shopPRO/api.php

<?php
error_reporting( E_ALL ^ E_NOTICE ^ E_STRICT ^ E_WARNING ^ E_DEPRECATED );

function __autoload_my_classes( $classname )
{
  $q = explode( '\\', $classname );
  $c = array_pop( $q );
  $f = 'autoload/' . implode( '/', $q ) . '/class.' . $c . '.php';

  if ( file_exists( $f ) )
    require_once( $f );
  else
  {
    $f = 'autoload/' . implode( '/', $q ) . '/' . $c . '.php';
    if ( file_exists( $f ) )
      require_once( $f );
  }
}

spl_autoload_register( '__autoload_my_classes' );
date_default_timezone_set( 'Europe/Warsaw' );

require_once 'config.php';
require_once 'libraries/medoo/medoo.php';
require_once 'libraries/phpmailer/class.phpmailer.php';
require_once 'libraries/phpmailer/class.smtp.php';

// Detect API request (stateless, no session)
$isApiRequest = isset( $_GET['endpoint'] );

if ( !$isApiRequest )
{
  session_start();

  if ( !isset( $_SESSION[ 'check' ] ) )
  {
    session_regenerate_id();
    $_SESSION[ 'check' ] = true;
    $_SESSION[ 'ip' ] = $_SERVER[ 'REMOTE_ADDR' ];
  }

  if ( $_SESSION[ 'ip' ] !== $_SERVER[ 'REMOTE_ADDR' ] )
  {
    session_destroy();
    header( 'Location: /' );
    exit;
  }
}

// --- API routing (ordersPRO) ---
if ( $isApiRequest )
{
  if ( !headers_sent() )
    header( 'Content-Type: application/json; charset=utf-8' );

  try
  {
    $mdb = new medoo( [
      'database_type' => 'mysql',
      'database_name' => $database[ 'name' ],
      'server'        => $database[ 'host' ],
      'username'      => $database[ 'user' ],
      'password'      => $database[ 'password' ],
      'charset'       => 'utf8'
    ] );

    $settingsRepo = new \Domain\Settings\SettingsRepository( $mdb );
    $router = new \api\ApiRouter( $mdb, $settingsRepo );
    $router->handle();
  }
  catch ( \Throwable $e )
  {
    if ( !headers_sent() )
      header( 'Content-Type: application/json; charset=utf-8' );

    http_response_code( 500 );
    echo json_encode( [
      'status' => 'error',
      'code' => 'INTERNAL_ERROR',
      'message' => 'Internal server error'
    ], JSON_UNESCAPED_UNICODE );
  }

  exit;
}

$mdb = new medoo( [
    'database_type' => 'mysql',
    'database_name' => $database[ 'name' ],
    'server'        => $database[ 'host' ],
    'username'      => $database[ 'user' ],
    'password'      => $database[ 'password' ],
    'charset'       => 'utf8'
  ] );

$settingsRepo = new \Domain\Settings\SettingsRepository( $mdb );
$settings = $settingsRepo->allSettings();

// --- Ekomi CSV export ---
if ( \Shared\Helpers\Helpers::get( 'ekomi_csv' ) )
{
  $csv_array = [ [ 'ORDER_ID', 'MAIL', 'FIRST_NAME', 'LAST_NAME', 'PRODUCT_ID', 'PRODUCT_NAME' ] ];

  $orders_id = $mdb -> select( 'pp_shop_order_statuses', 'order_id', [ 'AND' => [ 'status_id' => 6, 'date[~]' => date( 'Y-m-d', strtotime( '-1 day', time() ) ) ] ] );
  $orders_id = array_unique( $orders_id );

  if ( \Shared\Helpers\Helpers::is_array_fix( $orders_id ) )
  {
    foreach ( $orders_id as $order_id )
    {
      $order = $mdb -> get( 'pp_shop_orders', '*', [ 'id' => $order_id ] );
      if ( $order )
      {
        $products = $mdb -> select( 'pp_shop_order_products', '*', [ 'order_id' => $order['id'] ] );
        if ( \Shared\Helpers\Helpers::is_array_fix( $products ) ) foreach ( $products as $product )
        {
          $csv_array[] = [ $order['id'], $order['client_email'], $order['client_name'], $order['client_surname'], $product['product_id'], $product['name'] ];
        }
      }
    }

    if ( !is_dir( 'ekomi' ) )
      mkdir( 'ekomi', 0775, true );

    $fp = fopen( 'ekomi/ekomi-' . date( 'Y-m-d' ) . '.csv', 'w');
    fputs( $fp, $bom =( chr(0xEF) . chr(0xBB) . chr(0xBF) ) );
    foreach ( $csv_array as $fields )
      fputcsv( $fp, $fields, ';' );

    fclose( $fp );
  }
}