<?php
session_start();
require_once __DIR__ . '/db/config.php';

header('Content-Type: application/json');

$action = $_POST['action'] ?? '';

if ($action === 'register') {
    $email = $_POST['email'] ?? '';
    $password = $_POST['password'] ?? '';

    if (empty($email) || empty($password) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
        echo json_encode(['success' => false, 'message' => 'Invalid email or password.']);
        exit;
    }

    try {
        $pdo = db();
        $stmt = $pdo->prepare("SELECT id FROM users WHERE email = ?");
        $stmt->execute([$email]);
        if ($stmt->fetch()) {
            echo json_encode(['success' => false, 'message' => 'User with this email already exists.']);
            exit;
        }

        $password_hash = password_hash($password, PASSWORD_DEFAULT);
        
        // Get trial duration from settings
        $settings = json_decode(file_get_contents('settings.json'), true);
        $trial_days = $settings['trial_duration_public'] ?? 2;
        $trial_ends_at = date('Y-m-d H:i:s', strtotime("+{$trial_days} days"));

        $stmt = $pdo->prepare("INSERT INTO users (email, password, trial_ends_at) VALUES (?, ?, ?)");
        $stmt->execute([$email, $password_hash, $trial_ends_at]);
        $user_id = $pdo->lastInsertId();

        $_SESSION['user_id'] = $user_id;
        $_SESSION['user_email'] = $email;
        echo json_encode(['success' => true]);

    } catch (PDOException $e) {
        echo json_encode(['success' => false, 'message' => 'Database error.']);
    }
    exit;
}

if ($action === 'login') {
    $email = $_POST['email'] ?? '';
    $password = $_POST['password'] ?? '';

    if (empty($email) || empty($password)) {
        echo json_encode(['success' => false, 'message' => 'Email and password are required.']);
        exit;
    }

    try {
        $pdo = db();
        $stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
        $stmt->execute([$email]);
        $user = $stmt->fetch();

        if ($user && password_verify($password, $user['password'])) {
            $_SESSION['user_id'] = $user['id'];
            $_SESSION['user_email'] = $user['email'];
            echo json_encode(['success' => true]);
        } else {
            echo json_encode(['success' => false, 'message' => 'Invalid email or password.']);
        }
    } catch (PDOException $e) {
        echo json_encode(['success' => false, 'message' => 'Database error.']);
    }
    exit;
}

if ($action === 'logout') {
    session_destroy();
    echo json_encode(['success' => true]);
    exit;
}

if ($action === 'check_auth') {
    if (isset($_SESSION['user_id'])) {
        echo json_encode(['loggedIn' => true, 'email' => $_SESSION['user_email']]);
    } else {
        echo json_encode(['loggedIn' => false]);
    }
    exit;
}

echo json_encode(['success' => false, 'message' => 'Invalid action.']);