<?php
require_once __DIR__ . '/db/config.php';

// Run migrations
run_migrations();

$error = '';
$success = '';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $email = $_POST['email'] ?? '';
    $password = $_POST['password'] ?? '';

    if (empty($email) || empty($password)) {
        $error = 'Email and password are required.';
    } elseif (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        $error = 'Invalid email format.';
    } else {
        try {
            $pdo = db();
            $stmt = $pdo->prepare('SELECT id FROM users WHERE email = ?');
            $stmt->execute([$email]);
            if ($stmt->fetch()) {
                $error = 'Email already exists.';
            } else {
                $hashed_password = password_hash($password, PASSWORD_DEFAULT);
                $stmt = $pdo->prepare('INSERT INTO users (email, password) VALUES (?, ?)');
                $stmt->execute([$email, $hashed_password]);
                header('Location: index.php?signed_up=true');
                exit;
            }
        } catch (PDOException $e) {
            // In a real app, you would log this error.
            $error = 'Database error. Please try again later.';
        }
    }
    
    if ($error) {
        header('Location: index.php?signup_error=' . urlencode($error));
        exit;
    }
}