<?php
// ============================================================
//  Buy Local Lowveld — Mailchimp config (Phase 1)
// ============================================================
//
//  This is a FRESH integration, independent of the /test/ demo.
//  Keep the credentials out of version control.
//
//  See docs/SYSTEM-MAP.md for how this plugs into the site.
//
// ============================================================

// ─── Local overrides ────────────────────────────────────────
// If a sibling file `config.local.php` exists, load it FIRST so
// machine-specific values (database creds, SITE_URL, etc.) can
// be set per-environment without editing this file. Anything
// defined() in the local file wins because every define below
// is wrapped with `if (!defined(…))`.
//
// Put `config.local.php` outside the docroot or add it to your
// .gitignore. It's optional — skip the file and defaults apply.
$_local_cfg = __DIR__ . '/config.local.php';
if (is_file($_local_cfg)) require_once $_local_cfg;
unset($_local_cfg);

// Mailchimp API key. Format: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-us21
if (!defined('MC_API_KEY'))         define('MC_API_KEY', 'PASTE-YOUR-API-KEY-HERE');

// Server prefix — auto-derived from the key suffix when left empty.
if (!defined('MC_SERVER_PREFIX'))   define('MC_SERVER_PREFIX', '');

// The Buy Local Lowveld members audience ID.
// Find it at:  Audience -> Settings -> Audience name and defaults
if (!defined('MC_AUDIENCE_ID'))     define('MC_AUDIENCE_ID', '');

// ------------------------------------------------------------
// Tag taxonomy
// ------------------------------------------------------------
//
// Lifecycle: where a person is in their relationship with Buy Local.
// Exactly one applies at a time.
if (!defined('MC_LIFECYCLE_TAGS')) define('MC_LIFECYCLE_TAGS', [
    'New Member',
    'Payment Received',
    'Renewal Reminder',
    'Payment Overdue',
    'Cancelled Member',
    'Lead',            // contact form submissions, not yet a paying member
]);

// Tier: membership package. Mutually exclusive.
if (!defined('MC_TIER_TAGS')) define('MC_TIER_TAGS', [
    'Bronze',
    'Silver',
    'Gold',
    'Platinum',
    'Diamond',
]);

// Source tag — where the subscriber came from.
if (!defined('MC_SOURCE_TAGS')) define('MC_SOURCE_TAGS', [
    'Newsletter Signup',
    'Contact Form',
    'Become a Member',
]);

// ------------------------------------------------------------
// Customer Journey IDs (populate once built in Mailchimp UI)
// ------------------------------------------------------------
// Phase 1 site triggers these journeys when the key events happen.
// Leave as 0 if the journey hasn't been built yet — the code will
// silently skip the trigger.
if (!defined('MC_JOURNEY_NEW_MEMBER')) define('MC_JOURNEY_NEW_MEMBER', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

if (!defined('MC_JOURNEY_NEWSLETTER')) define('MC_JOURNEY_NEWSLETTER', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

if (!defined('MC_JOURNEY_CONTACT_LEAD')) define('MC_JOURNEY_CONTACT_LEAD', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

if (!defined('MC_JOURNEY_PROFILE_UPDATE')) define('MC_JOURNEY_PROFILE_UPDATE', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

// Phase 2b journeys — triggered from payment and cron events
if (!defined('MC_JOURNEY_PAYMENT_RECEIVED')) define('MC_JOURNEY_PAYMENT_RECEIVED', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

if (!defined('MC_JOURNEY_RENEWAL_REMINDER')) define('MC_JOURNEY_RENEWAL_REMINDER', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

if (!defined('MC_JOURNEY_PAYMENT_OVERDUE')) define('MC_JOURNEY_PAYMENT_OVERDUE', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

if (!defined('MC_JOURNEY_CANCELLATION')) define('MC_JOURNEY_CANCELLATION', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

// ============================================================
//  Phase 2a additions
// ============================================================

// ------------------------------------------------------------
// Database (MySQL / MariaDB)
// ------------------------------------------------------------
if (!defined('DB_HOST'))            define('DB_HOST', 'ewg.dedicated.co.za');
if (!defined('DB_NAME'))            define('DB_NAME', 'elegaysv_buylocal');
if (!defined('DB_USER'))            define('DB_USER', 'elegaysv_Code2');
if (!defined('DB_PASS'))            define('DB_PASS', 'EWG2Cod!@#');

// ------------------------------------------------------------
// Authentication
// ------------------------------------------------------------
if (!defined('AUTH_SESSION_NAME'))  define('AUTH_SESSION_NAME',   'BLSESS');
if (!defined('AUTH_SESSION_LIFE'))  define('AUTH_SESSION_LIFE',   60 * 60 * 8);     // 8 hours
if (!defined('AUTH_RESET_LIFE'))    define('AUTH_RESET_LIFE',     60 * 60 * 2);     // 2 hours — reset-link validity

// Bcrypt cost. 12 is a reasonable default in 2026; bump if hardware allows.
if (!defined('AUTH_BCRYPT_COST'))   define('AUTH_BCRYPT_COST', 12);

// ------------------------------------------------------------
// Site-wide constants
// ------------------------------------------------------------
if (!defined('SITE_NAME'))          define('SITE_NAME',    'Buy Local Lowveld');
if (!defined('SITE_TAGLINE'))       define('SITE_TAGLINE', 'Think. Look. Buy Local.');
if (!defined('SITE_EMAIL'))         define('SITE_EMAIL',   'info@buylocallowveld.co.za');

// ------------------------------------------------------------
// SITE_URL — the absolute web root, no trailing slash.
// ------------------------------------------------------------
// This is the ONLY place to set it. Used in emails, payment
// gateway callback URLs, and anywhere a full URL is needed for
// a link that will be read or processed off-site. Code that
// runs in the browser uses relative paths (../ etc.) instead.
//
// To deploy to a different environment, change this one line.
// (Or override via includes/config.local.php — see top of file.)
if (!defined('SITE_URL'))           define('SITE_URL', 'https://buylocallowveld.elegantwork.co.za');

// ============================================================
//  Phase 2b additions
// ============================================================

// ------------------------------------------------------------
// PayFast (sandbox by default)
// ------------------------------------------------------------
//
// To go live:
//   1. Register at payfast.co.za
//   2. Replace the three values below with your live merchant_id + key + passphrase
//   3. Set PF_SANDBOX to false
//
// For development we use PayFast's public sandbox credentials.
// See https://developers.payfast.co.za for the latest values.
//
if (!defined('PF_SANDBOX'))         define('PF_SANDBOX',      true);
if (!defined('PF_MERCHANT_ID'))     define('PF_MERCHANT_ID',  '10030180');
if (!defined('PF_MERCHANT_KEY'))    define('PF_MERCHANT_KEY', 'n7oqwpf2pxjx7');
if (!defined('PF_PASSPHRASE'))      define('PF_PASSPHRASE',   'EWG2Pay12345');

// ------------------------------------------------------------
// Netcash payment gateway
// ------------------------------------------------------------
// Two keys are required to POST to Netcash Pay Now:
//
//   1. NETCASH_SERVICE_KEY (M1)
//      Your merchant Pay Now Service Key. Get from:
//      Netcash dashboard → Account profile → NetConnector → Pay Now
//
//   2. NETCASH_VENDOR_KEY (M2)
//      The Software Vendor Key. The default below is Netcash's
//      published generic SVK for non-ISV merchants — leave it as-is
//      unless Netcash specifically issues you a personal ISV key.
//
// Test mode is set in the Netcash dashboard's NetConnector
// profile, not via code. To use sandbox, configure a TEST profile
// in Netcash and use that profile's service key here.
if (!defined('NETCASH_SANDBOX'))     define('NETCASH_SANDBOX',     true);
if (!defined('NETCASH_SERVICE_KEY')) define('NETCASH_SERVICE_KEY', '117cee69-4410-49af-84c1-061877d45293');   // M1
if (!defined('NETCASH_VENDOR_KEY'))  define('NETCASH_VENDOR_KEY',  '24ade73c-98cf-47b3-99be-cc7b867b3080');   // M2 — generic SVK

// ------------------------------------------------------------
// Cron authentication
// ------------------------------------------------------------
// Cron scripts (cron/*.php) require this secret via ?secret=XXX
// when invoked over HTTP. Skip when running from CLI.
if (!defined('CRON_SECRET'))        define('CRON_SECRET', 'EWG-BUYLOCAL');

// ------------------------------------------------------------
// Metrics salt — used to hash IP addresses for privacy-safe
// visitor tracking. Change from the default to anything long
// and random. Keeping the same value preserves visitor history.
// ------------------------------------------------------------
if (!defined('METRICS_SALT'))       define('METRICS_SALT', 'CHANGE-ME-long-random-metrics-salt');

// ------------------------------------------------------------
// Rate limits
// ------------------------------------------------------------
// Max POST attempts per IP per 15 minutes for each sensitive endpoint.
if (!defined('RL_LOGIN'))           define('RL_LOGIN',    10);
if (!defined('RL_SIGNUP'))          define('RL_SIGNUP',    5);
if (!defined('RL_FORGOT'))          define('RL_FORGOT',    5);
if (!defined('RL_WINDOW_MINUTES'))  define('RL_WINDOW_MINUTES', 15);

// ============================================================
//  Phase 2d additions — Zoho Books integration
// ============================================================
// Self Client OAuth2 credentials. Refresh token is permanent.
// To regenerate (if compromised): revoke the Self Client at
// api-console.zoho.com and run zoho-exchange.php with a new
// auth code.
// ------------------------------------------------------------
if (!defined('ZOHO_DC'))            define('ZOHO_DC',            'com');  // com / eu / in / com.au / jp / com.cn
if (!defined('ZOHO_CLIENT_ID'))     define('ZOHO_CLIENT_ID',     '1000.VRW9MXM7U3K04HVLN8SORZQC2JFVUL');
if (!defined('ZOHO_CLIENT_SECRET')) define('ZOHO_CLIENT_SECRET', 'e825aa5789fca73e8b65f476ff5f5bff36751ce876');
if (!defined('ZOHO_REFRESH_TOKEN')) define('ZOHO_REFRESH_TOKEN', '1000.b1acf23c5def224f5296f46c9618733d.e7386bcc9fa457f29bdd71fbbb03e389');
if (!defined('ZOHO_ORG_ID'))        define('ZOHO_ORG_ID',        '922181785');


// ------------------------------------------------------------
// Email handler — credentials encryption key
// ------------------------------------------------------------
// 32-byte key in hex. Used to encrypt IMAP/SMTP passwords at
// rest. Don't change this — changing it invalidates all stored
// passwords and everyone has to re-enter them.
if (!defined('EMAIL_ENCRYPTION_KEY')) define('EMAIL_ENCRYPTION_KEY', 'c77a321b177820dd1d8ce302de0007c0e2378adfe35c12649a53e3de6f557a13');