<?php

include "connect.php";

$email = filterRequest('email');
$id = filterRequest('id');

// --- Load Secret Key from .env ---
$secretKey = getenv('SECRET_KEY');

// --- Generate HMAC Function ---
function generateHmac($id, $secretKey) {
    return hash_hmac('sha256', $id, $secretKey);
}

$sql = "SELECT
    *,
    phone_verification_passenger.verified
FROM
    passengers
LEFT JOIN phone_verification_passenger ON phone_verification_passenger.phone_number = passengers.phone
WHERE
    passengers.email = :email AND passengers.id = :id AND phone_verification_passenger.verified = '1'
";
$stmt = $con->prepare($sql);
$stmt->bindParam(':email', $email);
$stmt->bindParam(':id', $id);
$stmt->execute();
$data = $stmt->fetchAll(PDO::FETCH_ASSOC);
$count = $stmt->rowCount();

header('Content-Type: application/json'); // Ensure the response is JSON

if ($count > 0) {
    // Generate HMAC using passenger ID
    $hmac = generateHmac($id, $secretKey);

    echo json_encode([
        "status" => "success",
        "count" => $count,
        "data" => $data,
        "hmac" => $hmac // Add the generated HMAC here
    ]);
} else {
    echo json_encode([
        "status" => "Failure",
        "data" => "User does not exist."
    ]);
}

$stmt = null; // Close the statement
$con = null;  // Close the connection
exit();       // Ensure no further output