<?php
require_once __DIR__ . '/../helpers.php';
runAuth();

/*
  POST: { "username": "...", "password": "..." }
  Returns: { OK: true, ERROR: "", UserID: 123, FirstName: "...", Token: "..." }
*/

function normalizeUsername(string $u): string {
    return str_replace([' ', '(', ')', '-'], '', trim($u));
}

$data = readJsonBody();
$username = normalizeUsername($data['username'] ?? '');
$password = $data['password'] ?? '';

if (empty($username) || empty($password)) {
    apiAbort(['OK' => false, 'ERROR' => 'missing_fields']);
}

$row = queryOne(
    "SELECT ID, FirstName
     FROM Users
     WHERE (EmailAddress = ? OR ContactNumber = ?)
       AND Password = ?
       AND IsEmailVerified = 1
       AND IsContactVerified > 0
     LIMIT 1",
    [$username, $username, md5($password)]
);

if (!$row) {
    apiAbort(['OK' => false, 'ERROR' => 'bad_credentials']);
}

$token = generateSecureToken();

queryTimed(
    "INSERT INTO UserTokens (UserID, Token) VALUES (?, ?)",
    [$row['ID'], $token]
);

jsonResponse([
    'OK'        => true,
    'ERROR'     => '',
    'UserID'    => (int) $row['ID'],
    'FirstName' => $row['FirstName'],
    'Token'     => $token,
]);