 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/soundstudiopro.com/private_html/api/ |
<?php
session_start();
header('Content-Type: application/json');
require_once '../config/database.php';
// Check if user is logged in
if (!isset($_SESSION['user_id'])) {
http_response_code(401);
echo json_encode([
'success' => false,
'error' => 'User not logged in',
'redirect' => '/auth/login.php?redirect=' . urlencode('/artists.php?purchase_track=' . ($_POST['track_id'] ?? ''))
]);
exit;
}
try {
$pdo = getDBConnection();
// Log the purchase attempt
$log_entry = [
'timestamp' => date('Y-m-d H:i:s'),
'action' => 'purchase_attempt',
'user_id' => $_SESSION['user_id'],
'post_data' => $_POST,
'session_data' => $_SESSION
];
$log_file = __DIR__ . '/../logs/track_purchase_debug.log';
file_put_contents($log_file, json_encode($log_entry) . "\n", FILE_APPEND | LOCK_EX);
// Get request data
$track_id = $_POST['track_id'] ?? null;
$user_id = $_SESSION['user_id'];
$payment_method = $_POST['payment_method'] ?? 'stripe'; // Changed default to 'stripe'
if (!$track_id) {
throw new Exception('Track ID is required');
}
// Get track information
$stmt = $pdo->prepare("
SELECT
mt.id,
mt.title,
mt.audio_url,
mt.price,
mt.user_id as artist_id,
u.name as artist_name
FROM music_tracks mt
JOIN users u ON mt.user_id = u.id
WHERE mt.id = ? AND mt.status = 'complete'
");
$stmt->execute([$track_id]);
$track = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$track) {
throw new Exception('Track not found or not available for purchase');
}
// Check if user is trying to buy their own track
if ($track['artist_id'] == $user_id) {
throw new Exception('You cannot purchase your own track');
}
// Check if user already purchased this track
$stmt = $pdo->prepare("
SELECT id FROM track_purchases
WHERE user_id = ? AND track_id = ?
");
$stmt->execute([$user_id, $track_id]);
if ($stmt->fetch()) {
throw new Exception('You have already purchased this track');
}
// Calculate price (default to $1.99 if no price set)
$track_price = $track['price'] ?: 1.99;
// Credits are ONLY for generating music, NOT for purchasing tracks
// All track purchases must go through Stripe
$stripe_price = $track_price; // Direct dollar amount
// Create Stripe Payment Intent using cURL
$stripe_secret_key = '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';
try {
$payment_data = [
'amount' => round($stripe_price * 100), // Convert to cents
'currency' => 'usd',
'metadata' => [
'user_id' => $user_id,
'track_id' => $track_id,
'track_title' => $track['title'],
'artist_name' => $track['artist_name'],
'purchase_type' => 'track_purchase'
]
];
// Add automatic_payment_methods separately to avoid http_build_query conversion
$post_data = http_build_query($payment_data);
$post_data .= '&automatic_payment_methods[enabled]=true';
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'https://api.stripe.com/v1/payment_intents');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_HTTPHEADER, [
'Authorization: Bearer ' . $stripe_secret_key,
'Content-Type: application/x-www-form-urlencoded'
]);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_TIMEOUT, 30);
$response = curl_exec($ch);
$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$curl_error = curl_error($ch);
curl_close($ch);
if ($curl_error) {
throw new Exception('cURL error: ' . $curl_error);
}
if ($http_code !== 200) {
throw new Exception('Stripe API error: HTTP ' . $http_code . ' - ' . $response);
}
$payment_intent_data = json_decode($response, true);
if (!$payment_intent_data || !isset($payment_intent_data['client_secret'])) {
throw new Exception('Invalid response from Stripe API');
}
// Return Stripe payment intent for frontend processing
echo json_encode([
'success' => true,
'requires_payment' => true,
'payment_intent' => $payment_intent_data['client_secret'],
'amount' => $stripe_price,
'track' => [
'id' => $track_id,
'title' => $track['title'],
'artist_name' => $track['artist_name'],
'price' => $track_price
]
]);
} catch (Exception $e) {
throw new Exception('Payment processing error: ' . $e->getMessage());
}
} catch (Exception $e) {
// Log the error
$error_log = [
'timestamp' => date('Y-m-d H:i:s'),
'action' => 'purchase_error',
'user_id' => $_SESSION['user_id'] ?? 'unknown',
'track_id' => $_POST['track_id'] ?? 'unknown',
'error' => $e->getMessage(),
'trace' => $e->getTraceAsString()
];
$error_log_file = __DIR__ . '/../logs/track_purchase_errors.log';
file_put_contents($error_log_file, json_encode($error_log) . "\n", FILE_APPEND | LOCK_EX);
http_response_code(400);
echo json_encode([
'success' => false,
'error' => $e->getMessage()
]);
}
?>