There was an error verifying your payment. Please contact us for more information.

"); // Setup Stripe // Defaulting to company id of 1 (as multi-company is being removed) $stripe_vars = mysqli_fetch_array(mysqli_query($mysqli, "SELECT config_stripe_enable, config_stripe_publishable, config_stripe_secret, config_stripe_account FROM settings WHERE company_id = 1")); $config_stripe_enable = intval($stripe_vars['config_stripe_enable']); $config_stripe_publishable = nullable_htmlentities($stripe_vars['config_stripe_publishable']); $config_stripe_secret = nullable_htmlentities($stripe_vars['config_stripe_secret']); $config_stripe_account = intval($stripe_vars['config_stripe_account']); // Check Stripe is configured if ($config_stripe_enable == 0 || $config_stripe_account == 0 || empty($config_stripe_publishable) || empty($config_stripe_secret)) { echo "

Stripe payments not enabled/configured

"; require_once('guest_footer.php'); exit(); } // Show payment form // Users are directed to this page with the invoice_id and url_key params to make a payment if (isset($_GET['invoice_id'], $_GET['url_key']) && !isset($_GET['payment_intent'])) { $invoice_url_key = sanitizeInput($_GET['url_key']); $invoice_id = intval($_GET['invoice_id']); // Query invoice details $sql = mysqli_query( $mysqli, "SELECT * FROM invoices LEFT JOIN clients ON invoice_client_id = client_id WHERE invoice_id = $invoice_id AND invoice_url_key = '$invoice_url_key' AND invoice_status != 'Draft' AND invoice_status != 'Paid' AND invoice_status != 'Cancelled' LIMIT 1" ); // Ensure we have a valid invoice if (!$sql || mysqli_num_rows($sql) !== 1) { echo "

Oops, something went wrong! Please ensure you have the correct URL and have not already paid this invoice.

"; require_once('guest_footer.php'); exit(); } // Process invoice, client and company details/settings $row = mysqli_fetch_array($sql); $invoice_id = intval($row['invoice_id']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']); $invoice_number = intval($row['invoice_number']); $invoice_status = nullable_htmlentities($row['invoice_status']); $invoice_date = nullable_htmlentities($row['invoice_date']); $invoice_due = nullable_htmlentities($row['invoice_due']); $invoice_amount = floatval($row['invoice_amount']); $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']); $client_id = intval($row['client_id']); $client_name = nullable_htmlentities($row['client_name']); $sql = mysqli_query($mysqli, "SELECT * FROM companies, settings WHERE companies.company_id = settings.company_id AND companies.company_id = 1"); $row = mysqli_fetch_array($sql); $company_locale = nullable_htmlentities($row['company_locale']); // Add up all the payments for the invoice and get the total amount paid to the invoice $sql_amount_paid = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id"); $row = mysqli_fetch_array($sql_amount_paid); $amount_paid = floatval($row['amount_paid']); $balance_to_pay = $invoice_amount - $amount_paid; // Get invoice items $sql_invoice_items = mysqli_query($mysqli, "SELECT * FROM invoice_items WHERE item_invoice_id = $invoice_id ORDER BY item_id ASC"); // Set Currency Formatting $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY); ?>

Payment for Invoice:


Product Qty Total
0) { ?> Already paid:



client_secret !== $pi_cs) { exit(WORDING_PAYMENT_FAILED); } elseif ($pi_obj->status !== "succeeded") { exit(WORDING_PAYMENT_FAILED); } elseif ($pi_obj->amount !== $pi_obj->amount_received) { // The invoice wasn't paid in full // this should be flagged for manual review as would indicate something weird happening exit(WORDING_PAYMENT_FAILED); } // Get details from PI $pi_date = date('Y-m-d', $pi_obj->created); $pi_invoice_id = intval($pi_obj->metadata->itflow_invoice_id); $pi_client_id = intval($pi_obj->metadata->itflow_client_id); $pi_amount_paid = floatval(($pi_obj->amount_received / 100)); $pi_currency = strtoupper(sanitizeInput($pi_obj->currency)); $pi_livemode = $pi_obj->livemode; // Get/Check invoice (& client/primary contact) $invoice_sql = mysqli_query( $mysqli, "SELECT * FROM invoices LEFT JOIN clients ON invoice_client_id = client_id LEFT JOIN contacts ON contact_id = primary_contact WHERE invoice_id = $pi_invoice_id AND invoice_status != 'Draft' AND invoice_status != 'Paid' AND invoice_status != 'Cancelled' LIMIT 1" ); if (!$invoice_sql || mysqli_num_rows($invoice_sql) !== 1) { exit(WORDING_PAYMENT_FAILED); } // Invoice exists - get details $row = mysqli_fetch_array($invoice_sql); $invoice_id = intval($row['invoice_id']); $invoice_prefix = nullable_htmlentities($row['invoice_prefix']); $invoice_number = intval($row['invoice_number']); $invoice_amount = floatval($row['invoice_amount']); $invoice_currency_code = nullable_htmlentities($row['invoice_currency_code']); $invoice_url_key = nullable_htmlentities($row['invoice_url_key']); $client_id = intval($row['client_id']); $client_name = nullable_htmlentities($row['client_name']); $contact_name = $row['contact_name']; $contact_email = $row['contact_email']; $sql_company = mysqli_query($mysqli, "SELECT * FROM companies WHERE company_id = 1"); $row = mysqli_fetch_array($sql_company); $company_name = mysqli_real_escape_string($mysqli, nullable_htmlentities($row['company_name'])); $company_phone = nullable_htmlentities($row['company_phone']); $company_locale = nullable_htmlentities($row['company_locale']); // Set Currency Formatting $currency_format = numfmt_create($company_locale, NumberFormatter::CURRENCY); // Add up all the payments for the invoice and get the total amount paid to the invoice already (if any) $sql_amount_paid_previously = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS amount_paid FROM payments WHERE payment_invoice_id = $invoice_id"); $row = mysqli_fetch_array($sql_amount_paid_previously); $amount_paid_previously = $row['amount_paid']; $balance_to_pay = $invoice_amount - $amount_paid_previously; // Sanity check that the amount paid is exactly the invoice outstanding balance if (intval($balance_to_pay) !== intval($pi_amount_paid)) { exit("Something went wrong confirming this payment. Please get in touch."); } // Apply payment // Update Invoice Status mysqli_query($mysqli, "UPDATE invoices SET invoice_status = 'Paid' WHERE invoice_id = $invoice_id"); // Add Payment to History mysqli_query($mysqli, "INSERT INTO payments SET payment_date = '$pi_date', payment_amount = $pi_amount_paid, payment_currency_code = '$pi_currency', payment_account_id = $config_stripe_account, payment_method = 'Stripe', payment_reference = 'Stripe - $pi_id', payment_invoice_id = $invoice_id"); mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Paid', history_description = 'Payment added - $ip - $os - $browser', history_invoice_id = $invoice_id"); // Notify mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Invoice Paid', notification = 'Invoice $invoice_prefix$invoice_number has been paid - $ip - $os - $browser', notification_client_id = $pi_client_id"); // Logging $extended_log_desc = ''; if (!$pi_livemode) { $extended_log_desc = '(DEV MODE)'; } mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Payment', log_action = 'Create', log_description = 'Stripe payment of $pi_currency $pi_amount_paid against invoice $invoice_prefix$invoice_number - $pi_id $extended_log_desc', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $pi_client_id"); // Send email receipt $sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = 1"); $row = mysqli_fetch_array($sql_settings); $config_smtp_host = $row['config_smtp_host']; $config_smtp_port = intval($row['config_smtp_port']); $config_smtp_encryption = $row['config_smtp_encryption']; $config_smtp_username = $row['config_smtp_username']; $config_smtp_password = $row['config_smtp_password']; $config_mail_from_email = $row['config_mail_from_email']; $config_mail_from_name = $row['config_mail_from_name']; $config_invoice_from_name = $row['config_invoice_from_name']; $config_invoice_from_email = $row['config_invoice_from_email']; if (!empty($config_smtp_host)) { $subject = "Payment Received - Invoice $invoice_prefix$invoice_number"; $body = "Hello $contact_name,

We have received your payment in the amount of " . $pi_currency . $pi_amount_paid . " for invoice $invoice_prefix$invoice_number. Please keep this email as a receipt for your records.

Amount: " . numfmt_format_currency($currency_format, $pi_amount_paid, $invoice_currency_code) . "
Balance: " . numfmt_format_currency($currency_format, '0', $invoice_currency_code) . "

Thank you for your business!


~
$company_name
Billing Department
$config_invoice_from_email
$company_phone"; $mail = sendSingleEmail( $config_smtp_host, $config_smtp_username, $config_smtp_password, $config_smtp_encryption, $config_smtp_port, $config_invoice_from_email, $config_invoice_from_name, $contact_email, $contact_name, $subject, $body ); // Email Logging if ($mail === true) { mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Sent', history_description = 'Emailed Receipt!', history_invoice_id = $invoice_id"); } else { mysqli_query($mysqli, "INSERT INTO history SET history_status = 'Sent', history_description = 'Email Receipt Failed!', history_invoice_id = $invoice_id"); mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $contact_email'"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $contact_email regarding $subject. $mail'"); } } // Redirect user to invoice header('Location: //' . $config_base_url . '/guest_view_invoice.php?invoice_id=' . $pi_invoice_id . '&url_key=' . $invoice_url_key); } else { echo "

Oops, something went wrong! Please raise a ticket if you believe this is an error.

"; } require_once('guest_footer.php');