<?php
// ✅ CORS Headers - di paling atas
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization');
header('Access-Control-Max-Age: 86400');
header('Content-Type: application/json'); // Cukup 1x saja

// ✅ Handle preflight OPTIONS
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit();
}

include 'Connection.php';

// ✅ Handle input dari JSON body atau POST form
$input = json_decode(file_get_contents('php://input'), true);
$username = trim($input['username'] ?? $_POST['username'] ?? '');
$password = $input['password'] ?? $_POST['password'] ?? '';

// ✅ Validasi input kosong
if (empty($username) || empty($password)) {
    echo json_encode([
        "status" => "error", 
        "message" => "Username dan password wajib diisi"
    ]);
    exit;
}

// ✅ Validasi panjang password minimal
if (strlen($password) < 6) {
    echo json_encode([
        "status" => "error", 
        "message" => "Password minimal 6 karakter"
    ]);
    exit;
}

// ✅ Validasi format username (opsional tapi disarankan)
if (!preg_match('/^[a-zA-Z0-9_]{3,20}$/', $username)) {
    echo json_encode([
        "status" => "error", 
        "message" => "Username hanya boleh huruf, angka, underscore (3-20 karakter)"
    ]);
    exit;
}

// ✅ Cek apakah username sudah ada
$check = $conn->prepare("SELECT id FROM users WHERE username = ?");
$check->bind_param("s", $username);
$check->execute();
$check->store_result();

if ($check->num_rows > 0) {
    echo json_encode([
        "status" => "error", 
        "message" => "Username sudah digunakan"
    ]);
    $check->close();
    $conn->close();
    exit;
}
$check->close();

// ✅ Hash password dan insert ke database
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);

$stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
$stmt->bind_param("ss", $username, $hashedPassword);

if ($stmt->execute()) {
    echo json_encode([
        "status" => "success", 
        "message" => "Pendaftaran berhasil"
    ]);
} else {
    echo json_encode([
        "status" => "error", 
        "message" => "Gagal mendaftar: " . $conn->error
    ]);
}

$stmt->close();
$conn->close();
?>