telvero-sales-backoffice/api.php

<?php
/**
 * TELVERO BACKOFFICE - API PROXY (ENV VERSION)
 */
session_start();
ini_set('display_errors', 0);
error_reporting(E_ALL);

require __DIR__ . '/vendor/autoload.php';

// Laad .env configuratie
$dotenv = Dotenv\Dotenv::createImmutable(__DIR__);
$dotenv->load();

use Automattic\WooCommerce\Client;
use Mollie\Api\MollieApiClient;

header('Content-Type: application/json');

// --- DATABASE CONNECTIE VIA ENV ---
$db = new mysqli($_ENV['DB_HOST'], $_ENV['DB_USER'], $_ENV['DB_PASS'], $_ENV['DB_NAME']);

if ($db->connect_error) {
    die(json_encode(['error' => 'Database connectie mislukt']));
}

function writeLog($action, $details) {
    global $db;
    $user = $_SESSION['user'] ?? 'system';
    $stmt = $db->prepare("INSERT INTO sales_logs (username, action, details, created_at) VALUES (?, ?, ?, NOW())");
    $stmt->bind_param("sss", $user, $action, $details);
    $stmt->execute();
}

$action = $_GET['action'] ?? '';

// --- AUTH ACTIONS ---
if ($action === 'login') {
    $input = json_decode(file_get_contents('php://input'), true);
    $stmt = $db->prepare("SELECT password, full_name FROM sales_users WHERE username = ?");
    $stmt->bind_param("s", $input['username']);
    $stmt->execute();
    $res = $stmt->get_result()->fetch_assoc();
    if ($res && password_verify($input['password'], $res['password'])) {
        $_SESSION['user'] = $input['username'];
        $_SESSION['full_name'] = $res['full_name'];
        writeLog('LOGIN', 'Gebruiker ingelogd');
        echo json_encode(['success' => true, 'user' => $res['full_name']]);
    } else {
        http_response_code(401); echo json_encode(['error' => 'Login mislukt']);
    }
    exit;
}

if (!isset($_SESSION['user']) && $action !== 'login') {
    http_response_code(403); echo json_encode(['error' => 'Auth required']); exit;
}

// --- WOOCOMMERCE CLIENT VIA ENV ---
$woocommerce = new Client(
    $_ENV['WC_URL'], 
    $_ENV['WC_KEY'], 
    $_ENV['WC_SECRET'], 
    ['version' => 'wc/v3', 'timeout' => 400, 'verify_ssl' => false]
);

// --- POSTCODE CHECK ---
if ($action === 'postcode_check') {
    $postcode = str_replace(' ', '', $_GET['postcode']);
    $url = "https://postcode.tech/api/v1/postcode?postcode={$postcode}&number=" . $_GET['number'];
    $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, ["Authorization: Bearer " . $_ENV['POSTCODE_TECH_KEY']]);
    echo curl_exec($ch); exit;
}

// --- GET PRODUCTS (FIX VOOR VARIATIES & UPSELLS) ---
if ($action === 'get_products') {
    try {
        $products = $woocommerce->get('products', ['status' => 'publish', 'per_page' => 100]);
        $enriched = [];
        foreach ($products as $product) {
            $p = (array)$product;
            if ($product->type === 'variable') {
                $p['variation_details'] = (array)$woocommerce->get("products/{$product->id}/variations", ['per_page' => 100]);
            } else {
                $p['variation_details'] = [];
            }
            $enriched[] = $p;
        }
        echo json_encode($enriched);
    } catch (Exception $e) { echo json_encode(['error' => $e->getMessage()]); }
    exit;
}

// --- CREATE ORDER ---
if ($action === 'create_order') {
    $input = json_decode(file_get_contents('php://input'), true);
    try {
        $mediacode = $input['mediacode_internal'] ?? 'Geen';
        $method_input = $input['payment_method'];
        
        $map = [
            'mollie_methods_ideal' => ['wc' => 'mollie_wc_gateway_ideal', 'm' => 'ideal'],
            'rve_riverty' => ['wc' => 'mollie_wc_gateway_riverty', 'm' => 'riverty'],
            'mollie_methods_creditcard' => ['wc' => 'mollie_wc_gateway_creditcard', 'm' => 'creditcard']
        ];
        $gw = $map[$method_input];

        $input['payment_method'] = $gw['wc'];
        $input['payment_method_title'] = 'iDEAL (via Mollie)';
        $input['customer_note'] = "Agent: {$_SESSION['user']} | Mediacode: $mediacode";
        
        $input['meta_data'][] = ['key' => 'Mediacode', 'value' => $mediacode];
        $input['meta_data'][] = ['key' => '_wc_order_attribution_utm_campaign', 'value' => $mediacode];
        $input['meta_data'][] = ['key' => '_wc_order_attribution_utm_source', 'value' => 'SalesPanel'];

        $order = $woocommerce->post('orders', $input);

        $mollie = new MollieApiClient();
        $mollie->setApiKey($_ENV['MOLLIE_KEY']);
        $is_sub = (stripos(json_encode($order->line_items), 'abonnement') !== false);
        
        $payment = $mollie->payments->create([
            "amount" => ["currency" => "EUR", "value" => ($gw['m'] === 'ideal' && $is_sub) ? "0.01" : number_format((float)$order->total, 2, '.', '')],
            "description" => "Order #{$order->id} [$mediacode]",
            "redirectUrl" => $_ENV['WC_URL'] . "/checkout/order-received/{$order->id}/?key={$order->order_key}&order_id={$order->id}&filter_flag=onMollieReturn",
            "webhookUrl"  => $_ENV['WC_URL'] . "/wc-api/mollie_wc_gateway_ideal?order_id={$order->id}&key={$order->order_key}&filter_flag=1",
            "method"      => $gw['m'],
            "metadata"    => ["order_id" => (string)$order->id]
        ]);

        $woocommerce->put("orders/{$order->id}", ['meta_data' => [['key' => '_mollie_payment_id', 'value' => $payment->id], ['key' => '_transaction_id', 'value' => $payment->id]]]);
        $woocommerce->post("orders/{$order->id}/notes", ['note' => "Betaallink: " . $payment->getCheckoutUrl(), 'customer_note' => true]);

        writeLog('ORDER_CREATED', "Order #{$order->id} voor {$input['billing']['email']}");
        echo json_encode(['payment_url' => $payment->getCheckoutUrl()]);
    } catch (Exception $e) {
        writeLog('ERROR', $e->getMessage());
        http_response_code(422); echo json_encode(['error' => $e->getMessage()]);
    }
    exit;
}