<?php
include "../utils/security.php";
secure_session_start();
header('Content-Type: application/json');

require_logged_in();

include "../../config/config.php";
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);

$user_id = $_SESSION['id'];
$method = $_SERVER['REQUEST_METHOD'];

if ($method === 'GET') {
    $sql = "SELECT id, agent FROM keepmeloggedin WHERE user_id = ? ORDER BY id DESC";
    $stmt = mysqli_prepare($conn, $sql);
    mysqli_stmt_bind_param($stmt, 'i', $user_id);
    mysqli_stmt_execute($stmt);
    mysqli_stmt_store_result($stmt);
    $sessions = [];
    $id = 0;
    $agent = '';
    mysqli_stmt_bind_result($stmt, $id, $agent);
    while (mysqli_stmt_fetch($stmt)) {
        $sessions[] = [
            'id' => $id,
            'user_agent' => $agent,
        ];
    }
    mysqli_stmt_close($stmt);
    echo json_encode(['success' => true, 'sessions' => $sessions]);

} elseif ($method === 'POST') {
    require_csrf_token();
    $input = json_decode(file_get_contents('php://input'), true);

    $sql = "DELETE FROM keepmeloggedin WHERE user_id = ?";
    $stmt = mysqli_prepare($conn, $sql);
    mysqli_stmt_bind_param($stmt, 'i', $user_id);
    mysqli_stmt_execute($stmt);
    mysqli_stmt_close($stmt);

    delete_cookie("auth_token");
    log_activity($conn, $user_id, 'sessions_revoked', 'All remembered sessions deleted');

    echo json_encode(['success' => true, 'message' => 'All sessions revoked.']);
} else {
    echo json_encode(['success' => false, 'message' => 'Invalid request method.'], 405);
}
?>