<?php
require_once("session.php");
require_once("connection.php");
require_once("functions.php");
require_once 'google-client/vendor/autoload.php'; // Add this line for Google Client

// Check if connection is established
if (!$conn) {
    json_encode(['status' => 'error', 'message' => 'Database connection failed.']);
    exit();
}

// Google Client Setup
$client = new Google_Client();
$client->setClientId('948441222188-8qhboq2urr8o9n35mc70s5h2nhd52v0m.apps.googleusercontent.com');
$client->setClientSecret('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');
$client->setRedirectUri('https://4wdcsa.co.za/google_validate_login.php');
$client->addScope("email");
$client->addScope("profile");

// Check if Google login code is set
if (isset($_GET['code'])) {
    $token = $client->fetchAccessTokenWithAuthCode($_GET['code']);
    if (!isset($token["error"])) {
        $client->setAccessToken($token['access_token']);
        $google_oauth = new Google_Service_Oauth2($client);
        $google_account_info = $google_oauth->userinfo->get();

        // Get user info from Google
        $email = $google_account_info->email;
        $name = $google_account_info->name;
        $first_name = $google_account_info->given_name;
        $last_name = $google_account_info->family_name;
        $picture = $google_account_info->picture;

        // Check if the user exists in the database
        $query = "SELECT * FROM users WHERE email = ?";
        $stmt = $conn->prepare($query);
        $stmt->bind_param("s", $email);
        $stmt->execute();
        $result = $stmt->get_result();

        if ($result->num_rows == 0) {
            // User does not exist, so register them
            $password = null; // No password for Google login
            $query = "INSERT INTO users (email, first_name, last_name, profile_pic, password, is_verified) VALUES (?, ?, ?, ?, ?, ?)";
            $stmt = $conn->prepare($query);
            $is_verified = 1; // Assuming Google users are considered verified
            $stmt->bind_param("sssssi", $email, $first_name, $last_name, $picture, $password, $is_verified);
            if ($stmt->execute()) {
                // User successfully registered, set session and redirect
                $_SESSION['user_id'] = $conn->insert_id;
                $_SESSION['first_name'] = $first_name;
                $_SESSION['profile_pic'] = $picture;
                // echo json_encode(['status' => 'success', 'message' => 'Google login successful']);
                header("Location: index.php");
                exit();
            } else {
                // echo json_encode(['status' => 'error', 'message' => 'Failed to register user.']);
                header("Location: index.php");
                exit();
            }
        } else {
            // User exists, set session and redirect
            $row = $result->fetch_assoc();
            $_SESSION['user_id'] = $row['user_id'];
            $_SESSION['first_name'] = $row['first_name'];
            $_SESSION['profile_pic'] = $row['profile_pic'];
            // echo json_encode(['status' => 'success', 'message' => 'Google login successful']);
            header("Location: index.php");
            exit();
        }

        $stmt->close();
    } else {
        echo "Login failed.";
        exit();
    }
}

// Check if email and password login is requested
if (isset($_POST['email']) && isset($_POST['password'])) {
    // Retrieve and sanitize form data
    $email = filter_var($_POST['email'], FILTER_SANITIZE_EMAIL);
    $password = trim($_POST['password']); // Remove extra spaces

    // Validate input
    if (empty($email) || empty($password)) {
        echo json_encode(['status' => 'error', 'message' => 'Please enter both email and password.']);
        exit();
    }

    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        echo json_encode(['status' => 'error', 'message' => 'Invalid email format.']);
        exit();
    }

    // Prepare SQL statement to fetch user details
    $query = "SELECT * FROM users WHERE email = ?";
    $stmt = $conn->prepare($query);

    if (!$stmt) {
        echo json_encode(['status' => 'error', 'message' => 'Database query preparation failed.']);
        exit();
    }

    $stmt->bind_param("s", $email);
    $stmt->execute();
    $result = $stmt->get_result();

    // Check if user exists and verify password
    if ($result->num_rows == 1) {
        $row = $result->fetch_assoc();

        // Check if the user is verified
        if ($row['is_verified'] == 0) {
            echo json_encode(['status' => 'error', 'message' => 'Your account is not verified. Please check your email for the verification link.']);
            exit();
        }

        if (password_verify($password, $row['password'])) {
            // Password is correct, set up session
            $_SESSION['user_id'] = $row['user_id']; // Adjust as per your table structure
            $_SESSION['first_name'] = $row['first_name']; // Adjust as per your table structure
            $_SESSION['profile_pic'] = $row['profile_pic'];
            echo json_encode(['status' => 'success', 'message' => 'Successful Login']);
        } else {
            // Password is incorrect
            echo json_encode(['status' => 'error', 'message' => 'Invalid password.']);
        }
    } else {
        // User does not exist
        echo json_encode(['status' => 'error', 'message' => 'User with that email does not exist.']);
    }

    // Close the statement and connection
    $stmt->close();
}

// Close connection
$conn->close();
exit();
?>