html/api/whatsapp-webhook.php

<?php

// === WEVAL SECRETS LOADER ===
$_WEVAL_SECRETS = [];
if (file_exists('/etc/weval/secrets.env')) {
    foreach (file('/etc/weval/secrets.env', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES) as $line) {
        if (strpos($line, '#') === 0) continue;
        if (strpos($line, '=') !== false) {
            list($k, $v) = explode('=', $line, 2);
            $_WEVAL_SECRETS[trim($k)] = trim($v);
        }
    }
}
function weval_secret($key, $default='') {
    global $_WEVAL_SECRETS;
    return $_WEVAL_SECRETS[$key] ?? getenv($key) ?: $default;
}

// WhatsApp Webhook - receives messages and status updates
$verify_token = 'WEVADS_WA_VERIFY_2026';

// GET = webhook verification
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $mode = $_GET['hub_mode'] ?? '';
    $token = $_GET['hub_verify_token'] ?? '';
    $challenge = $_GET['hub_challenge'] ?? '';
    if ($mode === 'subscribe' && $token === $verify_token) {
        http_response_code(200);
        echo $challenge;
    } else {
        http_response_code(403);
        echo 'Forbidden';
    }
    exit;
}

// POST = incoming message/status
$input = file_get_contents('php://input');
$data = json_decode($input, true);

// Log all webhooks
$log_dir = '/var/log/whatsapp/';
if (!is_dir($log_dir)) mkdir($log_dir, 0755, true);
file_put_contents($log_dir . date('Y-m-d') . '.log', 
    date('H:i:s') . ' ' . $input . "\n", FILE_APPEND);

// Process messages
if (isset($data['entry'][0]['changes'][0]['value']['messages'])) {
    $msgs = $data['entry'][0]['changes'][0]['value']['messages'];
    foreach ($msgs as $msg) {
        $from = $msg['from'] ?? '';
        $type = $msg['type'] ?? '';
        $text = $msg['text']['body'] ?? $msg['button']['text'] ?? '';
        $ts = $msg['timestamp'] ?? time();
        
        // Store in DB
        try {
            $db = new PDO('pgsql:host=127.0.0.1;dbname=adx_system', 'admin', weval_secret('DB_PASS','admin123'));
            $db->exec("CREATE TABLE IF NOT EXISTS admin.whatsapp_messages (
                id SERIAL PRIMARY KEY, direction VARCHAR(4), phone VARCHAR(20),
                message TEXT, msg_type VARCHAR(20), wa_id VARCHAR(50),
                status VARCHAR(20) DEFAULT 'received', created_at TIMESTAMP DEFAULT NOW()
            )");
            $stmt = $db->prepare("INSERT INTO admin.whatsapp_messages (direction,phone,message,msg_type,wa_id) VALUES('in',?,?,?,?)");
            $stmt->execute([$from, $text, $type, $msg['id'] ?? '']);
        } catch (Exception $e) {}
        
        // Auto-reply (optional)
        // Uncomment to enable: autoReply($from, $text);
    }
}

// Process status updates
if (isset($data['entry'][0]['changes'][0]['value']['statuses'])) {
    $statuses = $data['entry'][0]['changes'][0]['value']['statuses'];
    foreach ($statuses as $st) {
        try {
            $db = new PDO('pgsql:host=127.0.0.1;dbname=adx_system', 'admin', weval_secret('DB_PASS','admin123'));
            $db->prepare("UPDATE admin.whatsapp_messages SET status=? WHERE wa_id=?")->execute([$st['status'], $st['id']]);
        } catch (Exception $e) {}
    }
}

http_response_code(200);
echo json_encode(['ok' => true]);