<?php
require __DIR__ . '/../incl/util.php';
setJsonHeader();
checkClientDatabaseVersion();
$conn = newConnection();

$postData = getPostData();
$newusername = $post['newusername'] ?? '';
$token = $post['token'] ?? '';
$username = $post['username'] ?? '';

if (!preg_match('/^[a-zA-Z0-9]{3,16}$/', $newusername)) {
    exitWithMessage(json_encode(["success" => false, "message" => "Username must be 3-16 characters, letters and numbers only"]));
}

$stmt = $conn->prepare("SELECT * FROM users WHERE username = ?");
$stmt->bind_param("s", $newusername);
$stmt->execute();
$result = $stmt->get_result();

if ($result->num_rows > 0) {
    exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"]));
}

$stmt = $conn->prepare("UPDATE users SET username = ? WHERE username = ? AND token = ?");
$stmt->bind_param("sss", $newusername, $username, $token);
$stmt->execute();

if ($stmt->affected_rows === 0) {
    exitWithMessage(json_encode(["success" => false, "message" => "Invalid session token or username, please refresh login"]));
}

echo encrypt(json_encode(["success" => true]));