Provider Payment Method ID
@@ -79,20 +96,20 @@ $num_rows = mysqli_num_rows($sql);
while ($row = mysqli_fetch_array($sql)) {
$saved_payment_id = intval($row['saved_payment_id']);
- $client_id = intval($row['client_id']);
+ $client_id = intval($row['saved_payment_client_id']);
$client_name = nullable_htmlentities($row['client_name']);
- $provider_id = intval($row['payment_provider_id']);
+ $provider_id = intval($row['saved_payment_provider_id']);
$provider_name = nullable_htmlentities($row['payment_provider_name']);
- $saved_payment_details = nullable_htmlentities($row['saved_payment_details']);
- $provider_client = nullable_htmlentities($row['saved_payment_provider_client']);
- $provider_payment_method = floatval($row['saved_payment_provider_method']);
+ $saved_payment_description = nullable_htmlentities($row['saved_payment_description']);
+ $provider_client = nullable_htmlentities($row['payment_provider_client']);
+ $provider_payment_method = nullable_htmlentities($row['saved_payment_provider_method']);
$saved_payment_created_at = nullable_htmlentities($row['saved_payment_created_at']);
?>
| () |
() |
- |
+ |
|
|
|
@@ -107,16 +124,13 @@ $num_rows = mysqli_num_rows($sql);
}
- if ($num_rows == 0) {
- echo "No Records Here
";
- }
-
?>
+
diff --git a/ajax/ajax_payment_method_edit.php b/ajax/ajax_payment_method_edit.php
index fd30cea4..6499e1c0 100644
--- a/ajax/ajax_payment_method_edit.php
+++ b/ajax/ajax_payment_method_edit.php
@@ -10,7 +10,6 @@ $row = mysqli_fetch_array($sql);
$payment_method_id = intval($row['payment_method_id']);
$payment_method_name = nullable_htmlentities($row['payment_method_name']);
$payment_method_description = nullable_htmlentities($row['payment_method_description']);
-$payment_method_provider_id = intval($row['payment_method_provider_id']);
// Generate the HTML form content using output buffering.
ob_start();
@@ -40,27 +39,6 @@ ob_start();
-
-
diff --git a/client/post.php b/client/post.php
index e8b5b8ed..ce9e4574 100644
--- a/client/post.php
+++ b/client/post.php
@@ -438,109 +438,159 @@ if (isset($_POST['create_stripe_customer'])) {
exit();
}
- // Get Stripe vars
- $stripe_vars = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_stripe_enable, config_stripe_publishable, config_stripe_secret FROM settings WHERE company_id = 1"));
- $config_stripe_enable = intval($stripe_vars['config_stripe_enable']);
- $config_stripe_secret = nullable_htmlentities($stripe_vars['config_stripe_secret']);
+ // Get Stripe provider
+ $stripe_provider_result = mysqli_query($mysqli, "
+ SELECT * FROM payment_providers
+ WHERE payment_provider_name = 'Stripe'
+ AND payment_provider_active = 1
+ LIMIT 1
+ ");
- if (!$config_stripe_enable) {
- header("Location: autopay.php");
+ $stripe_provider = mysqli_fetch_array($stripe_provider_result);
+ if (!$stripe_provider) {
+ $_SESSION['alert_type'] = "danger";
+ $_SESSION['alert_message'] = "Stripe provider is not configured in the system.";
+ header("Location: saved_payment_methods.php");
exit();
}
- // Include stripe SDK
- require_once '../plugins/stripe-php/init.php';
+ $stripe_provider_id = intval($stripe_provider['payment_provider_id']);
+ $stripe_secret_key = nullable_htmlentities($stripe_provider['payment_provider_private_key']);
- // Get client's StripeID from database (should be none)
- $stripe_client_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT stripe_id FROM client_stripe WHERE client_id = $session_client_id LIMIT 1"));
- if (!$stripe_client_details) {
+ if (empty($stripe_secret_key)) {
+ $_SESSION['alert_type'] = "danger";
+ $_SESSION['alert_message'] = "Stripe credentials missing. Please contact support.";
+ header("Location: saved_payment_methods.php");
+ exit();
+ }
+ // Check if client already has a Stripe customer
+ $existing_customer = mysqli_fetch_array(mysqli_query($mysqli, "
+ SELECT payment_provider_client
+ FROM client_payment_provider
+ WHERE client_id = $session_client_id
+ AND payment_provider_id = $stripe_provider_id
+ LIMIT 1
+ "));
+
+ if (!$existing_customer) {
try {
- // Initiate Stripe
- $stripe = new \Stripe\StripeClient($config_stripe_secret);
+ // Initialize Stripe
+ require_once '../plugins/stripe-php/init.php';
+ $stripe = new \Stripe\StripeClient($stripe_secret_key);
- // Create customer
+ // Create new customer in Stripe
$customer = $stripe->customers->create([
'name' => $session_client_name,
'email' => $session_contact_email,
'metadata' => [
'itflow_client_id' => $session_client_id,
- 'consent' => $session_contact_name
+ 'consent_by' => $session_contact_name
]
]);
+ $stripe_customer_id = sanitizeInput($customer->id);
+
+ // Insert customer into client_payment_provider
+ mysqli_query($mysqli, "
+ INSERT INTO client_payment_provider
+ SET client_id = $session_client_id,
+ payment_provider_id = $stripe_provider_id,
+ payment_provider_client = '$stripe_customer_id',
+ client_payment_provider_created_at = NOW()
+ ");
+
+ // Logging
+ logAction("Stripe", "Create", "$session_contact_name created Stripe customer for $session_client_name as $stripe_customer_id and authorized future automatic payments", $session_client_id, $session_client_id);
+
+ $_SESSION['alert_message'] = "Stripe customer created. Thank you for your consent.";
+
} catch (Exception $e) {
$error = $e->getMessage();
- error_log("Stripe payment error - encountered exception when creating customer record for $session_client_name: $error");
- logApp("Stripe", "error", "Exception creating customer $session_client_name: $error");
+ error_log("Stripe error while creating customer for $session_client_name: $error");
+ logApp("Stripe", "error", "Failed to create Stripe customer for $session_client_name: $error");
+
+ $_SESSION['alert_type'] = "danger";
+ $_SESSION['alert_message'] = "An error occurred while creating your Stripe customer. Please try again.";
}
- // Get & Store customer ID
- $stripe_id = sanitizeInput($customer->id);
-
- mysqli_query($mysqli, "INSERT INTO client_stripe SET client_id = $session_client_id, stripe_id = '$stripe_id'");
-
- // Logging
- logAction("Stripe", "Create", "$session_contact_name created Stripe customer for $session_client_name as $stripe_id and authorised future automatic payments", $session_client_id, $session_client_id);
-
- $_SESSION['alert_message'] = "Stripe customer created, thank you for your consent";
-
} else {
$_SESSION['alert_type'] = "danger";
- $_SESSION['alert_message'] = "Stripe customer already exists";
+ $_SESSION['alert_message'] = "Stripe customer already exists for your account.";
}
- header('Location: autopay.php');
+ header('Location: saved_payment_methods.php');
}
if (isset($_GET['create_stripe_checkout'])) {
- // This page is called by the autopay_setup_stripe.js, it returns a checkout session client secret
+ // This page is called by autopay_setup_stripe.js, returns a Checkout Session client_secret
if ($session_contact_primary == 0 && !$session_contact_is_billing_contact) {
header("Location: post.php?logout");
exit();
}
- // Get Stripe vars
- $stripe_vars = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_stripe_enable, config_stripe_publishable, config_stripe_secret FROM settings WHERE company_id = 1"));
- $config_stripe_enable = intval($stripe_vars['config_stripe_enable']);
- $config_stripe_secret = nullable_htmlentities($stripe_vars['config_stripe_secret']);
+ // Fetch Stripe provider info
+ $stripe_provider_result = mysqli_query($mysqli, "
+ SELECT * FROM payment_providers
+ WHERE payment_provider_name = 'Stripe'
+ AND payment_provider_active = 1
+ LIMIT 1
+ ");
- if (!$config_stripe_enable) {
- header("Location: autopay.php");
+ $stripe_provider = mysqli_fetch_array($stripe_provider_result);
+ if (!$stripe_provider) {
+ http_response_code(400);
+ echo json_encode(['error' => 'Stripe provider not configured']);
exit();
}
- // Client Currency
- $client_currency_details = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT client_currency_code FROM clients WHERE client_id = $session_client_id LIMIT 1"));
- $client_currency = $client_currency_details['client_currency_code'];
+ $stripe_provider_id = intval($stripe_provider['payment_provider_id']);
+ $stripe_secret_key = nullable_htmlentities($stripe_provider['payment_provider_private_key']);
- // Define return URL that user is redirected to once payment method is verified by Stripe
+ if (empty($stripe_secret_key)) {
+ http_response_code(400);
+ echo json_encode(['error' => 'Stripe secret key missing']);
+ exit();
+ }
+
+ // Get client currency
+ $client_currency_result = mysqli_query($mysqli, "
+ SELECT client_currency_code
+ FROM clients
+ WHERE client_id = $session_client_id
+ LIMIT 1
+ ");
+ $client_currency_row = mysqli_fetch_assoc($client_currency_result);
+ $client_currency = $client_currency_row['client_currency_code'] ?? 'usd';
+
+ // Return URL when checkout finishes
$return_url = "https://$config_base_url/client/post.php?stripe_save_card&session_id={CHECKOUT_SESSION_ID}";
try {
- // Initialize stripe
require_once '../plugins/stripe-php/init.php';
- $stripe = new \Stripe\StripeClient($config_stripe_secret);
+ $stripe = new \Stripe\StripeClient($stripe_secret_key);
- // Create checkout session (server side)
+ // Create checkout session
$checkout_session = $stripe->checkout->sessions->create([
'currency' => $client_currency,
'mode' => 'setup',
'ui_mode' => 'embedded',
'return_url' => $return_url,
]);
+
+ echo json_encode(['clientSecret' => $checkout_session->client_secret]);
+
} catch (Exception $e) {
$error = $e->getMessage();
- error_log("Stripe payment error - encountered exception when creating checkout session: $error");
- logApp("Stripe", "error", "Exception creating checkout: $error");
+ error_log("Stripe error creating checkout session: $error");
+ logApp("Stripe", "error", "Exception creating checkout session: $error");
+ http_response_code(500);
+ echo json_encode(['error' => 'Stripe Checkout session failed']);
}
- // Return the client secret to the js script
- echo json_encode(array('clientSecret' => $checkout_session->client_secret));
-
- // No redirect & no point logging this
+ exit;
}
if (isset($_GET['stripe_save_card'])) {
@@ -550,160 +600,245 @@ if (isset($_GET['stripe_save_card'])) {
exit();
}
- // Get Stripe vars
- $stripe_vars = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_stripe_enable, config_stripe_publishable, config_stripe_secret FROM settings WHERE company_id = 1"));
- $config_stripe_enable = intval($stripe_vars['config_stripe_enable']);
- $config_stripe_secret = nullable_htmlentities($stripe_vars['config_stripe_secret']);
+ // Get Stripe provider
+ $stripe_provider_result = mysqli_query($mysqli, "
+ SELECT * FROM payment_providers
+ WHERE payment_provider_name = 'Stripe'
+ AND payment_provider_active = 1
+ LIMIT 1
+ ");
- if (!$config_stripe_enable) {
- header("Location: autopay.php");
+ $stripe_provider = mysqli_fetch_array($stripe_provider_result);
+ if (!$stripe_provider) {
+ $_SESSION['alert_type'] = "danger";
+ $_SESSION['alert_message'] = "Stripe provider not configured.";
+ header("Location: saved_payment_methods.php");
+ exit();
+ }
+
+ $stripe_provider_id = intval($stripe_provider['payment_provider_id']);
+ $stripe_secret_key = nullable_htmlentities($stripe_provider['payment_provider_private_key']);
+
+ if (empty($stripe_secret_key)) {
+ $_SESSION['alert_type'] = "danger";
+ $_SESSION['alert_message'] = "Stripe credentials missing.";
+ header("Location: saved_payment_methods.php");
+ exit();
+ }
+
+ // Get client's Stripe customer ID
+ $client_provider_query = mysqli_query($mysqli, "
+ SELECT payment_provider_client
+ FROM client_payment_provider
+ WHERE client_id = $session_client_id
+ AND payment_provider_id = $stripe_provider_id
+ LIMIT 1
+ ");
+ $client_provider = mysqli_fetch_array($client_provider_query);
+ $stripe_customer_id = sanitizeInput($client_provider['payment_provider_client'] ?? '');
+
+ if (empty($stripe_customer_id)) {
+ $_SESSION['alert_type'] = "danger";
+ $_SESSION['alert_message'] = "Stripe customer ID not found for client.";
+ header("Location: saved_payment_methods.php");
exit();
}
// Get session ID from URL
$checkout_session_id = sanitizeInput($_GET['session_id']);
- // Get client's StripeID from database
- $stripe_client_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT stripe_id FROM client_stripe WHERE client_id = $session_client_id LIMIT 1"));
- $client_stripe_id = sanitizeInput($stripe_client_details['stripe_id']);
-
try {
- // Initialize stripe
require_once '../plugins/stripe-php/init.php';
- $stripe = new \Stripe\StripeClient($config_stripe_secret);
+ $stripe = new \Stripe\StripeClient($stripe_secret_key);
- // Retrieve checkout session
- $checkout_session = $stripe->checkout->sessions->retrieve($checkout_session_id,[]);
-
- // Get setup intent
+ // Retrieve checkout session & setup intent
+ $checkout_session = $stripe->checkout->sessions->retrieve($checkout_session_id, []);
$setup_intent_id = $checkout_session->setup_intent;
-
- // Retrieve the setup intent details
$setup_intent = $stripe->setupIntents->retrieve($setup_intent_id, []);
+ $payment_method_id = sanitizeInput($setup_intent->payment_method);
- // Get the payment method token
- $payment_method = sanitizeInput($setup_intent->payment_method);
+ // Attach the payment method to the Stripe customer
+ $stripe->paymentMethods->attach($payment_method_id, ['customer' => $stripe_customer_id]);
- // Attach the payment method to the client in Stripe
- $stripe->paymentMethods->attach($payment_method, ['customer' => $client_stripe_id]);
+ // Retrieve PM details for logging and UI
+ $payment_method_details = $stripe->paymentMethods->retrieve($payment_method_id, []);
+ $card_brand = sanitizeInput($payment_method_details->card->brand);
+ $last4 = sanitizeInput($payment_method_details->card->last4);
+ $exp_month = sanitizeInput($payment_method_details->card->exp_month);
+ $exp_year = sanitizeInput($payment_method_details->card->exp_year);
+
+ $saved_payment_description = "$card_brand - $last4 | Exp $exp_month/$exp_year";
+
+ // Insert into client_saved_payment_methods
+ mysqli_query($mysqli, "
+ INSERT INTO client_saved_payment_methods
+ SET
+ saved_payment_provider_method = '$payment_method_id',
+ saved_payment_description = '$saved_payment_description',
+ saved_payment_client_id = $session_client_id,
+ saved_payment_provider_id = $stripe_provider_id,
+ saved_payment_created_at = NOW()
+ ");
} catch (Exception $e) {
$error = $e->getMessage();
- error_log("Stripe payment error - encountered exception when adding payment method info: $error");
- logApp("Stripe", "error", "Exception adding payment method: $error");
+ error_log("Stripe error while saving payment method: $error");
+ logApp("Stripe", "error", "Exception saving payment method: $error");
+
+ $_SESSION['alert_type'] = "danger";
+ $_SESSION['alert_message'] = "An error occurred while saving your payment method.";
+ header("Location: saved_payment_methods.php");
+ exit();
}
- // Update ITFlow
- mysqli_query($mysqli, "UPDATE client_stripe SET stripe_pm = '$payment_method' WHERE client_id = $session_client_id LIMIT 1");
-
- // Get some card/payment method details for the email/logging
- $payment_method_details = $stripe->paymentMethods->retrieve($payment_method);
- $card_type = sanitizeInput($payment_method_details->card->brand);
- $last4 = sanitizeInput($payment_method_details->card->last4);
- $expiry_month = sanitizeInput($payment_method_details->card->exp_month);
- $expiry_year = sanitizeInput($payment_method_details->card->exp_year);
-
- // Format the payment details string (Visa - 4324 | Exp 12/25)
- $stripe_pm_details = "$card_type - $last4 | Exp $expiry_month/$expiry_year";
-
- // Save the formatted payment details into stripe_pm_details
- $update_query = "
- UPDATE client_stripe
- SET stripe_pm_details = '$stripe_pm_details'
- WHERE client_id = $session_client_id LIMIT 1";
- mysqli_query($mysqli, $update_query);
-
- // Send email confirmation
- // Company Details & Settings
- $sql_settings = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
+ // Email Confirmation
+ $sql_settings = mysqli_query($mysqli, "
+ SELECT * FROM companies, settings
+ WHERE companies.company_id = settings.company_id
+ AND companies.company_id = 1
+ ");
$row = mysqli_fetch_array($sql_settings);
+
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone'], $row['company_phone_country_code']));
- $config_smtp_host = $row['config_smtp_host'];
- $config_smtp_port = intval($row['config_smtp_port']);
- $config_smtp_encryption = $row['config_smtp_encryption'];
- $config_smtp_username = $row['config_smtp_username'];
- $config_smtp_password = $row['config_smtp_password'];
- $config_invoice_from_name = sanitizeInput($row['config_invoice_from_name']);
$config_invoice_from_email = sanitizeInput($row['config_invoice_from_email']);
- $config_base_url = sanitizeInput($config_base_url);
+ $config_invoice_from_name = sanitizeInput($row['config_invoice_from_name']);
- if (!empty($config_smtp_host)) {
+ if (!empty($row['config_smtp_host'])) {
$subject = "Payment method saved";
- $body = "Hello $session_contact_name,
We're writing to confirm that your payment details have been securely stored with Stripe, our trusted payment processor.
By agreeing to save your payment information, you have authorized us to automatically bill your card ($stripe_pm_details) for any future invoices. The payment details you've provided are securely stored with Stripe and will be used solely for invoices. We do not have access to your full card details.
You may update or remove your payment information at any time using the portal.
Thank you for your business!
--
$company_name - Billing Department
$config_invoice_from_email
$company_phone";
+ $body = "Hello $session_contact_name
+ Were writing to confirm that your payment details have been securely stored with Stripe our trusted payment processor.
+ You authorized us to automatically bill your card ($saved_payment_description) for future invoices.
+ You may update or remove your payment method at any time via the client portal.
+ Thank you for your business!
+ --
$company_name - Billing Department
$config_invoice_from_email
$company_phone";
- $data = [
- [
- 'from' => $config_invoice_from_email,
- 'from_name' => $config_invoice_from_name,
- 'recipient' => $session_contact_email,
- 'recipient_name' => $session_contact_name,
- 'subject' => $subject,
- 'body' => $body,
- ]
- ];
+ $data = [[
+ 'from' => $config_invoice_from_email,
+ 'from_name' => $config_invoice_from_name,
+ 'recipient' => $session_contact_email,
+ 'recipient_name' => $session_contact_name,
+ 'subject' => $subject,
+ 'body' => $body
+ ]];
$mail = addToMailQueue($data);
-
}
- // Logging
- logAction("Stripe", "Update", "$session_contact_name saved payment method ($stripe_pm_details) for future automatic payments (PM: $payment_method)", $session_client_id, $session_client_id);
+ // Log the action
+ logAction("Stripe", "Update", "$session_contact_name saved payment method ($saved_payment_description) (PM: $payment_method_id)", $session_client_id);
// Redirect
- $_SESSION['alert_message'] = "Payment method saved - thank you";
- header('Location: autopay.php');
+ $_SESSION['alert_message'] = "Payment method saved – thank you.";
+ header("Location: saved_payment_methods.php");
}
-if (isset($_GET['stripe_remove_pm'])) {
+if (isset($_GET['delete_saved_payment'])) {
if ($session_contact_primary == 0 && !$session_contact_is_billing_contact) {
header("Location: post.php?logout");
exit();
}
- // Get Stripe vars
- $stripe_vars = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_stripe_enable, config_stripe_publishable, config_stripe_secret FROM settings WHERE company_id = 1"));
- $config_stripe_enable = intval($stripe_vars['config_stripe_enable']);
- $config_stripe_secret = nullable_htmlentities($stripe_vars['config_stripe_secret']);
+ $saved_payment_id = intval($_GET['delete_saved_payment']);
- if (!$config_stripe_enable) {
- header("Location: autopay.php");
+ // Get Stripe provider info
+ $stripe_provider_result = mysqli_query($mysqli, "
+ SELECT * FROM payment_providers
+ WHERE payment_provider_name = 'Stripe'
+ AND payment_provider_active = 1
+ LIMIT 1
+ ");
+ $stripe_provider = mysqli_fetch_array($stripe_provider_result);
+
+ if (!$stripe_provider) {
+ $_SESSION['alert_type'] = "danger";
+ $_SESSION['alert_message'] = "Stripe provider is not configured.";
+ header("Location: saved_payment_methods.php");
exit();
}
- $payment_method = sanitizeInput($_GET['pm']);
+ $stripe_provider_id = intval($stripe_provider['payment_provider_id']);
+ $stripe_secret_key = nullable_htmlentities($stripe_provider['payment_provider_private_key']);
+
+ if (empty($stripe_secret_key)) {
+ $_SESSION['alert_type'] = "danger";
+ $_SESSION['alert_message'] = "Stripe credentials are missing.";
+ header("Location: saved_payment_methods.php");
+ exit();
+ }
+
+ $saved_payment_result = mysqli_query($mysqli, "
+ SELECT saved_payment_id, saved_payment_description, saved_payment_provider_method
+ FROM client_saved_payment_methods
+ WHERE saved_payment_id = $saved_payment_id
+ AND saved_payment_client_id = $session_client_id
+ AND saved_payment_provider_id = $stripe_provider_id
+ LIMIT 1
+ ");
+
+ $saved_payment = mysqli_fetch_array($saved_payment_result);
+
+ if (!$saved_payment) {
+ $_SESSION['alert_type'] = "danger";
+ $_SESSION['alert_message'] = "Payment method not found or does not belong to you.";
+ header("Location: saved_payment_methods.php");
+ exit();
+ }
+
+ $payment_method_id = sanitizeInput($saved_payment['saved_payment_provider_method']);
+
+ $saved_payment_id = intval($saved_payment['saved_payment_id']);
+ $saved_payment_description = nullable_htmlentities($saved_payment['saved_payment_description']);
try {
- // Initialize stripe
+ // Initialize Stripe
require_once '../plugins/stripe-php/init.php';
- $stripe = new \Stripe\StripeClient($config_stripe_secret);
+ $stripe = new \Stripe\StripeClient($stripe_secret_key);
- // Detach PM
- $stripe->paymentMethods->detach($payment_method, []);
+ // Detach the payment method from Stripe
+ $stripe->paymentMethods->detach($payment_method_id, []);
} catch (Exception $e) {
$error = $e->getMessage();
- error_log("Stripe payment error - encountered exception when removing payment method info for $payment_method: $error");
- logApp("Stripe", "error", "Exception removing payment method for $payment_method: $error");
+ error_log("Stripe error while removing payment method $payment_method_id: $error");
+ logApp("Stripe", "error", "Exception removing payment method $payment_method_id: $error");
+
+ $_SESSION['alert_type'] = "danger";
+ $_SESSION['alert_message'] = "An error occurred while removing your payment method.";
+ header("Location: saved_payment_methods.php");
+ exit();
}
- // Remove payment method from ITFlow
- mysqli_query($mysqli, "UPDATE client_stripe SET stripe_pm = NULL, stripe_pm_details = NULL WHERE client_id = $session_client_id LIMIT 1");
+ // Remove saved payment method from local DB
+ mysqli_query($mysqli, "
+ DELETE FROM client_saved_payment_methods
+ WHERE saved_payment_id = $saved_payment_id
+ ");
- // Remove Auto Pay on recurring invoices that are stripe
- $sql_recurring_invoices = mysqli_query($mysqli, "SELECT recurring_invoice_id FROM recurring_invoices WHERE recurring_invoice_client_id = $session_client_id");
+ // Remove any auto-pay records using this payment method
+ $recurring_invoices = mysqli_query($mysqli, "
+ SELECT recurring_invoice_id
+ FROM recurring_invoices
+ WHERE recurring_invoice_client_id = $session_client_id
+ ");
- while ($row = mysqli_fetch_array($sql_recurring_invoices)) {
+ while ($row = mysqli_fetch_array($recurring_invoices)) {
$recurring_invoice_id = intval($row['recurring_invoice_id']);
- mysqli_query($mysqli, "DELETE FROM recurring_payments WHERE recurring_payment_method = 'Stripe' AND recurring_payment_recurring_invoice_id = $recurring_invoice_id");
+
+ mysqli_query($mysqli, "
+ DELETE FROM recurring_payments
+ WHERE recurring_payment_recurring_invoice_id = $recurring_invoice_id
+ AND recurring_payment_saved_payment_id = $saved_payment_id
+ ");
}
- // Logging & Redirect
- logAction("Stripe", "Update", "$session_contact_name deleted saved Stripe payment method (PM: $payment_method)", $session_client_id, $session_client_id);
+ // Log and redirect
+ logAction("Stripe", "Update", "$session_contact_name deleted Stripe payment method $saved_payment_description (PM: $payment_method_id)", $session_client_id);
- $_SESSION['alert_message'] = "Payment method removed";
- header('Location: autopay.php');
+ $_SESSION['alert_message'] = "Payment method $saved_payment_description removed.";
+
+ header("Location: saved_payment_methods.php");
}
if (isset($_POST['add_recurring_payment'])) {
diff --git a/client/recurring_invoice_savd_payment_add_modal.php b/client/recurring_invoice_savd_payment_add_modal.php
new file mode 100644
index 00000000..e69de29b
diff --git a/client/recurring_invoices.php b/client/recurring_invoices.php
index 6f0c15c1..724edd8f 100644
--- a/client/recurring_invoices.php
+++ b/client/recurring_invoices.php
@@ -14,12 +14,6 @@ if ($session_contact_primary == 0 && !$session_contact_is_billing_contact) {
exit();
}
-// Get client's StripeID from database
-$stripe_client_details = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM client_stripe WHERE client_id = $session_client_id LIMIT 1"));
-if ($stripe_client_details) {
- $stripe_pm = sanitizeInput($stripe_client_details['stripe_pm']);
-}
-
$recurring_invoices_sql = mysqli_query($mysqli, "SELECT * FROM recurring_invoices
LEFT JOIN recurring_payments ON recurring_payment_recurring_invoice_id = recurring_invoice_id
WHERE recurring_invoice_client_id = $session_client_id
@@ -92,17 +86,24 @@ $recurring_invoices_sql = mysqli_query($mysqli, "SELECT * FROM recurring_invoice
ly |
-
+ 0) { ?>
- Add Card Details First
+ Add a Payment Method
|
diff --git a/client/saved_payment_methods.php b/client/saved_payment_methods.php
new file mode 100644
index 00000000..ebd96148
--- /dev/null
+++ b/client/saved_payment_methods.php
@@ -0,0 +1,138 @@
+
+
+Saved Payment Methods
+
+
+
+
+
Save card details
+ In order to set up automatic payments, you must create a customer record in Stripe.
+ First, you must authorize Stripe to store your card details for the purpose of automatic payment.
+
+
+
+
+
+
+
Manage saved payment methods
+
+
+
You currently have no saved payment methods. Please add one below.
+
+
+
+
+
+
Add a new payment method
+
+
+
+
+
+
+
+
+
+
+
+
There was an error verifying your payment. Please contact us for more information before attempting payment again.
");
-// Setup Stripe
-$stripe_vars = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_stripe_enable, config_stripe_publishable, config_stripe_secret, config_stripe_account, config_stripe_expense_vendor, config_stripe_expense_category, config_stripe_percentage_fee, config_stripe_flat_fee FROM settings WHERE company_id = 1"));
-$config_stripe_enable = intval($stripe_vars['config_stripe_enable']);
-$config_stripe_publishable = nullable_htmlentities($stripe_vars['config_stripe_publishable']);
-$config_stripe_secret = nullable_htmlentities($stripe_vars['config_stripe_secret']);
-$config_stripe_account = intval($stripe_vars['config_stripe_account']);
-$config_stripe_expense_vendor = intval($stripe_vars['config_stripe_expense_vendor']);
-$config_stripe_expense_category = intval($stripe_vars['config_stripe_expense_category']);
-$config_stripe_percentage_fee = floatval($stripe_vars['config_stripe_percentage_fee']);
-$config_stripe_flat_fee = floatval($stripe_vars['config_stripe_flat_fee']);
+// --- Get Stripe config from payment_providers table ---
+$stripe_provider = mysqli_fetch_array(mysqli_query($mysqli, "SELECT * FROM payment_providers"));
+
+
+$stripe_publishable = nullable_htmlentities($stripe_provider['payment_provider_public_key']);
+$stripe_secret = nullable_htmlentities($stripe_provider['payment_provider_private_key']);
+$stripe_account = intval($stripe_provider['payment_provider_account_id']);
+$stripe_expense_vendor = intval($stripe_provider['payment_provider_expense_vendor_id']);
+$stripe_expense_category = intval($stripe_provider['payment_provider_expense_category_id']);
+$stripe_percentage_fee = floatval($stripe_provider['payment_provider_expense_percentage_fee']);
+$stripe_flat_fee = floatval($stripe_provider['payment_provider_expense_flat_fee']);
-// Check Stripe is configured
-if ($config_stripe_enable == 0 || $config_stripe_account == 0 || empty($config_stripe_publishable) || empty($config_stripe_secret)) {
- echo "
Stripe payments not enabled/configured
";
- require_once 'includes/guest_footer.php';
- error_log("Stripe payment error - disabled. Check payments are enabled, Expense account is set, Stripe publishable and secret keys are configured.");
- exit();
-}
// Show payment form
-// Users are directed to this page with the invoice_id and url_key params to make a payment
if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent'])) {
$invoice_url_key = sanitizeInput($_GET['url_key']);
- $invoice_id = intval($_GET['invoice_id']);
+ $invoice_id = intval($_GET['invoice_id']);
// Query invoice details
$sql = mysqli_query(
$mysqli,
"SELECT * FROM invoices
- LEFT JOIN clients ON invoice_client_id = client_id
- WHERE invoice_id = $invoice_id
- AND invoice_url_key = '$invoice_url_key'
- AND invoice_status != 'Draft'
- AND invoice_status != 'Paid'
- AND invoice_status != 'Cancelled'
- LIMIT 1"
+ LEFT JOIN clients ON invoice_client_id = client_id
+ WHERE invoice_id = $invoice_id
+ AND invoice_url_key = '$invoice_url_key'
+ AND invoice_status NOT IN ('Draft', 'Paid', 'Cancelled')
+ LIMIT 1"
);
- // Ensure we have a valid invoice
+ // Ensure valid invoice
if (!$sql || mysqli_num_rows($sql) !== 1) {
echo "
Oops, something went wrong! Please ensure you have the correct URL and have not already paid this invoice.
";
require_once 'includes/guest_footer.php';
- error_log("Stripe payment error - Invoice with ID $invoice_id is unknown/not eligible to be paid.");
+ error_log("Stripe payment error - Invoice with ID $invoice_id not found or not eligible.");
exit();
}
- // Process invoice, client and company details/settings
$row = mysqli_fetch_array($sql);
- $invoice_id = intval($row['invoice_id']);
- $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
- $invoice_number = intval($row['invoice_number']);
- $invoice_status = nullable_htmlentities($row['invoice_status']);
- $invoice_date = nullable_htmlentities($row['invoice_date']);
- $invoice_due = nullable_htmlentities($row['invoice_due']);
- $invoice_discount = floatval($row['invoice_discount_amount']);
- $invoice_amount = floatval($row['invoice_amount']);
+ $invoice_id = intval($row['invoice_id']);
+ $invoice_prefix = nullable_htmlentities($row['invoice_prefix']);
+ $invoice_number = intval($row['invoice_number']);
+ $invoice_status = nullable_htmlentities($row['invoice_status']);
+ $invoice_date = nullable_htmlentities($row['invoice_date']);
+ $invoice_due = nullable_htmlentities($row['invoice_due']);
+ $invoice_discount = floatval($row['invoice_discount_amount']);
+ $invoice_amount = floatval($row['invoice_amount']);
$invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']);
- $client_id = intval($row['client_id']);
- $client_name = nullable_htmlentities($row['client_name']);
-
- $sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1");
- $row = mysqli_fetch_array($sql);
- $company_locale = nullable_htmlentities($row['company_locale']);
+ $client_id = intval($row['client_id']);
+ $client_name = nullable_htmlentities($row['client_name']);
- // Add up all the payments for the invoice and get the total amount paid to the invoice
+ // Company info for currency formatting, etc
+ $sql_company = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
+ $company_row = mysqli_fetch_array($sql_company);
+ $company_locale = nullable_htmlentities($company_row['company_locale']);
+ $config_base_url = nullable_htmlentities($company_row['company_base_url'] ?? ''); // You might want to pull from settings if needed
+
+ // Add up all payments made to the invoice
$sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
- $row = mysqli_fetch_array($sql_amount_paid);
- $amount_paid = floatval($row['amount_paid']);
- $balance_to_pay = $invoice_amount - $amount_paid;
-
- //Round balance to pay to 2 decimal places
- $balance_to_pay = round($balance_to_pay, 2);
+ $amount_paid = floatval(mysqli_fetch_array($sql_amount_paid)['amount_paid']);
+ $balance_to_pay = round($invoice_amount - $amount_paid, 2);
// Get invoice items
$sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_id ASC");
- // Set Currency Formatting
+ // Currency formatting
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
?>
-
+
-
-
-
client_secret !== $pi_cs) {
@@ -208,13 +172,11 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
} elseif ($pi_obj->status !== "succeeded") {
exit(WORDING_PAYMENT_FAILED);
} elseif ($pi_obj->amount !== $pi_obj->amount_received) {
- // The invoice wasn't paid in full
- // this should be flagged for manual review as would indicate something weird happening
error_log("Stripe payment error - payment amount does not match amount paid for $pi_id");
exit(WORDING_PAYMENT_FAILED);
}
- // Get details from PI
+ // PI details
$pi_date = date('Y-m-d', $pi_obj->created);
$pi_invoice_id = intval($pi_obj->metadata->itflow_invoice_id);
$pi_client_id = intval($pi_obj->metadata->itflow_client_id);
@@ -226,20 +188,17 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$invoice_sql = mysqli_query(
$mysqli,
"SELECT * FROM invoices
- LEFT JOIN clients ON invoice_client_id = client_id
- LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1
- WHERE invoice_id = $pi_invoice_id
- AND invoice_status != 'Draft'
- AND invoice_status != 'Paid'
- AND invoice_status != 'Cancelled'
- LIMIT 1"
+ LEFT JOIN clients ON invoice_client_id = client_id
+ LEFT JOIN contacts ON clients.client_id = contacts.contact_client_id AND contact_primary = 1
+ WHERE invoice_id = $pi_invoice_id
+ AND invoice_status NOT IN ('Draft', 'Paid', 'Cancelled')
+ LIMIT 1"
);
if (!$invoice_sql || mysqli_num_rows($invoice_sql) !== 1) {
- error_log("Stripe payment error - Invoice with ID $invoice_id is unknown/not eligible to be paid. PI $pi_id");
+ error_log("Stripe payment error - Invoice with ID $pi_invoice_id is unknown/not eligible. PI $pi_id");
exit(WORDING_PAYMENT_FAILED);
}
- // Invoice exists - get details
$row = mysqli_fetch_array($invoice_sql);
$invoice_id = intval($row['invoice_id']);
$invoice_prefix = sanitizeInput($row['invoice_prefix']);
@@ -251,48 +210,35 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
$client_name = sanitizeInput($row['client_name']);
$contact_name = sanitizeInput($row['contact_name']);
$contact_email = sanitizeInput($row['contact_email']);
-
+
$sql_company = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1");
$row = mysqli_fetch_array($sql_company);
-
$company_name = sanitizeInput($row['company_name']);
$company_phone = sanitizeInput(formatPhoneNumber($row['company_phone']));
$company_locale = sanitizeInput($row['company_locale']);
- // Set Currency Formatting
$currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY);
- // Add up all the payments for the invoice and get the total amount paid to the invoice already (if any)
$sql_amount_paid_previously = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id");
- $row = mysqli_fetch_array($sql_amount_paid_previously);
- $amount_paid_previously = $row['amount_paid'];
+ $amount_paid_previously = floatval(mysqli_fetch_array($sql_amount_paid_previously)['amount_paid']);
$balance_to_pay = $invoice_amount - $amount_paid_previously;
- // Check to see if Expense Fields are configured to create Stripe payment expense
- if ($config_stripe_expense_vendor > 0 && $config_stripe_expense_category > 0) {
- // Calculate gateway expense fee
- $gateway_fee = round($balance_to_pay * $config_stripe_percentage_fee + $config_stripe_flat_fee, 2);
-
- // Add Expense
- mysqli_query($mysqli,"INSERT INTO expenses SET expense_date = '$pi_date', expense_amount = $gateway_fee, expense_currency_code = '$invoice_currency_code', expense_account_id = $config_stripe_account, expense_vendor_id = $config_stripe_expense_vendor, expense_client_id = $client_id, expense_category_id = $config_stripe_expense_category, expense_description = 'Stripe Transaction for Invoice $invoice_prefix$invoice_number In the Amount of $balance_to_pay', expense_reference = 'Stripe - $pi_id'");
+ // Stripe expense
+ if ($stripe_expense_vendor > 0 && $stripe_expense_category > 0) {
+ $gateway_fee = round($balance_to_pay * $stripe_percentage_fee + $stripe_flat_fee, 2);
+ mysqli_query($mysqli, "INSERT INTO expenses SET expense_date = '$pi_date', expense_amount = $gateway_fee, expense_currency_code = '$invoice_currency_code', expense_account_id = $stripe_account, expense_vendor_id = $stripe_expense_vendor, expense_client_id = $client_id, expense_category_id = $stripe_expense_category, expense_description = 'Stripe Transaction for Invoice $invoice_prefix$invoice_number In the Amount of $balance_to_pay', expense_reference = 'Stripe - $pi_id'");
}
- // Round balance to pay to 2 decimal places
- $balance_to_pay = round($balance_to_pay, 2);
-
- // Sanity check that the amount paid is exactly the invoice outstanding balance
if (intval($balance_to_pay) !== intval($pi_amount_paid)) {
error_log("Stripe payment error - Invoice balance does not match amount paid for $pi_id");
exit(WORDING_PAYMENT_FAILED);
}
- // Apply payment
-
// Update Invoice Status
mysqli_query($mysqli, "UPDATE invoices SET invoice_status = 'Paid' WHERE invoice_id = $invoice_id");
// Add Payment to History
- mysqli_query($mysqli, "INSERT INTO payments SET payment_date = '$pi_date', payment_amount = $pi_amount_paid, payment_currency_code = '$pi_currency', payment_account_id = $config_stripe_account, payment_method = 'Stripe', payment_reference = 'Stripe - $pi_id', payment_invoice_id = $invoice_id");
+ mysqli_query($mysqli, "INSERT INTO payments SET payment_date = '$pi_date', payment_amount = $pi_amount_paid, payment_currency_code = '$pi_currency', payment_account_id = $stripe_account, payment_method = 'Stripe', payment_reference = 'Stripe - $pi_id', payment_invoice_id = $invoice_id");
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Paid', history_description = 'Online Payment added (client) - $ip - $os - $browser', history_invoice_id = $invoice_id");
// Notify
@@ -300,30 +246,20 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
customAction('invoice_pay', $invoice_id);
- // Logging
$extended_log_desc = '';
if (!$pi_livemode) {
$extended_log_desc = '(DEV MODE)';
}
-
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Payment', log_action = 'Create', log_description = 'Stripe payment of $pi_currency $pi_amount_paid against invoice $invoice_prefix$invoice_number - $pi_id $extended_log_desc', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $pi_client_id");
-
-
- // Send email receipt
+ // Email Receipt
$sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1");
- $row = mysqli_fetch_array($sql_settings);
+ $settings = mysqli_fetch_array($sql_settings);
- $config_smtp_host = $row['config_smtp_host'];
- $config_smtp_port = intval($row['config_smtp_port']);
- $config_smtp_encryption = $row['config_smtp_encryption'];
- $config_smtp_username = $row['config_smtp_username'];
- $config_smtp_password = $row['config_smtp_password'];
- $config_invoice_from_name = sanitizeInput($row['config_invoice_from_name']);
- $config_invoice_from_email = sanitizeInput($row['config_invoice_from_email']);
- $config_invoice_paid_notification_email = sanitizeInput($row['config_invoice_paid_notification_email']);
-
- $config_base_url = sanitizeInput($config_base_url);
+ $config_smtp_host = $settings['config_smtp_host'];
+ $config_invoice_from_name = sanitizeInput($settings['config_invoice_from_name']);
+ $config_invoice_from_email = sanitizeInput($settings['config_invoice_from_email']);
+ $config_invoice_paid_notification_email = sanitizeInput($settings['config_invoice_paid_notification_email']);
if (!empty($config_smtp_host)) {
$subject = "Payment Received - Invoice $invoice_prefix$invoice_number";
@@ -339,36 +275,29 @@ if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent
'body' => $body,
]
];
-
-
- // Email the internal notification address too
+ // Internal notification
if (!empty($config_invoice_paid_notification_email)) {
- $subject = "Payment Received - $client_name - Invoice $invoice_prefix$invoice_number";
- $body = "Hello,
This is a notification that an invoice has been paid in ITFlow. Below is a copy of the receipt sent to the client:-
--------
Hello $contact_name,
We have received online payment for the amount of " . $pi_currency . $pi_amount_paid . " for invoice $invoice_prefix$invoice_number. Please keep this email as a receipt for your records.
Amount: " . numfmt_format_currency($currency_format, $pi_amount_paid, $invoice_currency_code) . "
Thank you for your business!
~
$company_name - Billing
$config_invoice_from_email
$company_phone";
-
+ $subject_internal = "Payment Received - $client_name - Invoice $invoice_prefix$invoice_number";
+ $body_internal = "This is a notification that an invoice has been paid in ITFlow. Below is a copy of the receipt sent to the client:-
--------
$body";
$data[] = [
'from' => $config_invoice_from_email,
'from_name' => $config_invoice_from_name,
'recipient' => $config_invoice_paid_notification_email,
'recipient_name' => $contact_name,
- 'subject' => $subject,
- 'body' => $body,
+ 'subject' => $subject_internal,
+ 'body' => $body_internal,
];
}
-
$mail = addToMailQueue($data);
-
// Email logging
mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Sent', history_description = 'Emailed Receipt!', history_invoice_id = $invoice_id");
-
}
// Redirect user to invoice
- header('Location: //' . $config_base_url . '/guest/guest_view_invoice.php?invoice_id=' . $pi_invoice_id . '&url_key=' . $invoice_url_key);
+ header('Location: //' . $config_base_url . '/guest/guest_view_invoice.php?invoice_id=' . $invoice_id . '&url_key=' . $invoice_url_key);
} else {
exit(WORDING_PAYMENT_FAILED);
}
-
require_once 'includes/guest_footer.php';
diff --git a/modals/admin_payment_method_add_modal.php b/modals/admin_payment_method_add_modal.php
index 9703b0f9..8a913611 100644
--- a/modals/admin_payment_method_add_modal.php
+++ b/modals/admin_payment_method_add_modal.php
@@ -26,27 +26,6 @@
-
-