<?php
file_put_contents("/var/tmp/login_debug.log", "[".date("c")."] start\\n", FILE_APPEND);
declare(strict_types=1);
require_once __DIR__ . '/cors.php';
require_once __DIR__ . '/_loadenv.php';

// api/login.php

header("Content-Type: application/json");

require_once __DIR__ . '/config.php';

error_log("login.php: REQUEST_METHOD = " . $_SERVER['REQUEST_METHOD']);
error_log("login.php: CONTENT_TYPE = " . ($_SERVER['CONTENT_TYPE'] ?? 'none'));
error_log("login.php: POST = " . print_r($_POST, true));

$input = json_decode(file_get_contents("php://input"), true);
$memberId = trim($input['member_id'] ?? "");
$password = $input['password'] ?? "";

error_log("login.php: memberId = " . $memberId);
error_log("login.php: password = " . $password);

// ✅ Ensure memberId is provided
if (!$memberId) {
    http_response_code(400);
    echo json_encode([
        "success" => false,
        "error"   => "Member ID is required"
    ]);
    exit;
}

try {
    $stmt = $conn->prepare("
        SELECT member_id, member_email, member_password_hash 
        FROM wallet 
        WHERE member_id = :member_id 
        LIMIT 1
    ");
    $stmt->execute([':member_id' => $memberId]);
    $user = $stmt->fetch();

    if (!$user) {
        // ❌ Case 1: member not found
        http_response_code(404);
        echo json_encode([
            "success" => false,
            "error"   => "No account found for this Member ID"
        ]);
        exit;
    }

    if (!$password) {
        // ❌ Case 2: password missing (but member exists)
        http_response_code(400);
        echo json_encode([
            "success" => false,
            "error"   => "Password is required"
        ]);
        exit;
    }

    if (password_verify($password, $user['member_password_hash'])) {
        // ✅ Case 3: success
        $update = $conn->prepare("
            UPDATE wallet 
            SET last_login = NOW() 
            WHERE member_id = :member_id
        ");
        $update->execute([':member_id' => $memberId]);

        http_response_code(200);
        echo json_encode([
            "success"      => true,
            "member_id"    => $user['member_id'],
            "member_email" => $user['member_email'] ?? null
        ]);
    } else {
        // 🚫 Case 4: bad password
        http_response_code(401);
        echo json_encode([
            "success" => false,
            "error"   => "Invalid password"
        ]);
    }
} catch (Exception $e) {
    http_response_code(500);
    echo json_encode([
        "success" => false,
        "error"   => "Server error: " . $e->getMessage()
    ]);
}
try {
    // (wrap your login logic here in your next edit if not already inside try)
    // file_put_contents("/var/tmp/login_debug.log", "[".date("c")."] in-try\n", FILE_APPEND);
} catch (Throwable $e) {
    file_put_contents("/var/tmp/login_debug.log", "[".date("c")."] EX: ".$e->getMessage()."\n", FILE_APPEND);
    error_log("[login] exception: " . $e->getMessage());
    http_response_code(500);
    header("Content-Type: application/json");
    echo json_encode(["success"=>false,"error"=>"Server misconfigured (".$e->getMessage().")"]);
    exit;
}