<?php

include "secrets.php";

// Check if the request method is POST
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Check if API key matches
    if (isset($_POST['APIkey']) && $_POST['APIkey'] === $apiKey) {

        // Get the data from the POST request
        $studentName = mysqli_real_escape_string($connection, $_POST['StudentName']);
        $studentName = preg_replace('/[^a-zA-Z ]/', '', $studentName);

        // Check if bad word in name
        $lowercaseName = strtolower($studentName);
        $bannedWords = array("shit", "bitch", "piss", "fuck", "cunt", "cocksucker", "motherfucker", "tits", "porn", "faggot", "sex", "nigger");


        foreach ($bannedWords as $bad) {
            if (strpos($lowercaseName, $bad) !== false) {
                echo "bad";
                die();
            }
        }


        $task = mysqli_real_escape_string($connection, $_POST['Task']);

        if ($task == "toggle" || $task == "check") {
            // Create a new PDO connection
            try {
                $pdo = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
                $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

                // Check if studentName exists in the database
                $stmt = $pdo->prepare("SELECT * FROM hands WHERE StudentName = :studentName");
                $stmt->bindParam(':studentName', $studentName);
                $stmt->execute();
                $result = $stmt->fetch(PDO::FETCH_ASSOC);

                if ($result) {
                    if ($task == "toggle") {
                        // If exists, delete it
                        $sql = "DELETE FROM hands WHERE StudentName = :studentName";
                        $stmt = $pdo->prepare($sql);
                        $stmt->bindParam(':studentName', $studentName);
                        $stmt->execute();
                        echo "lowered";
                    } else {
                        echo "raised";
                    }
                } else {
                    if ($task == "toggle") {
                        // If not exists, insert it
                        $sql = "INSERT INTO hands (StudentName) VALUES (:studentName)";
                        $stmt = $pdo->prepare($sql);
                        $stmt->bindParam(':studentName', $studentName);
                        $stmt->execute();
                        echo "raised";
                    } else {
                        echo "lowered";
                    }
                }
            } catch (PDOException $e) {
                echo "Error: " . $e->getMessage();
            }

            // Close the database connection
            $pdo = null;
        } else if ($task == "check") {

            // Create a new PDO connection
            try {
                $pdo = new PDO("mysql:host=$host;dbname=$dbname", $username, $password);
                $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

                // Check if studentName exists in the database
                $stmt = $pdo->prepare("SELECT * FROM hands WHERE StudentName = :studentName");
                $stmt->bindParam(':studentName', $studentName);
                $stmt->execute();
                $result = $stmt->fetch(PDO::FETCH_ASSOC);

                if ($result) {
                    echo "raised";
                } else {
                    echo "lowered";
                }
            } catch (PDOException $e) {
                echo "Error: " . $e->getMessage();
            }

            // Close the database connection
            $pdo = null;
        }
    } else {
        echo "Invalid API key";
    }
} else {
    echo "Invalid request method";
}