| Current Path : /home/h/a/p/happyrenas/fun/public/api/ |
Linux webd005.cluster105.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64 |
| Current File : /home/h/a/p/happyrenas/fun/public/api/avant-paiement.php |
<?php
/**
* POST /api/avant-paiement.php
* body: {activityId, productId, pays, urlBooking, website(honeypot)}
* -> {ok:true, id:"...", stripeUrl:"..."}
*/
require_once __DIR__ . '/_bootstrap.php';
rate_limit_or_429('post', $config);
require_method('POST');
$body = read_json_body();
$honeypot = str_limit((string)($body['website'] ?? ''), 120);
if ($honeypot !== '') {
json_error(400, 'Requête invalide.');
}
$activityId = str_limit((string)($body['activityId'] ?? ''), 80);
$productId = str_limit((string)($body['productId'] ?? ''), 80);
$pays = str_limit((string)($body['pays'] ?? ''), 80);
$urlBooking = str_limit((string)($body['urlBooking'] ?? ''), 400);
if ($activityId === '' || $productId === '' || $pays === '') {
json_error(400, 'Champs requis: activityId, productId, pays.');
}
if ($urlBooking !== '' && !is_valid_url($urlBooking)) {
json_error(400, 'URL BOOKING invalide.');
}
/** 1) récupérer activité */
$actS = $config['sheets']['activities'];
$actValues = sheets_get_all($actS['spreadsheet_id'], $actS['sheet_name'], $config);
$actTable = table_from_values($actValues);
$activity = find_row_by_col($actTable['rows'], 'id', $activityId);
if (!$activity) json_error(404, "Activité introuvable.");
/** 2) récupérer produit */
$db = $config['sheets']['db'];
$prodValues = sheets_get_all($db['spreadsheet_id'], $db['products_sheet'], $config);
$prodTable = table_from_values($prodValues);
$product = find_row_by_col($prodTable['rows'], 'id_produit', $productId);
if (!$product) json_error(404, "Produit introuvable.");
$stripeUrl = (string)($product['LienStripe'] ?? '');
$nowIso = (new DateTime('now', new DateTimeZone('Europe/Paris')))->format('Y-m-d H:i:s');
$newId = uuid_v4();
/** 3) lire en-têtes "avant paiement" */
$service = google_sheets_service($config);
$headersResp = $service->spreadsheets_values->get($db['spreadsheet_id'], $db['avant_sheet'] . '!1:1');
$headers = $headersResp->getValues();
$headers = (is_array($headers) && isset($headers[0]) && is_array($headers[0])) ? $headers[0] : [];
$headers = array_map('trim', $headers);
if (count($headers) === 0) {
json_error(500, "Impossible de lire les en-têtes de l'onglet 'avant paiement'.");
}
/** Construire ligne à écrire par en-têtes */
$rowToAppend = [];
$setIfExists = function(string $header, string $value) use (&$rowToAppend, $headers) {
if (in_array($header, $headers, true)) {
$rowToAppend[$header] = sheets_safe($value);
}
};
// minimum demandé
$setIfExists('ID', $newId);
$setIfExists('Timestamp', $nowIso);
$setIfExists('Pays', $pays);
$setIfExists('Nom_fr', (string)($activity['name'] ?? ''));
$setIfExists('Url_booking', $urlBooking);
$setIfExists('Date choisi abonnement', $nowIso);
$setIfExists('id_produit', $productId);
// optionnels si présents
$setIfExists('Url_paiement_stripe', $stripeUrl);
// support 2 orthographes possibles pour l’adresse (vu les variations possibles)
$addr = (string)($activity['full_address'] ?? '');
$setIfExists('full_adress', $addr);
$setIfExists('full_address', $addr);
/** Normaliser la row dans l’ordre des colonnes du sheet */
$ordered = [];
foreach ($headers as $h) {
$ordered[] = $rowToAppend[$h] ?? '';
}
/** Append */
$range = $db['avant_sheet'];
$body = new Google_Service_Sheets_ValueRange([
'values' => [ $ordered ]
]);
try {
$service->spreadsheets_values->append(
$db['spreadsheet_id'],
$range,
$body,
['valueInputOption' => 'RAW', 'insertDataOption' => 'INSERT_ROWS']
);
} catch (Exception $e) {
json_error(500, "Erreur écriture Sheets: " . $e->getMessage());
}
json_out(['ok'=>true, 'id'=>$newId, 'stripeUrl'=>$stripeUrl]);