I'm using the CCNow payment gateway with my custom PHP cart. My code works perfectly excepts that the cart session is not being recognized when the CCNow server responds back to my page.
In that response, CCNow sends order details with order status, and my code is supposed to save or update the order at this stage.
I tested the page by typing it directly to my browser and it works fine. I also made sure that the CCNow response takes place by storing the order id in a log file.
Any thoughts? My code is below:
<?php
session_start();
include('includes/config.php');
include('includes/db.php');
$status = 0;
$x_status = '';
$x_orderid = '';
$x_orderdate = '';
$key = '12345';
if(isset($_REQUEST['x_status'])){
$x_status = strtolower($_REQUEST['x_status']);
}
if(isset($_REQUEST['x_orderid'])){
$x_orderid = $_REQUEST['x_orderid'];
}
if(isset($_REQUEST['x_orderdate'])){
$x_orderdate = $_REQUEST['x_orderdate'];
}
$str = $x_orderid . '^' . $x_status . '^' . $x_orderdate . '^' . $key;
$hash = md5($str);
if(($x_status == 'pending') || ($x_status == 'test')){
$status = 1;
}
$order_exists = false;
$sql = "SELECT id FROM orders WHERE method = 'CCNow' and x_orderid = '" . $x_orderid . "' LIMIT 1";
$result = mysql_query($sql);
while ( $value = mysql_fetch_array($result) ){
$order_exists = true;
}
if($order_exists){ // update order
$sql = "UPDATE orders SET status = " . $status . " WHERE method = 'CCNow' and x_orderid = '" . $x_orderid . "'";
$result = mysql_query($sql);
}
else{ // add new order
if(isset($_SESSION["products"])){
$customer_id = $_SESSION['customer_id'];
$net = $_SESSION['cart_net'];
$shipping_cost = $_SESSION['cart_shipping_cost'];
$date = date("Y-m-d");
// save order
$sql = "INSERT INTO orders(customer_id, date, method, status, net, shipping_cost, x_orderid) ";
$sql.= "VALUES($customer_id, '$date', 'CCNow', $status, $net, $shipping_cost, '$x_orderid')";
$result = mysql_query($sql);
$order_id = mysql_insert_id($GLOBALS['connection']);
// save order details
foreach ($_SESSION["products"] as $cart_itm){
$product_id = $cart_itm["ID"];
$product_code = $cart_itm["code"];
$product_qty = $cart_itm["qty"];
$product_price = $cart_itm["price"];
$subtotal = ($cart_itm["price"]*$cart_itm["qty"]);
$sql = "INSERT INTO order_details(order_id, product_id, price, qty, net) ";
$sql.= "VALUES($order_id, $product_id, $product_price, $product_qty, $subtotal)";
$result = mysql_query($sql);
}
// unset cart sessions and redirect to success page
unset($_SESSION['cart_net']);
unset($_SESSION['cart_shipping_cost']);
unset($_SESSION['products']);
}
else{
file_put_contents('ccnowlog.txt', date('Y-m-d h s i') . 'Not seeing the session!!!', FILE_APPEND);
}
}
// This is an OK response to CCNow IMPORTANT
echo 'ok';
?>