<?php
require_once 'auth/session.php';
header('Content-Type: application/json');

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $user = getCurrentUser();
    if (!$user) {
        echo json_encode(['success' => false, 'error' => 'Unauthorized']);
        exit;
    }

    $username = $_POST['username'] ?? $user['username'];
    $avatar_url = $_POST['avatar_url'] ?? $user['avatar_url'];

    try {
        $stmt = db()->prepare("UPDATE users SET username = ?, avatar_url = ? WHERE id = ?");
        $stmt->execute([$username, $avatar_url, $user['id']]);
        
        $_SESSION['username'] = $username; // Update session if stored (though getCurrentUser fetches from DB)
        
        echo json_encode(['success' => true]);
    } catch (Exception $e) {
        echo json_encode(['success' => false, 'error' => $e->getMessage()]);
    }
    exit;
}

echo json_encode(['success' => false, 'error' => 'Invalid request']);