<?php
include('includes/dbcon.php');

// Enable error reporting for debugging
error_reporting(E_ALL);
ini_set('display_errors', 1);

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    header('Content-Type: application/json');
    
    $regno = isset($_POST['regno']) ? sanitize_input($_POST['regno']) : '';
    $pin = isset($_POST['pin']) ? sanitize_input($_POST['pin']) : '';
    
    $response = ['success' => false, 'message' => ''];
    
    // Basic validation
    if (empty($regno) || empty($pin)) {
        $response['message'] = 'Registration number and PIN are required.';
        echo json_encode($response);
        exit;
    }
    
    try {
        // Debug log
        error_log("Validating PIN: $pin for RegNo: $regno");
        
        // Check if PIN exists in pins table
        $pinQuery = $DBcon->prepare("SELECT * FROM pins WHERE pin = ?");
        $pinQuery->execute([$pin]);
        $pinData = $pinQuery->fetch(PDO::FETCH_ASSOC);
        
        if (!$pinData) {
            error_log("PIN not found: $pin");
            $response['message'] = 'Invalid PIN. Please check and try again.';
            echo json_encode($response);
            exit;
        }
        
        // Check if student exists
        $studentQuery = $DBcon->prepare("SELECT * FROM students WHERE reg_no = ?");
        $studentQuery->execute([$regno]);
        $studentData = $studentQuery->fetch(PDO::FETCH_ASSOC);
        
        if (!$studentData) {
            error_log("Student not found: $regno");
            $response['message'] = 'Invalid registration number. Please check and try again.';
            echo json_encode($response);
            exit;
        }
        
        // Check if PIN has been used before
        $associateQuery = $DBcon->prepare("SELECT * FROM pinassociate WHERE PINCODE = ? ORDER BY SN DESC LIMIT 1");
        $associateQuery->execute([$pin]);
        $associateData = $associateQuery->fetch(PDO::FETCH_ASSOC);
        
        if ($associateData) {
            // PIN has been used before
            if ($associateData['NOUSED'] >= 6) {
                $response['message'] = 'This PIN has exceeded the maximum usage limit (6 times). Please get a new PIN.';
                echo json_encode($response);
                exit;
            }
            
            if ($associateData['REGNO'] !== $regno) {
                $response['message'] = 'This PIN is already associated with another registration number.';
                echo json_encode($response);
                exit;
            }
        }
        
        // All checks passed
        $response['success'] = true;
        $response['message'] = 'PIN validated successfully!';
        error_log("PIN validation successful for $regno");
        
    } catch (PDOException $e) {
        error_log("PIN validation error: " . $e->getMessage());
        $response['message'] = 'Database error. Please try again later.';
    }
    
    echo json_encode($response);
    exit;
    
} else {
    header('Content-Type: application/json');
    echo json_encode(['success' => false, 'message' => 'Invalid request method.']);
    exit;
}
?>