T.ME/BIBIL_0DAY
CasperSecurity


Server : Apache/2
System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64
User : gositeme ( 1004)
PHP Version : 8.2.29
Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname
Directory :  /home/gositeme/domains/soundstudiopro.com/private_html/api/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Current File : /home/gositeme/domains/soundstudiopro.com/private_html/api/add_payment_method.php
<?php
session_start();
header('Content-Type: application/json');

// Enable error logging
error_log("add_payment_method.php called at " . date('Y-m-d H:i:s'));

if (!isset($_SESSION['user_id'])) {
    error_log("add_payment_method.php: User not authenticated");
    echo json_encode(['success' => false, 'error' => 'Not authenticated']);
    exit;
}
require_once '../config/database.php';
$pdo = getDBConnection();
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
$stmt->execute([$_SESSION['user_id']]);
$user = $stmt->fetch();
if (!$user) {
    echo json_encode(['success' => false, 'error' => 'User not found']);
    exit;
}
$stripe_secret = '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';
$customer_id = $user['stripe_customer_id'];

// Create Stripe customer if doesn't exist
if (!$customer_id) {
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "https://api.stripe.com/v1/customers");
    curl_setopt($ch, CURLOPT_USERPWD, $stripe_secret . ":");
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
        'email' => $user['email'],
        'name' => $user['name']
    ]));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    $response = curl_exec($ch);
    $customer = json_decode($response, true);
    curl_close($ch);

    if (!empty($customer['id'])) {
        // Save the new customer ID to database
        $stmt = $pdo->prepare("UPDATE users SET stripe_customer_id = ? WHERE id = ?");
        $stmt->execute([$customer['id'], $user['id']]);
        $customer_id = $customer['id'];
        error_log("add_payment_method.php: Created and saved new customer ID: " . $customer['id']);
    } else {
        error_log("add_payment_method.php: Failed to create Stripe customer. Response: " . $response);
        echo json_encode(['success' => false, 'error' => 'Failed to create Stripe customer']);
        exit;
    }
}
$input = json_decode(file_get_contents('php://input'), true);
$payment_method_id = $input['payment_method_id'] ?? null;
if (!$payment_method_id) {
    echo json_encode(['success' => false, 'error' => 'No payment method ID']);
    exit;
}

// First, get the payment method details to check for duplicates
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.stripe.com/v1/payment_methods/" . $payment_method_id);
curl_setopt($ch, CURLOPT_USERPWD, $stripe_secret . ":");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

if ($http_code !== 200) {
    error_log("add_payment_method.php: Failed to get payment method details. HTTP: $http_code");
    echo json_encode(['success' => false, 'error' => 'Failed to get payment method details']);
    exit;
}

$payment_method_details = json_decode($response, true);
$new_card_brand = $payment_method_details['card']['brand'];
$new_card_last4 = $payment_method_details['card']['last4'];
$new_card_exp_month = $payment_method_details['card']['exp_month'];
$new_card_exp_year = $payment_method_details['card']['exp_year'];

// Check if this payment method already exists for this customer
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.stripe.com/v1/payment_methods?customer=$customer_id&type=card");
curl_setopt($ch, CURLOPT_USERPWD, $stripe_secret . ":");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
curl_close($ch);

if ($http_code === 200) {
    $existing_methods = json_decode($response, true)['data'] ?? [];
    foreach ($existing_methods as $existing_method) {
        // Check if exact same payment method ID
        if ($existing_method['id'] === $payment_method_id) {
            error_log("add_payment_method.php: Payment method $payment_method_id already exists for customer $customer_id");
            echo json_encode(['success' => true, 'message' => 'Card already exists']);
            exit;
        }
        
        // Check if same card details (brand, last4, exp_month, exp_year)
        if ($existing_method['card']['brand'] === $new_card_brand &&
            $existing_method['card']['last4'] === $new_card_last4 &&
            $existing_method['card']['exp_month'] === $new_card_exp_month &&
            $existing_method['card']['exp_year'] === $new_card_exp_year) {
            error_log("add_payment_method.php: Card with same details already exists: $new_card_brand **** $new_card_last4 exp $new_card_exp_month/$new_card_exp_year");
            echo json_encode(['success' => true, 'message' => 'Card with same details already exists']);
            exit;
        }
    }
}
// Attach payment method to customer
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.stripe.com/v1/payment_methods/" . $payment_method_id . "/attach");
curl_setopt($ch, CURLOPT_USERPWD, $stripe_secret . ":");
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query(['customer' => $customer_id]));
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$attach_result = json_decode($response, true);
curl_close($ch);
if ($http_code !== 200 || !empty($attach_result['error'])) {
    error_log("add_payment_method.php: Failed to attach payment method. HTTP: $http_code, Response: " . $response);
    echo json_encode(['success' => false, 'error' => $attach_result['error']['message'] ?? 'Stripe error']);
    exit;
} else {
    error_log("add_payment_method.php: Successfully attached payment method " . $payment_method_id . " to customer " . $customer_id);
}
// Optionally set as default if first card (fetch all cards)
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://api.stripe.com/v1/payment_methods?customer=$customer_id&type=card");
curl_setopt($ch, CURLOPT_USERPWD, $stripe_secret . ":");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$resp = curl_exec($ch);
$pm_list = json_decode($resp, true);
curl_close($ch);
if (isset($pm_list['data']) && count($pm_list['data']) === 1) {
    // Set as default
    $ch = curl_init();
    curl_setopt($ch, CURLOPT_URL, "https://api.stripe.com/v1/customers/$customer_id");
    curl_setopt($ch, CURLOPT_USERPWD, $stripe_secret . ":");
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, http_build_query([
        'invoice_settings[default_payment_method]' => $payment_method_id
    ]));
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
    curl_exec($ch);
    curl_close($ch);
}
error_log("add_payment_method.php: Successfully added payment method " . $payment_method_id);
echo json_encode(['success' => true]);

CasperSecurity Mini