<?php
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . '/src/config/env.php');
require_once($rootPath . '/src/config/session.php');
require_once($rootPath . '/src/config/connection.php');
require_once($rootPath . '/src/config/functions.php');

header('Content-Type: application/json');

if (!isset($_SESSION['user_id']) || $_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(403);
    exit(json_encode(['success' => false, 'message' => 'Forbidden']));
}

// Validate CSRF token
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
    http_response_code(400);
    exit(json_encode(['success' => false, 'message' => 'Invalid request']));
}

$primary_user_id = intval($_SESSION['user_id']);
$link_id = intval($_POST['link_id'] ?? 0);

if (!$link_id) {
    http_response_code(400);
    exit(json_encode(['success' => false, 'message' => 'Link ID is required']));
}

// Use the unlinking function from functions.php
$result = unlinkSecondaryUser($link_id, $primary_user_id);

http_response_code($result['success'] ? 200 : 400);
echo json_encode([
    'success' => $result['success'],
    'message' => $result['message']
]);
?>