payment_complete.php

<?php
require('utility/utility.php');
$payment_mode=$_POST['mode'];
$pay_id=$_POST['mihpayid'];
$status=$_POST["status"];
$firstname=$_POST["firstname"];
$amount=$_POST["amount"];
$txnid=$_POST["txnid"];
$posted_hash=$_POST["hash"];
$key=$_POST["key"];
$productinfo=$_POST["productinfo"];
$email=$_POST["email"];

$MERCHANT_KEY = "4RxOLBOS"; 
$SALT = "osrz8DQdWT";
$udf5='';
$keyString 	= $MERCHANT_KEY .'|'.$txnid.'|'.$amount.'|'.$productinfo.'|'.$firstname.'|'.$email.'|||||'.$udf5.'|||||';
$keyArray 	= explode("|",$keyString);
$reverseKeyArray = array_reverse($keyArray);
$reverseKeyString =	implode("|",$reverseKeyArray);
$saltString     = $SALT.'|'.$status.'|'.$reverseKeyString;
$sentHashString = strtolower(hash('sha512', $saltString));


if($sentHashString != $posted_hash){
	$statusse="Failed";
	echo $statusse;
	$placed="Failed";
	mysqli_query($con,"update orders set payment_status='$statusse',order_status='$placed',payu_status='$status', mihpayid='$pay_id' where txnid='$txnid'");
	?>
<script>
alert('Failed');
window.location.href = 'index.php';
</script>
<?php
}else{
	$statusse="Successfull";
	echo $statusse;
	$placed="2";
	$_SESSION['USER_LOGIN']="YES";
	$q=mysqli_fetch_assoc(mysqli_query($con,"select * from orders where txnid='$txnid'"));
	$_SESSION['USER_ID']=$q['u_id'];
	$_SESSION['utm_source']=$productinfo;
	$uid=$q['u_id'];
	mysqli_query($con,"update orders set payment_status='1',order_status='$placed',payu_status='$status', mihpayid='$pay_id' where txnid='$txnid'");
	$rw=mysqli_fetch_assoc(mysqli_query($con,"select * from orders where txnid='$txnid'"));
	$oid=$rw['id'];
	mysqli_query($con,"insert into order_time(oid,o_status) values('$oid','2')");
	$cart=mysqli_fetch_assoc(mysqli_query($con,"select * from cart where u_id='$uid' and belonging_city='$productinfo'"));
	$cart_id=$cart['id'];
	mysqli_query($con,"delete from cart where id='$cart_id'");
    mysqli_query($con,"delete from cart_detail where cart_id='$cart_id'");
        $orderRes=mysqli_query($con,"select * from order_detail where oid='$oid'");
        while($rw=mysqli_fetch_assoc($orderRes)){
            $pidt=$rw['p_id'];
            $qt=$rw['qty'];
            mysqli_query($con,"update product set qty=qty-'$qt' where id='$pidt'");
        }
	?>
<form action="orderPlaced.php" method="POST" id="codform">
    <input type="hidden" name="orderId_user" value="<?php echo $oid; ?>">
</form>
<script>
document.getElementById("codform").submit();
</script>
<?php	
}
?>