<br />
<b>Warning</b>:  Undefined variable $auth in <b>/home/pevo0181/public_html/pia-soft.com/cleania/routes/index.php</b> on line <b>542</b><br />
<br />
<b>Warning</b>:  Trying to access array offset on value of type null in <b>/home/pevo0181/public_html/pia-soft.com/cleania/routes/index.php</b> on line <b>542</b><br />
<?php
/**
 * api.php — SYGEIP Sync + WhatsApp Proxy
 * À placer : public_html/ia-sygeip/apme/api.php
 */

define('API_KEY',    'SYGEIP_SECRET_2026');
define('PHOTOS_DIR', __DIR__ . '/photos/');
define('MAX_SIZE',   5 * 1024 * 1024);

header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, X-API-Key');
header('Content-Type: application/json; charset=utf-8');

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit; }

// Vérification clé API
$apiKey = $_SERVER['HTTP_X_API_KEY'] ?? $_POST['api_key'] ?? $_GET['api_key'] ?? '';
if ($apiKey !== API_KEY) {
    http_response_code(403);
    echo json_encode(['error' => 'Clé API invalide']);
    exit;
}

if (!is_dir(PHOTOS_DIR)) mkdir(PHOTOS_DIR, 0755, true);

$action = $_GET['action'] ?? $_POST['action'] ?? 'ping';

switch ($action) {

    case 'ping':
        echo json_encode([
            'success' => true,
            'server'  => 'SYGEIP API o2switch',
            'version' => '1.0',
            'time'    => date('Y-m-d H:i:s'),
            'photos'  => count(glob(PHOTOS_DIR . '*.{jpg,jpeg,png,webp}', GLOB_BRACE)) . ' photo(s)'
        ]);
        break;

    // ── Proxy WhatsApp (appel depuis o2switch vers UltraMsg) ──
    case 'whatsapp_send':
        $data        = json_decode(file_get_contents('php://input'), true) ?? [];
        $instance_id = $data['instance_id'] ?? '';
        $token       = $data['token']       ?? '';
        $to          = $data['to']          ?? '';
        $body        = $data['body']        ?? '';
        $image       = $data['image']       ?? '';
        $caption     = $data['caption']     ?? '';

        if (!$instance_id || !$token || !$to) {
            http_response_code(400);
            echo json_encode(['error' => 'instance_id, token et to requis']);
            exit;
        }

        if ($image) {
            // Envoyer image
            $url = "https://api.ultramsg.com/{$instance_id}/messages/image?"
                 . http_build_query(['token'=>$token,'to'=>$to,'image'=>$image,'caption'=>$caption,'priority'=>'10']);
        } else {
            // Envoyer texte
            $url = "https://api.ultramsg.com/{$instance_id}/messages/chat?"
                 . http_build_query(['token'=>$token,'to'=>$to,'body'=>$body,'priority'=>'10']);
        }

        $ch = curl_init($url);
        curl_setopt_array($ch, [
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_TIMEOUT        => 15,
            CURLOPT_SSL_VERIFYPEER => false,
        ]);
        $response = curl_exec($ch);
        $httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        $error    = curl_error($ch);
        curl_close($ch);

        if ($error) {
            http_response_code(500);
            echo json_encode(['error' => 'cURL: ' . $error]);
        } else {
            $result = json_decode($response, true) ?? ['raw' => $response];
            echo json_encode(['success' => true, 'http_code' => $httpCode, 'result' => $result]);
        }
        break;

    // ── Upload photo ──────────────────────────────────────────
    case 'upload_photo':
        $data     = json_decode(file_get_contents('php://input'), true) ?? $_POST;
        $filename = $data['filename'] ?? null;
        $photo64  = $data['photo']    ?? null;

        if (!$filename || !$photo64) {
            http_response_code(400);
            echo json_encode(['error' => 'filename et photo requis']);
            exit;
        }

        $filename = preg_replace('/[^a-zA-Z0-9_\-\.]/', '_', basename($filename));
        $photo64  = preg_replace('/^data:image\/\w+;base64,/', '', $photo64);
        $binary   = base64_decode($photo64);

        if (!$binary || strlen($binary) > MAX_SIZE) {
            http_response_code(400);
            echo json_encode(['error' => 'Photo invalide ou trop grande']);
            exit;
        }

        $dest = PHOTOS_DIR . $filename;
        if (file_put_contents($dest, $binary) !== false) {
            $baseUrl = (isset($_SERVER['HTTPS'])?'https':'http').'://'.$_SERVER['HTTP_HOST'].'/ia-sygeip/apme/photos/';
            echo json_encode(['success'=>true,'filename'=>$filename,'url'=>$baseUrl.$filename]);
        } else {
            http_response_code(500);
            echo json_encode(['error' => 'Impossible d\'écrire le fichier']);
        }
        break;

    // ── Créer les tables MySQL ─────────────────────────────────
    case 'create_tables':
        $data    = json_decode(file_get_contents('php://input'), true) ?? [];
        $db_name = $data['db_name'] ?? '';
        $db_user = $data['db_user'] ?? '';
        $db_pass = $data['db_pass'] ?? '';

        if (!$db_name || !$db_user) {
            http_response_code(400);
            echo json_encode(['error' => 'db_name et db_user requis']);
            exit;
        }

        try {
            $pdo = new PDO("mysql:host=localhost;dbname={$db_name};charset=utf8mb4",
                          $db_user, $db_pass,
                          [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]);

            // Table employes
            $pdo->exec("CREATE TABLE IF NOT EXISTS employes (
                id          INT AUTO_INCREMENT PRIMARY KEY,
                matricule   VARCHAR(50)  DEFAULT '',
                civilite    VARCHAR(10)  DEFAULT '',
                nom         VARCHAR(100) NOT NULL,
                prenom      VARCHAR(100) NOT NULL,
                poste       VARCHAR(100) DEFAULT '',
                departement VARCHAR(100) DEFAULT '',
                telephone   VARCHAR(30)  DEFAULT '',
                date_naissance DATE      DEFAULT NULL,
                photo_profil   VARCHAR(255) DEFAULT NULL,
                code        VARCHAR(10)  NOT NULL,
                actif       TINYINT(1)   DEFAULT 1,
                created_at  DATETIME     DEFAULT CURRENT_TIMESTAMP,
                UNIQUE KEY uq_code (code)
            ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4");

            // Table pointages
            $pdo->exec("CREATE TABLE IF NOT EXISTS pointages (
                id          INT AUTO_INCREMENT PRIMARY KEY,
                employe_id  INT          NOT NULL DEFAULT 0,
                matricule   VARCHAR(50)  DEFAULT '',
                nom         VARCHAR(100) DEFAULT '',
                prenom      VARCHAR(100) DEFAULT '',
                civilite    VARCHAR(10)  DEFAULT '',
                type        VARCHAR(20)  NOT NULL,
                photo_path  VARCHAR(255) DEFAULT NULL,
                poste_nom   VARCHAR(255) DEFAULT '',
                whatsapp_sent TINYINT(1) DEFAULT 0,
                created_at  DATETIME     DEFAULT CURRENT_TIMESTAMP,
                INDEX idx_employe (employe_id),
                INDEX idx_date    (created_at)
            ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4");

            // Table visiteurs
            $pdo->exec("CREATE TABLE IF NOT EXISTS visiteurs (
                id          INT AUTO_INCREMENT PRIMARY KEY,
                telephone   VARCHAR(30)  NOT NULL,
                type        ENUM('entree','sortie') NOT NULL,
                photo_path  VARCHAR(255) DEFAULT NULL,
                service_nom VARCHAR(100) DEFAULT NULL,
                service_tel VARCHAR(30)  DEFAULT NULL,
                date_jour   DATE         NOT NULL,
                heure       TIME         NOT NULL,
                created_at  DATETIME     DEFAULT CURRENT_TIMESTAMP,
                INDEX idx_telephone (telephone),
                INDEX idx_date      (date_jour)
            ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4");

            // Table sync_log
            $pdo->exec("CREATE TABLE IF NOT EXISTS sync_log (
                id         INT AUTO_INCREMENT PRIMARY KEY,
                action     VARCHAR(50) NOT NULL,
                details    TEXT,
                created_at DATETIME DEFAULT CURRENT_TIMESTAMP
            ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4");

            echo json_encode([
                'success' => true,
                'message' => '✅ Tables créées : employes, pointages, visiteurs, sync_log'
            ]);
        } catch(PDOException $e) {
            http_response_code(500);
            echo json_encode(['error' => $e->getMessage()]);
        }
        break;
    case 'sync_pointage':
        $data = json_decode(file_get_contents('php://input'), true) ?? [];

        $db_host = 'localhost';
        $db_name = $data['db_name'] ?? '';
        $db_user = $data['db_user'] ?? '';
        $db_pass = $data['db_pass'] ?? '';

        if (!$db_name || !$db_user) {
            http_response_code(400);
            echo json_encode(['error' => 'db_name et db_user requis']);
            exit;
        }

        try {
            $pdo = new PDO("mysql:host={$db_host};dbname={$db_name};charset=utf8mb4",
                          $db_user, $db_pass,
                          [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]);

            $stmt = $pdo->prepare("INSERT INTO pointages 
                (employe_id, matricule, nom, prenom, civilite, type, photo_path, poste_nom, created_at)
                VALUES (?, ?, ?, ?, ?, ?, ?, ?, NOW())");

            $stmt->execute([
                $data['employe_id']  ?? 0,
                $data['matricule']   ?? '',
                $data['nom']         ?? '',
                $data['prenom']      ?? '',
                $data['civilite']    ?? '',
                $data['type']        ?? '',
                $data['photo_path']  ?? null,
                $data['poste_nom']   ?? ''
            ]);

            echo json_encode(['success' => true, 'id' => $pdo->lastInsertId()]);
        } catch(PDOException $e) {
            http_response_code(500);
            echo json_encode(['error' => $e->getMessage()]);
        }
        break;

    // ── Sync visiteur en MySQL local o2switch ──────────────
    case 'sync_visiteur':
        $data    = json_decode(file_get_contents('php://input'), true) ?? [];
        $db_name = $data['db_name'] ?? '';
        $db_user = $data['db_user'] ?? '';
        $db_pass = $data['db_pass'] ?? '';

        if (!$db_name || !$db_user) {
            http_response_code(400);
            echo json_encode(['error' => 'db_name et db_user requis']);
            exit;
        }

        try {
            $pdo = new PDO("mysql:host=localhost;dbname={$db_name};charset=utf8mb4",
                          $db_user, $db_pass,
                          [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]);

            $stmt = $pdo->prepare("INSERT INTO visiteurs 
                (telephone, type, photo_path, service_nom, service_tel, date_jour, heure, created_at)
                VALUES (?, ?, ?, ?, ?, ?, ?, NOW())");

            $stmt->execute([
                $data['telephone']   ?? '',
                $data['type']        ?? 'entree',
                $data['photo_path']  ?? null,
                $data['service_nom'] ?? null,
                $data['service_tel'] ?? null,
                $data['date_jour']   ?? date('Y-m-d'),
                $data['heure']       ?? date('H:i:s')
            ]);

            echo json_encode(['s