<?php
// ---------------------------
// Display errors for debugging (remove in production)
ini_set('display_errors', 1);
error_reporting(E_ALL);

// ---------------------------
// CORS headers for mobile apps
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Methods: POST, OPTIONS");
header("Access-Control-Allow-Headers: Content-Type, Authorization");
header("Content-Type: application/json");

// Handle preflight OPTIONS request
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit();
}

// ---------------------------
// Remote MySQL credentials
$servername = "197.248.161.109";  // e.g., 203.0.113.10
$username   = "Admin";
$password   = "Admin@123";
$dbname     = "humanity";

// Create connection to remote MySQL
$conn = new mysqli($servername, $username, $password, $dbname);

// Check connection
if ($conn->connect_error) {
    echo json_encode([
        "success" => false,
        "message" => "Database connection failed: " . $conn->connect_error
    ]);
    exit();
}

// ---------------------------
// Read POST JSON data from mobile app
$input = json_decode(file_get_contents("php://input"), true);
$username_input = $conn->real_escape_string($input['username'] ?? '');
$password_input = $conn->real_escape_string($input['password'] ?? '');

// ---------------------------
// Query remote database (replace with hashed password logic if needed)
$sql = "SELECT * FROM users WHERE username='$username_input' AND password='$password_input' LIMIT 1";
$result = $conn->query($sql);

if ($result && $result->num_rows > 0) {
    echo json_encode([
        "success" => true,
        "message" => "Login successful"
    ]);
} else {
    echo json_encode([
        "success" => false,
        "message" => "Invalid credentials"
    ]);
}

// Close connection
$conn->close();