<?php
include "../utils/security.php";
secure_session_start();
require_same_origin_request();
require_csrf_token();
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
	json_response(['success' => false, 'message' => 'Invalid request method.'], 405);
}
include "../../config/config.php";
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
check_rate_limit($conn, 'set_username', 30, 60);
$_SESSION["needs_auth"]=true;
$_SESSION["logged_in"]=false;
unset($_SESSION["external_domain_confirmed"]);
$username = strtolower((string) ($_POST["username"] ?? ""));
$_SESSION["username"]=preg_replace("/[^a-z0-9_]/","",$username);
session_regenerate_id(true);
?>