1#@!#!123s

: / home3 / encodto1 / siliguritoys.com /
Filename : payment_verify.php
back
<?php
require('config.php');
require('src/Razorpay.php');
use Razorpay\Api\Api;

session_start();

$api_key = 'rzp_test_HyfJRoGb09WlFo';
$api_secret = 'jxsi9k6Daxji2dINlc4Ln5yk';
$api = new Api($api_key, $api_secret);

$response = ['success' => false];

try {
    // Verify payment signature
    $attributes = array(
        'razorpay_order_id' => $_POST['razorpay_order_id'],
        'razorpay_payment_id' => $_POST['razorpay_payment_id'],
        'razorpay_signature' => $_POST['razorpay_signature']
    );
    
    $api->utility->verifyPaymentSignature($attributes);
    
    // Payment verified - create order
    $user_id = $_POST['user_id'];
    $amount = $_POST['amount'] / 100; // Convert back to rupees
    
    // Fetch cart items and calculate actual order total
    $total_price = 0;
    $additional_charge = 500;
    $gst_rate = 18;
    
    $cart_query = "SELECT c.product_id, c.quantity, p.price 
                  FROM cart c 
                  JOIN slgtoys_products p ON c.product_id = p.id 
                  WHERE c.user_id = '$user_id'";
    $cart_result = mysqli_query($conn, $cart_query);
    
    $products = [];
    while ($row = mysqli_fetch_assoc($cart_result)) {
        $products[] = $row;
        $total_price += $row['price'] * $row['quantity'];
    }
    
    // Calculate taxes and grand total
    $gst_amount = ($total_price + $additional_charge) * ($gst_rate / 100);
    $grand_total = $total_price + $additional_charge + $gst_amount;
    
    // Insert order
    $order_query = "INSERT INTO orders (customer_id, total_price, additional_charge, gst, grand_total, payment_method, razorpay_payment_id) 
                    VALUES ('$user_id', '$total_price', '$additional_charge', '$gst_amount', '$grand_total', 'razorpay', '{$_POST['razorpay_payment_id']}')";
    
    if (mysqli_query($conn, $order_query)) {
        $order_id = mysqli_insert_id($conn);
        
        // Insert order items
        foreach ($products as $product) {
            mysqli_query($conn, "INSERT INTO order_items (order_id, product_id, price, quantity) 
                               VALUES ('$order_id', '{$product['product_id']}', '{$product['price']}', '{$product['quantity']}')");
        }
        
        // Clear cart
        mysqli_query($conn, "DELETE FROM cart WHERE user_id = '$user_id'");
        
        $response = [
            'success' => true,
            'order_id' => $order_id
        ];
    } else {
        $response['error'] = "Database error: " . mysqli_error($conn);
    }
} catch (Exception $e) {
    $response['error'] = $e->getMessage();
}

header('Content-Type: application/json');
echo json_encode($response);
?>