payfrit-api/api/auth/validateToken.php

<?php
require_once __DIR__ . '/../helpers.php';
runAuth();

/*
  Validate a user token (for WebSocket server authentication)
  POST: { "Token": "..." }
  Returns: { OK: true, UserID: ..., UserType: "customer"/"worker", UserName: "..." }
*/

$data = readJsonBody();
$token = trim($data['Token'] ?? '');

if (empty($token)) {
    apiAbort(['OK' => false, 'ERROR' => 'missing_params', 'MESSAGE' => 'Token is required']);
}

$row = queryOne(
    "SELECT ut.UserID, u.FirstName, u.LastName
     FROM UserTokens ut
     JOIN Users u ON u.ID = ut.UserID
     WHERE ut.Token = ?
     LIMIT 1",
    [$token]
);

if (!$row) {
    apiAbort(['OK' => false, 'ERROR' => 'invalid_token', 'MESSAGE' => 'Token is invalid or expired']);
}

$uid = (int) $row['UserID'];

// Check if user is a worker (has any active employment)
$worker = queryOne(
    "SELECT COUNT(*) AS cnt FROM Employees WHERE UserID = ? AND IsActive = 1",
    [$uid]
);

$userType = ((int) ($worker['cnt'] ?? 0)) > 0 ? 'worker' : 'customer';

jsonResponse([
    'OK'       => true,
    'UserID'   => $uid,
    'UserType' => $userType,
    'UserName' => trim($row['FirstName'] . ' ' . $row['LastName']),
]);