<?php
/* hitler-clicker
 * api for user creation
 * © 2025 hitler.rip <git@hitler.rip>
 * licensed under AGPLv3-or-later; see LICENSE.md for more information
 */

header('Content-Type: application/json; charset=UTF-8');

try {
	$pdo = new PDO("mysql:host=127.0.0.1;dbname=hitlerclicker", "root", "aA1234Aa");
} catch(PDOException $e) {
	die('{ "status": "database offline" }');
};

$wrkarr = [];
$ifarr = [ "name", "password", "team" ];
$postjson = json_decode(file_get_contents('php://input'), true);
foreach ($ifarr as $i):
	if (isset($postjson[$i])):
		$newarr = [
			"$i" => "$postjson[$i]",
		];
		$wrkarr = array_merge($wrkarr, $newarr);
	endif;
endforeach;

if (!isset($wrkarr["name"]) || trim($wrkarr["name"]) == ""):
	die('{ "status": "login (name) was not provided.\ncould not attempt to join." }');
elseif (!isset($wrkarr["password"]) || trim($wrkarr["password"]) == ""):
	die('{ "status": "password was not provided.\ncould not attempt to join." }');
elseif (!isset($wrkarr["team"]) || trim($wrkarr["team"]) == ""):
	die('{ "status": "team was not provided.\ncould not attempt to join." }');
else:

	$query = $pdo->prepare("SELECT team, clicks FROM stats WHERE team LIKE ? ORDER BY clicks DESC");
	$query->execute([$wrkarr["team"]]);
	$found = $query->fetch(PDO::FETCH_ASSOC);
	if ($found):

		$query = $pdo->prepare("SELECT name, password FROM users WHERE name LIKE ?");
		$query -> execute([$wrkarr["name"]]);
		$found = $query->fetch(PDO::FETCH_ASSOC);
		if ($found) {
			die('{ "status": "name already exists in the database." }');
		}

		$query = $pdo->prepare("INSERT INTO users (name, password, token, team) VALUES (:name, :password, :token, :team)");
		$query->execute([
			"name" => filter_var($wrkarr["name"]),
			"password" => password_hash($wrkarr["password"], PASSWORD_DEFAULT),
			"token" => bin2hex(random_bytes(64)),
			"team" => filter_var($wrkarr["team"]),
		]);
		die('{ "status": "success" }');
	
	else:
		die('{ "status": "team does not exist." }');
	endif;

endif;

echo '{ "status": "online" }';

?>