Uname:Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64

403WebShell
403Webshell
Server IP : 3.111.61.48  /  Your IP : 216.73.216.67
Web Server : Apache
System : Linux ip-10-0-5-176 6.8.0-1057-aws #60~22.04.1-Ubuntu SMP Wed May 27 08:16:59 UTC 2026 x86_64
User : ubuntu ( 1000)
PHP Version : 8.2.31
Disable Function : exec,passthru,shell_exec,system
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : OFF  |  Sudo : ON  |  Pkexec : ON
Directory :  /var/www/vhost/book.gyaniguru.org/ajax/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /var/www/vhost/book.gyaniguru.org/ajax/create-order.php
<?php
require_once __DIR__ . '/../includes/config.php';
require_once __DIR__ . '/../includes/db.php';

header('Content-Type: application/json');

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['error' => 'Method not allowed']);
    exit;
}

$input = json_decode(file_get_contents('php://input'), true);

if (!$input) {
    http_response_code(400);
    echo json_encode(['error' => 'Invalid request']);
    exit;
}

$is_logged_in = isset($_SESSION['user_id']);

if (!$is_logged_in) {
    $name = $input['name'];
    $email = $input['email'];
    $phone = $input['phone'];
    $pass = password_hash('Guest@123', PASSWORD_DEFAULT);

    $check = get_row("SELECT id FROM users WHERE email = ?", [$email]);
    if ($check) {
        $user_id = $check['id'];
    } else {
        $conn->query("INSERT INTO users (name, email, phone, password) VALUES ('$name', '$email', '$phone', '$pass')");
        $user_id = $conn->insert_id;
    }
} else {
    $user_id = $_SESSION['user_id'];
}

$total = $input['total_amount'];
$pm = $input['payment_method'];
$address = $input['address'] . ", " . $input['city'] . " - " . $input['pincode'];

$razorpay_order_id = $input['razorpay_order_id'] ?? '';
$razorpay_payment_id = $input['razorpay_payment_id'] ?? '';
$razorpay_signature = $input['razorpay_signature'] ?? '';
$payment_status = ($razorpay_payment_id && $razorpay_signature) ? 'paid' : 'pending';

$sql = "INSERT INTO orders (user_id, total_amount, payment_method, payment_status, shipping_address, razorpay_order_id, razorpay_payment_id, razorpay_signature) VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
$stmt = $conn->prepare($sql);
$stmt->bind_param("idssssss", $user_id, $total, $pm, $payment_status, $address, $razorpay_order_id, $razorpay_payment_id, $razorpay_signature);
$stmt->execute();
$order_id = $conn->insert_id;

$cart_data = $input['cart_items'] ?? [];
foreach ($cart_data as $item) {
    $bid = $item['id'];
    $qty = $item['qty'];
    $price = $item['price'];
    $conn->query("INSERT INTO order_items (order_id, book_id, quantity, price) VALUES ($order_id, $bid, $qty, $price)");
}

echo json_encode([
    'success' => true,
    'order_id' => $order_id
]);

Youez - 2016 - github.com/yon3zu
LinuXploit