member-section.php

<?php
declare(strict_types = 1);

require_once '../../../../../wp-load.php';
$mwOptions = \get_option('member_theme_options');

if (!isset($mwOptions['fapi_login'], $mwOptions['fapi_pass'])) {
	echo 'FAPI credentials are not set.';
	die(400);
}

$fapiUsername = $mwOptions['fapi_login'];
$fapiApiToken = $mwOptions['fapi_pass'];

$id = $_POST['id'] ?? null;
$time = $_POST['time'] ?? null;
$security = $_POST['security'] ?? null;

if (!\is_numeric($id) || !\is_numeric($time) || !\is_string($security)) {
	echo 'Invalid data.';
	die(400);
}

$fapiClient = new \Fapi\FapiClient\FapiClient($fapiUsername, $fapiApiToken, 'https://api.fapi.cz', new \Fapi\HttpClient\GuzzleHttpClient());

$id = (int) $id;
$time = (int) $time;

try {
	$invoice = $fapiClient->invoices->find($id);
} catch (Exception $exception) {
	echo $exception->getMessage();
	die(400);
}

if ($invoice === null) {
	echo 'Invoice not found.';
	die(400);
}

if (!SecurityChecker::isValid($invoice, $time, $security)) {
	echo 'Security token is not valid.';
	die(400);
}

$client = $fapiClient->clients->find($invoice['client']);

if ($client === null) {
	echo 'Client not found.';
	die(400);
}

if (!username_exists($client['email']) && !email_exists($client['email'])) {
	$password = wp_generate_password(12, false);
	$user_id = wp_create_user($client['email'], $password, $client['email']);

	$subject = 'Přístup do member sekce';

	$message = 'Dobrý den,';
	$message .= "\n\n";
	$message .= 'byl vám vygenerován přístup do členské sekce: ';
	$message .= "\n\n";
	$message .= 'Jméno: ' . $client['email'];
	$message .= "\n";
	$message .= 'Heslo: ' . $password;
	$message .= "\n\n";
	$message .= 'Přihlásit se můžete na adrese:';
	$message .= home_url('/member');

	$header = 'From: ' . get_bloginfo('name') . ' <' . get_bloginfo('admin_email') . '>';

	wp_mail($client['email'], $subject, $message, $header);

}