My Stripe logs do not have anything listed. Both my form page and payment processor page are https.
Here's my form:
<form id='payment-form' action='https://www.mydomain.com/members/credit-pay.php' method='post'>
<fieldset>
<span class='help-block'>You can pay using: Mastercard, Visa, American Express, JCB, Discover, and Diners Club.</span>
<div class='alert alert-info'><h4>JavaScript Required!</h4>For security purposes, JavaScript must be enabled on your computer or device in order to complete your order.</div>
<legend>Pay with Credit or Debit Card</legend>
<input name='latefees' type='hidden' value='$latefees'>
<input name='total' type='hidden' value='$totalpayment'>
<div class='form-group'>
<label>Your Email</label>
<input type='text' size='25' name='youremail' maxlength='65' placeholder='Email'>
</div>
<div class='form-group'>
<label>Card Number</label>
<input type='text' size='25' autocomplete='off' placeholder='Card Number'><br>
<span class='help-bloc'>Enter the number without spaces or hyphens.</span>
</div>
<div class='form-group'>
<label>CVC - (3-4 digit number on credit card)</label>
<input type='text' size='4' autocomplete='off' placeholder='CVV' class='card-cvc input-mini'>
</div>
<div class='form-group'>
<label>Expiration (MM / YYYY)</label>
<input type='text' size='2' placeholder='MM' class='card-expiry-month input-mini'>
<span> / </span>
<input type='text' size='4' placeholder='YYYY' class='card-expiry-year input-mini'>
</div>
<div class='control-group'>
<button type='submit' class='btn btn-success' id='submitBtn'>Submit Payment</button>
</div>
</fieldset>
</form>
My payment processor page:
<?php
include('includes/config.inc.php');
include('functionsbuy.php');
require(MYSQLGENES);
if (!isset($_SESSION['rid']))
{
header("Location: login.php");
exit();
}
else
{
$page_title = "Rental Payment";
top($page_title);
// Today's date with date()
$now = date('Y-m-d');
$today = strtotime($now);
$y = date('Y', $today);
$m = date('n', $today); // month as 2
$mm = date('m', $today); // month as 02
$mmm = date('M', $today); // month as Feb
$d = date('j', $today); // day as 3
$dd = date('d', $today); // day as 03
$thisdate = $d .$mmm . ", " . $y;
$sessemail = $_SESSION['email'];
// Set the Stripe key:
// Uses STRIPE_PUBLIC_KEY from the config file.
echo '<script type="text/javascript">Stripe.setPublishableKey("' . STRIPE_PUBLIC_KEY . '");</script>';
// Check for a form submission:
if ($_SERVER['REQUEST_METHOD'] == 'POST')
{
// Stores errors:
$errors = array();
// Need a payment token:
if (isset($_POST['stripeToken']))
{
$token = $_POST['stripeToken'];
// Check for a duplicate submission, just in case:
// Uses sessions, you could use a cookie instead.
if (isset($_SESSION['token']) && ($_SESSION['token'] == $token))
{
$errors['token'] = 'You have apparently resubmitted the form. Please do not do that.';
}
else
{ // New submission.
$_SESSION['token'] = $token;
}
}
else
{
$errors['token'] = 'The order cannot be processed. Please make sure you have JavaScript enabled and try again.';
}
// Set the order amount:
$total = stripslashes(trim($_POST['total']));
$total = escape_data(htmlspecialchars($total));
$total = $total * 100;
$amount = $total; // in cents
// Validate other form data!
$latefees = stripslashes(trim($_POST['latefees']));
$latefees = escape_data(htmlspecialchars($latefees));
$name = $_SESSION['name'];
$unit = $_SESSION['unit'];
if (!empty($_POST['youremail']))
{
if (preg_match('/^[[:alnum:]][a-z0-9_\.\-]*@[a-z0-9\.\-]+\.[a-z]{2,4}$/', stripslashes(trim($_POST['youremail']))))
{
$youremail = escape_data($_POST['youremail']);
}
else
{
$youremail = FALSE;
$errors['youremail'] = 'Please enter a valid email address.';
// echo "<p><span class='error'>ERROR!</span> Please enter a valid email address.</p>";
}
}
else
{
$youremail = FALSE;
$errors['youremail'] = 'Please enter your email address.';
}
// If no errors, process the order:
if (empty($errors))
{
// create the charge on Stripe's servers - this will charge the user's card
try {
// Include the Stripe library:
require_once('includes/stripe/lib/Stripe.php');
$descrip = "Rental Payment on unit# ". $unit . ". Amount: " . $total . ". Paid on: " . $thisdate . ". Thank You!";
// set your secret key: remember to change this to your live secret key in production
// see your keys here https://manage.stripe.com/account
Stripe::setApiKey(STRIPE_PRIVATE_KEY);
// Charge the order:
$charge = Stripe_Charge::create(array(
"amount" => $total, // amount in cents, again
"currency" => "usd",
"card" => $token,
"description" => $descrip,
"receipt_email" => $youremail
)
);
// Check that it was paid:
if ($charge->paid == true)
{
// Store the order in the database.
// Send the email.
// Celebrate!
echo 'Thank you! Your payment has been recieved. A receipt has been emailed to the address you provided.';
$chargeid = $charge->id;
$paymentbrand = $charge->card->brand;
$paymenttype = $charge->card->funding;
$paymentgross = $charge->amount;
$status = "Paid";
$qin = "INSERT INTO payment_history (phid, rid, pay_date, pay_day, pay_month, pay_year, amount_paid, late_fees, pay_method, pay_brand, pay_type, pay_gross, checknum, status) VALUES ('', '".$_SESSION['rid']."', '".$_SESSION['unit']."', NOW(), '$d', '$mmm', '$y', '".$_SESSION['totalpayment']."', '".$_SESSION['latefees']."', '', '$paymentbrand', '$paymenttype', 'paymentgross', '', '$status')";
$rin = mysqli_query ($dbc, $qin) or trigger_error("Query: $qin\n<br>MySQL Error: " . mysqli_error($dbc));
if (mysqli_affected_rows($dbc) == 1)
{
mail("payments@mydomain.com", "Storage Payment Made", "Storage Payment Made.", "From: postmaster@mydomain.com");
}
else
{
mail("admin@mydomain.com", "Payment table failed to update", "Payment table failed to update.", "From: postmaster@mydomain.com");
}
// Clear the session:
unset ($_SESSION['sessemail']);
unset ($_SESSION['total']);
unset ($_SESSION['latefees']);
unset ($_SESSION['unit']);
unset ($_SESSION['youremail']);
footer();
exit();
}
else
{ // Charge was not paid!
echo '<div class="alert alert-error"><h4>Payment System Error!</h4>Your payment could NOT be processed (i.e., you have not been charged) because the payment system rejected the transaction. You can try again or use another credit or debit card.</div>';
}
}
catch (Stripe_CardError $e)
{
// Card was declined.
$e_json = $e->getJsonBody();
$err = $e_json['error'];
$errors['stripe'] = $err['message'];
}
catch (Stripe_ApiConnectionError $e)
{
// Network problem, perhaps try again.
}
catch (Stripe_InvalidRequestError $e)
{
// You screwed up in your programming. Shouldn't happen!
}
catch (Stripe_ApiError $e)
{
// Stripe's servers are down!
}
catch (Stripe_CardError $e)
{
// Something else that's not the customer's fault.
}
} // A user form submission error occurred, handled below.
} // Form submission.
// Show PHP errors, if they exist:
if (isset($errors) && !empty($errors) && is_array($errors))
{
echo '<div class="alert alert-error"><h4>Error!</h4>The following error(s) occurred:<ul>';
foreach ($errors as $e)
{
echo "<li>$e</li>";
}
echo '</ul></div>';
}
echo "<div id='payment-errors'></div>";
}
footer();
?>
I have no doubt that it's a programming error on my part, but I've been looking at it for so long I can't see the mistake/problem. Is there anything that jumps out at you that would prevent this from working?
Thanks.