<?php
require_once 'vendor/autoload.php';
require_once 'db/config.php';

session_start();

if (!isset($_SESSION['user_id'])) {
    http_response_code(401);
    echo json_encode(['error' => 'User not logged in']);
    exit;
}

// It is not recommended to store the secret key directly in the code.
// It should be stored in an environment variable or a secure configuration file.
$stripeSecretKey = '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';

\Stripe\Stripe::setApiKey($stripeSecretKey);

header('Content-Type: application/json');

try {
    $pdo = db();
    $userId = $_SESSION['user_id'];

    // Create a PaymentIntent with amount and currency
    $paymentIntent = \Stripe\PaymentIntent::create([
        'amount' => 18000, // 180.00 MXN
        'currency' => 'mxn',
        'metadata' => [
            'user_id' => $userId
        ]
    ]);

    // Save the payment intent to the database
    $stmt = $pdo->prepare("INSERT INTO payments (user_id, stripe_payment_intent_id, amount, currency, status) VALUES (?, ?, ?, ?, ?)");
    $stmt->execute([$userId, $paymentIntent->id, $paymentIntent->amount, $paymentIntent->currency, 'requires_payment_method']);

    $output = [
        'clientSecret' => $paymentIntent->client_secret,
    ];

    echo json_encode($output);
} catch (Exception $e) {
    http_response_code(500);
    echo json_encode(['error' => $e->getMessage()]);
}