<?php
require_once __DIR__ . '/../helpers.php';
runAuth();

/*
  Search users by phone, email, or name
  POST: { "Query": "...", "CurrentUserID": 123 }
  Returns: { OK: true, USERS: [...], COUNT: n }
*/

$data = readJsonBody();
$query = trim($data['Query'] ?? '');
$currentUserId = (int) ($data['CurrentUserID'] ?? 0);

if (strlen($query) < 3) {
    jsonResponse(['OK' => true, 'USERS' => [], 'COUNT' => 0, 'MESSAGE' => 'Query must be at least 3 characters']);
}

$searchTerm = '%' . $query . '%';

$rows = queryTimed(
    "SELECT u.ID, u.FirstName, u.LastName, u.EmailAddress, u.ContactNumber, u.ImageExtension
     FROM Users u
     WHERE u.ID != ?
       AND (
         u.ContactNumber LIKE ?
         OR u.EmailAddress LIKE ?
         OR u.FirstName LIKE ?
         OR u.LastName LIKE ?
         OR CONCAT(u.FirstName, ' ', u.LastName) LIKE ?
       )
     ORDER BY u.FirstName, u.LastName
     LIMIT 10",
    [$currentUserId, $searchTerm, $searchTerm, $searchTerm, $searchTerm, $searchTerm]
);

$users = [];
foreach ($rows as $r) {
    $maskedPhone = '';
    $phone = trim($r['ContactNumber'] ?? '');
    if (strlen($phone) >= 4) {
        $maskedPhone = '***-***-' . substr($phone, -4);
    }

    $users[] = [
        'UserID'    => (int) $r['ID'],
        'Name'      => trim($r['FirstName'] . ' ' . $r['LastName']),
        'Email'     => $r['EmailAddress'] ?? '',
        'Phone'     => $maskedPhone,
        'AvatarUrl' => !empty(trim($r['ImageExtension'] ?? ''))
            ? baseUrl() . '/uploads/users/' . $r['ID'] . '.' . $r['ImageExtension']
            : '',
    ];
}

jsonResponse(['OK' => true, 'USERS' => $users, 'COUNT' => count($users)]);