Web Admin Scripts (web/tools/)
The web/tools/ directory contains web-accessible PHP admin scripts that bootstrap WordPress and perform one-off maintenance tasks, cron operations, or diagnostic checks. These scripts are accessed via browser or CLI and should be protected from public access.
These scripts load WordPress directly and execute privileged operations. They should only be accessible to trusted administrators. On production (Ymir/AWS Lambda), access is restricted by CloudFront and security headers. Never expose these scripts publicly.
Directory Structureโ
web/tools/
โโโ check-kount-endpoint.php # Diagnostic: verify Kount ENS REST endpoint registration
โโโ cron-capture-payment.php # Cron: capture authorized-but-uncaptured PayPal/CC payments
โโโ cron-send-fraud-emails.php # Cron: send fraud notification emails for Kount-declined orders
โโโ fix-old-orders.php # Cron: cancel stale pending PayPal/Express orders (>15 min)
โโโ kount-ens-test-curl.php # CLI testing tool: simulate Kount ENS approve/decline callbacks
โโโ order-watch.php # Cron/browser: monitor and auto-cancel stale orders by payment type
โโโ README-KOUNT-ENS-TEST.md # Documentation for kount-ens-test-curl.php
โโโ task-convert-volume-pricing.php # One-time task: migrate Dynamic Pricing rules to volume pricing JSON
Script Referenceโ
check-kount-endpoint.phpโ
Type: Diagnostic / browser
Purpose: Verifies that the Kount ENS REST endpoint (POST /wp-json/kount/v1/ens) is correctly registered in WordPress and outputs its route configuration.
Use this after deployments or plugin updates to confirm the Kount integration is live.
Usage:
https://scottsdalemint.com/tools/check-kount-endpoint.php
Output:
- Confirms whether
/kount/v1/ensis registered. - Lists all registered
kount/*routes if the main endpoint is missing. - Checks existence of
\Suma\Integration\Kount_ENS_EndpointandKFPWOO_ENS_Updatesclasses. - Prints the full REST URL for the endpoint.
cron-capture-payment.phpโ
Type: Cron job
Purpose: Captures payments for WooCommerce orders that were authorized but not yet captured by PayPal PPCP (Credit Card, PayPal Express, and Bank Wire deposit flows).
This script is called by an external cron scheduler (Ymir cron runner). It handles three order types:
| Method | Gateway | Logic |
|---|---|---|
| Credit Card | angelleye_ppcp_cc | Finds wc-pending/wc-on-hold orders with Kount approval (kount_RIS_response = 'A') and payment_action = 'authorize' |
| PayPal Express | angelleye_ppcp | Finds orders approved by Kount awaiting capture |
| Bank Wire | โ | Finds partially-paid bank wire orders needing final capture |
Uses the AngellEYE_PayPal_PPCP_Admin_Action class to trigger payment capture via the PayPal PPCP API.
Usage (called by Ymir cron):
https://scottsdalemint.com/tools/cron-capture-payment.php
This script uses raw $wpdb queries for performance. The queries filter by ID > 115161 to skip legacy orders predating the current payment gateway setup.
cron-send-fraud-emails.phpโ
Type: Cron job
Purpose: Sends the fraud cancellation notification email (WC_Customer_Cancelled_For_Fraud_Order) to customers whose orders were cancelled due to a Kount decline (D) decision.
The script:
- Queries all
wc-cancelledorders created in the last ~72 minutes. - For each, checks
kount_RIS_response === 'D'and that the fraud email has not already been sent (suma_kount_fraud_email_sent). - Sends the
WC_Customer_Cancelled_For_Fraud_Orderemail to the customer's billing address. - Sets
suma_kount_fraud_email_sent = 1on the order to prevent duplicate sends.
Usage (called by Ymir cron):
https://scottsdalemint.com/tools/cron-send-fraud-emails.php
Related: Kount ENS Webhook | Custom WooCommerce Emails
fix-old-orders.phpโ
Type: Cron job
Purpose: Automatically cancels stale pending PayPal/Express orders that have been sitting in wc-pending status for more than 15 minutes. This handles cases where a customer abandons checkout mid-flow.
Affected gateways: eh_paypal_express, angelleye_ppcp
Logic:
- Queries
wp_posts+wp_postmetafor orders withpost_status = 'wc-pending', a matching gateway, andpost_dateolder than 15 minutes. - Calls
$order->update_status('cancelled', ...)with a descriptive note. - Returns
{"status":"ok","message":"completed successfully"}as JSON.
Usage (called by Ymir cron):
https://scottsdalemint.com/tools/fix-old-orders.php
kount-ens-test-curl.phpโ
Type: CLI-only diagnostic tool
Purpose: Sends HTTP POST requests to simulate Kount ENS callback payloads without loading WordPress. Used for testing the Kount fraud decision flow end-to-end.
This script is protected with a php_sapi_name() !== 'cli' check. It returns HTTP 403 if accessed via a browser.
Usage:
# Simulate an approve decision for order 12345
php web/tools/kount-ens-test-curl.php --order=12345 --decision=approve --url=https://scottsdalemint.test
# Simulate a decline decision with verbose output
php web/tools/kount-ens-test-curl.php --order=12345 --decision=decline --url=https://scottsdalemint.test -v
Parameters:
| Parameter | Description |
|---|---|
--order=ORDER_ID | WooCommerce order ID to test |
--decision=approve|decline | Kount decision to simulate |
--url=SITE_URL | Base URL of the WordPress site |
-v | Verbose output (shows full HTTP request/response) |
The tool constructs a POST payload matching the Kount ENS signature format and sends it to POST /wp-json/kount/v1/ens. Useful for verifying order status transitions (e.g., wc-pending โ processing, or wc-pending โ wc-cancelled).
See README-KOUNT-ENS-TEST.md for full documentation.
order-watch.phpโ
Type: Cron job / browser diagnostic
Purpose: Monitors WooCommerce orders and automatically cancels or holds stale orders that have been sitting in pending/in-progress statuses past their time limits, grouped by payment type.
This is the main order expiry enforcement script. It renders an HTML report in the browser or can be called by the cron runner.
Cancellation Rules by Payment Type:
| Payment Type | Status Watched | Auto-Cancel Threshold | Notes |
|---|---|---|---|
| ACH | wc-pending-ach | 2 weeks | Bank ACH processing window |
| Bank Wire (BWT) | wc-partially-paid | 72 business hours | Excludes weekends (America/Los_Angeles) |
| Crypto | wc-crypto-pending (quote refresh) | 12 hours | Expired price quotes |
| BTC, BCH, LTC | wc-crypto-pending | 15 minutes | Short-lived crypto quotes |
| Bank Wire Pending Payment | wc-pending | 15 minutes | Pre-deposit pending orders |
The script uses America/Los_Angeles timezone for all calculations and correctly skips Saturday/Sunday when calculating 72 business hours for bank wire orders.
Output:
An HTML dashboard displaying:
- Timestamp thresholds used for each rule
- Orders that will be cancelled (with order IDs and statuses)
- Orders placed on hold
- Summary counts
Usage:
https://scottsdalemint.com/tools/order-watch.php
Related: Order Lifecycle | Custom Order Statuses
task-convert-volume-pricing.phpโ
Type: One-time migration task
Purpose: Migrates volume/tiered pricing data from the WooCommerce Dynamic Pricing plugin format (_pricing_rules post meta) into the site's proprietary volume pricing JSON format (_volume_pricing post meta).
This script was used as a one-time data migration task when the site transitioned away from the Dynamic Pricing plugin's array-based format.
Options:
| Option | Type | Default | Description |
|---|---|---|---|
batch_size | int | 20 | Number of products to process per batch |
last_id | int | 0 | Resume from a specific post ID (for batched runs) |
process_mode | string | manual | manual or auto |
// Example: run with custom batch size via query string or direct PHP call
$converter = new Convert_Volume_Pricing();
$converter->run([
'batch_size' => 50,
'last_id' => 1000,
'process_mode' => 'auto',
]);
How it works:
- Queries products that have
_pricing_rulesbut no_volume_pricingpost meta (in batches). - Converts each pricing rule array to the JSON tier format.
- Saves the result as
_volume_pricingmeta. - Reports results (converted, skipped, errors).
This is a historical migration script. It should not need to be run again unless reverting a migration or migrating new products from the old format.
Cron Schedule Referenceโ
The following scripts are called by Ymir's built-in cron runner (WordPress cron is disabled via DISABLE_WP_CRON=1):
| Script | Recommended Frequency | Purpose |
|---|---|---|
cron-capture-payment.php | Every 5 minutes | Capture pending PayPal authorizations |
cron-send-fraud-emails.php | Every 5 minutes | Send Kount fraud decline emails |
fix-old-orders.php | Every 5 minutes | Cancel stale pending PayPal orders |
order-watch.php | Every 15 minutes | Cancel/hold stale orders by payment type |
Configure cron frequency in ymir.yml under the crons section.