<?php

header('Content-Type: application/json');

include __DIR__.'/../../konsultasi/conf/koneksiPDO.php';

$validSecrets = [
    getenv('SPOTA_LEGACY_API_SECRET') ?: '',
    'in14d4lahP4ssWordSP0TA!12!',
];

$secret = isset($_GET['secret']) ? trim((string) $_GET['secret']) : '';
if ($secret === '' || !in_array($secret, $validSecrets, true)) {
    http_response_code(401);
    echo json_encode([
        'status' => 0,
        'msg' => 'Unauthorized',
    ]);
    exit();
}

try {
    $conn = new createCon();
    $dbhSpota = $conn->connectSpota();

    $sql = 'SELECT iddosen, nip, nmLengkap, email, nohp, foto FROM tbdosen ORDER BY nmLengkap ASC';
    $stmt = $dbhSpota->prepare($sql);
    $stmt->execute();

    $data = [];
    while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
        $foto = (string) $row['foto'];
        $data[] = [
            'id' => $row['iddosen'],
            'nip' => $row['nip'],
            'nama' => $row['nmLengkap'],
            'email' => $row['email'],
            'hp' => $row['nohp'],
            'urlFoto' => 'http://spota.untan.ac.id/img/'.$foto,
        ];
    }

    echo json_encode([
        'status' => 1,
        'data' => $data,
        'msg' => 'ok',
    ]);
} catch (Exception $e) {
    http_response_code(500);
    echo json_encode([
        'status' => 0,
        'msg' => 'Server error',
    ]);
}