Home Explore Help
Register Sign In
campiaperti
/
bottega
3
0
Fork 0
Files Issues 2 Pull Requests 0 Wiki
Branch: master
Branches Tags
bottega
/
simple-membership
/
ipn
/
swpm-stripe-subscription-ipn.php

swpm-stripe-subscription-ipn.php 12 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283 
  1. <?php
    2. 

  2. 

  3. require SIMPLE_WP_MEMBERSHIP_PATH . 'ipn/swpm_handle_subsc_ipn.php';
    4. 

  4. 

  5. class SwpmStripeSubscriptionIpnHandler {
    6. 

  6. 

  7. 	public function __construct() {
    8. 

  8. 

  9. 		$this->handle_stripe_ipn();
    10. 

  10. 	}
    11. 

  11. 

  12. 	public function handle_stripe_ipn() {
    13. 

  13. 

  14. 		/*
    15. 

  15. 		* [Imp] This comment explains how this script handles both the first time HTTP Post after payment and the webhooks.
    16. 

  16. 		* If the "hook" query arg is set then that means it is a webhook notification. It will be used for certain actions like (update, cancel, refund, etc). Others will be ignored.
    17. 

  17. 		* The first time payment in browser is handled via HTTP POST (when the "hook" query arg is not set).
    18. 

  18. 		*/
    19. 

  19. 

  20. 		if ( isset( $_GET['hook'] ) ) {
    21. 

  21. 			// This is Webhook notification from Stripe.
    22. 

  22. 						// This webhook is used for all recurring payment notification (Legacy and SCA ones).
    23. 

  23. 

  24. 			// TODO: add Webhook Signing Secret verification
    25. 

  25. 			// To do this, we need to get customer ID, retreive its details from Stripe, get button_id from metadata
    26. 

  26. 			// and see if the button has Signing Secret option set. If it is - we need to check signatures
    27. 

  27. 			// More details here: https://stripe.com/docs/webhooks#signatures
    28. 

  28. 

  29. 			$input = @file_get_contents( 'php://input' );
    30. 

  30. 			if ( empty( $input ) ) {
    31. 

  31. 				SwpmLog::log_simple_debug( 'Stripe subscription webhook sent empty data or page was accessed directly. Aborting.', false );
    32. 

  32. 				echo 'Empty Webhook data received.';
    33. 

  33. 				die;
    34. 

  34. 			}
    35. 

  35. 			// SwpmLog::log_simple_debug($input, true);
    36. 

  36. 			$event_json = json_decode( $input );
    37. 

  37. 

  38. 			$type = $event_json->type;
    39. 

  39. 			SwpmLog::log_simple_debug( sprintf( 'Stripe subscription webhook received: %s. Checking if we need to handle this webhook.', $type ), true );
    40. 

  40. 

  41. 			if ( 'customer.subscription.deleted' === $type || 'charge.refunded' === $type ) {
    42. 

  42. 				// Subscription expired or refunded event
    43. 

  43. 				//SwpmLog::log_simple_debug( sprintf( 'Stripe Subscription Webhook %s received. Processing request...', $type ), true );
    44. 

  44. 

  45. 				// Let's form minimal ipn_data array for swpm_handle_subsc_cancel_stand_alone
    46. 

  46. 				$customer                  = $event_json->data->object->customer;
    47. 

  47. 				$subscr_id                 = $event_json->data->object->id;
    48. 

  48. 				$ipn_data                  = array();
    49. 

  49. 				$ipn_data['subscr_id']     = $subscr_id;
    50. 

  50. 				$ipn_data['parent_txn_id'] = $customer;
    51. 

  51. 

  52. 				swpm_handle_subsc_cancel_stand_alone( $ipn_data );
    53. 

  53. 			}
    54. 

  54. 

  55. 			if ( $type == 'customer.subscription.updated' ) {
    56. 

  56. 				// Subscription updated webhook
    57. 

  57. 

  58. 				// Let's form minimal ipn_data array
    59. 

  59. 				$customer                  = $event_json->data->object->customer;
    60. 

  60. 				$subscr_id                 = $event_json->data->object->id;
    61. 

  61. 				$ipn_data                  = array();
    62. 

  62. 				$ipn_data['subscr_id']     = $subscr_id;
    63. 

  63. 				$ipn_data['parent_txn_id'] = $customer;
    64. 

  64. 

  65. 				swpm_update_member_subscription_start_date_if_applicable( $ipn_data );
    66. 

  66. 			}
    67. 

  67. 

  68. 			if ( $type === 'invoice.payment_succeeded' ) {
    69. 

  69. 

  70. 				$billing_reason = isset( $event_json->data->object->billing_reason ) ? $event_json->data->object->billing_reason : '';
    71. 

  71. 				if ( $billing_reason == 'subscription_cycle' ) {
    72. 

  72. 					//This is recurring/subscription payment invoice
    73. 

  73. 					SwpmLog::log_simple_debug( sprintf( 'Stripe invoice.payment_succeeded webhook for subscription_cycle. This is a successful subscription charge. Capturing payment data.' ), true );
    74. 

  74. 

  75. 					$sub_id = $event_json->data->object->subscription;
    76. 

  76. 					//$cust_id = $event_json->data->object->billing_reason;
    77. 

  77. 					//$date = $event_json->data->object->date;
    78. 

  78. 					$price_in_cents = $event_json->data->object->amount_paid; //amount in cents
    79. 

  79. 					$currency_code  = $event_json->data->object->currency;
    80. 

  80. 

  81. 					$zero_cents = unserialize( SIMPLE_WP_MEMBERSHIP_STRIPE_ZERO_CENTS );
    82. 

  82. 					if ( in_array( $currency_code, $zero_cents, true ) ) {
    83. 

  83. 							$payment_amount = $price_in_cents;
    84. 

  84. 					} else {
    85. 

  85. 							$payment_amount = $price_in_cents / 100;// The amount (in cents). This value is used in Stripe API.
    86. 

  86. 					}
    87. 

  87. 					$payment_amount = floatval( $payment_amount );
    88. 

  88. 

  89. 					// Let's try to get first_name and last_name from full name
    90. 

  90. 					$full_name   = $event_json->data->object->customer_name;
    91. 

  91. 					$name_pieces = explode( ' ', $full_name, 2 );
    92. 

  92. 					$first_name  = $name_pieces[0];
    93. 

  93. 					if ( ! empty( $name_pieces[1] ) ) {
    94. 

  94. 						$last_name = $name_pieces[1];
    95. 

  95. 					}
    96. 

  96. 

  97. 					//Retrieve the member record for this subscription
    98. 

  98. 					$member_record = SwpmMemberUtils::get_user_by_subsriber_id( $sub_id );
    99. 

  99. 					if ( $member_record ) {
    100. 

  100. 									// Found a member record
    101. 

  101. 									$member_id           = $member_record->member_id;
    102. 

  102. 									$membership_level_id = $member_record->membership_level;
    103. 

  103. 						if ( empty( $first_name ) ) {
    104. 

  104. 							$first_name = $member_record->first_name;
    105. 

  105. 						}
    106. 

  106. 						if ( empty( $last_name ) ) {
    107. 

  107. 							$last_name = $member_record->last_name;
    108. 

  108. 						}
    109. 

  109. 					} else {
    110. 

  110. 									SwpmLog::log_simple_debug( 'Could not find an existing member record for the given subscriber ID: ' . $sub_id . '. This user profile may have been deleted.', false );
    111. 

  111. 									$member_id           = '';
    112. 

  112. 									$membership_level_id = '';
    113. 

  113. 					}
    114. 

  114. 

  115. 					//Create the custom field
    116. 

  116. 					$custom_field_value  = 'subsc_ref=' . $membership_level_id;
    117. 

  117. 					$custom_field_value .= '&swpm_id=' . $member_id;
    118. 

  118. 

  119. 					// Create the $ipn_data array.
    120. 

  120. 					$ipn_data                     = array();
    121. 

  121. 					$ipn_data['mc_gross']         = $payment_amount;
    122. 

  122. 					$ipn_data['first_name']       = $first_name;
    123. 

  123. 					$ipn_data['last_name']        = $last_name;
    124. 

  124. 					$ipn_data['payer_email']      = $event_json->data->object->customer_email;
    125. 

  125. 					$ipn_data['membership_level'] = $membership_level_id;
    126. 

  126. 					$ipn_data['txn_id']           = $event_json->data->object->charge;
    127. 

  127. 					$ipn_data['subscr_id']        = $sub_id;
    128. 

  128. 					$ipn_data['swpm_id']          = $member_id;
    129. 

  129. 					$ipn_data['ip']               = '';
    130. 

  130. 					$ipn_data['custom']           = $custom_field_value;
    131. 

  131. 					$ipn_data['gateway']          = 'stripe-sca-subs';
    132. 

  132. 					$ipn_data['status']           = 'subscription';
    133. 

  133. 

  134. 					//TODO - Maybe handle the user access start date updating here (instead of "customer.subscription.updated" hook).
    135. 

  135. 					//swpm_update_member_subscription_start_date_if_applicable( $ipn_data );
    136. 

  136. 

  137. 					// Save the transaction record
    138. 

  138. 					SwpmTransactions::save_txn_record( $ipn_data );
    139. 

  139. 					SwpmLog::log_simple_debug( 'Transaction data saved for Stripe subscription notification.', true );
    140. 

  140. 				}
    141. 

  141. 			}
    142. 

  142. 

  143. 			//End of the webhook notification execution.
    144. 

  144. 						//Give 200 status then exit out.
    145. 

  145. 			http_response_code( 200 ); // Tells Stripe we received this notification
    146. 

  146. 			return;
    147. 

  147. 		}
    148. 

  148. 

  149. 		//The following will get executed only for DIRECT post (not webhooks). So it is executed at the time of payment in the browser (via HTTP POST). When the "hook" query arg is not set.
    150. 

  150. 

  151. 		SwpmLog::log_simple_debug( 'Stripe subscription IPN received. Processing request...', true );
    152. 

  152. 		// SwpmLog::log_simple_debug(print_r($_REQUEST, true), true);//Useful for debugging purpose
    153. 

  153. 		// Include the Stripe library.
    154. 

  154. 		SwpmMiscUtils::load_stripe_lib();
    155. 

  155. 		// Read and sanitize the request parameters.
    156. 

  156. 		$button_id    = sanitize_text_field( $_REQUEST['item_number'] );
    157. 

  157. 		$button_id    = absint( $button_id );
    158. 

  158. 		$button_title = sanitize_text_field( $_REQUEST['item_name'] );
    159. 

  159. 

  160. 		$stripe_token      = filter_input( INPUT_POST, 'stripeToken', FILTER_SANITIZE_STRING );
    161. 

  161. 		$stripe_token_type = filter_input( INPUT_POST, 'stripeTokenType', FILTER_SANITIZE_STRING );
    162. 

  162. 		$stripe_email      = filter_input( INPUT_POST, 'stripeEmail', FILTER_SANITIZE_EMAIL );
    163. 

  163. 

  164. 		// Retrieve the CPT for this button
    165. 

  165. 		$button_cpt = get_post( $button_id );
    166. 

  166. 		if ( ! $button_cpt ) {
    167. 

  167. 			// Fatal error. Could not find this payment button post object.
    168. 

  168. 			SwpmLog::log_simple_debug( 'Fatal Error! Failed to retrieve the payment button post object for the given button ID: ' . $button_id, false );
    169. 

  169. 			wp_die( esc_html( sprintf( 'Fatal Error! Payment button (ID: %d) does not exist. This request will fail.', $button_id ) ) );
    170. 

  170. 		}
    171. 

  171. 

  172. 		$plan_id = get_post_meta( $button_id, 'stripe_plan_id', true );
    173. 

  173. 		$descr   = 'Subscription to "' . $plan_id . '" plan';
    174. 

  174. 

  175. 		$membership_level_id = get_post_meta( $button_id, 'membership_level_id', true );
    176. 

  176. 

  177. 		// Validate and verify some of the main values.
    178. 

  178. 		// Validation passed. Go ahead with the charge.
    179. 

  179. 		// Sandbox and other settings
    180. 

  180. 		$settings        = SwpmSettings::get_instance();
    181. 

  181. 		$sandbox_enabled = $settings->get_value( 'enable-sandbox-testing' );
    182. 

  182. 

  183. 		//API keys
    184. 

  184. 		$api_keys = SwpmMiscUtils::get_stripe_api_keys_from_payment_button( $button_id, ! $sandbox_enabled );
    185. 

  185. 

  186. 		// Set secret API key in the Stripe library
    187. 

  187. 		\Stripe\Stripe::setApiKey( $api_keys['secret'] );
    188. 

  188. 

  189. 		// Get the credit card details submitted by the form
    190. 

  190. 		$token = $stripe_token;
    191. 

  191. 

  192. 		// Create the charge on Stripe's servers - this will charge the user's card
    193. 

  193. 		try {
    194. 

  194. 			$customer = \Stripe\Customer::create(
    195. 

  195. 				array(
    196. 

  196. 					'description'     => $descr,
    197. 

  197. 					'email'           => $stripe_email,
    198. 

  198. 					'source'          => $token,
    199. 

  199. 					'plan'            => $plan_id,
    200. 

  200. 					'trial_from_plan' => 'true',
    201. 

  201. 				)
    202. 

  202. 			);
    203. 

  203. 		} catch ( Exception $e ) {
    204. 

  204. 			SwpmLog::log_simple_debug( 'Error occurred during Stripe Subscribe. ' . $e->getMessage(), false );
    205. 

  205. 			$body         = $e->getJsonBody();
    206. 

  206. 			$error        = $body['error'];
    207. 

  207. 			$error_string = wp_json_encode( $error );
    208. 

  208. 			SwpmLog::log_simple_debug( 'Error details: ' . $error_string, false );
    209. 

  209. 			wp_die( esc_html( 'Stripe subscription Error! ' . $e->getMessage() . $error_string ) );
    210. 

  210. 		}
    211. 

  211. 

  212. 		// Everything went ahead smoothly with the charge.
    213. 

  213. 		SwpmLog::log_simple_debug( 'Stripe subscription successful.', true );
    214. 

  214. 

  215. 		// let's add button_id to metadata
    216. 

  216. 		$customer->metadata = array( 'button_id' => $button_id );
    217. 

  217. 		try {
    218. 

  218. 			$customer->save();
    219. 

  219. 		} catch ( Exception $e ) {
    220. 

  220. 			SwpmLog::log_simple_debug( 'Error occurred during Stripe customer metadata update. ' . $e->getMessage(), false );
    221. 

  221. 			$body = $e->getJsonBody();
    222. 

  222. 			SwpmLog::log_simple_debug( 'Error details: ' . $error_string, false );
    223. 

  223. 		}
    224. 

  224. 

  225. 		// Grab customer ID and set it as the transaction ID.
    226. 

  226. 		$txn_id = $customer->id; // $charge->balance_transaction;
    227. 

  227. 		// Grab subscription ID
    228. 

  228. 		$subscr_id  = $customer->subscriptions->data[0]->id;
    229. 

  229. 		$custom     = sanitize_text_field( $_REQUEST['custom'] );
    230. 

  230. 		$custom_var = SwpmTransactions::parse_custom_var( $custom );
    231. 

  231. 		$swpm_id    = isset( $custom_var['swpm_id'] ) ? $custom_var['swpm_id'] : '';
    232. 

  232. 

  233. 		$payment_amount = $customer->subscriptions->data[0]->plan->amount / 100;
    234. 

  234. 

  235. 		// Create the $ipn_data array.
    236. 

  236. 		$ipn_data                     = array();
    237. 

  237. 		$ipn_data['mc_gross']         = $payment_amount;
    238. 

  238. 		$ipn_data['first_name']       = '';
    239. 

  239. 		$ipn_data['last_name']        = '';
    240. 

  240. 		$ipn_data['payer_email']      = $stripe_email;
    241. 

  241. 		$ipn_data['membership_level'] = $membership_level_id;
    242. 

  242. 		$ipn_data['txn_id']           = $txn_id;
    243. 

  243. 		$ipn_data['subscr_id']        = $subscr_id;
    244. 

  244. 		$ipn_data['swpm_id']          = $swpm_id;
    245. 

  245. 		$ipn_data['ip']               = $custom_var['user_ip'];
    246. 

  246. 		$ipn_data['custom']           = $custom;
    247. 

  247. 		$ipn_data['gateway']          = 'stripe';
    248. 

  248. 		$ipn_data['status']           = 'completed';
    249. 

  249. 

  250. 		$ipn_data['address_street']  = '';
    251. 

  251. 		$ipn_data['address_city']    = '';
    252. 

  252. 		$ipn_data['address_state']   = '';
    253. 

  253. 		$ipn_data['address_zipcode'] = '';
    254. 

  254. 		$ipn_data['country']         = '';
    255. 

  255. 

  256. 		$ipn_data['payment_button_id'] = $button_id;
    257. 

  257. 		$ipn_data['is_live']           = ! $sandbox_enabled;
    258. 

  258. 

  259. 		// Handle the membership signup related tasks.
    260. 

  260. 		swpm_handle_subsc_signup_stand_alone( $ipn_data, $membership_level_id, $txn_id, $swpm_id );
    261. 

  261. 

  262. 		// Save the transaction record
    263. 

  263. 		SwpmTransactions::save_txn_record( $ipn_data );
    264. 

  264. 		SwpmLog::log_simple_debug( 'Transaction data saved.', true );
    265. 

  265. 

  266. 		// Trigger the stripe IPN processed action hook (so other plugins can can listen for this event).
    267. 

  267. 		do_action( 'swpm_stripe_ipn_processed', $ipn_data );
    268. 

  268. 

  269. 		do_action( 'swpm_payment_ipn_processed', $ipn_data );
    270. 

  270. 

  271. 		// Redirect the user to the return URL (or to the homepage if a return URL is not specified for this payment button).
    272. 

  272. 		$return_url = get_post_meta( $button_id, 'return_url', true );
    273. 

  273. 		if ( empty( $return_url ) ) {
    274. 

  274. 			$return_url = SIMPLE_WP_MEMBERSHIP_SITE_HOME_URL;
    275. 

  275. 		}
    276. 

  276. 		SwpmLog::log_simple_debug( 'Redirecting customer to: ' . $return_url, true );
    277. 

  277. 		SwpmLog::log_simple_debug( 'End of Stripe subscription IPN processing.', true, true );
    278. 

  278. 		SwpmMiscUtils::redirect_to_url( $return_url );
    279. 

  279. 	}
    280. 

  280. 

  281. }
    282. 

  282. 

  283. $swpm_stripe_subscription_ipn = new SwpmStripeSubscriptionIpnHandler();
    284.