html/api/ethica-consent-api.php

<?php
/**
 * ETHICA Consent API — Real implementation
 * Actions: get_medecin, record_consent, search, stats
 */
require_once __DIR__ . '/_secrets.php';
header("Content-Type: application/json");
header("Access-Control-Allow-Origin: *");

$pg = @pg_connect("host=10.1.0.3 dbname=adx_system user=admin password=" . weval_secret('WEVAL_PG_ADMIN_PASS'));
if (!$pg) { echo json_encode(["ok"=>false,"error"=>"DB"]); exit; }

$action = $_REQUEST['action'] ?? '';

switch ($action) {
    case 'get_medecin':
        $id = intval($_REQUEST['id'] ?? 0);
        $token = pg_escape_string($pg, $_REQUEST['token'] ?? '');
        
        if ($id > 0) {
            $r = pg_query($pg, "SELECT id, nom, prenom, specialite, ville, pays, email, telephone FROM ethica.medecins_real WHERE id=$id LIMIT 1");
        } elseif ($token) {
            $r = pg_query($pg, "SELECT m.id, m.nom, m.prenom, m.specialite, m.ville, m.pays, m.email, m.telephone FROM ethica.consent_tokens ct JOIN ethica.medecins_validated m ON m.id=ct.medecin_id WHERE ct.token='$token' LIMIT 1");
        } else {
            echo json_encode(["ok"=>false,"error"=>"id or token required"]); exit;
        }
        
        if ($r && pg_num_rows($r) > 0) {
            $m = pg_fetch_assoc($r);
            echo json_encode(["ok"=>true,"medecin"=>$m]);
        } else {
            echo json_encode(["ok"=>false,"error"=>"not_found"]);
        }
        break;

    case 'record_consent':
        $mid = intval($_POST['medecin_id'] ?? 0);
        $type = pg_escape_string($pg, $_POST['consent_type'] ?? 'optin');
        $freq = pg_escape_string($pg, $_POST['frequency'] ?? 'monthly');
        $source = pg_escape_string($pg, $_POST['source'] ?? 'email_landing');
        $ip = $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0';
        $ua = pg_escape_string($pg, substr($_SERVER['HTTP_USER_AGENT'] ?? '', 0, 200));
        $token = pg_escape_string($pg, $_POST['token'] ?? '');
        
        if ($mid <= 0) { echo json_encode(["ok"=>false,"error"=>"medecin_id required"]); exit; }
        
        // Insert into consent_log
        $q = "INSERT INTO ethica.consent_log (medecin_id, email, action, method, ip_address, user_agent, token, created_at) 
              SELECT $mid, email, '$type', '$source', '$ip'::inet, '$ua', '$token', NOW() 
              FROM ethica.medecins_real WHERE id=$mid";
        $r = @pg_query($pg, $q);
        
        // Update medecins_validated consent_status if optin
        if ($type === 'optin') {
            @pg_query($pg, "UPDATE ethica.medecins_validated SET consent_status=true, consent_date=NOW(), consent_method='$source', consent_ip='$ip'::inet WHERE id=$mid");
        }
        
        echo json_encode(["ok"=>($r !== false),"action"=>$type,"medecin_id"=>$mid]);
        break;

    case 'search':
        $q = pg_escape_string($pg, $_REQUEST['q'] ?? '');
        if (strlen($q) < 3) { echo json_encode(["ok"=>false,"error"=>"query too short"]); exit; }
        $r = pg_query($pg, "SELECT id, nom, prenom, specialite, ville, pays FROM ethica.medecins_real WHERE email ILIKE '%$q%' OR telephone LIKE '%$q%' LIMIT 5");
        $results = [];
        while ($row = pg_fetch_assoc($r)) $results[] = $row;
        echo json_encode(["ok"=>true,"results"=>$results]);
        break;

    case 'stats':
        $log = (int)@pg_fetch_result(@pg_query($pg, "SELECT count(*) FROM ethica.consent_log"), 0, 0);
        $optin = (int)@pg_fetch_result(@pg_query($pg, "SELECT count(*) FROM ethica.consent_log WHERE action='optin'"), 0, 0);
        $optout = (int)@pg_fetch_result(@pg_query($pg, "SELECT count(*) FROM ethica.consent_log WHERE action='optout'"), 0, 0);
        echo json_encode(["ok"=>true,"total_log"=>$log,"total"=>$optin,"optin"=>$optin,"optout"=>$optout]);
        break;

    default:
        echo json_encode(["ok"=>true,"api"=>"ethica-consent","actions"=>["get_medecin","record_consent","search","stats"]]);
}

@pg_close($pg);