<?php
include_once($_SERVER['DOCUMENT_ROOT'] . "/db_config.php");
include_once($_SERVER['DOCUMENT_ROOT'] . "/includes/utils.php");

$token = get_bearer_token();

if (is_null($token)) {
    header('Content-Type: application/json');
    http_response_code(412);
    echo '{"success":"false","message":"No token provided","username":"","email": ""}';
    return;
}

// Input validation and sanitization
$token = $mysqli->real_escape_string($token);

// Prepare and bind
$stmt = $mysqli->prepare("SELECT * FROM users WHERE token = ?");
$stmt->bind_param("s", $token);

// Execute statement
$stmt->execute();

// Get result
$result = $stmt->get_result();

$response = array();

if ($result->num_rows > 0) {
    $row = $result->fetch_assoc();

    $response['success'] = "true";
    $response['message'] = "Success";
    $response['username'] = $row['username'];
    $response['email'] = $row['email'];
} else {
    $response['success'] = "false";
    $response['message'] = 'Invalid token.';
    $response['username'] = "";
    $response['email'] = "";
}

// Close connections
$stmt->close();
$mysqli->close();

// Return JSON response
header('Content-Type: application/json');
echo '{"success":' . $response['success'] . ', "message":"' . $response['message'] . '", "username":"' . $response['username'] . '", "email":"' . $response['email'] . '"}';