (!$db) { error_log('capture_order.php: DB connection failed'); echo json_encode(['error' => 'db_connection_failed', 'status' => $captureStatus]); exit; } // Find all invoices with status='due' for this user (cart session) // For now, we'll mark ALL due invoices for the logged-in user as paid // TODO: Improve to match specific invoice_id from custom_id if cart sends it session_start(); // Check both website_user_id and user_id for compatibility $user_id = isset($_SESSION['website_user_id']) ? intval($_SESSION['website_user_id']) : (isset($_SESSION['user_id']) ? intval($_SESSION['user_id']) : 0); if ($user_id > 0) { // Mark all due invoices for this user as paid $now = date('Y-m-d H:i:s'); $esc_txid = mysqli_real_escape_string($db, $txid); $updateInvoices = "UPDATE {$table_prefix}billing_invoices SET status='paid', paid_date='$now', payment_txid='$esc_txid', payment_method='paypal' WHERE user_id=$user_id AND status='due'"; mysqli_query($db, $updateInvoices); // Get all invoices we just marked paid $getInvoices = "SELECT * FROM {$table_prefix}billing_invoices WHERE user_id=$user_id AND payment_txid='$esc_txid'"; $invoicesResult = mysqli_query($db, $getInvoices); // For each invoice, either create a new order or extend existing one (renewal) while ($inv = mysqli_fetch_assoc($invoicesResult)) { $invoice_id = intval($inv['invoice_id']); $existing_order_id = intval($inv['order_id'] ?? 0); $service_id = intval($inv['service_id']); $home_name = mysqli_real_escape_string($db, $inv['home_name']); $ip = intval($inv['ip']); $max_players = intval($inv['max_players']); $qty = intval($inv['qty']); $duration = mysqli_real_escape_string($db, $inv['invoice_duration']); $amount = floatval($inv['amount']); $rcon_pw = mysqli_real_escape_string($db, $inv['remote_control_password']); $ftp_pw = mysqli_real_escape_string($db, $inv['ftp_password']); // Check if this is a renewal (existing order_id > 0) or new order (order_id = 0) if ($existing_order_id > 0) { // RENEWAL: Extend the existing order's end_date // Calculate months to add based on qty and duration $months = 0; $q = intval($qty); $invdur = strtolower(trim($duration)); if (strpos($invdur, 'year') !== false) { $months = $q * 12; } else { // default to months for anything else (month, monthly, etc.) $months = $q; } // Get current end_date and extend it $getEndDate = "SELECT end_date FROM {$table_prefix}billing_orders WHERE order_id=$existing_order_id LIMIT 1"; $endDateResult = mysqli_query($db, $getEndDate); if ($endDateResult && mysqli_num_rows($endDateResult) === 1) { $endRow = mysqli_fetch_assoc($endDateResult); $current_end = $endRow['end_date'] ?? date('Y-m-d H:i:s'); // Extend from current end_date or now (whichever is later) $extend_from = (strtotime($current_end) > time()) ? $current_end : date('Y-m-d H:i:s'); $dt = new DateTime($extend_from); if ($months > 0) { $dt->modify('+' . intval($months) . ' months'); } $new_end_date = $dt->format('Y-m-d H:i:s'); // Update order with new end_date and mark as paid/active $updateOrder = "UPDATE {$table_prefix}billing_orders SET end_date='$new_end_date', status='paid', payment_txid='$esc_txid', paid_ts='$now' WHERE order_id=$existing_order_id"; if (mysqli_query($db, $updateOrder)) { error_log("capture_order.php: Extended order $existing_order_id end_date to $new_end_date for invoice $invoice_id"); } else { error_log("capture_order.php: Failed to extend order $existing_order_id: " . mysqli_error($db)); } } } else { // NEW ORDER: Create a new order record // Calculate end_date based on qty * duration $end_date = date('Y-m-d H:i:s', strtotime("+$qty $duration")); // Insert order $insertOrder = "INSERT INTO {$table_prefix}billing_orders ( user_id, service_id, home_name, ip, max_players, qty, invoice_duration, price, remote_control_password, ftp_password, status, order_date, end_date, payment_txid, paid_ts ) VALUES ( $user_id, $service_id, '$home_name', $ip, $max_players, $qty, '$duration', $amount, '$rcon_pw', '$ftp_pw', 'paid', '$now', '$end_date', '$esc_txid', '$now' )"; if (mysqli_query($db, $insertOrder)) { $new_order_id = mysqli_insert_id($db); // Link invoice to order $linkInvoice = "UPDATE {$table_prefix}billing_invoices SET order_id=$new_order_id WHERE invoice_id=$invoice_id"; mysqli_query($db, $linkInvoice); error_log("capture_order.php: Created order $new_order_id for invoice $invoice_id"); } else { error_log("capture_order.php: Failed to create order for invoice $invoice_id: " . mysqli_error($db)); } } } mysqli_close($db); } } // Return the full PayPal response (normalized JSON) for proper processing echo json_encode($capture); ?>