Stripe.com payment integration module

[Reesy]

Ignore the above, tested it with Japanese OS, it works perfectly.
I wonder why they need Country Japan at the bottom of the form though... seems unnecessary

[balihr]

using ZC 2.1.0 with OPC. PayPal payments accepted through Stripe.
Payment attempts were failing with the following error:

Code:

You must provide a `return_url` when confirming a PaymentIntent with the payment method type paypal.

Had to modify includes/modules/payment/stripepay/create.php
from

Code:

$jason_FormLayout = json_encode(MODULE_PAYMENT_STRIPE_LAYOUT);
$confirmationURL = '"' . HTTPS_SERVER . DIR_WS_HTTPS_CATALOG . 'index.php?main_page=checkout_confirmation"';

to

Code:

$jason_FormLayout = json_encode(strtolower(MODULE_PAYMENT_STRIPE_LAYOUT));
$confirmationURL = HTTPS_SERVER . DIR_WS_HTTPS_CATALOG . 'index.php?main_page=checkout_confirmation';

First line change was related to another error being thrown...

[royaldave]

This plugin says it only works for US and Canadian bank account holders - but that was a statement made in 2012.

Is this still the case - a few posts back I see someone based in Japan is evidently using it?

[dbltoe]

Stripe now claims to be global.

[flappingfish]

Apparently this module relies on the user returning to the website to note the payment was a success and there is no webhook file which can result in an order being placed and paid for but not being recorded??

Stripe library has a "webhook.php" which apparently isn't the file i should point too in stripes dashboard under webhooks settings?

I have had a number of these unrecorded orders and always put it down to checkout rush but on another site with the same module and no checkout rush issues i found a revolut payment was taken from my customer but the system treated it like they had not paid and their basket remained filled with the items.

Do I set the url to '/checkout_success' or does this module require a "/stripe_webhook.php" as chatgpt suggests? (provided below but... the code it provided for this looks like it has placeholders and a few details wrong.. made up functions ect lol)

Code:

<?php
// /stripe_webhook.php
// Minimal Stripe webhook for Zen Cart

chdir(__DIR__);
require 'includes/application_top.php'; // boot Zen Cart (DB, constants)
require 'includes/modules/payment/stripepay/vendor/autoload.php';

$endpointSecret = getenv('STRIPE_WEBHOOK_SECRET') ?: 'whsec_PUT_YOUR_SECRET_HERE';

// Simple health-check for you
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
  header('Content-Type: text/plain'); echo "ok\n"; exit;
}

$payload = @file_get_contents('php://input');
$sig     = $_SERVER['HTTP_STRIPE_SIGNATURE'] ?? '';

try {
  $event = \Stripe\Webhook::constructEvent($payload, $sig, $endpointSecret);
} catch (\UnexpectedValueException $e) {
  http_response_code(400); echo 'Invalid payload'; exit;
} catch (\Stripe\Exception\SignatureVerificationException $e) {
  http_response_code(400); echo 'Invalid signature'; exit;
}

$type   = $event['type'] ?? '';
$object = $event['data']['object'] ?? [];

function zc_log($m){ error_log('[stripewh] '.$m."\n", 3, __DIR__.'/logs/stripe_webhook.log'); }

switch ($type) {
  case 'payment_intent.succeeded':
    $pi   = $object;
    $txn  = $pi['id'] ?? '';
    $amt  = isset($pi['amount_received']) ? ($pi['amount_received']/100.0) : 0;
    $cur  = strtoupper($pi['currency'] ?? '');
    $oid  = $pi['metadata']['zc_order_id'] ?? $pi['metadata']['order_id'] ?? null;
    if ($oid) {
      $orders_id = (int)$oid;
      $rs = $db->Execute("SELECT orders_status FROM " . TABLE_ORDERS . " WHERE orders_id=$orders_id LIMIT 1");
      if (!$rs->EOF) {
        $paid_status_id = defined('MODULE_PAYMENT_STRIPEPAY_ORDER_STATUS_PAID_ID')
          ? (int)MODULE_PAYMENT_STRIPEPAY_ORDER_STATUS_PAID_ID : 2; // adjust to your "Paid" status
        if ((int)$rs->fields['orders_status'] !== $paid_status_id) {
          $db->Execute("UPDATE " . TABLE_ORDERS . " SET orders_status=$paid_status_id, last_modified=NOW() WHERE orders_id=$orders_id");
          $db->Execute("INSERT INTO " . TABLE_ORDERS_STATUS_HISTORY . " (orders_id, orders_status_id, date_added, customer_notified, comments)
                        VALUES ($orders_id, $paid_status_id, NOW(), 0, 'Stripe PI ".$txn."  ".$amt." ".$cur." (webhook)')");
        }
      } else {
        zc_log("order $orders_id not found for txn $txn");
      }
    } else {
      zc_log("no order_id metadata for txn $txn");
    }
    break;

  case 'checkout.session.completed':
    $cs  = $object;
    $oid = $cs['metadata']['zc_order_id'] ?? null;
    $txn = is_array($cs['payment_intent'] ?? null) ? ($cs['payment_intent']['id'] ?? '') : ($cs['payment_intent'] ?? '');
    if ($oid) {
      $orders_id = (int)$oid;
      $paid_status_id = defined('MODULE_PAYMENT_STRIPEPAY_ORDER_STATUS_PAID_ID')
        ? (int)MODULE_PAYMENT_STRIPEPAY_ORDER_STATUS_PAID_ID : 2;
      $db->Execute("UPDATE " . TABLE_ORDERS . " SET orders_status=$paid_status_id, last_modified=NOW() WHERE orders_id=$orders_id");
      $db->Execute("INSERT INTO " . TABLE_ORDERS_STATUS_HISTORY . " (orders_id, orders_status_id, date_added, customer_notified, comments)
                    VALUES ($orders_id, $paid_status_id, NOW(), 0, 'Stripe Checkout ".$txn." (webhook)')");
    } else {
      zc_log("checkout.session.completed without order id");
    }
    break;

  default:
    // ignore others
}

http_response_code(200);
echo 'ok';

[james_japan]

Yes that statement is donkeys years old, Stripe is pretty much global and defo works in Japan :)

[barco57]

zc2.10
bootstrap
php8.3

So far unable to get an order to generate in the cart. Everything else appears to be working, no errors on screen, credit card fields appear correctly, click the button and get the spinner, transaction is generated in the Stripe dashboard, and money taken from my account. it is just the order generation in the cart that never happens.

[flappingfish]

sounds like the same issue i "occasionally" get. customers will ring me and inform me they checked out, got charged and never got an order confirmation. ZXPOS is quite useful for these instances, simply log in as customer and push basket through as instore card payment once strip payment confirmed. possible you have not updated the module with the correct files for 2.1 there is a different file set i believe. I think your issue resides in having the wrong version of stripe_create.php (I think that is the correct filename) If you have the wrong file i think your sql queries will be associated to older database namings, the mismatch in names results in a silent failure caused by bad sql query i think?

[barco57]

I am using the latest here: https://www.zen-cart.com/downloads.php?do=file&id=1548

[flappingfish]

I am using the latest here: https://www.zen-cart.com/downloads.php?do=file&id=1548

includes/modules/payment/stripepay/create.php

take a backup of your current version and then replace the contents of yours with...

Code:

<?php

require 'includes/modules/payment/stripepay/vendor/autoload.php';

\Stripe\Stripe::setApiKey($secret_key);

try {
global $db,$output,$param_json;
  if ($registered_customer == false && $test_mode == false){
 
    $customer = \Stripe\Customer::create([
    'email' => $email,
    'name'   => $fullname,
    ]);

    $stripeCustomerID = $customer->id;  
    
   $sql = "INSERT INTO " . TABLE_STRIPE . " (id,customers_id,Stripe_Customers_id)  VALUES (NULL,:custID, :stripeCID )";
    $sql = $db->bindVars($sql, ':custID', $_SESSION['customer_id'], 'integer');
    $sql = $db->bindVars($sql, ':stripeCID', $stripeCustomerID, 'string');
    $db->Execute($sql);

}elseif ($test_mode == false){
    $stripeCustomerID = $stripe_customer->fields['stripe_customers_id'];
}


  // Create a PaymentIntent with amount and currency
if ($test_mode == false){
    $paymentIntent = \Stripe\PaymentIntent::create([
        'amount' => $amount_total,
        'currency' => $payment_currency,
        'customer' => $stripeCustomerID,
        'automatic_payment_methods' => [
        'enabled' => true,
        ],
    ]);
}else{
    $paymentIntent = \Stripe\PaymentIntent::create([
        'amount' => $amount_total,
        'currency' => $payment_currency,
        'automatic_payment_methods' => [
        'enabled' => true,
        ],
    ]);
}


    $output = [
        'clientSecret' => $paymentIntent->client_secret,
    ];

    $clientS_json = json_encode($output); 

} catch (Error $e) {
    http_response_code(500);
    $clientS_json =json_encode(['error' => $e->getMessage()]);
}
   
$jason_publishable_key = json_encode($publishable_key);
$jason_PaymentSuccess = json_encode(TEXT_PAYMENT_STRIPE_SUCCESS);
$confirmationURL = '"' . HTTPS_SERVER . DIR_WS_HTTPS_CATALOG . 'index.php?main_page=checkout_confirmation"';

//---comments---
if($order->info['comments']!=""){
$order_add_comment = $order->info['comments'];
$_SESSION['order_add_comment'] = $order_add_comment;
}else{
$_SESSION['order_add_comment'] = "";
}
    $_SESSION['paymentIntent'] = $paymentIntent['id'];

//echo $paymentIntent['id'];
//------------
?>
<script>
   'use strict';
    var clientS = JSON.parse('<?php echo $clientS_json; ?>'); 
    var PublishableKey = JSON.parse('<?php echo $jason_publishable_key; ?>'); 
    var confirmationURL = JSON.parse('<?php echo $confirmationURL; ?>'); 
    var PaymentSuccess = JSON.parse('<?php echo $jason_PaymentSuccess; ?>'); 

</script>

as that is the version i am using at the moment. let me know results