<?php
header('Content-Type: application/json');

// Sanitize userID from POST or GET
$userID = $_POST['userID'] ?? $_GET['userID'] ?? null;
$userID = preg_replace('/[^a-zA-Z0-9_-]/', '', $userID);

// Directories
$uploadDir = __DIR__ . '/uploads/';
$logDir = __DIR__ . '/logs/';

// Make sure folders exist
if (!file_exists($uploadDir)) mkdir($uploadDir, 0755, true);
if (!file_exists($logDir)) mkdir($logDir, 0755, true);

// 🔍 If GET request with userID → return JSON log
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    if (!$userID) {
        echo json_encode([
            'status' => 'error',
            'message' => 'Missing userID in GET request'
        ]);
        exit;
    }

    $logFile = $logDir . "{$userID}.json";
    if (file_exists($logFile)) {
        echo file_get_contents($logFile);
    } else {
        echo json_encode([
            'status' => 'error',
            'message' => 'No record found for user'
        ]);
    }
    exit;
}

// 🖼 Handle POST upload
if (!isset($_FILES['photo']) || !$userID) {
    echo json_encode([
        'status' => 'error',
        'message' => 'Missing photo or userID in POST request'
    ]);
    exit;
}

$filename = 'face_' . $userID . '_' . time() . '.jpg';
$uploadPath = $uploadDir . $filename;
$imageURL = 'http://' . $_SERVER['HTTP_HOST'] . '/uploads/' . $filename;

if (move_uploaded_file($_FILES['photo']['tmp_name'], $uploadPath)) {
    // Save log
    $logData = [
        'status' => 'ok',
        'userID' => $userID,
        'image_url' => $imageURL,
        'timestamp' => date('c')
    ];
    file_put_contents($logDir . "{$userID}.json", json_encode($logData));

    echo json_encode($logData);
} else {
    echo json_encode([
        'status' => 'error',
        'message' => 'Failed to save uploaded image'
    ]);
}