PHP - Understanding How $_session Works And My Auth_session.php File

Hi All, Happy New Year to you all.

I purchased a script for a cms and within this it has a feature for memberships by subscription.

The person who wrote the script has not been very helpful at all. The script manages users and subscriptions with stripe. He told us that the recurring payments are all handled by a cron file. We run the cron file each night just before midnight. It should take a recurring payment for all those people who have a monthly recurring subscription.

However, what is happening is the script is removing all the expired members from the database, and it should renew any person who has a recurring payment. BUT IT IS NOT. 

The script is removing all the members whos account have expired but it fails to take any payment.

The script uses stripe for payments.

I wonder if anyone can see from the code below what is going on. I think the way the file runs (but I am not totally sure) is it removes the expired memberships and then as it has done this it thinks there are no renewals. When you run a file for a job in php does the script follow the order of the code within it?

Also, I noticed that on the stripe code it has the currency set to USD when it should be GBP as we are in the UK.

If you look a the code that the script runs when they first sign up and then compare it to the code for the renewals you can see it is different.

Can anyone help me, as the developer is no help at all and keeps telling me he has fixed it, when he has not as no renewal has taken place at all.

The code for the first part when the user signs up is as follows:

	             //Create a client
              $client = \Stripe\Customer::create(array(
                  "description" => App::Auth()->name,
                  "source" => $token['id'],
                  ));
              //Charge client
              $row = Db::run()->first(Membership::mTable, null, array("id" => $cart->mid));
              $charge = \Stripe\Charge::create(array(
                  "amount" => round($cart->total * 100, 0), // amount in cents, again
                  "currency" => $key->extra2,
                  "customer" => $client['id'],
                  "description" => $row->{'description' . Lang::$lang},
                  ));

Then we was told by the developer that this file should be run on a cron job using wget, which we have set up and it runs fine but does not do anything with the stripe recurring payments.

Cron File:

	  define("_WOJO", true);
  require_once("../init.php");
  
  Cron::Run(1);
	

Then there is a cron.class.php file which seems to contain the information for stripe

	  class Cron
  {
	
      /**
       * Cron::Run()
       * 
       * @return
       */
      public static function Run($days)
      {
          $data = self::expireMemberships($days);
          self::runStripe($days);
          self::sendEmails($data);
      }
	      /**
       * Cron::expireMemberships()
       * 
       * @param integer $days
       * @return
       */
      public static function expireMemberships($days)
      {
	          $sql = "
          SELECT 
            u.id, CONCAT(u.fname,' ',u.lname) as fullname,
            u.email, u.mem_expire, m.id AS mid, m.title 
          FROM
            `" . Users::mTable . "` AS u 
            LEFT JOIN `" . Membership::mTable . "` AS m 
              ON m.id = u.membership_id
          WHERE u.active = ?
          AND u.membership_id <> 0
          AND u.mem_expire <= DATE_ADD(DATE(NOW()), INTERVAL $days DAY);";
	          $result = Db::run()->pdoQuery($sql, array("y"))->results();
	          if ($result) {
              $query = "UPDATE `" . Users::mTable . "` SET mem_expire = NULL, membership_id = CASE ";
              $idlist = '';
              foreach ($result as $usr) {
                  $query .= " WHEN id = " . $usr->id . " THEN membership_id = 0";
                  $idlist .= $usr->id . ',';
              }
              $idlist = substr($idlist, 0, -1);
              $query .= "
                  END
                  WHERE id IN (" . $idlist . ")";
              Db::run()->pdoQuery($query);
          }
	      }
	      /**
       * Cron::sendEmails()
       * 
       * @param array $data
       * @return
       */
      public static function sendEmails($data)
      {
	          if ($data) {
              $numSent = 0;
              $mailer = Mailer::sendMail();
              $mailer->registerPlugin(new Swift_Plugins_AntiFloodPlugin(100, 30));
              $core = App::Core();
	              $tpl = Db::run()->first(Content::eTable, array("body", "subject"), array('typeid' => 'memExpired'));
	              $replacements = array();
              foreach ($data as $cols) {
                  $replacements[$cols->email] = array(
                      '[COMPANY]' => $core->company,
                      '[LOGO]' => Utility::getLogo(),
                      '[NAME]' => $cols->fullname,
                      '[ITEMNAME]' => $cols->title,
                      '[EXPIRE]' => Date::doDate("short_date", $cols->mem_expire),
                      '[SITEURL]' => SITEURL,
                      '[DATE]' => date('Y'),
                      '[FB]' => $core->social->facebook,
                      '[TW]' => $core->social->twitter,
                      );
              }
	              $decorator = new Swift_Plugins_DecoratorPlugin($replacements);
              $mailer->registerPlugin($decorator);
	              $message = Swift_Message::newInstance()
                      ->setSubject($tpl->subject)
                      ->setFrom(array($core->site_email => $core->company))
                      ->setBody($tpl->body, 'text/html');
	              foreach ($data as $row) {
                  $message->setTo(array($row->email => $row->fullname));
                  $numSent++;
                  $mailer->send($message, $failedRecipients);
              }
              unset($row);
          }
	      }
	      /**
       * Cron::runStripe()
       * 
       * @param bool $days
       * @return
       */
      public static function runStripe($days)
      {
          $sql = "
              SELECT 
                um.*,
                m.title,
                u.id as uid,
                m.price,
                u.email,
                u.stripe_cus,
                CONCAT(u.fname,' ',u.lname) as name
              FROM
                `" . Membership::umTable . "` AS um 
                LEFT JOIN `" . Membership::mTable . "` AS m 
                  ON m.id = um.mid
                LEFT JOIN `" . Users::mTable . "` AS u 
                  ON u.id = um.uid 
              WHERE um.active = ?
              AND um.recurring = ?
              AND TRIM(IFNULL(u.stripe_cus,'')) <> ''
              AND u.mem_expire <= DATE_ADD(DATE(NOW()), INTERVAL $days DAY)
              ORDER BY expire DESC;";
	          $data = Db::run()->pdoQuery($sql, array(1, 1))->results();
	          require_once (BASEPATH . 'gateways/stripe/stripe.php');
          $key = Db::run()->first(AdminController::gTable, array("extra"), array("name" => "stripe"));
          \Stripe\Stripe::setApiKey($key->extra);
	          if ($data) {
              try {
                  foreach ($data as $row) {
                      $tax = Membership::calculateTax($row->uid);
                      $charge = \Stripe\Charge::create(array(
                          "amount" => round(($row->price + $tax) * 100, 0), // amount in cents, again
                          "currency" => "usd",
                          "customer" => $row->stripe_cus,
                          ));
	                      // insert transaction
                      $data = array(
                          'txn_id' => $charge['balance_transaction'],
                          'membership_id' => $row->mid,
                          'user_id' => $row->uid,
                          'rate_amount' => $row->price,
                          'total' => Validator::sanitize($row->price * $tax, "float"),
                          'tax' => Validator::sanitize($tax, "float"),
                          'currency' => $charge['currency'],
                          'pp' => "Stripe",
                          'status' => 1,
                          );
	                      $last_id = Db::run()->insert(Membership::pTable, $data)->getLastInsertId();
	                      //update user membership
                      $udata = array(
                          'tid' => $last_id,
                          'uid' => $row->uid,
                          'mid' => $row->mid,
                          'expire' => Membership::calculateDays($row->mid),
                          'recurring' => 1,
                          'active' => 1,
                          );
	                      //update user record
                      $xdata = array(
                          'membership_id' => $row->id,
                          'mem_expire' => $udata['expire'],
                          );
	                      Db::run()->insert(Membership::umTable, $udata);
                      Db::run()->update(Users::mTable, $xdata, array("id" => $row->uid));
                  }
	              }
              catch (\Stripe\CardError $e) {
              }
          }
      }
  }
	

I noticed on this file that the currency section is not the same as the first file, so that led me to believe that was why nothing was happening as we deal in gbp only.

So, i changed this to gbp and ran the script manually, and all it did was remove the memberships from the users who were supposed to have a recurring payment.

So, my question can you see what is wrong with that code? I have been trying to get this developer to fix this for over a week now as we have a live website running and not taking a single recurring payment.

Please help in anyway you can?

First let me explain my code.
It comprises of three php files.

 project_status.php:

<?php
 include 'inc_fn_header_and_menu.php';
function includeFile($file,$variable) {
    $var = $variable;
    include($file);
}
if (isset($_GET['id']) && $_GET['id']!="") {
    $pid    = $_GET['id'];
    $_SESSION['pidForApproval'] = $_GET['id'];
    $query = 'SELECT * FROM `profile` WHERE pid ='.'\''.$pid.'\'';
    $result=mysqli_query($db,$queryToRetrievePP) or die("There are no records to display ... \n" . mysqli_error());
    foreach ($result as $row) {
        $status = $row['status'];
    }        
}
...........some PHP and HTML code.......
	<div id="customerPurchaseApprovalForm">
<?php  
  echo '<p>APPROVAL FOR CUSTOMER PURCHASE</p>';
  $discountApprovalStatus = "Granted";
  if ($discountApprovalStatus == "Granted") {  
 
  includeFile("project_status_app.php",$highestannualvalue);
  } else {
     //.........
  }

In project_status_app.php I am attempting to retrieve pidForApproval from the $_SESSION array.

<?php
        // put your code here  UPDATE `pp` SET `customer_purchase_remarks` = 'hahaha' WHERE `pp`.`id` = 207;
        
        if ($_SERVER['REQUEST_METHOD'] == 'POST') {
            include '../../inc/fastlogin.php';      
            $sql = "UPDATE pp SET customer_purchase_remarks ='{$_POST['remarkstxt']}' WHERE pp.pid='{$_SESSION['pidForApproval']}'"; 
            $result = mysqli_query ( $fastdb, $sql ) ;
            if (mysqli_affected_rows($fastdb) != 1) { 
               $_SESSION['err_cpa_rmks'] = "<p>Error while updating WHERE id='{$_SESSION['pidForApproval']}'</p>";
                //echo "<p>Error while updating WHERE id='{$_POST['pidForApproval']}'</p>".mysqli_error($fastdb);                 
            } else { 
                $_SESSION['suc_cpa_rmks'] = "<p>Records was updated successfully.</p>";
                //echo "Records was updated successfully."; 
            }
            header ("location: project_status.php?id="$_SESSION['pidForApproval']);
            exit();
        }    
        
        ?>

When I load  project_status.php,  project_status_app.php is supposed to display the form. Once the user fills in the form the and the submit button has been pressed, the UPDATE statement is supposed to run and then it is supposed to navigate back to project_status.php?id=FA142. But the update is failing and the when the project_status.php is loaded back, the url looks like this http://localhost/fast/project_status.php?id= . The id is empty. It is supposed to be something like this http://localhost/fast/project_status.php?id=FA142. With the id being populated at the 

header ("location: project_status.php?id=".$_SESSION['pidForApproval']);

I suspected that my $_SESSION['pidForApproval'] is not being populated in project_status.php but I echoed back $_SESSION['pidForApproval'] in that file itself and I can see it is being populated. Hence, I suspect that the $_SESSION['pidForApproval'] is not being passed to project_status_app.php. I have already attempted to include session_start(); clause in project_status_app.php but that gives an error, stating that the session has already started, in inc_fn_header_and_menu.php. Can someone help me as to why the $_SESSION['pidForApproval'] is not being passed on to the project_status_app.php file. Thank you.