1) Robokassa, Yandex.Money, QIWI and other payment systems have ready-made PHP scripts.
2) These scripts simply call the API of this payment system with a curl, that's all.
3) The script makes a request to the API, a successful response from the API of the payment should transfer the user to the gateway of the payment itself, where he himself does what he needs. Further, the payment system itself makes the requests it needs to its own API, and if it liked everything, it throws the user to your link (callback), which you specify when setting up this payment system. Using this link, you are already doing the actions you need if the user has paid for everything. Either enter the amount of money the user has in the database column, depending on how much he paid in the previous step, or redirect him to some closed section of the site, etc. It depends on what you want to allow the user after payment, this is already Your website.
And the condition is that this link cannot be accessed otherwise than through the payment gateway after successful payment - a token must be transmitted, which is taken from the address of this callback and compared with the token issued by the payment system after successful payment. That is, if the user just enters it, he needs to give an error, such as an invalid token. Sobssno, the system is very primitive, paradoxically, the most difficult thing is to teach your script to send the correct signatures to the server so that the correct token is generated, which will be compared with the payment server to go to your secret page on your site. Or use ready-made scripts of the payment system itself, usually this process is much facilitated by this.