SavageLake - Installation rapide (FTP) ==================================== Contenu : - reservation.php (page publique) - get-availability.php - create-checkout-session.php - webhook.php - google-auth.php - google-oauth-callback.php - success.php / cancel.php - config.php (EDITER: remplacer les clés) - pending_reservations.json - .secure/ with .htaccess (place credentials.json here) - vendor/ (placeholder) - see notes below IMPORTANT NOTES --------------- 1) I could NOT include 'vendor' libraries (Stripe & Google API) inside this zip because the environment that generated this package has no internet access. => You MUST populate 'vendor/' yourself. Two options: a) On your local dev machine (with Composer) run in an empty folder: composer require stripe/stripe-php google/apiclient:^2.15 Then upload the generated 'vendor/' folder to your FTP in /savagelake/vendor/ b) Or upload the vendor libraries you already have into the 'vendor/' directory. 2) Place your Google 'credentials.json' inside '/.secure/' (via FTP). If your FTP does not allow creating a parent folder above htdocs, keep .secure/ in the project root but it's protected by a .htaccess provided there. 3) Visit the Google auth URL once to get token.json: https://savagelake.polycompit.fr/google-auth.php Follow the OAuth flow; the callback will create token.json in .secure/ 4) Edit config.php and set your Stripe keys (STRIPE_SECRET_KEY, STRIPE_WEBHOOK_SECRET) and BASE_URL if different. 5) Register the webhook endpoint in Stripe dashboard: https://dashboard.stripe.com/test/webhooks -> Add endpoint Endpoint URL: https://savagelake.polycompit.fr/webhook.php Select events: checkout.session.completed Copy the signing secret and paste it into config.php (STRIPE_WEBHOOK_SECRET). 6) Create Google Calendars for each location and put their calendar IDs in config.php ($LOCATIONS array). 7) Upload the whole 'savagelake' folder via FTP into your web root and test: https://savagelake.polycompit.fr/reservation.php Security reminders ------------------ - Keep credentials.json and token.json in .secure/ (not web-accessible). - Never expose STRIPE_SECRET_KEY in frontend code. - Consider moving pending_reservations.json into .secure/ if you prefer.