<?php
session_start();
require_once 'includes/globals.php';
require_once 'vendor/autoload.php';

use DJMixHosting\Database;

if (!isset($_SESSION['user'])) {
    header("Location: login.php");
    exit;
}

$db = new Database($config);
$userId = $_SESSION['user']['id'];

// Retrieve the verification code from GET or POST
$verification_code = "";
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['verification_code'])) {
    $verification_code = trim($_POST['verification_code']);
} elseif (isset($_GET['code'])) {
    $verification_code = trim($_GET['code']);
} else {
    $_SESSION['error'] = "Verification code is required.";
    header("Location: profile.php");
    exit;
}

// Look up the email verification record for this user and code
$stmt = $db->prepare("SELECT * FROM email_verifications WHERE user_id = ? AND verification_code = ?");
$stmt->bind_param("is", $userId, $verification_code);
$stmt->execute();
$result = $stmt->get_result();
$record = $result->fetch_assoc();
$stmt->close();

if (!$record) {
    $_SESSION['error'] = "Invalid verification code.";
    header("Location: profile.php");
    exit;
}

// Check if the verification code has expired
$current_time = new DateTime();
$expires_at = new DateTime($record['expires_at']);
if ($current_time > $expires_at) {
    $_SESSION['error'] = "Verification code has expired. Please request a new one.";
    header("Location: profile.php");
    exit;
}

// Verification successful: update the user's record
$stmt = $db->prepare("UPDATE users SET emailVerified = 1 WHERE id = ?");
$stmt->bind_param("i", $userId);
$stmt->execute();
$stmt->close();

// Remove the verification record for cleanup
$stmt = $db->prepare("DELETE FROM email_verifications WHERE user_id = ?");
$stmt->bind_param("i", $userId);
$stmt->execute();
$stmt->close();

$_SESSION['success'] = "Email verified successfully.";
header("Location: profile.php");
exit;