bilety.brzezovka.pl/.paul/codebase/integrations.md

External Integrations

Analysis Date: 2026-04-26

APIs & External Services

Payment Processing:

• Przelewy24 — Polish payment gateway for ticket purchases
  • SDK/Client: Custom cURL integration in autoload/controls/class.Tickets.php
  • Auth: Merchant ID 227658 + CRC key (MD5-signed) in config.php
  • Endpoints: https://secure.przelewy24.pl/trnVerify (production), sandbox configurable
  • Flow: Pre-payment form → P24 hosted page → przelewy24_response() webhook callback
  • Sandbox mode: toggle in config.php

Invoice/Receipt Generation:

• fakturowo.pl — Polish invoicing API (paragon or faktura VAT)
  • SDK/Client: Custom cURL POST in autoload/controls/class.Tickets.php
  • Auth: API ID in config.php ($settings['fakturowo_api_id'])
  • Endpoint: https://konto.fakturowo.pl/api
  • Triggered after successful Przelewy24 payment
  • Returns invoice URL stored in orders.invoice_url

Data Storage

Databases:

• MySQL — Primary data store
  • Connection: Credentials in config.php, instantiated in index.php:44
  • Client: Medoo query builder (libraries/medoo/medoo.php)
  • Secondary ORM: RedBeanPHP (libraries/rb.php) used in cron tasks

File Storage:

• Local filesystem — QR code PNG files stored in orders/{hash[0]}/{hash[1]}/{hash}.png
  • Web-accessible directory, predictable path structure
  • Created with mkdir($dir, 0755, true) and \QRcode::png()

Authentication & Identity

Admin Auth:

• Single shared password stored in config.php ($settings['admin-password'])
• Session-based: password checked once, $_SESSION['user'] = true set
• No individual admin accounts for ticket operations (single login)

Staff/User Auth:

• Separate user table for named staff (users table — id, email, MD5 password)
• Used for non-ticket modules (projects, finances, etc.)
• Hard-coded ACL in autoload/controls/class.Users.php (permissions() method)
• Login via autoload/factory/class.Users.php::login() with MD5 comparison

Email

PHPMailer + SMTP:

• Library: libraries/phpmailer/class.phpmailer.php
• SMTP host: h53.seohost.pl port 25
• From address: bilety@brzezovka.pl
• Credentials: in config.php
• Fallback: native PHP mail() if SMTP unavailable
• Debug logging: optional to mail_debug.log
• Used for: order confirmations (pre-payment), payment confirmations (with QR PNG attachment)
• Implementation: autoload/class.S.php::send_email()

Monitoring & Observability

Error Tracking: Not detected — no Sentry, Rollbar, or similar

Analytics:

• Google Analytics ecommerce data layer — purchase tracking
  • buildPurchaseDataLayer() in autoload/controls/class.Tickets.php
  • Generates $purchase_data_layer passed to templates/tickets/order-confirm.php
  • Fires on order confirmation page

Logs:

• Optional mail debug log: mail_debug.log (file-based, in project root)
• No centralized application logging

CI/CD & Deployment

Hosting: Shared hosting (seohost.pl, Apache)

Deployment:

• FTP sync via VS Code ftp-kr extension
• Config: .vscode/ftp-kr.json, cache: .vscode/ftp-kr.sync.cache.json
• Manual deploy — upload changed files via FTP

CI Pipeline: None detected

Environment Configuration

Development:

• All config in config.php (single file, committed to git)
• No separate dev/staging/prod config files
• Test mode: $settings['test_price_mode_secret'] for pricing tests

Production:

• Przelewy24 sandbox toggle: $settings['p24_sandbox'] = false
• All secrets in config.php — not managed via environment variables

Webhooks & Callbacks

Incoming:

• Przelewy24 — /tickets/przelewy24_response/
  • Handled in autoload/controls/class.Tickets.php::przelewy24_response()
  • Verification: MD5 CRC check against P24 parameters
  • On success: marks order paid, generates invoice, sends confirmation email

Outgoing:

• fakturowo.pl — POST request on payment confirmation
• Przelewy24 verification — GET/POST to trnVerify endpoint to confirm transaction

---

Integration audit: 2026-04-26 Update when adding/removing external services