<?php
require_once __DIR__ . '/../../connect.php';

$driverID = filterRequest("driverID");
$amount = filterRequest("amount");

// Check if required fields are present
if ($driverID === null || $amount === null) {
    jsonError("Missing required fields: driverID and amount must be provided");
    exit;
}

// Generate a more secure token
$token = generateSecureToken($driverID, $amount);

// Store the token in the database
$stmt = $con->prepare("INSERT INTO payment_tokens (token, driverID, dateCreated, amount) VALUES (?, ?, NOW(), ?)");

try {
    $stmt->execute([$token, $driverID, $amount]);
    if ($stmt->rowCount() > 0) {
        jsonSuccess($token);
    } else {
        jsonError("Failed to save record");
    }
} catch (PDOException $e) {
    jsonError("Database error: " . $e->getMessage());
}

function generateSecureToken($driverID, $amount) {
    global $secretKey;
    // Concatenate the parameters
    $data = $driverID . $amount . time();

    // Add the secret key from the environment variable
    $data .= $secretKey;

    // Generate a hash
    $hash = hash('sha256', $data);

    // Add some randomness
    $randomBytes = bin2hex(random_bytes(16));

    // Combine hash and random bytes
    $token = $hash . $randomBytes;

    // Truncate to a reasonable length (e.g., 64 characters)
    return substr($token, 0, 64);
}