Sindbad~EG File Manager

<?php
require_once '../config/config.php';

header('Content-Type: application/json');

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['success' => false, 'message' => 'Method not allowed']);
    exit;
}

$data = json_decode(file_get_contents('php://input'), true);
$membershipId = trim($data['membership_id'] ?? '');
$verificationCode = trim($data['verification_code'] ?? '');

if (empty($membershipId) || empty($verificationCode)) {
    echo json_encode(['success' => false, 'message' => 'Membership ID and verification code are required']);
    exit;
}

try {
    $db = Database::getInstance()->getConnection();
    
    // Find verification record
    $stmt = $db->prepare("
        SELECT id, member_id, email, is_verified, expires_at
        FROM public_directory_access
        WHERE membership_id = :membership_id
        AND verification_code = :verification_code
        AND is_verified = FALSE
        ORDER BY created_at DESC
        LIMIT 1
    ");
    $stmt->execute([
        'membership_id' => $membershipId,
        'verification_code' => $verificationCode
    ]);
    $access = $stmt->fetch(PDO::FETCH_ASSOC);
    
    if (!$access) {
        echo json_encode(['success' => false, 'message' => 'Invalid verification code. Please check and try again.']);
        exit;
    }
    
    // Check if expired
    if (strtotime($access['expires_at']) < time()) {
        echo json_encode(['success' => false, 'message' => 'Verification code has expired. Please request a new one.']);
        exit;
    }
    
    // Generate session token
    $sessionToken = bin2hex(random_bytes(32));
    
    // Mark as verified and store session token
    $stmt = $db->prepare("
        UPDATE public_directory_access
        SET is_verified = TRUE,
            verified_at = NOW(),
            session_token = :session_token
        WHERE id = :id
    ");
    $stmt->execute([
        'session_token' => $sessionToken,
        'id' => $access['id']
    ]);
    
    // Start session and store token
    if (session_status() === PHP_SESSION_NONE) {
        session_start();
    }
    $_SESSION['directory_access_token'] = $sessionToken;
    $_SESSION['directory_member_id'] = $access['member_id'];
    $_SESSION['directory_verified_at'] = time();
    
    echo json_encode([
        'success' => true,
        'message' => 'Verification successful! You can now access the directory.',
        'token' => $sessionToken
    ]);
    
} catch (Exception $e) {
    error_log('Directory code verification error: ' . $e->getMessage());
    echo json_encode([
        'success' => false,
        'message' => 'An error occurred. Please try again later.'
    ]);
}