telvero-sales-backoffice/api/bootstrap.php

<?php
/**
 * Bootstrap file - Session configuration and WordPress loading
 */

// 1. SESSION CONFIGURATION (MUST BE AT THE VERY TOP)
$now = time();
$midnight_timestamp = strtotime('tomorrow midnight') - 1;
$duration = $midnight_timestamp - $now;

ini_set('session.gc_maxlifetime', $duration);
ini_set('session.cookie_lifetime', $duration);

session_set_cookie_params([
    'lifetime' => $duration,
    'path' => '/',
    'secure' => isset($_SERVER['HTTPS']),
    'httponly' => true,
    'samesite' => 'Lax'
]);

if (session_status() === PHP_SESSION_NONE) {
    session_start();
}

// 2. RECOVERY LOGIC (Check cookie before WP loads)
if (!isset($_SESSION['user']) && isset($_COOKIE['telvero_remember'])) {
    $decoded = json_decode(base64_decode($_COOKIE['telvero_remember']), true);
    if ($decoded && $decoded['expires'] > time()) {
        $_SESSION['user'] = $decoded['user'];
        $_SESSION['full_name'] = $decoded['full_name'];
        $_SESSION['role'] = $decoded['role'] ?? 'agent';
    }
}

// 3. CAPTURE DATA FOR WP PROTECTION
$cap_user = $_SESSION['user'] ?? null;
$cap_name = $_SESSION['full_name'] ?? null;
$cap_role = $_SESSION['role'] ?? null;

// 4. LOAD WORDPRESS
$wp_load = dirname(__DIR__) . '/wp-load.php';
if (!file_exists($wp_load)) {
    $wp_load = dirname(dirname(__DIR__)) . '/wp-load.php';
}
if (file_exists($wp_load)) {
    require_once $wp_load;
}

// 5. RESTORE DATA
if ($cap_user && !isset($_SESSION['user'])) {
    $_SESSION['user'] = $cap_user;
    $_SESSION['full_name'] = $cap_name;
    $_SESSION['role'] = $cap_role;
}

// 6. LOAD COMPOSER AUTOLOAD
require dirname(__DIR__) . '/vendor/autoload.php';

// 7. LOAD ENVIRONMENT VARIABLES
if (file_exists(dirname(__DIR__) . '/.env')) {
    $dotenv = Dotenv\Dotenv::createImmutable(dirname(__DIR__));
    $dotenv->load();
}

// Export midnight timestamp for use in other files
define('MIDNIGHT_TIMESTAMP', $midnight_timestamp);