shell bypass 403
<?php
namespace App\Http\Controllers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Validator;
use Illuminate\Support\Response;
use Illuminate\Support\Str;
use App\Models\Product;
use App\Models\Cart;
use App\Models\Order;
use App\Models\OrderItem;
use App\Models\Setting;
use Auth;
use Stripe;
use Session;
use Mail;
class CheckoutController extends Controller
{
//
public function __construct()
{
// $this->middleware('auth');
}
public function index()
{
// Fetch the settings from the database
$settings = Setting::first();
// Handle the case where settings are not found
if (!$settings) {
$settings = (object) [
'min_quantity_for_discount' => 5,
'discount_amount' => 10,
'local_shipping_cost' => 5, // Default local shipping cost
'out_of_canada_shipping_cost' => 18 // Default shipping cost for Canada
];
}
$data['localShippingCharge'] = $settings->local_shipping_cost;
$data['canadaShippingCharge'] = $settings->out_of_canada_shipping_cost;
$old_cartItems = Cart::where('user_id', Auth::id())->get();
foreach ($old_cartItems as $item) {
if (!Product::where('product_id', $item->product_id)
->where('product_quantity', '>=', $item->product_quantity)
->exists()) {
$removeItems = Cart::where('user_id', Auth::id())
->where('product_id', $item->product_id)
->first();
$removeItems->delete();
}
}
$cartItems = Auth::user()
? Cart::where('user_id', Auth::id())->get()
: Cart::where('session_id', session('session_id'))->get();
$total = 0;
$productCount = 0;
foreach ($cartItems as $prod) {
if ($prod->color_id && $prod->size_id) {
$total += ($prod->product->product_origional_price +
optional($prod->color)->color_price +
optional($prod->size)->price) * $prod->product_quantity;
} elseif ($prod->color_id) {
$total += ($prod->product->product_origional_price +
optional($prod->color)->color_price) * $prod->product_quantity;
} elseif ($prod->size_id) {
$total += ($prod->product->product_origional_price +
optional($prod->size)->price) * $prod->product_quantity;
} else {
$total += optional($prod->product)->product_origional_price *
$prod->product_quantity;
}
$productCount += $prod->product_quantity;
}
// Apply discount using settings
$discount = $productCount >= $settings->min_quantity_for_discount ? $settings->discount_amount : 0;
// Calculate total after discount
$totalAfterDiscount = $total - $discount;
$data['cartItems'] = $cartItems;
$data['total'] = $total;
$data['discount'] = $discount;
$data['totalAfterDiscount'] = $totalAfterDiscount;
if (Auth::user()) {
$data['prev_odr'] = Order::where('user_id', Auth::id())
->orderBy('id', 'DESC')
->first();
}
return view('checkout', $data);
}
public function placeorder(Request $req)
{
$sessId = session()->getId();
$req->session()->put('session_id', $sessId);
$validation = Validator::make($req->all(), [
'fname' => 'required|max:30',
'lname' => 'required|max:30',
'email' => 'required|email|max:30',
'phone' => 'required|numeric|digits:10',
'address1' => 'required|max:300',
'city' => 'required|max:50',
'state' => 'required|max:50',
'country' => 'required|max:50',
'zipcode' => 'required|max:50',
'shippingMethod' => 'required',
'paymentMethod' => 'required',
'terms_cnd' => 'required',
'pickupLocation' => 'required_if:shippingMethod,Pickup|max:100'
], [
'fname.required' => 'First Name Is Required',
'fname.max' => 'First Name Max Length 30',
'lname.required' => 'Last Name Is Required',
'lname.max' => 'Last Name Max Length 30',
'email.required' => 'Email Is Required',
'email.max' => 'Email Max Length 30',
'phone.required' => 'Phone Number Is Required',
'phone.digits' => 'Please Enter 10 Digit Number',
'address1.required' => 'Address Is Required',
'address1.max' => 'Address Max Length 300',
'city.required' => 'City Is Required',
'city.max' => 'City Max Length 50',
'state.required' => 'State Is Required',
'state.max' => 'State Max Length 50',
'country.required' => 'Country Is Required',
'country.max' => 'Country Max Length 50',
'zipcode.required' => 'ZipCode Is Required',
'zipcode.max' => 'ZipCode Max Length 50',
'shippingMethod.required' => 'Please Select Shipping Method',
'paymentMethod.required' => 'Please Select Payment Method',
'terms_cnd.required' => 'Please Check On Terms & Condition',
'pickupLocation.required_if' => 'Please provide a pickup location'
]);
if (!$validation->passes()) {
return response()->json(['error' => $validation->errors()]);
}
// Order Initialization
$Order = new Order;
if (Auth::user()) {
$Order->user_id = Auth::user()->id;
} else {
$Order->user_id = null;
}
$Order->fname = $req->fname;
$Order->lname = $req->lname;
$Order->email = $req->email;
$Order->phone = $req->phone;
$Order->address1 = $req->address1;
$Order->address2 = $req->address2;
$Order->city = $req->city;
$Order->state = $req->state;
$Order->country = $req->country;
$Order->pincode = $req->zipcode;
$Order->message = $req->message;
$Order->status = 0;
$Order->tracking_no = rand(1111, 9999);
$Order->paymentmethod = $req->paymentMethod;
// Calculate Total and Discount
$total = 0;
$productCount = 0;
$cartItems_total = Auth::user()
? Cart::where('user_id', Auth::id())->get()
: Cart::where('session_id', session('session_id'))->get();
foreach ($cartItems_total as $prod) {
if ($prod->color_id && $prod->size_id) {
$total += ($prod->product->product_origional_price +
optional($prod->color)->color_price +
optional($prod->size)->price) * $prod->product_quantity;
} elseif ($prod->color_id) {
$total += ($prod->product->product_origional_price +
optional($prod->color)->color_price) * $prod->product_quantity;
} elseif ($prod->size_id) {
$total += ($prod->product->product_origional_price +
optional($prod->size)->price) * $prod->product_quantity;
} else {
$total += optional($prod->product)->product_origional_price *
$prod->product_quantity;
}
$productCount += $prod->product_quantity;
}
// Apply Discount using settings
$settings = Setting::first();
$discount = $productCount >= $settings->min_quantity_for_discount ? $settings->discount_amount : 0;
$totalAfterDiscount = $total - $discount;
// Shipping Charges based on settings
$shippingCharge = 0;
if ($req->shippingMethod == 'LocalShipping') {
$shippingCharge = $settings->local_shipping_cost;
} elseif ($req->shippingMethod == 'CanadaShipping') {
$shippingCharge = $settings->out_of_canada_shipping_cost;
}
// Tax Calculation
$taxPercentage = 0;
$state = $req->state;
$gst5 = ["Alberta", "British Columbia", "Manitoba", "Northwest Territories", "Nunavut", "Quebec", "Saskatchewan", "Yukon"];
$gst13 = ['Ontario'];
$gst15 = ["New Brunswick", "Newfoundland", "Labrador", "Nova Scotia", "Prince Edward Island"];
if (in_array($state, $gst5)) {
$taxPercentage = 0.05;
} elseif (in_array($state, $gst13)) {
$taxPercentage = 0.13;
} elseif (in_array($state, $gst15)) {
$taxPercentage = 0.15;
}
$taxAmount = $totalAfterDiscount * $taxPercentage;
$totalAfterTax = $totalAfterDiscount + $taxAmount + $shippingCharge;
// Update Order with Calculated Values
$Order->total_price = $total;
$Order->total_after_tax = $totalAfterTax;
$Order->discount_amount = $discount;
if (session()->has('coupon')) {
$cop_discount = session()->get('coupon');
$discount_calculate = $cop_discount['percent'] / 100;
$discount += $discount_calculate * $total;
$Order->coupon_discount = $discount;
}
$Order->save();
if (session()->has('coupon')) {
session()->forget('coupon');
}
// Process Order Items and Stock Management
foreach ($cartItems_total as $item) {
OrderItem::create([
'order_id' => $Order->id,
'product_id' => $item->product_id,
'quantity' => $item->product_quantity,
'price' => $item->product->product_origional_price,
'color_id' => $item->color_id,
'size_id' => $item->size_id,
'varient_id' => $item->varient_id,
]);
$prod = Product::where('product_id', $item->product_id)->first();
$prod->product_quantity = $prod->product_quantity - $item->product_quantity;
$prod->update();
}
// Handle Payment and Return Response
if ($req->paymentMethod == 'Stripe') {
$data['order_id'] = $Order->id;
$data['totalAfterTax'] = $Order->total_after_tax;
$data['status'] = 2;
return response()->json($data);
} elseif ($req->paymentMethod == 'StripePayLater') {
\Stripe\Stripe::setApiKey(env('STRIPE_SECRET'));
$totalAfterTaxInCents = intval($totalAfterTax * 100);
$session = \Stripe\Checkout\Session::create([
'payment_method_types' => ['card'],
'line_items' => [[
'price_data' => [
'currency' => 'usd',
'product_data' => [
'name' => 'Order Payment',
],
'unit_amount' => $totalAfterTaxInCents,
],
'quantity' => 1,
]],
'mode' => 'payment',
'payment_intent_data' => [
'setup_future_usage' => 'off_session',
],
'success_url' => url('stripe/success_payment/' . $Order->id),
'cancel_url' => url('stripe/cancel_payment/' . $Order->id),
]);
return response()->json(['status' => 3, 'sessionId' => $session->id]);
} else {
Cart::destroy($cartItems_total);
return response()->json(['success' => 'Successfully Checked Out']);
}
}
public function payment($id)
{
// Banner
$data['banner'] = DB::table('banners')->where('banner_id', 9)->first();
if (Auth::user()) {
$data['order'] = Order::where('user_id', Auth::id())->where('id', $id)->first();
} else {
$data['order'] = Order::where('id', $id)->first();
}
return view('payment', $data);
}
public function success_payment($id)
{
if (Auth::user()) {
$cartItems = Cart::where('user_id', Auth::id())->get();
Cart::destroy($cartItems);
} else {
$cartItems = Cart::where('session_id', session('session_id'))->get();
Cart::destroy($cartItems);
}
return redirect('/shop');
}
public function cancel_payment($id)
{
if (Auth::user()) {
$order = Order::where('user_id', Auth::id())->where('id', $id)->first();
} else {
$order = Order::where('id', $id)->first();
}
$order->delete();
return redirect('checkout');
}
public function stripe_payment($id)
{
// Banner
$data['banner'] = DB::table('banners')->where('banner_id', 9)->first();
if (Auth::user()) {
$data['order'] = Order::where('user_id', Auth::id())->where('id', $id)->first();
} else {
$data['order'] = Order::where('id', $id)->first();
}
return view('stripe_payment', $data);
}
public function stripePost(Request $request)
{
Stripe\Stripe::setApiKey(env('STRIPE_SECRET'));
Stripe\Charge::create([
"amount" => $request->amount * 100,
"currency" => "usd",
"source" => $request->stripeToken,
"description" => "LifePro Shield Payment With Stripe!"
]);
Session::flash('success', 'Payment successful!');
if (Auth::user()) {
$cartItems = Cart::where('user_id', Auth::id())->get();
Cart::destroy($cartItems);
} else {
$sessId = session()->getId();
$request->session()->put('session_id', $sessId);
$cartItems = Cart::where('session_id', session('session_id'))->get();
Cart::destroy($cartItems);
}
return redirect('/shop');
}
}