# External Integrations

**Analysis Date:** 2026-05-05

## APIs & External Services

**Maps & Geolocation:**
- Google Maps API — interactive contact/location maps on frontend
  - Integration: JavaScript API via `https://maps.googleapis.com/maps/api/js?key=<key>`
  - Auth: API key stored in `pp_settings` table as `google_map_key`
  - Toggle: `google_maps` setting in admin settings
  - Files: `templates/site/contact.php`, `admin/templates/settings/settings.php`

- geoPlugin IP Geolocation — visitor IP-to-location lookup with currency detection
  - Service URL: `http://www.geoplugin.net/php.gp?ip={IP}&base_currency={CURRENCY}`
  - Library: `autoload/class.geoplugin.php`
  - No API key required (free service)

**Fonts & CDN Resources:**
- Google Fonts — `https://fonts.googleapis.com/css?family=Open+Sans:300,400,600,700`
  - File: `admin/templates/site/main-layout.php`
- Google AJAX CDN — jQuery loaded from `//ajax.googleapis.com/ajax/libs/jquery/2.1.4/`
  - File: `admin/templates/site/unlogged-layout.php`

**Social Media:**
- Facebook Likebox widget — fixed sidebar widget showing Facebook feed
  - App ID: `194295077275888` (hardcoded in iframe)
  - File: `templates/site/facebook.php`

**Gallery:**
- Pixieset — external photo gallery service integration
  - Features: ZIP download of gallery images, mark favorites
  - AJAX endpoints: `ajax.php?a=pixieset_*`
  - Files: `templates/articles/article-gallery.php`, `ajax.php`

## Data Storage

**Databases:**
- MySQL 5.7+ — primary data store for all CMS content
  - Connection: credentials hardcoded in `config.php` (host, user, password, dbname)
  - Client: Medoo ORM (`libraries/medoo/medoo.php`)
  - Table prefix: `pp_` (~32 tables)
  - Migrations: None detected — schema managed manually

**File Storage:**
- Local filesystem — all user uploads stored on server
  - Images: `images/` directory
  - Uploads: `upload/` directory
  - Temp files: `admin/temp/`
  - Cache/WebP: `cache/` directory
  - No cloud storage (no AWS S3, no CDN)

**Caching:**
- Session-based cache via `\Cache` class (`autoload/class.Cache.php`)
  - Keys pattern: `page_details:lang:id`
  - File-based WebP image cache: `cache/` directory

## Authentication & Identity

**Auth Provider:**
- Custom session-based authentication — no OAuth provider
  - Implementation: `admin/index.php` (session check + cookie auto-login)
  - Password storage: MD5 hashing (insecure — see concerns.md)
  - Session security: IP address validation stored in `$_SESSION`
  - Files: `autoload/admin/factory/class.Users.php`, `autoload/admin/class.Site.php`

**OAuth Integrations:**
- None detected

## Email & Messaging

**SMTP Mail:**
- PHPMailer — SMTP-based transactional email
  - Library: `libraries/phpmailer/class.phpmailer.php`, `libraries/phpmailer/class.smtp.php`
  - Config: host, port, login, password stored in `pp_settings` table
  - Settings keys: `email_host`, `email_port`, `email_login`, `email_password`
  - Function: `\S::send_email()` in `autoload/class.S.php`
  - Used for: contact forms, newsletter delivery

**Newsletter:**
- Custom database-driven newsletter system (no Mailchimp/SendGrid)
  - Templates: `pp_newsletter_templates` table
  - Subscribers: `pp_newsletter` table
  - Send log: `pp_newsletter_send` table
  - Files: `autoload/front/factory/class.Newsletter.php`

## Analytics & Tracking

**Analytics:**
- Custom code injection — third-party analytics configured via admin settings
  - Setting key: `statistic_code` (stored in `pp_settings`)
  - Injection point: before `</head>` in `index.php`
  - Supports: Google Analytics, Matomo, or any snippet

**Error Tracking:**
- None detected — no Sentry, Rollbar, or similar

## Security

**CAPTCHA:**
- Custom JavaScript captcha for contact forms
  - Library: `libraries/jquery/captcha.js`, `libraries/jquery/captcha.css`
  - Toggle: `contact_form_captcha` setting
  - File: `templates/site/contact.php`

- Google reCAPTCHA — used in some contact form variants
  - Secret key hardcoded in `plugins/special-actions-middle.php` (8 locations — see concerns.md)

## CI/CD & Deployment

**Hosting:**
- Shared hosting at `serwer1574995.home.pl`
  - Deployment: FTP via VS Code extension (`.vscode/sftp.json`, `.vscode/ftp-kr.json`)
  - No automated deployment pipeline

**CI Pipeline:**
- None detected — no GitHub Actions, no CI configuration

## Environment Configuration

**Development:**
- Required config: Database credentials in `config.php`
- No `.env` or `.env.example` — all config hardcoded
- FTP settings: `.vscode/sftp.json`

**Production:**
- Same `config.php` used for production (no environment separation)
- No staging environment detected

## Not Detected

- ❌ Payment gateways (Stripe, PayPal, Przelewy24)
- ❌ SMS services (Twilio, SMSAPI)
- ❌ Cloud storage (AWS S3, Google Cloud Storage)
- ❌ Error tracking (Sentry, Rollbar)
- ❌ OAuth / SSO providers
- ❌ Redis / Memcached
- ❌ CDN (no Cloudflare, no CloudFront)
- ❌ Webhooks (incoming or outgoing)

---

*Integration audit: 2026-05-05*
*Update when adding/removing external services*