html/api/whatsapp-api.php

<?php
// WEVAL WhatsApp Business API — v1.0
// Uses Meta Graph API v22.0
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(200); exit; }

// Load credentials
$secrets = [];
foreach(file('/etc/weval/secrets.env') as $line) {
    $line = trim($line);
    if (!$line || $line[0] === '#') continue;
    $pos = strpos($line, '=');
    if ($pos !== false) $secrets[substr($line,0,$pos)] = substr($line,$pos+1);
}
$token = $secrets['WHATSAPP_TOKEN'] ?? '';
$phone_id = $secrets['WHATSAPP_PHONE_ID'] ?? '108180295167719';
$business_id = $secrets['WHATSAPP_BUSINESS_ID'] ?? '208358856887298';
$api_version = 'v22.0';
$base_url = "https://graph.facebook.com/{$api_version}/{$phone_id}";

if (!$token) { echo json_encode(['ok'=>false,'error'=>'Token missing']); exit; }

$action = $_GET['action'] ?? $_POST['action'] ?? 'status';

switch ($action) {
    case 'status':
        // Check WhatsApp Business API status
        $ch = curl_init("{$base_url}?access_token={$token}");
        curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER=>true, CURLOPT_TIMEOUT=>10]);
        $r = curl_exec($ch);
        $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        curl_close($ch);
        echo json_encode(['ok'=>$code==200, 'status'=>$code, 'phone_id'=>$phone_id, 'business_id'=>$business_id, 'data'=>json_decode($r,true)]);
        break;

    case 'send':
        // Send WhatsApp message
        $to = $_POST['to'] ?? '';
        $message = $_POST['message'] ?? '';
        $template = $_POST['template'] ?? '';
        
        if (!$to) { echo json_encode(['ok'=>false,'error'=>'to required']); exit; }
        
        if ($template) {
            // Send template message
            $payload = [
                'messaging_product' => 'whatsapp',
                'to' => $to,
                'type' => 'template',
                'template' => [
                    'name' => $template,
                    'language' => ['code' => $_POST['lang'] ?? 'fr']
                ]
            ];
        } else {
            // Send text message
            if (!$message) { echo json_encode(['ok'=>false,'error'=>'message required']); exit; }
            $payload = [
                'messaging_product' => 'whatsapp',
                'to' => $to,
                'type' => 'text',
                'text' => ['body' => $message]
            ];
        }
        
        $ch = curl_init("{$base_url}/messages");
        curl_setopt_array($ch, [
            CURLOPT_RETURNTRANSFER => true,
            CURLOPT_POST => true,
            CURLOPT_POSTFIELDS => json_encode($payload),
            CURLOPT_HTTPHEADER => [
                "Authorization: Bearer {$token}",
                "Content-Type: application/json"
            ],
            CURLOPT_TIMEOUT => 15
        ]);
        $r = curl_exec($ch);
        $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        curl_close($ch);
        
        // Log
        $log = date('Y-m-d H:i:s') . " SEND to={$to} template={$template} code={$code}
";
        file_put_contents('/var/log/whatsapp-api.log', $log, FILE_APPEND);
        
        echo json_encode(['ok'=>$code>=200&&$code<300, 'code'=>$code, 'response'=>json_decode($r,true)]);
        break;

    case 'send_bulk':
        // Bulk send to multiple numbers
        $numbers = json_decode($_POST['numbers'] ?? '[]', true);
        $template = $_POST['template'] ?? 'hello_world';
        $lang = $_POST['lang'] ?? 'en_US';
        $results = [];
        $ok = 0; $fail = 0;
        
        foreach ($numbers as $num) {
            $payload = json_encode([
                'messaging_product' => 'whatsapp',
                'to' => $num,
                'type' => 'template',
                'template' => ['name' => $template, 'language' => ['code' => $lang]]
            ]);
            $ch = curl_init("{$base_url}/messages");
            curl_setopt_array($ch, [
                CURLOPT_RETURNTRANSFER => true, CURLOPT_POST => true,
                CURLOPT_POSTFIELDS => $payload,
                CURLOPT_HTTPHEADER => ["Authorization: Bearer {$token}", "Content-Type: application/json"],
                CURLOPT_TIMEOUT => 10
            ]);
            $r = curl_exec($ch);
            $code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
            curl_close($ch);
            if ($code >= 200 && $code < 300) $ok++; else $fail++;
            $results[] = ['to'=>$num, 'code'=>$code];
            usleep(100000); // 100ms delay between sends
        }
        
        echo json_encode(['ok'=>true, 'sent'=>$ok, 'failed'=>$fail, 'total'=>count($numbers), 'results'=>$results]);
        break;

    case 'templates':
        // List message templates
        $ch = curl_init("https://graph.facebook.com/{$api_version}/{$business_id}/message_templates?access_token={$token}");
        curl_setopt_array($ch, [CURLOPT_RETURNTRANSFER=>true, CURLOPT_TIMEOUT=>10]);
        $r = curl_exec($ch);
        curl_close($ch);
        echo $r;
        break;

    default:
        echo json_encode(['ok'=>true, 'service'=>'whatsapp-api', 'version'=>'1.0',
            'phone_id'=>$phone_id, 'actions'=>['status','send','send_bulk','templates']]);
}