<?php
require_once __DIR__ . '/../include/headscript.php';

header('Content-Type: application/json; charset=utf-8');

function jsonResponse(bool $success, string $message, array $extra = []): void
{
    echo json_encode(array_merge([
        'success' => $success,
        'message' => $message
    ], $extra));
    exit;
}

$panelUrl = trim($_POST['panel_url'] ?? '');
$username = trim($_POST['username'] ?? '');
$password = trim($_POST['password'] ?? '');

if ($panelUrl === '') {
    jsonResponse(false, 'CyberPanel URL is required.');
}

if ($username === '') {
    jsonResponse(false, 'Username is required.');
}

if ($password === '') {
    jsonResponse(false, 'Password is required for connection test.');
}

$panelUrl = rtrim($panelUrl, '/');

if (!preg_match('/^https?:\/\//i', $panelUrl)) {
    jsonResponse(false, 'CyberPanel URL must start with http:// or https://');
}

/*
 * CyberPanel classic API endpoint.
 */
$apiUrl = $panelUrl . '/api/verifyConn';

$payload = [
    'adminUser' => $username,
    'adminPass' => $password
];

$ch = curl_init();

curl_setopt_array($ch, [
    CURLOPT_URL => $apiUrl,
    CURLOPT_POST => true,
    CURLOPT_POSTFIELDS => json_encode($payload),
    CURLOPT_HTTPHEADER => [
        'Content-Type: application/json',
        'Accept: application/json'
    ],
    CURLOPT_RETURNTRANSFER => true,
    CURLOPT_TIMEOUT => 25,
    CURLOPT_CONNECTTIMEOUT => 15,

    /*
     * CyberPanel often uses self-signed SSL on port 8090.
     * For the first test we disable strict SSL verification.
     * Later we can make this configurable per server.
     */
    CURLOPT_SSL_VERIFYHOST => false,
    CURLOPT_SSL_VERIFYPEER => false,
]);

$response = curl_exec($ch);
$curlError = curl_error($ch);
$httpCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);

curl_close($ch);

if ($response === false || $curlError !== '') {
    jsonResponse(false, 'cURL error: ' . $curlError, [
        'url' => $apiUrl,
        'http_code' => $httpCode
    ]);
}

$decoded = json_decode($response, true);

if (!is_array($decoded)) {
    jsonResponse(false, 'Invalid JSON response from CyberPanel.', [
        'url' => $apiUrl,
        'http_code' => $httpCode,
        'raw_response' => $response
    ]);
}

/*
 * CyberPanel responses can vary slightly between versions.
 * So we check multiple possible success indicators.
 */
$isSuccess = false;

if (isset($decoded['verifyConn']) && (int)$decoded['verifyConn'] === 1) {
    $isSuccess = true;
}

if (isset($decoded['status']) && (int)$decoded['status'] === 1) {
    $isSuccess = true;
}

if (isset($decoded['success']) && (int)$decoded['success'] === 1) {
    $isSuccess = true;
}

if ($isSuccess) {
    jsonResponse(true, 'Connection successful.', [
        'url' => $apiUrl,
        'http_code' => $httpCode,
        'response' => $decoded
    ]);
}

jsonResponse(false, 'Connection failed. Check CyberPanel API Access, username or password.', [
    'url' => $apiUrl,
    'http_code' => $httpCode,
    'response' => $decoded
]);