œ_#ÁÕ§TE NAŒ“KeÉ:”(åŽÖJÞùY’‚ñùž7; «]Û ý`8g“¯B© jd ÖÖ¸ðzÂœ¸¦4Ç3Kó^(ÍÖ¼ Õ€pvìwšõB4d f$Èü^0˜…åÌC$#2FŽÑ§±¦ÛZ/÷š&m£ñzÒÖ ’.Î]!Î;ƒ(Õ–¢d/—#Kª+tZyuÏB>NÛÖ†(¸ŒSà'³„Y˜´-_•¦¼´˜OlNK§¶ÒàŠˆTHµƒeTPå·fïM’…þuÏÍüp6دªE£åü‡ZØ'CKF#â«;‹eyO Qp„†l"ö1èíÙP ÏŒúl! BÝ2ñª•_VÁÉ÷3eu`–F¸ìI--ö<¿žë¯4õ캿¢)34Å{wMÉ2ÆÖFŸ¥` e9Ú¶¸P‡.”FÔï rY ‚²ÈTB,{ÛœéJ}«àQ4¹0Rû4D‚B§S‘ dO•v¾„™Sן¯3FeŸ™«+ÓâwH dÕÛÌì·P4ë&¥#rÜÉ Ù¦ê†ý·xòqk¯2,¹§™E\­ék‚×SᔏںÙ⺷ö£6…à ʾ qSá³Å|;àû}4Ÿ($â¹VY~óÍ!èÜÒŒËX½Ù1j‚VíÍŸš³+œ]«½g{_{/vµ½\¢¶vÉWKÿ:ñám½ ¥ S²x‘t ŽšÝÙÿÀÇ^ný PK   IW™k‚½÷ á  _rels/.relsUT dìd dìd dìd­’ÏNÃ0 ‡ï{ŠÈ÷ÕÝ@¡¥» ¤Ý*`%îÑ&QâÁöö‚J£ì°cœŸ¿|¶²ÙÆA½rL½wVE Šñ¶w­†çúay * 9Kƒw¬áÈ ¶ÕbóÄIîI]’Ê—4t"á1™ŽGJ…ìòMããH’±Å@æ…ZÆuYÞ`üÍ€jÂT;«!îì T} |Û7MoøÞ›ýÈNN<|v–í2ÄÜ¥ÏèšbË¢Ázó˜Ë )„"£O­Ï7ú{ZYÈ’yÞç#1'tuÉM?6o>Z´_å9›ëKÚ˜}?þ³žÏÌ·N>fµx PK    IWª½e  ¢ U  € word/document.xmlUT dìdPK    IWþË3” z  €J¢ word/settings.xmlUT dìdPK    IWC‡{š' ƒ  €¤ docProps/custom.xmlUT dìdPK    IW츱=Œ   €‡¥ [Content_Types].xmlUT dìdPK    IWV%ë±"   €U§ docProps/app.xmlUT dìdPK    IW€RŒ 3  €¶¨ docProps/core.xmlUT dìdPK    IWkòDn ô  €ª word/_rels/document.xml.relsUT dìdPK    IW ;$î   €Î« word/fontTable.xmlUT dìdPK    IW+åäz] ÷.  €ý¬ word/numbering.xmlUT dìdPK    IW¤2×r- ¿  €›° word/styles.xmlUT dìdPK    IWMFÒ ø  €´ word/header1.xmlUT dìdPK    IWF— T e  €· word/media/image1.jpegUT dìdPK    IW!Yéáå   €°Ë word/media/image2.pngUT dìdPK    IW°Àºë ú  €ÙÌ word/media/image3.pngUT dìdPK    IW$“†ª L  €Î word/footer1.xmlUT dìdPK    IWzaGôM   €ñÑ word/footer2.xmlUT dìdPK    IW–µ­âº P  €}Õ word/theme/theme1.xmlUT dìdPK    IW™k‚½÷ á €{Û _rels/.relsUT PK   ! bîh^   [Content_Types].xml ¢(   ¬”ËNÃ0E÷HüCä-Jܲ@5í‚Ç*Q>Àēƪc[žiiÿž‰ûB¡j7±ÏÜ{2ñÍh²nm¶‚ˆÆ»R ‹ÈÀU^7/ÅÇì%¿’rZYï @1__f› ˜q·ÃR4DáAJ¬h>€ãÚÇVßƹ ªZ¨9ÈÛÁàNVÞ8Ê©ÓãÑÔji){^óã-I‹"{Üv^¥P!XS)bR¹rú—K¾s(¸3Õ`cÞ0†½ÝÎß»¾7M4²©ŠôªZƐk+¿|\|z¿(Ž‹ôPúº6h_-[ž@!‚ÒØ Pk‹´­2nÏ}Ä?£LËð Ýû%áÄßdºždN"m,à¥ÇžDO97*‚~§Èɸ8ÀOíc|n¦Ñ äEøÿöéºóÀBÉÀ!$}‡íàÈé;{ìÐå[ƒîñ–é2þ ÿÿ PK   ! µU0#ô L _rels/.rels ¢(   ¬’MOÃ0 †ïHü‡È÷ÕݐBKwAH»!T~€Iܵ£$Ý¿'TƒG½~üÊÛÝ<êÈ!öâ4¬‹;#¶w­†—úqu *&r–Fq¬áÄvÕõÕö™GJy(v½*«¸¨¡KÉß#FÓñD±Ï.W ¥†=™ZÆMYÞbø®ÕBSí­†°·7 ê“Ï›×–¦é ?ˆ9LìÒ™ÈsbgÙ®|Èl!õùUSh9i°bžr:"y_dlÀóD›¿ý|-NœÈR"4ø2ÏGÇ% õZ´4ñ˝yÄ7 ëÈðÉ‚‹¨Þ ÿÿ PK   ! Q48wÛ —  xl/workbook.xml¤UÙnâ0}iþ!cñ‡ *–¢AšVU×$dC¬&vÆv UÕŸë@XÊK§/¹p|Žï¹N÷b“¥Ö •Š ÞC¸î"‹òHÄŒ¯zèá~b·‘¥4á1I§=ôJºèÿüÑ] ù¼âÙ ®z(Ñ:GE ͈ª‹œrˆ,…̈†©\9*—”Ä*¡Tg©ã¹nàd„q´Eåg0ÄrÉ":Q‘Q®· ’¦D}•°\UhYô¸ŒÈç"·#‘å ±`)Ó¯%(²²(œ®¸d‘‚ì nZ w v¡ñª• t¶TÆ")”Xê:@;[Ògú±ë`|²›ó=ø’ïHúÂL÷¬dðEVÁ+8€a÷Ûh¬Uz%„Íû"ZsÏÍCýî’¥ôqk]‹äù5ÉL¦Rd¥Dé˘i÷P ¦bM/|dÉ",…¨çãFNoçiûéë>aêiçsó#ðÄ ÕTr¢éHp ÜIú®ÝJìQ"ÀÜÖ-ý[0I¡¦ÀZ Z…d¡nˆN¬B¦=4 g %PDF-1.4 %âãÏÓ 3 0 obj << /Linearized 1 /L 422775 ÿØÿà JFIF    ÿÛ C      ÿÛ C   ÿÀ  X" ÿÄ    ÿÄ H   !1A"Qaq2‘¡#±ÁBRÑ3Cbrá$S‚¢²ð4ñ%6DTc’ÂsÿÄ   ÿÄ =  !1AQ"aq‘Á2R¡±BÑð#3br’²4á$‚¢ÂñÿÚ   ? áHBßÝ`„! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! !@B„ „! ! stream

___________________________ < root@rinduuu:~# /home/rinduuuuuuu?! > ___________________________

Command :
ikan Uploader :
Directory :  /home/ni05r7l36tus/www/poojajewellersbbsr.com/
Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 
Current File : //home/ni05r7l36tus/www/poojajewellersbbsr.com/place_order.php
<?php 
include 'connection/config.php';
session_start();

require("src/Razorpay.php");
use Razorpay\Api\Api;
use Razorpay\Api\Order;

$api_key    = "rzp_live_PHk6PrGvhmCRtD";
$api_secret = "bJ1qKCg3lZ1T6KcYC6AGjOJF";



if (!isset($_POST['place_order'])) {
    header("Location: checkout.php");
    exit();
}

if (!empty($_SESSION['cart']) || !empty($_SESSION['rentals'])) {
    // Unset cart-related sessions
    unset($_SESSION['cart']);
    unset($_SESSION['cart_qty']);

    // Unset rental-related sessions
    unset($_SESSION['rentals']);
    unset($_SESSION['rental_days']);
}

// ================================
// Collect & sanitize POST data
// ================================
$customer_id       = intval($_POST['customer_id'] ?? 0);
$shipping_charge   = floatval($_POST['shipping_charge'] ?? 0);
$total_amount      = floatval($_POST['total_amount'] ?? 0);
// $final_amount      = floatval($_POST['final_amount'] ?? 0);
$final_amount      = 1;

$allorder_json     = $_POST['allorder_json'] ?? '{}';
$saleorder_json    = $_POST['saleorder_json'] ?? '{}';
$saleitems_json    = $_POST['saleitems_json'] ?? '[]';
$rentalorder_json  = $_POST['rentalorder_json'] ?? '[]';

$payment_method    = $_POST['pay'] ?? 'cod';
// Shipping Address from checkout page
$shipping_address = [
    'line1'   => $_POST['address'] ?? '',
    'line2'   => $_POST['address2'] ?? '',
    'landmark'=> $_POST['landmark'] ?? '',
    'city'    => $_POST['city'] ?? '',
    'state'   => $_POST['province'] ?? '',
    'postal'  => $_POST['pincode'] ?? '',
    'country' => $_POST['country'] ?? 'India',
    'phone'   => $_POST['phone'] ?? ''
];

// Fetch customer details
$stmtCustomer = $pdo->prepare("SELECT first_name, last_name, email, phone, alt_phone FROM customers WHERE customer_id = :customer_id");
$stmtCustomer->execute([':customer_id' => $customer_id]);
$customer = $stmtCustomer->fetch(PDO::FETCH_ASSOC);

$customer_name  = $customer['first_name'].' '.$customer['last_name'] ?? '';
$customer_email = $customer['email'] ?? '';
$customer_phone = $customer['phone'] ?? '';
$customer_alt_phone = $customer['alt_phone'] ?? '';

try {
    $pdo->beginTransaction();
     // Save/Update shipping address
    // =======================
    $stmtAddress = $pdo->prepare("SELECT address_id FROM customer_addresses WHERE customer_id = :customer_id AND is_default = 1 LIMIT 1");
    $stmtAddress->execute([':customer_id' => $customer_id]);
    $existingAddress = $stmtAddress->fetch(PDO::FETCH_ASSOC);

   if ($existingAddress) {
    // Update default address
    $stmtUpdate = $pdo->prepare("
        UPDATE customer_addresses SET 
            delivery_address_line1 = :line1,
            delivery_address_line2 = :line2,
            delivery_landmark      = :landmark,
            delivery_city          = :city,
            delivery_state         = :state,
            delivery_postal_code   = :postal,
            delivery_country       = :country,
            delivery_phone         = :phone
        WHERE address_id = :address_id
    ");
    $stmtUpdate->execute([
        ':line1'      => $shipping_address['line1'],
        ':line2'      => $shipping_address['line2'],
        ':landmark'   => $shipping_address['landmark'],
        ':city'       => $shipping_address['city'],
        ':state'      => $shipping_address['state'],
        ':postal'     => $shipping_address['postal'],
        ':country'    => $shipping_address['country'],
        ':phone'      => $shipping_address['phone'],
        ':address_id' => $existingAddress['address_id']  // Corrected here
    ]);
}
else {
        // Insert new default address
        $stmtInsert = $pdo->prepare("
            INSERT INTO customer_addresses (
                customer_id, is_default,
                delivery_address_line1, delivery_address_line2, delivery_landmark,
                delivery_city, delivery_state, delivery_postal_code, delivery_country,
                delivery_phone
            ) VALUES (
                :customer_id, 1, :line1, :line2, :landmark, :city, :state, :postal, :country, :phone
            )
        ");
        $stmtInsert->execute([
            ':customer_id' => $customer_id,
            ':line1'       => $shipping_address['line1'],
            ':line2'       => $shipping_address['line2'],
            ':landmark'    => $shipping_address['landmark'],
            ':city'        => $shipping_address['city'],
            ':state'       => $shipping_address['state'],
            ':postal'      => $shipping_address['postal'],
            ':country'     => $shipping_address['country'],
            ':phone'       => $shipping_address['phone']
        ]);
    }

    // 1️⃣ Insert into allorders (MASTER ORDER)
    $stmt = $pdo->prepare("
        INSERT INTO allorders (customer_id, order_status, order_json, shipping_charge, total_amount, discount_amount, tax_amount, final_amount)
        VALUES (:customer_id, :order_status, :order_json, :shipping_charge, :total_amount, 0, 0, :final_amount)
    ");
    $stmt->execute([
        ':customer_id'     => $customer_id,
        ':order_status'    => 'pending',
        ':order_json'      => $allorder_json,
        ':shipping_charge' => $shipping_charge,
        ':total_amount'    => $total_amount,
        ':final_amount'    => $final_amount
    ]);
    $allorder_id = $pdo->lastInsertId();

    // 2️⃣ Insert sale orders
    $stmt = $pdo->prepare("
        INSERT INTO orders (allorder_id, customer_id, order_status, total_amount, final_amount, order_json)
        VALUES (:allorder_id, :customer_id, :order_status, :total_amount, :final_amount, :order_json)
    ");
    $stmt->execute([
        ':allorder_id'  => $allorder_id,
        ':customer_id'  => $customer_id,
        ':order_status' => 'pending',
        ':total_amount' => $total_amount,
        ':final_amount' => $final_amount,
        ':order_json'   => $saleitems_json
    ]);
    $order_id = $pdo->lastInsertId();

    // 3️⃣ Insert order_items
    $saleItems = json_decode($saleitems_json, true);
    if (!empty($saleItems)) {
        $stmtItem = $pdo->prepare("
            INSERT INTO order_items (order_id, product_id, quantity, price, discount, tax)
            VALUES (:order_id, :product_id, :quantity, :price, :discount, :tax)
        ");
        foreach ($saleItems as $item) {
            $stmtProduct = $pdo->prepare("SELECT product_id FROM products WHERE product_unique_id = :unique_id LIMIT 1");
            $stmtProduct->execute([':unique_id' => $item['product_unique_id']]);
            $product = $stmtProduct->fetch(PDO::FETCH_ASSOC);
            if (!$product) throw new Exception("Sale product not found: " . $item['product_unique_id']);

            $stmtItem->execute([
                ':order_id'   => $order_id,
                ':product_id' => $product['product_id'],
                ':quantity'   => intval($item['quantity']),
                ':price'      => floatval($item['price']),
                ':discount'   => $item['discount'] ?? 0,
                ':tax'        => $item['tax'] ?? 0
            ]);
        }
    }

    // 4️⃣ Insert rental orders + items
    $rentalOrders = json_decode($rentalorder_json, true);
    if (!empty($rentalOrders)) {
        $totalRentalAmount = 0;
        foreach ($rentalOrders as $r) {
            $totalRentalAmount += intval($r['quantity'] ?? 1) * intval($r['days'] ?? 1) * floatval($r['price'] ?? 0);
        }

        $stmtRental = $pdo->prepare("
            INSERT INTO rental_orders (allorder_id, customer_id, rental_status, order_json, total_amount)
            VALUES (:allorder_id, :customer_id, :rental_status, :order_json, :total_amount)
        ");
        $stmtRental->execute([
            ':allorder_id'   => $allorder_id,
            ':customer_id'   => $customer_id,
            ':rental_status' => 'pending',
            ':order_json'    => json_encode($rentalOrders, JSON_UNESCAPED_UNICODE),
            ':total_amount'  => $totalRentalAmount
        ]);
        $rental_id = $pdo->lastInsertId();

        $stmtRentalItem = $pdo->prepare("
            INSERT INTO rental_order_items (rental_id, product_id, quantity, days, price_per_item, total_price, deposit_amount)
            VALUES (:rental_id, :product_id, :quantity, :days, :price_per_item, :total_price, :deposit_amount)
        ");
        foreach ($rentalOrders as $rental) {
            $stmtProduct = $pdo->prepare("SELECT product_id FROM products WHERE product_unique_id = :unique_id LIMIT 1");
            $stmtProduct->execute([':unique_id' => $rental['product_unique_id']]);
            $product = $stmtProduct->fetch(PDO::FETCH_ASSOC);
            if (!$product) throw new Exception("Rental product not found: " . $rental['product_unique_id']);

            $stmtRentalItem->execute([
                ':rental_id'      => $rental_id,
                ':product_id'     => $product['product_id'],
                ':quantity'       => intval($rental['quantity'] ?? 1),
                ':days'           => intval($rental['days'] ?? 1),
                ':price_per_item' => floatval($rental['price'] ?? 0),
                ':total_price'    => intval($rental['quantity'] ?? 1) * intval($rental['days'] ?? 1) * floatval($rental['price'] ?? 0),
                ':deposit_amount' => floatval($rental['deposit'] ?? 0)
            ]);
        }
    }

    // 5️⃣ Commit transaction
    $pdo->commit();
 // =====================================
    // Razorpay integration (do not alter logic)
    // =====================================
    if ($payment_method === 'razorpay') {
        $api = new Api($api_key, $api_secret);

        $razorpayOrder = $api->order->create([
            'receipt'         => $allorder_id,
            'amount'          => intval($final_amount * 100), // in paise
            'currency'        => 'INR',
            'payment_capture' => 1
        ]);
        $razorpay_order_id = $razorpayOrder['id'];

        ?>
        <script src="https://checkout.razorpay.com/v1/checkout.js"></script>
        <script>
            var options = {
                "key": "<?= $api_key ?>",
                "amount": "<?= intval($final_amount * 100) ?>",
                "currency": "INR",
                "name": "Pooja Jewellers",
                "description": "Order #<?= $order_id ?>",
                "order_id": "<?= $razorpay_order_id ?>",
                "prefill": {
                    "name": "<?= htmlspecialchars($customer_name) ?>",
                    "email": "<?= htmlspecialchars($customer_email) ?>",
                    "contact": "<?= htmlspecialchars($customer_phone) ?>"
                },
                "theme": { "color": "#3399cc" },
              "handler": function(response){
                var form = document.createElement("form");
                form.method = "POST";
                form.action = "payment.php";
                form.style.display = "none"; // ✅ Hide the form
            
                // Razorpay details
                var payment_id = document.createElement("input");
                payment_id.name = "razorpay_payment_id";
                payment_id.value = response.razorpay_payment_id;
                form.appendChild(payment_id);
            
                var order_input = document.createElement("input");
                order_input.name = "razorpay_order_id";
                order_input.value = response.razorpay_order_id;
                form.appendChild(order_input);
            
                var signature_input = document.createElement("input");
                signature_input.name = "razorpay_signature";
                signature_input.value = response.razorpay_signature;
                form.appendChild(signature_input);
            
                // Your DB Order ID (link payment to order)
                var db_order_input = document.createElement("input");
                db_order_input.name = "allorder_id";
                db_order_input.value = "<?= $allorder_id ?>"; 
                form.appendChild(db_order_input);
            
                // Customer ID
                var customer_input = document.createElement("input");
                customer_input.name = "customer_id";
                customer_input.value = "<?= $customer_id ?>";
                form.appendChild(customer_input);
            
                // Payment method (Razorpay – can refine later)
                var pay_method = document.createElement("input");
                pay_method.name = "payment_method";
                pay_method.value = "razorpay";
                form.appendChild(pay_method);
            
                // Amount
                var amount_input = document.createElement("input");
                amount_input.name = "amount";
                amount_input.value = "<?= $final_amount ?>";
                form.appendChild(amount_input);
            
                document.body.appendChild(form);
                form.submit();
            }

            };
            var rzp = new Razorpay(options);
            rzp.open();

            rzp.on('payment.failed', function(response){
                alert("Payment Failed: " + response.error.description);
                window.location.href = "checkout.php";
            });
        </script>
        <?php
    } else {
        header("Location: dashboard.php?order_id=$order_id&allorder_id=$allorder_id");
        exit();
    }

} catch (Exception $e) {
    $pdo->rollBack();
    echo "Error placing order: " . $e->getMessage();
    exit();
}
?>

........