<?php
declare(strict_types=1);

require __DIR__ . '/_common.php';

require_login();

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    json_response(['ok' => false, 'error' => 'Use POST'], 405);
}

$me = current_admin();
if (!$me) {
    json_response(['ok' => false, 'error' => 'Unauthorized'], 401);
}

$body = require_json_body();
$current = (string)($body['currentPassword'] ?? '');
$new = (string)($body['newPassword'] ?? '');

if ($current === '' || $new === '') {
    json_response(['ok' => false, 'error' => 'กรอกรหัสปัจจุบันและรหัสใหม่'], 400);
}
if (strlen($new) < 8) {
    json_response(['ok' => false, 'error' => 'รหัสใหม่อย่างน้อย 8 ตัวอักษร'], 400);
}

$hash = $me['passwordHash'] ?? '';
if (!is_string($hash) || !password_verify($current, $hash)) {
    json_response(['ok' => false, 'error' => 'รหัสผ่านปัจจุบันไม่ถูกต้อง'], 401);
}

$store = read_store();
$updated = false;
foreach ($store['admins'] ?? [] as $i => $a) {
    if (($a['id'] ?? '') !== ($me['id'] ?? '')) {
        continue;
    }
    $store['admins'][$i]['passwordHash'] = password_hash($new, PASSWORD_DEFAULT);
    $updated = true;
    break;
}
if (!$updated) {
    json_response(['ok' => false, 'error' => 'ไม่พบบัญชี'], 500);
}
if (!write_store($store)) {
    json_response(['ok' => false, 'error' => 'บันทึกไม่สำเร็จ'], 500);
}

json_response(['ok' => true, 'message' => 'เปลี่ยนรหัสผ่านแล้ว']);