<?php

header('Content-Type: application/json');

include __DIR__.'/../../konsultasi/conf/koneksiPDO.php';

$validSecrets = [
    getenv('SPOTA_LEGACY_API_SECRET') ?: '',
    'in14d4lahP4ssWordSP0TA!12!',
];

$secret = isset($_GET['secret']) ? trim((string) $_GET['secret']) : '';
if ($secret === '' || !in_array($secret, $validSecrets, true)) {
    http_response_code(401);
    echo json_encode([
        'status' => 0,
        'msg' => 'Unauthorized',
    ]);
    exit();
}

$mulaiTahun = isset($_GET['mulaiTahun']) ? (int) $_GET['mulaiTahun'] : 0;
$withHP = array_key_exists('withHP', $_GET);

try {
    $conn = new createCon();
    $dbhSpota = $conn->connectSpota();

    $sql = 'SELECT idmhs, nim, nmLengkap, email, foto, thnmasuk, noHP, noHPOrtu FROM tbmhs';
    $params = [];

    if ($mulaiTahun > 0) {
        $sql .= ' WHERE thnmasuk >= :mulaiTahun';
        $params[':mulaiTahun'] = $mulaiTahun;
    }

    $sql .= ' ORDER BY thnmasuk DESC, nim ASC';

    $stmt = $dbhSpota->prepare($sql);
    $stmt->execute($params);

    $data = [];
    while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
        $foto = (string) $row['foto'];
        $item = [
            'id' => $row['idmhs'],
            'nim' => $row['nim'],
            'nama' => $row['nmLengkap'],
            'email' => $row['email'],
            'urlFoto' => 'http://spota.untan.ac.id/img/'.$foto,
            'angkatan' => $row['thnmasuk'],
        ];

        if ($withHP) {
            $item['hp'] = $row['noHP'];
            $item['hpOrtu'] = $row['noHPOrtu'];
        }

        $data[] = $item;
    }

    echo json_encode([
        'status' => 1,
        'data' => $data,
        'msg' => 'ok',
    ]);
} catch (Exception $e) {
    http_response_code(500);
    echo json_encode([
        'status' => 0,
        'msg' => 'Server error',
    ]);
}