<?php
require_once 'db.php'; // Ensure this contains the DB connection

if (session_status() === PHP_SESSION_NONE) {
    session_start();
}

// Check if authentication token is provided via GET or session
if (!isset($_GET['auth']) && !isset($_SESSION['auth_token'])) {
    die("Unauthorized access. No authentication token provided.");
}

// Use session token if available, otherwise use URL token
$authToken = $_SESSION['auth_token'] ?? $_GET['auth'];
$_SESSION['auth_token'] = $authToken;

// Connect to the database
$conn = new mysqli(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if ($conn->connect_error) {
    die("Database connection error.");
}

// Fetch user information from database
$stmt = $conn->prepare("SELECT id, email, given_name, surname, is_board_member, expired FROM users WHERE auth_token = ?");
$stmt->bind_param("s", $authToken);
$stmt->execute();
$result = $stmt->get_result();
$user = $result->fetch_assoc();

// Check if the token is valid and not expired
if (!$user || $user['expired'] == 1) {
    die("Unauthorized access - Invalid or expired token.");
}

// Store user details in session
$_SESSION['user_id'] = intval($user['id']);
$_SESSION['email'] = $user['email'];
$_SESSION['full_name'] = $user['given_name'] . " " . $user['surname'];
$_SESSION['is_board_member'] = intval($user['is_board_member']);

// Redirect users to questionnaire page if authentication was done via URL
if (isset($_GET['auth'])) {
    header("Location: questionnaire.html");
    exit;
}
?>