Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory :  /home/gositeme/domains/soundstudiopro.com/private_html/

Upload File : current_dir [ Writeable ] document_root [ Writeable ]

# Purchase Prevention System

## Overview
This system prevents purchase discrepancies like the one that happened with Stephane Bergeron, where wrong tracks were associated with a payment.

## Root Causes Identified

1. **Cart Metadata Corruption**: Stripe metadata can get corrupted or truncated
2. **No Validation**: No check that purchases match what was in the cart
3. **Silent Failures**: Errors during processing weren't caught
4. **No Reconciliation**: No automatic verification after purchase

## Prevention Measures Implemented

### 1. Cart Snapshot Storage
- **File**: `create_cart_snapshots_table.php`
- **Purpose**: Stores cart data in database BEFORE payment
- **Action**: Run this once to create the table
- **Location**: `/create_cart_snapshots_table.php`

### 2. Purchase Validation
- **File**: `webhooks/purchase_validation.php`
- **Purpose**: Validates purchases match cart after processing
- **When**: Runs automatically after each purchase in webhook
- **What it checks**:
  - Expected tracks vs actual tracks
  - Missing tracks
  - Extra tracks (not in cart)
  - Count mismatches

### 3. Automatic Validation in Webhook
- **File**: `webhooks/stripe.php` (updated)
- **When**: After `processMixedCartPayment()` completes
- **Action**: Automatically validates every purchase
- **On Failure**: Logs critical alert

### 4. Cart Snapshot Storage
- **File**: `process_credit_payment.php` (updated)
- **When**: Immediately after creating payment intent
- **Purpose**: Stores cart data before Stripe metadata can be corrupted

### 5. Automatic Reconciliation
- **File**: `auto_reconcile_purchases.php`
- **Purpose**: Checks all recent purchases hourly
- **Setup**: Add to cron: `0 * * * * /usr/bin/php /path/to/auto_reconcile_purchases.php`
- **Output**: Alerts if discrepancies found

## Setup Instructions

### Step 1: Create Cart Snapshots Table
```
Visit: /create_cart_snapshots_table.php
```

### Step 2: Set Up Automatic Reconciliation (Optional but Recommended)
Add to crontab:
```bash
0 * * * * /usr/bin/php /home/gositeme/domains/soundstudiopro.com/public_html/auto_reconcile_purchases.php >> /var/log/purchase_reconciliation.log 2>&1
```

### Step 3: Monitor Alerts
Check these log files regularly:
- `/logs/purchase_validation_failures.log` - Validation failures
- `/logs/purchase_failure_alerts.log` - All purchase alerts
- `/logs/auto_reconciliation.log` - Hourly reconciliation results

## How It Works

### Purchase Flow with Validation:

1. **User adds items to cart** → Cart stored in session
2. **User clicks checkout** → `process_credit_payment.php` called
3. **Cart snapshot stored** → Saved to `cart_snapshots` table
4. **Payment intent created** → Cart items sent to Stripe metadata
5. **Payment succeeds** → Webhook receives `payment_intent.succeeded`
6. **Purchases processed** → Tracks added to database
7. **Validation runs** → Compares database purchases vs Stripe metadata
8. **Alert if mismatch** → Logs critical alert if validation fails

### Validation Process:

1. Fetches payment intent from Stripe
2. Extracts cart items from metadata
3. Gets actual purchases from database
4. Compares expected vs actual
5. Logs discrepancies if found

## Monitoring

### Check for Issues:
- Visit `/monitor_purchase_failures.php` - Shows active alerts
- Visit `/reconcile_stripe_purchases.php` - Manual reconciliation
- Check log files in `/logs/` directory

### Alert Levels:
- **CRITICAL**: Purchase validation failed (wrong tracks)
- **HIGH**: Purchase processing failures
- **MEDIUM**: Track purchase errors

## What This Prevents

✅ **Wrong tracks associated with payment** - Caught immediately  
✅ **Missing purchases** - Detected and logged  
✅ **Metadata corruption** - Cart snapshot provides backup  
✅ **Silent failures** - All errors logged and alerted  
✅ **Undetected issues** - Automatic hourly checks  

## Future Improvements

1. **Auto-fix**: Automatically fix discrepancies when detected
2. **Email alerts**: Send email when critical issues found
3. **Dashboard**: Real-time monitoring dashboard
4. **Rollback**: Ability to rollback incorrect purchases

## Files Modified/Created

- ✅ `webhooks/purchase_validation.php` - NEW: Validation functions
- ✅ `webhooks/stripe.php` - UPDATED: Added validation after processing
- ✅ `process_credit_payment.php` - UPDATED: Stores cart snapshot
- ✅ `create_cart_snapshots_table.php` - NEW: Creates validation table
- ✅ `auto_reconcile_purchases.php` - NEW: Hourly reconciliation
- ✅ `PURCHASE_PREVENTION_SYSTEM.md` - NEW: This documentation

## Testing

To test the system:
1. Make a test purchase
2. Check `/logs/purchase_validation_success.log` - Should show validation passed
3. Manually corrupt a purchase in database
4. Run `/auto_reconcile_purchases.php` - Should detect discrepancy