<?php
session_start();
require_once 'includes/globals.php';
require_once 'vendor/autoload.php';

use DJMixHosting\Database;
use Aws\Ses\SesClient;
use Aws\Exception\AwsException;

if (!isset($_SESSION['user'])) {
    header("Location: login.php");
    exit;
}

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    header("Location: profile.php");
    exit;
}

if (!isset($_POST['new_email']) || empty($_POST['new_email'])) {
    $_SESSION['error'] = "New email address is required.";
    header("Location: profile.php");
    exit;
}

$new_email = filter_var($_POST['new_email'], FILTER_VALIDATE_EMAIL);
if (!$new_email) {
    $_SESSION['error'] = "Invalid email format.";
    header("Location: profile.php");
    exit;
}

$db = new Database($config);
$userId = $_SESSION['user']['id'];

// Update the user's email and mark it as unverified
$stmt = $db->prepare("UPDATE users SET email = ?, emailVerified = 0 WHERE id = ?");
$stmt->bind_param("si", $new_email, $userId);
$stmt->execute();
$stmt->close();

// Generate verification code and expiry (15 minutes from now)
$verification_code = bin2hex(random_bytes(16));
$expires_at = date("Y-m-d H:i:s", strtotime("+15 minutes"));

// Store the verification record (using REPLACE to update any existing record for this user and email)
$stmt = $db->prepare("REPLACE INTO email_verifications (user_id, email, verification_code, expires_at) VALUES (?, ?, ?, ?)");
$stmt->bind_param("isss", $userId, $new_email, $verification_code, $expires_at);
$stmt->execute();
$stmt->close();

// Send email using AWS SES with config settings
$sesClient = new SesClient([
    'version' => 'latest',
    'region'  => $config['aws']['ses']['region'],
    'credentials' => [
        'key'    => $config['aws']['ses']['access_key'],
        'secret' => $config['aws']['ses']['secret_key'],
    ]
]);

$sender_email = $config['aws']['ses']['sender_email'];
$recipient_email = $new_email;
$subject = "Verify Your Email Address";

// Construct a verification link. Users can click this link to auto-submit the code.
$verification_link = $config['app']['url'] . "/verify_email.php?code={$verification_code}";
$body_text = "Please verify your email address by clicking the link below or by entering the code in your profile:\n\n";
$body_text .= "{$verification_link}\n\nYour verification code is: {$verification_code}\nThis code will expire in 15 minutes.";

try {
    $result = $sesClient->sendEmail([
        'Destination' => [
            'ToAddresses' => [$recipient_email],
        ],
        'ReplyToAddresses' => [$sender_email],
        'Source' => $sender_email,
        'Message' => [
            'Body' => [
                'Text' => [
                    'Charset' => 'UTF-8',
                    'Data' => $body_text,
                ],
            ],
            'Subject' => [
                'Charset' => 'UTF-8',
                'Data' => $subject,
            ],
        ],
    ]);
    $_SESSION['success'] = "Email updated. A verification email has been sent to your new address.";
} catch (AwsException $e) {
    $_SESSION['error'] = "Failed to send verification email: " . $e->getAwsErrorMessage();
}

header("Location: profile.php");
exit;