1

I have this credit card adding when a customer first signs up 

// CREDIT CARD CODE (STRIPE)

$q_get_user = "select * from users where `id` = '$user_id' ";
$r_get_user = mysqli_query($conn,$q_get_user);
$get_user = mysqli_fetch_assoc($r_get_user);


if(1) {
    \Stripe\Stripe::setApiKey("sk_live_9N676756776");


    try {

        $t = \Stripe\Token::create(
                array(
                        "card" => array(
                                "name" => $get_user['first_name']." ".$get_user['last_name'],
                                "number" => $credit_num,
                                "exp_month" => $credit_month,
                                "exp_year" => $credit_year,
                                "cvc" => $credit_ccv
                        )
                )
        );

        if($t->id != '') {
            try {
                $c = \Stripe\Customer::create(array(
                        "description" => "Customer for ".$get_user['email'],
                        "source" => $t->id)
                );
                if($c->id != '') {
                    $stripe_token_response = mysqli_real_escape_string($conn, json_encode($t));
                    $stripe_token_id = mysqli_real_escape_string($conn, $t->id);
                    $stripe_customer_response = mysqli_real_escape_string($conn, json_encode($c));
                    $stripe_customer_id = mysqli_real_escape_string($conn, $c->id);
                    $stripe_card_id = mysqli_real_escape_string($conn, $c->default_source);
                }

            } catch (Exception $e) {
                //print_r($e->getMessage());
                header('Location: /credits?error=cc&message='.urlencode($e->getMessage()));die;
            }
        }

    } catch (Exception $e) {
        //print_r($e->getMessage());
        header('Location: /credits?error=cc&message='.urlencode($e->getMessage()));die;

    }



}

// END - CREDIT CARD CODE (STRIPE)

How can I make it inside of it being for a new customer for it to add to an existing customer? Therefore the customer is adding a new card (they will have more than one)

Improve this question

1 Answer 1

Reset to default
1

You are sending card details through the API directly, which is probably not something you want to do. This means that you get the card numbers on your server which has some serious PCI compliance implications. I would strongly advise you to modify your integration so that you always tokenize the card details first by using Stripe.js or Stripe Checkout client-side to send the card details to Stripe directly and get a unique card token (tok_XXX) that you'd then send safely to your server to create the Customer or add as a Card.

You can find a description of the 'card update' process here; the only difference you need is that, instead of doing this to replace the card:

$cu->source = $_POST['stripeToken']; // obtained with Checkout

You want to do this to add a new one: 

$customer->sources->create(array("source" => $t->id));
Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.