LLMS_Controller_Orders::create_pending_order()

Handle form submission of the checkout / payment form.


Description Description

  1. Logs in or Registers a user

    1. Validates all fields
    2. Handles coupon pricing adjustments
    3. Creates a PENDING llms_order

      If errors, returns error on screen to user If success, passes to the selected gateways "process_payment" method the process_payment method should complete by returning an error or triggering the "lifterlms_process_payment_redirect" // Todo check this last statement.


Top ↑

Return Return

(void)


Top ↑

Source Source

File: includes/controllers/class.llms.controller.orders.php

	public function create_pending_order() {

		if ( ! llms_verify_nonce( '_llms_checkout_nonce', 'create_pending_order', 'POST' ) ) {
			return;
		}

		if ( empty( $_POST['action'] ) || 'create_pending_order' !== $_POST['action'] ) {
			return;
		}

		// Prevent timeout.
		@set_time_limit( 0 );

		/**
		 * Allow 3rd parties to perform their own validation prior to standard validation.
		 *
		 * If this returns a truthy, we'll stop processing.
		 *
		 * The extension should add a notice in addition to returning the truthy.
		 *
		 * @since Unknown
		 *
		 * @param boolean $valid Validation status. If `true` ceases checkout execution. If `false` checkout proceeds.
		 */
		if ( apply_filters( 'llms_before_checkout_validation', false ) ) {
			return;
		}

		// Setup data to pass to the pending order creation function.
		$data = array();
		$keys = array(
			'llms_plan_id',
			'llms_agree_to_terms',
			'llms_payment_gateway',
			'llms_coupon_code',
		);

		$plan = llms_get_post( llms_filter_input( INPUT_POST, 'llms_plan_id', FILTER_SANITIZE_NUMBER_INT ) );

		foreach ( $keys as $key ) {
			if ( isset( $_POST[ $key ] ) ) {
				$data[ str_replace( 'llms_', '', $key ) ] = llms_filter_input_sanitize_string( INPUT_POST, $key );
			}
		}

		$data['customer'] = array();
		if ( get_current_user_id() ) {
			$data['customer']['user_id'] = get_current_user_id();
		}

		foreach ( LLMS_Forms::instance()->get_form_fields( 'checkout', compact( 'plan' ) ) as $cust_field ) {
			if ( isset( $_POST[ $cust_field['name'] ] ) ) {
				// phpcs:ignore WordPress.Security.ValidatedSanitizedInput.MissingUnslash, WordPress.Security.ValidatedSanitizedInput.InputNotSanitized -- Sanitization happens on submission when setting up the pending order.
				$data['customer'][ $cust_field['name'] ] = $_POST[ $cust_field['name'] ];
			}
		}

		$setup = llms_setup_pending_order( $data );

		if ( is_wp_error( $setup ) ) {

			foreach ( $setup->get_error_messages() as $msg ) {
				llms_add_notice( $msg, 'error' );
			}

			// Existing user fails validation from the free checkout form.
			if ( get_current_user_id() && isset( $_POST['form'] ) && 'free_enroll' === $_POST['form'] && isset( $_POST['llms_plan_id'] ) ) {
				wp_redirect( $plan->get_checkout_url() );
				exit;
			}

			return;

		}

		/**
		 * Allow gateways, extensions, etc to do their own validation.
		 *
		 * After all standard validations are successfully.
		 *
		 * If this returns a truthy, we'll stop processing.
		 * The extension should add a notice in addition to returning the truthy.
		 *
		 * @since Unknown
		 *
		 * @param boolean $stop_processing When a `true`, we'll stop processing. Default is `false`.
		 */
		if ( apply_filters( 'llms_after_checkout_validation', false ) ) {
			return;
		}

		$order_id = 'new';

		// Get order ID by Key if it exists.
		if ( ! empty( $_POST['llms_order_key'] ) ) {
			$locate = llms_get_order_by_key( llms_filter_input_sanitize_string( INPUT_POST, 'llms_order_key' ), 'id' );
			if ( $locate ) {
				$order_id = $locate;
			}
		}

		// Instantiate the order.
		$order = new LLMS_Order( $order_id );

		// If there's no id we can't proceed, return an error.
		if ( ! $order->get( 'id' ) ) {
			return llms_add_notice( __( 'There was an error creating your order, please try again.', 'lifterlms' ), 'error' );
		}

		// Add order key to globals so the order can be retried if processing errors occur.
		$_POST['llms_order_key'] = $order->get( 'order_key' );

		$order->init( $setup['person'], $setup['plan'], $setup['gateway'], $setup['coupon'] );

		// Pass to the gateway to start processing.
		$setup['gateway']->handle_pending_order( $order, $setup['plan'], $setup['person'], $setup['coupon'] );

	}


Top ↑

Changelog Changelog

Changelog
Version Description
5.9.0 Stop using deprecated FILTER_SANITIZE_STRING.
5.0.1 Delegate sanitization of user information fields of the $_POST to LLMS_Form_Handler::submit().
5.0.0 Build customer data using LLMS_Forms fields information.
3.35.0 Sanitize $_POST data.
3.27.0 Unknown.
3.0.0 Introduced.

Top ↑

User Contributed Notes User Contributed Notes

You must log in before being able to contribute a note or feedback.