Untitled

---
 catalog/controller/payment/stripepro.php | 22 +++++++++++++++++++---
 system/library/esp/front.php             | 13 ++++++++++++-
 2 files changed, 31 insertions(+), 4 deletions(-)

diff --git a/catalog/controller/payment/stripepro.php b/catalog/controller/payment/stripepro.php
index 56d22ed..2d81c97 100644
--- a/catalog/controller/payment/stripepro.php
+++ b/catalog/controller/payment/stripepro.php
@@ -12,6 +12,7 @@ class ControllerPaymentStripePro extends Controller {
         parent::__construct($registry);
         $this->registry = $registry;
         $this->bird = new DBI\Bird($registry, $this->meta);
+        $this->logger = new Log('jwweb-stripepro.log');
         $this->dbi = ($dbi = $this->registry->get('dbi_catalog')) ? $dbi : new DBI\Catalog($this->registry, $this->meta);
         $this->full_route = $this->meta['route'] . $this->meta['ext_id'];
         $this->espro = ($espro = $this->registry->get('dbi_esp_front')) ? $espro : new ESP\Front($registry, $this->dbi, $this->meta);
@@ -262,10 +263,25 @@ class ControllerPaymentStripePro extends Controller {
         $this->response->setOutput($json);
     }

+    /*
+    * Return URL from the stripe checkout
+    * session_id = the session id that is assigned by stripe on their system
+    */
     public function checkoutWebhook() {
-        $this->load->model('checkout/order');
-        $this->model_checkout_order->addOrderHistory($this->session->data['order_id'], $this->getConfig('order_status_id'));
-        header('Location: ' . $this->url->link('checkout/success', '', 'SSL'));
+        try {
+            if(!$this->session->data['order_id']) {
+                throw new \Exception('Order id missing from session');
+            } else if($this->espro->getPaymentStatus($this->request->get['session_id']) == 'paid') {
+                $this->load->model('checkout/order');
+                $this->model_checkout_order->addOrderHistory($this->session->data['order_id'], $this->getConfig('order_status_id'));
+                header('Location: ' . $this->url->link('checkout/success', '', 'SSL'));
+            } else {
+                throw new \Exception('Error confirming payment for order (' . $this->session->data['order_id'] . ')');
+            }
+        } catch(Exception $e) {
+            $this->logger->write($e->getMessage());
+            header('Location: ' . $this->url->link('checkout/failure', '', 'SSL'));
+        }
     }

     private function parseGet($var, $get) {
diff --git a/system/library/esp/front.php b/system/library/esp/front.php
index 6303b36..5b68f84 100644
--- a/system/library/esp/front.php
+++ b/system/library/esp/front.php
@@ -218,6 +218,17 @@ final class Front {
         return $res;
     }

+    public function getPaymentStatus($stripe_session_id){
+        require_once($this->meta['stripe_path']);
+        if($this->getConfig('transaction_mode')) {
+            \Stripe\Stripe::setApiKey($this->getConfig('live_private'));
+        } else {
+            \Stripe\Stripe::setApiKey($this->getConfig('test_private'));
+        }
+        $session = \Stripe\Checkout\Session::retrieve($stripe_session_id);
+        return $session->payment_status;
+    }
+
     public function sessionPost() {
         $json = array();
         $this->load->language($this->full_route);
@@ -276,7 +287,7 @@ final class Front {
         $session = \Stripe\Checkout\Session::create([
             'payment_method_types' => ['card'],
             'line_items' => $d2,
-            'success_url' => $d3,
+            'success_url' => $d3 . '&session_id={CHECKOUT_SESSION_ID}',
             'cancel_url' => $d4,
             'customer_email'      => $order_info['email'],
             'payment_intent_data' => [
--
2.10.5