266 lines
8.5 KiB
PHP
266 lines
8.5 KiB
PHP
<?php
|
|
/**
|
|
* PayPal Create Order API Endpoint
|
|
* Enhanced with comprehensive logging for debugging
|
|
*/
|
|
|
|
// Ensure all errors are logged, not displayed (to prevent JSON corruption)
|
|
ini_set('display_errors', '0');
|
|
error_reporting(E_ALL);
|
|
|
|
require_once(__DIR__ . '/../includes/config.inc.php');
|
|
// create_order for PayPal — adapted to run from _website/api
|
|
$sandbox = true; // flip to false for Live
|
|
$client_id = 'AfvY_C2zA_hTHxHq7TIhtOeub4xBdySYrt_Hjj3d_WYQwjWI9NfOAVOTeResx2rgZ_nP5tOoxQSAHw8c';
|
|
$client_secret = 'EJ216np9cAj9n7KSddez3fLVxGe-zi4oKKKl1YGqPp88XIikr4Qzbxh0XW2as-V6LgdX-upjtQAg9dC0';
|
|
|
|
// Setup comprehensive logging
|
|
$logDir = __DIR__ . '/../logs';
|
|
@mkdir($logDir, 0755, true);
|
|
$logFile = $logDir . '/paypal_create_order.log';
|
|
$requestId = uniqid('req_', true); // Unique request identifier for tracking
|
|
|
|
function create_order_log($label, $data) {
|
|
global $logFile, $requestId;
|
|
$timestamp = date('Y-m-d H:i:s');
|
|
$entry = "[$timestamp] [$requestId] $label\n";
|
|
if (is_array($data) || is_object($data)) {
|
|
$entry .= print_r($data, true);
|
|
} else {
|
|
$entry .= (string)$data;
|
|
}
|
|
$entry .= "\n" . str_repeat('-', 80) . "\n";
|
|
@file_put_contents($logFile, $entry, FILE_APPEND | LOCK_EX);
|
|
}
|
|
|
|
create_order_log('REQUEST_START', [
|
|
'method' => $_SERVER['REQUEST_METHOD'] ?? 'UNKNOWN',
|
|
'remote_addr' => $_SERVER['REMOTE_ADDR'] ?? 'UNKNOWN',
|
|
'user_agent' => $_SERVER['HTTP_USER_AGENT'] ?? 'UNKNOWN',
|
|
]);
|
|
|
|
header('Content-Type: application/json');
|
|
|
|
// Read and parse input
|
|
$rawInput = file_get_contents('php://input');
|
|
create_order_log('RAW_INPUT', substr($rawInput, 0, 2000)); // Log first 2000 chars
|
|
|
|
$in = json_decode($rawInput, true);
|
|
if (json_last_error() !== JSON_ERROR_NONE) {
|
|
create_order_log('JSON_DECODE_ERROR', [
|
|
'error' => json_last_error_msg(),
|
|
'raw_input_length' => strlen($rawInput),
|
|
'raw_input_preview' => substr($rawInput, 0, 500)
|
|
]);
|
|
http_response_code(400);
|
|
echo json_encode(['error' => 'invalid_json', 'message' => json_last_error_msg(), 'request_id' => $requestId]);
|
|
exit;
|
|
}
|
|
|
|
if (!$in) {
|
|
$in = [];
|
|
}
|
|
|
|
$amount_in = $in['amount'] ?? '0.00';
|
|
$currency = $in['currency'] ?? 'USD';
|
|
$invoice_id = $in['invoice_id'] ?? null;
|
|
$custom_id = $in['custom_id'] ?? null;
|
|
$description = $in['description'] ?? 'Order';
|
|
$return_url = $in['return_url'] ?? null;
|
|
$cancel_url = $in['cancel_url'] ?? null;
|
|
$items = (isset($in['items']) && is_array($in['items'])) ? $in['items'] : null;
|
|
$line_invoices= (isset($in['line_invoices']) && is_array($in['line_invoices'])) ? $in['line_invoices'] : null;
|
|
|
|
create_order_log('PARSED_INPUT', [
|
|
'amount' => $amount_in,
|
|
'currency' => $currency,
|
|
'invoice_id' => $invoice_id,
|
|
'custom_id' => $custom_id,
|
|
'items_count' => $items ? count($items) : 0,
|
|
'line_invoices_count' => $line_invoices ? count($line_invoices) : 0
|
|
]);
|
|
|
|
$amount_value = number_format((float)$amount_in, 2, '.', '');
|
|
if ($items) {
|
|
$sum = 0.00;
|
|
foreach ($items as $it) {
|
|
$qty = isset($it['quantity']) ? (int)$it['quantity'] : 1;
|
|
$val = isset($it['unit_amount']['value']) ? (float)$it['unit_amount']['value'] : 0.00;
|
|
$sum += $qty * $val;
|
|
}
|
|
$amount_value = number_format($sum, 2, '.', '');
|
|
create_order_log('AMOUNT_CALCULATED', [
|
|
'original_amount' => $amount_in,
|
|
'calculated_from_items' => $amount_value,
|
|
'items_sum' => $sum
|
|
]);
|
|
}
|
|
|
|
$api = $sandbox ? 'https://api-m.sandbox.paypal.com' : 'https://api-m.paypal.com';
|
|
create_order_log('PAYPAL_API_CONFIG', [
|
|
'sandbox_mode' => $sandbox,
|
|
'api_base' => $api,
|
|
'has_client_id' => !empty($client_id),
|
|
'has_client_secret' => !empty($client_secret)
|
|
]);
|
|
|
|
// Step 1: Get OAuth token
|
|
create_order_log('OAUTH_REQUEST_START', ['endpoint' => "$api/v1/oauth2/token"]);
|
|
|
|
$ch = curl_init("$api/v1/oauth2/token");
|
|
curl_setopt_array($ch, [
|
|
CURLOPT_RETURNTRANSFER => true,
|
|
CURLOPT_POST => true,
|
|
CURLOPT_POSTFIELDS => 'grant_type=client_credentials',
|
|
CURLOPT_HTTPHEADER => ['Accept: application/json'],
|
|
CURLOPT_USERPWD => $client_id . ':' . $client_secret,
|
|
]);
|
|
$tok = curl_exec($ch);
|
|
$http = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
|
$curl_errno = curl_errno($ch);
|
|
$curl_error = curl_error($ch);
|
|
curl_close($ch);
|
|
|
|
create_order_log('OAUTH_RESPONSE', [
|
|
'http_code' => $http,
|
|
'curl_errno' => $curl_errno,
|
|
'curl_error' => $curl_error,
|
|
'response_length' => strlen($tok),
|
|
'response_preview' => substr($tok, 0, 200)
|
|
]);
|
|
|
|
if ($curl_errno !== 0) {
|
|
create_order_log('OAUTH_CURL_ERROR', ['errno' => $curl_errno, 'error' => $curl_error]);
|
|
http_response_code(502);
|
|
echo json_encode(['error' => 'oauth_curl_fail', 'details' => $curl_error, 'request_id' => $requestId]);
|
|
exit;
|
|
}
|
|
|
|
if ($http !== 200) {
|
|
create_order_log('OAUTH_HTTP_ERROR', ['http_code' => $http, 'response' => $tok]);
|
|
http_response_code(500);
|
|
echo json_encode(['error' => 'oauth_fail', 'http_code' => $http, 'request_id' => $requestId]);
|
|
exit;
|
|
}
|
|
|
|
$access = json_decode($tok, true)['access_token'] ?? null;
|
|
if (!$access) {
|
|
create_order_log('OAUTH_NO_TOKEN', ['response' => $tok]);
|
|
http_response_code(500);
|
|
echo json_encode(['error' => 'oauth_no_token', 'request_id' => $requestId]);
|
|
exit;
|
|
}
|
|
|
|
create_order_log('OAUTH_SUCCESS', ['token_length' => strlen($access)]);
|
|
|
|
// Update site base URL to exclude 'modules/billing'
|
|
$siteBaseUrl = 'http://gameservers.world';
|
|
|
|
create_order_log('URL_PROCESSING_BEFORE', [
|
|
'return_url' => $return_url,
|
|
'cancel_url' => $cancel_url,
|
|
'site_base' => $siteBaseUrl
|
|
]);
|
|
|
|
// Ensure return_url and cancel_url are absolute URLs (relative to site root)
|
|
if (strpos($return_url, 'http') !== 0) {
|
|
$return_url = $siteBaseUrl . '/' . ltrim($return_url, '/');
|
|
}
|
|
if (strpos($cancel_url, 'http') !== 0) {
|
|
$cancel_url = $siteBaseUrl . '/' . ltrim($cancel_url, '/');
|
|
}
|
|
|
|
create_order_log('URL_PROCESSING_AFTER', [
|
|
'return_url' => $return_url,
|
|
'cancel_url' => $cancel_url
|
|
]);
|
|
|
|
$purchaseUnit = [
|
|
'amount' => [ 'currency_code' => $currency, 'value' => $amount_value ],
|
|
'description' => $description,
|
|
'invoice_id' => $invoice_id,
|
|
'custom_id' => $custom_id
|
|
];
|
|
if ($items) {
|
|
$purchaseUnit['items'] = $items;
|
|
$purchaseUnit['amount']['breakdown'] = [ 'item_total' => ['currency_code'=>$currency,'value'=>$amount_value] ];
|
|
}
|
|
|
|
$body = [
|
|
'intent' => 'CAPTURE',
|
|
'purchase_units' => [ $purchaseUnit ],
|
|
'application_context' => [ 'return_url'=>$return_url, 'cancel_url'=>$cancel_url, 'user_action'=>'PAY_NOW' ]
|
|
];
|
|
|
|
create_order_log('PAYPAL_ORDER_PAYLOAD', $body);
|
|
|
|
// Step 2: Create PayPal order
|
|
create_order_log('CREATE_ORDER_REQUEST_START', ['endpoint' => "$api/v2/checkout/orders"]);
|
|
|
|
$ch = curl_init("$api/v2/checkout/orders");
|
|
curl_setopt_array($ch, [
|
|
CURLOPT_RETURNTRANSFER => true,
|
|
CURLOPT_POST => true,
|
|
CURLOPT_POSTFIELDS => json_encode($body),
|
|
CURLOPT_HTTPHEADER => [ 'Content-Type: application/json', 'Authorization: Bearer ' . $access ],
|
|
]);
|
|
$res = curl_exec($ch);
|
|
$http = curl_getinfo($ch, CURLINFO_HTTP_CODE);
|
|
$curl_errno = curl_errno($ch);
|
|
$curl_error = curl_error($ch);
|
|
curl_close($ch);
|
|
|
|
create_order_log('CREATE_ORDER_RESPONSE', [
|
|
'http_code' => $http,
|
|
'curl_errno' => $curl_errno,
|
|
'curl_error' => $curl_error,
|
|
'response_length' => strlen($res),
|
|
'response' => substr($res, 0, 1000) // First 1000 chars of response
|
|
]);
|
|
|
|
if ($curl_errno !== 0) {
|
|
create_order_log('CREATE_ORDER_CURL_ERROR', ['errno' => $curl_errno, 'error' => $curl_error]);
|
|
http_response_code(502);
|
|
echo json_encode(['error' => 'create_order_curl_fail', 'details' => $curl_error, 'request_id' => $requestId]);
|
|
exit;
|
|
}
|
|
|
|
if ($http !== 201) {
|
|
create_order_log('CREATE_ORDER_HTTP_ERROR', [
|
|
'http_code' => $http,
|
|
'response' => $res,
|
|
'payload_sent' => $body
|
|
]);
|
|
|
|
// Try to parse PayPal error response
|
|
$errorData = json_decode($res, true);
|
|
http_response_code($http);
|
|
echo json_encode([
|
|
'error' => 'create_order_failed',
|
|
'http_code' => $http,
|
|
'paypal_error' => $errorData,
|
|
'request_id' => $requestId
|
|
]);
|
|
exit;
|
|
}
|
|
|
|
// Success - parse and validate response
|
|
$orderData = json_decode($res, true);
|
|
if (json_last_error() !== JSON_ERROR_NONE) {
|
|
create_order_log('CREATE_ORDER_INVALID_JSON', [
|
|
'json_error' => json_last_error_msg(),
|
|
'response' => $res
|
|
]);
|
|
http_response_code(502);
|
|
echo json_encode(['error' => 'invalid_paypal_response', 'request_id' => $requestId]);
|
|
exit;
|
|
}
|
|
|
|
create_order_log('CREATE_ORDER_SUCCESS', [
|
|
'order_id' => $orderData['id'] ?? 'UNKNOWN',
|
|
'status' => $orderData['status'] ?? 'UNKNOWN'
|
|
]);
|
|
|
|
echo $res;
|
|
|
|
?>
|