T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/public_html/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/public_html/STRIPE_CUSTOMER_HANDLING.md
# Stripe Customer Handling - Subscriptions vs One-Time Payments

## The Answer: **Customer creation is OPTIONAL for subscriptions**

### How It Works:

#### **Option 1: Let Stripe Create Customer Automatically** (Recommended)
- **No customer creation needed** before checkout
- Stripe Checkout will create the customer automatically when payment succeeds
- Use `customer_email` parameter instead of `customer` parameter
- Customer ID will be available in webhook after payment

**Benefits:**
- ✅ Simpler code
- ✅ No pre-checkout API calls
- ✅ Works even if customer creation fails
- ✅ Same as your current checkout.php flow

#### **Option 2: Create Customer First** (Current Implementation)
- Create customer before checkout
- Use `customer` parameter in checkout session
- Save customer ID to database

**Drawbacks:**
- ❌ Extra API call before checkout
- ❌ Can fail and block subscription
- ❌ More complex error handling

---

## Updated Implementation

I've updated `subscribe.php` to use **Option 1** (automatic customer creation):

```php
// Get existing customer if available (optional)
$customer_id = !empty($user['stripe_customer_id']) ? $user['stripe_customer_id'] : null;

$checkout_params = [
    'mode' => 'subscription',
    'line_items' => [...],
    'customer_email' => $user['email'],  // Stripe creates customer automatically
    'metadata' => [...]
];

// Only use existing customer if we have one
if ($customer_id) {
    $checkout_params['customer'] = $customer_id;
    unset($checkout_params['customer_email']);
}
```

---

## How Webhook Handles It

The webhook (`webhooks/stripe.php`) already handles both cases:

1. **If customer exists in database:**
   - Finds user by `stripe_customer_id`
   - Links subscription to user

2. **If customer doesn't exist:**
   - Gets `user_id` from checkout session metadata
   - Creates/updates customer ID in database
   - Links subscription to user

---

## Comparison with checkout.php

### checkout.php (One-Time Payments)
- Uses Stripe Checkout with `customer_email`
- Stripe creates customer automatically
- Customer ID saved after payment in webhook

### subscribe.php (Subscriptions) - Updated
- Uses Stripe Checkout with `customer_email` (if no existing customer)
- Stripe creates customer automatically
- Customer ID saved after subscription in webhook
- **Same flow as checkout.php!**

---

## Summary

✅ **Customer creation is NOT required** - Stripe handles it automatically  
✅ **Same flow as checkout.php** - consistent across your site  
✅ **Simpler code** - no pre-checkout customer creation  
✅ **More reliable** - fewer failure points  

The error you saw was from the old implementation. The new code lets Stripe create customers automatically, just like checkout.php does.

CasperSecurity Mini