query("SELECT c.*, w.inbox_rate FROM admin.brain_configs c JOIN admin.brain_winners w ON w.config_id = c.id WHERE w.is_active = true ORDER BY w.inbox_rate DESC LIMIT 1")->fetch(PDO::FETCH_ASSOC); if (!$winner) die("❌ No winner config\n"); // 2. Get offer WITH real sponsor link if ($requestedOffer) { $offer = $pdo->query("SELECT o.id, o.name, l.value as sponsor_url FROM affiliate.offers o LEFT JOIN affiliate.links l ON l.offer_id=o.id AND l.type='preview' AND l.value LIKE 'http%' WHERE o.id = $requestedOffer LIMIT 1")->fetch(PDO::FETCH_ASSOC); } else { $offer = $pdo->query("SELECT o.id, o.name, l.value as sponsor_url FROM affiliate.offers o JOIN affiliate.links l ON l.offer_id=o.id AND l.type='preview' AND l.value LIKE 'http%' WHERE o.status = 'Activated' ORDER BY RANDOM() LIMIT 1")->fetch(PDO::FETCH_ASSOC); } if (!$offer) die("❌ No offer with sponsor link\n"); // 3. Get from_name and subject (NEVER raw offer name) $fn = $pdo->query("SELECT value FROM affiliate.from_names WHERE offer_id = {$offer['id']} ORDER BY RANDOM() LIMIT 1")->fetch(PDO::FETCH_ASSOC); $sj = $pdo->query("SELECT value FROM affiliate.subjects WHERE offer_id = {$offer['id']} ORDER BY RANDOM() LIMIT 1")->fetch(PDO::FETCH_ASSOC); $fromName = $fn['value'] ?? 'Customer Support'; $subject = $sj['value'] ?? 'Important notification'; // 4. Build tracking URLs $domain = $winner['domain_used'] ?: 'wevup.app'; $fromEmail = "hello@$domain"; $trackBase = "https://wevup.app"; $clickUrl = "$trackBase/click.php?url=" . base64_encode($offer['sponsor_url']) . "&oid={$offer['id']}&e=" . urlencode($toEmail); $openPixel = "$trackBase/tracking.php?act=op&oid={$offer['id']}&e=" . urlencode($toEmail); $unsubUrl = "$trackBase/click.php?url=" . base64_encode("https://wevup.app/unsub.php") . "&act=unsub&e=" . urlencode($toEmail); // 5. Build proper HTML creative (NEVER expose raw offer name) $body = <<

$fromName

Dear Customer,

$subject

We have prepared something special for you. Take a moment to review the details below.

View Details →

If you did not request this, you can safely ignore this message.

You received this because you subscribed to our updates.
Unsubscribe | Manage preferences

HTML; echo "🚀 BRAIN SEND v2\n"; echo " Offer: #{$offer['id']}\n"; echo " From: $fromName <$fromEmail>\n"; echo " Subject: $subject\n"; echo " To: $toEmail\n"; echo " Sponsor: " . substr($offer['sponsor_url'], 0, 60) . "\n"; echo " Click: " . substr($clickUrl, 0, 60) . "...\n"; echo " Open pixel: ✅\n\n"; // 6. Send via BCG relay $jsonFile = tempnam("/tmp", "brain_v2_"); $emailData = json_encode(["to" => $toEmail, "from_email" => $fromEmail, "from_name" => $fromName, "subject" => $subject, "body" => $body, "domain" => $domain]); file_put_contents($jsonFile, $emailData); $response = trim(shell_exec("python3 /opt/wevads/scripts/bcg_relay.py " . escapeshellarg($jsonFile) . " 2>&1")); @unlink($jsonFile); $pdo->exec("UPDATE admin.brain_winners SET times_used = times_used + 1, last_used_at = NOW() WHERE config_id = {$winner['id']}"); echo strpos($response, 'OK') !== false ? "✅ SENT!\n" : "❌ FAIL: $response\n";