| Server IP : 3.111.61.48 / Your IP : 216.73.216.67 Web Server : Apache System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64 User : ubuntu ( 1000) PHP Version : 8.2.31 Disable Function : exec,passthru,shell_exec,system MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /var/www/vhost/book.gyaniguru.org/ajax/ |
Upload File : |
<?php
require_once __DIR__ . '/../includes/config.php';
require_once __DIR__ . '/../includes/db.php';
header('Content-Type: application/json');
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
http_response_code(405);
echo json_encode(['error' => 'Method not allowed']);
exit;
}
$input = json_decode(file_get_contents('php://input'), true);
if (!$input) {
http_response_code(400);
echo json_encode(['error' => 'Invalid request']);
exit;
}
$is_logged_in = isset($_SESSION['user_id']);
if (!$is_logged_in) {
$name = $input['name'];
$email = $input['email'];
$phone = $input['phone'];
$pass = password_hash('Guest@123', PASSWORD_DEFAULT);
$check = get_row("SELECT id FROM users WHERE email = ?", [$email]);
if ($check) {
$user_id = $check['id'];
} else {
$conn->query("INSERT INTO users (name, email, phone, password) VALUES ('$name', '$email', '$phone', '$pass')");
$user_id = $conn->insert_id;
}
} else {
$user_id = $_SESSION['user_id'];
}
$total = $input['total_amount'];
$pm = $input['payment_method'];
$address = $input['address'] . ", " . $input['city'] . " - " . $input['pincode'];
$razorpay_order_id = $input['razorpay_order_id'] ?? '';
$razorpay_payment_id = $input['razorpay_payment_id'] ?? '';
$razorpay_signature = $input['razorpay_signature'] ?? '';
$payment_status = ($razorpay_payment_id && $razorpay_signature) ? 'paid' : 'pending';
$sql = "INSERT INTO orders (user_id, total_amount, payment_method, payment_status, shipping_address, razorpay_order_id, razorpay_payment_id, razorpay_signature) VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("idssssss", $user_id, $total, $pm, $payment_status, $address, $razorpay_order_id, $razorpay_payment_id, $razorpay_signature);
$stmt->execute();
$order_id = $conn->insert_id;
$cart_data = $input['cart_items'] ?? [];
foreach ($cart_data as $item) {
$bid = $item['id'];
$qty = $item['qty'];
$price = $item['price'];
$conn->query("INSERT INTO order_items (order_id, book_id, quantity, price) VALUES ($order_id, $bid, $qty, $price)");
}
echo json_encode([
'success' => true,
'order_id' => $order_id
]);