<?php
require_once __DIR__ . '/../db/config.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $email = $_POST['email'] ?? '';
    $password = $_POST['password'] ?? '';

    if (empty($email) || empty($password) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
        header('Location: /register.php?error=invalid_input');
        exit;
    }

    try {
        $pdo = db();

        // Check if user exists
        $stmt = $pdo->prepare("SELECT id FROM users WHERE email = ?");
        $stmt->execute([$email]);
        if ($stmt->fetch()) {
            header('Location: /register.php?error=user_exists');
            exit;
        }

        // Insert new user
        $hashed_password = password_hash($password, PASSWORD_DEFAULT);
        $stmt = $pdo->prepare("INSERT INTO users (email, password, role) VALUES (?, ?, ?)");
        $stmt->execute([$email, $hashed_password, 'FREE_USER']);

        header('Location: /login.php?success=registered');
        exit;

    } catch (PDOException $e) {
        // In a real app, log this error.
        header('Location: /register.php?error=db_error');
        exit;
    }
}