<?php
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: access");
header("Access-Control-Allow-Methods: POST");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");

session_start();

require __DIR__.'/classes/Database.php';
require __DIR__.'/classes/lib.php';

$db_connection = new Database();
$conn = $db_connection->dbConnection();

$data = json_decode(file_get_contents("php://input"));
$returnData = new CMsg(0);

// IF REQUEST METHOD IS NOT EQUAL TO POST
if($_SERVER["REQUEST_METHOD"] != "POST")
{
    $returnData = new CMsg(0,404,'Page Not Found!');
}
// CHECKING EMPTY FIELDS
elseif(
    !isset($data->qr_id) 
    || !isset($data->password)
    || empty(trim($data->qr_id))
    || empty(trim($data->password))
    )
{
    $fields = ['fields' => ['qr_id','password']];
    $returnData = new CMsg(0,422,'Please Fill in all Required Fields!',$fields);
}
// IF THERE ARE NO EMPTY FIELDS THEN-
else
{
    $qr_id = trim($data->qr_id);
    $password = trim($data->password);

    
    // IF PASSWORD IS LESS THAN 8 THE SHOW THE ERROR
    if(strlen($password) < 8)
    {
        $returnData = new CMsg(0,422,'Your password must be at least 8 characters long!');
    }
    // THE USER IS ABLE TO PERFORM THE LOGIN ACTION
    else
    {
        try{
            
            $fetch_user_by_qrid = "SELECT id, name, qr_id, email FROM `dogs` WHERE `qr_id`=:qr_id";
            $query_stmt = $conn->prepare($fetch_user_by_qrid);
            $query_stmt->bindValue(':qr_id', $qr_id,PDO::PARAM_STR);
            $query_stmt->execute();

            // IF THE USER IS FOUNDED BY EMAIL
            if($query_stmt->rowCount())
            {
                $row = $query_stmt->fetch(PDO::FETCH_ASSOC);
                $check_password = password_verify($password, $row['password']);

                // VERIFYING THE PASSWORD (IS CORRECT OR NOT?)
                // IF PASSWORD IS CORRECT THEN SEND THE LOGIN TOKEN
                if ($check_password)
                {
                    //                    $jwt = new JwtHandler();
                    $user = new CUser(  $row['id'], 
                                        $row['qr_id'],    
                                        $row['email'],
                                        $row['name']
                    );
                    $_SESSION['user'] = $user;
                    
                    $returnData = new CMsg( 
                        1, 
                        200, 
                        'You have successfully logged in.', 
                        $fields, 
                        $user);
                }
                // IF INVALID PASSWORD
                else
                {
                    $returnData = new CMsg(0,422,'Invalid Password!');
                }

            // IF THE USER IS NOT FOUNDED BY EMAIL THEN SHOW THE FOLLOWING ERROR
            }
            else
            {
                $returnData = new CMsg(0,422,'Invalid Email Address!');
            }
        }
        catch(PDOException $e)
        {
            $returnData = new CMsg(0,500,$e->getMessage());
        }
    }
}

echo $returnData->jsonarray();
?>