One Hat Cyber Team

Your IP : 216.73.216.36

Server IP : 162.240.179.46

Server : Linux vps-14493116.nutrivittasaude.com.br 5.14.0-611.49.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Apr 21 16:39:08 EDT 2026 x86_64

Server Software : Apache

PHP Version : 8.2.31

Buat File | Buat Folder

Dir : ~/home/lifeprimeti/meta.lifeprimeti.com.br/webhook/

View File Name : whatsapp.php

<?php
require_once __DIR__ . '/../config/database.php';

$empresaId = (int)($_GET['empresa_id'] ?? 0);
if (!$empresaId) {
    $empresaId = (int)($_POST['empresa_id'] ?? 0);
}

$config = $pdo->prepare("SELECT waba_webhook_token FROM configuracoes WHERE empresa_id = ?");
$config->execute([$empresaId]);
$cfg = $config->fetch();

$verifyToken = $cfg['waba_webhook_token'] ?? '';

if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $mode = $_GET['hub_mode'] ?? '';
    $token = $_GET['hub_verify_token'] ?? '';
    $challenge = $_GET['hub_challenge'] ?? 0;

    if ($mode === 'subscribe' && $token === $verifyToken) {
        header('Content-Type: text/plain');
        echo $challenge;
        exit;
    }

    http_response_code(403);
    echo 'Verificacao falhou';
    exit;
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $input = json_decode(file_get_contents('php://input'), true);

    $entry = $input['entry'][0] ?? [];
    $changes = $entry['changes'][0] ?? [];
    $value = $changes['value'] ?? [];
    $messages = $value['messages'] ?? [];
    $metadata = $value['metadata'] ?? [];

    $phoneNumberId = $metadata['phone_number_id'] ?? '';

    $empresaStmt = $pdo->prepare("SELECT empresa_id FROM configuracoes WHERE waba_phone_id = ? LIMIT 1");
    $empresaStmt->execute([$phoneNumberId]);
    $empresaData = $empresaStmt->fetch();
    $empresaId = $empresaData['empresa_id'] ?? 0;

    foreach ($messages as $msg) {
        $from = $msg['from'] ?? '';
        $msgType = $msg['type'] ?? '';
        $msgId = $msg['id'] ?? '';
        $text = $msg['text']['body'] ?? '';
        $timestamp = $msg['timestamp'] ?? time();

        $usuarioStmt = $pdo->prepare("SELECT id FROM usuarios WHERE REPLACE(REPLACE(telefone,' ',''),'-','') LIKE ? AND empresa_id = ? LIMIT 1");
        $usuarioStmt->execute(['%' . substr($from, -8) . '%', $empresaId]);
        $usuario = $usuarioStmt->fetch();

        error_log("WhatsApp webhook: from=$from text=$text empresa_id=$empresaId");
    }

    http_response_code(200);
    echo 'OK';
    exit;
}

http_response_code(405);
echo 'Metodo nao permitido';