<?php

 
// ------------------------------------------------------------
// Netcash payment gateway
// ------------------------------------------------------------
// Two service keys are issued per Netcash account: one for the
// LIVE NetConnector profile and one for the TEST profile (Test
// Mode is set in the Netcash dashboard, not via code). To switch
// between sandbox and production, swap which service key you
// configure here.
//
// The Software Vendor Key identifies your integration to Netcash
// (every Netcash partner has one). The Pay Now Service Key
// identifies the merchant account that receives funds.
//
// Get keys from: Netcash dashboard → Account profile →
// NetConnector → Pay Now
define('NETCASH_SANDBOX',     true);
define('NETCASH_SERVICE_KEY', '117cee69-4410-49af-84c1-061877d45293');   // M1 — Pay Now service key (GUID)
define('NETCASH_VENDOR_KEY',  '24ade73c-98cf-47b3-99be-cc7b867b3080');   // M2 — Software Vendor key (GUID)
// ============================================================
//  Buy Local Lowveld — Mailchimp config (Phase 1)
// ============================================================
//
//  This is a FRESH integration, independent of the /test/ demo.
//  Keep the credentials out of version control.
//
//  See docs/SYSTEM-MAP.md for how this plugs into the site.
//
// ============================================================

// Mailchimp API key. Format: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx-us21
define('MC_API_KEY', 'PASTE-YOUR-API-KEY-HERE');

// Server prefix — auto-derived from the key suffix when left empty.
define('MC_SERVER_PREFIX', '');

// The Buy Local Lowveld members audience ID.
// Find it at:  Audience -> Settings -> Audience name and defaults
define('MC_AUDIENCE_ID', '');

// ------------------------------------------------------------
// Tag taxonomy
// ------------------------------------------------------------
//
// Lifecycle: where a person is in their relationship with Buy Local.
// Exactly one applies at a time.
define('MC_LIFECYCLE_TAGS', [
    'New Member',
    'Payment Received',
    'Renewal Reminder',
    'Payment Overdue',
    'Cancelled Member',
    'Lead',            // contact form submissions, not yet a paying member
]);

// Tier: membership package. Mutually exclusive.
define('MC_TIER_TAGS', [
    'Bronze',
    'Silver',
    'Gold',
    'Platinum',
    'Diamond',
]);

// Source tag — where the subscriber came from.
define('MC_SOURCE_TAGS', [
    'Newsletter Signup',
    'Contact Form',
    'Become a Member',
]);

// ------------------------------------------------------------
// Customer Journey IDs (populate once built in Mailchimp UI)
// ------------------------------------------------------------
// Phase 1 site triggers these journeys when the key events happen.
// Leave as 0 if the journey hasn't been built yet — the code will
// silently skip the trigger.
define('MC_JOURNEY_NEW_MEMBER', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

define('MC_JOURNEY_NEWSLETTER', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

define('MC_JOURNEY_CONTACT_LEAD', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

define('MC_JOURNEY_PROFILE_UPDATE', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

// Phase 2b journeys — triggered from payment and cron events
define('MC_JOURNEY_PAYMENT_RECEIVED', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

define('MC_JOURNEY_RENEWAL_REMINDER', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

define('MC_JOURNEY_PAYMENT_OVERDUE', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

define('MC_JOURNEY_CANCELLATION', [
    'journey_id' => 0,
    'step_id'    => 0,
]);

// ============================================================
//  Phase 2a additions
// ============================================================

// ------------------------------------------------------------
// Database (MySQL / MariaDB)
// ------------------------------------------------------------
define('DB_HOST', 'ewg.dedicated.co.za');
define('DB_NAME', 'elegaysv_buylocal');
define('DB_USER', 'elegaysv_Code2');
define('DB_PASS', 'EWG2Cod!@#');

// ------------------------------------------------------------
// Authentication
// ------------------------------------------------------------
define('AUTH_SESSION_NAME',   'BLSESS');
define('AUTH_SESSION_LIFE',   60 * 60 * 8);     // 8 hours
define('AUTH_RESET_LIFE',     60 * 60 * 2);     // 2 hours — reset-link validity

// Bcrypt cost. 12 is a reasonable default in 2026; bump if hardware allows.
define('AUTH_BCRYPT_COST', 12);

// ------------------------------------------------------------
// Site-wide constants
// ------------------------------------------------------------
define('SITE_NAME',       'Buy Local Lowveld');
define('SITE_TAGLINE',    'Think. Look. Buy Local.');
define('SITE_EMAIL',      'info@buylocallowveld.co.za');
define('SITE_URL',        'https://dev.systems.elegantwork.co.za/buylocal');

// ============================================================
//  Phase 2b additions
// ============================================================

// ------------------------------------------------------------
// PayFast (sandbox by default)
// ------------------------------------------------------------
//
// To go live:
//   1. Register at payfast.co.za
//   2. Replace the three values below with your live merchant_id + key + passphrase
//   3. Set PF_SANDBOX to false
//
// For development we use PayFast's public sandbox credentials.
// See https://developers.payfast.co.za for the latest values.
//
define('PF_SANDBOX',      true);
define('PF_MERCHANT_ID',  '10030180');
define('PF_MERCHANT_KEY', 'n7oqwpf2pxjx7');
define('PF_PASSPHRASE',   'EWG2Pay12345');           // sandbox default

// ------------------------------------------------------------
// Cron authentication
// ------------------------------------------------------------
// Cron scripts (cron/*.php) require this secret via ?secret=XXX
// when invoked over HTTP. Skip when running from CLI.
// Generate a fresh long random value for production.
define('CRON_SECRET', 'EWG-BUYLOCAL');

// ------------------------------------------------------------
// Metrics salt — used to hash IP addresses for privacy-safe
// visitor tracking. Change from the default to anything long
// and random. Keeping the same value preserves visitor history.
// ------------------------------------------------------------
define('METRICS_SALT', 'CHANGE-ME-long-random-metrics-salt');

// ------------------------------------------------------------
// Rate limits
// ------------------------------------------------------------
// Max POST attempts per IP per 15 minutes for each sensitive endpoint.
define('RL_LOGIN',    10);
define('RL_SIGNUP',    5);
define('RL_FORGOT',    5);
define('RL_WINDOW_MINUTES', 15);

// ============================================================
//  Phase 2d additions — Zoho Books integration
// ============================================================
// Self Client OAuth2 credentials. Refresh token is permanent.
// To regenerate (if compromised): revoke the Self Client at
// api-console.zoho.com and run zoho-exchange.php with a new
// auth code.
// ------------------------------------------------------------
define('ZOHO_DC',            'com');  // com / eu / in / com.au / jp / com.cn
define('ZOHO_CLIENT_ID',     '1000.VRW9MXM7U3K04HVLN8SORZQC2JFVUL');
define('ZOHO_CLIENT_SECRET', 'e825aa5789fca73e8b65f476ff5f5bff36751ce876');
define('ZOHO_REFRESH_TOKEN', '1000.b1acf23c5def224f5296f46c9618733d.e7386bcc9fa457f29bdd71fbbb03e389');
define('ZOHO_ORG_ID',        '922181785');