<?php
session_start();
header('Content-Type: application/json');

require_once __DIR__ . '/../../classes/DB.php';
require_once __DIR__ . '/../../classes/User.php';

/* SIMPLE ADMIN CHECK */
if (!isset($_SESSION['is_admin']) || $_SESSION['is_admin'] !== true) {
    echo json_encode(["ok" => false, "error" => "Not admin"]);
    exit;
}

$userId = $_POST['user_id'] ?? null;
$days   = $_POST['days'] ?? null;

if (!$userId || $days === null) {
    echo json_encode(["ok" => false, "error" => "Missing fields"]);
    exit;
}

$db = DB::get();

/* PERMANENT BAN */
if ($days == "perm") {
    $db->prepare("UPDATE users SET is_banned = 1, ban_until = NULL WHERE id = ?")
       ->execute([$userId]);

    echo json_encode(["ok" => true, "ban" => "permanent"]);
    exit;
}

/* TEMP BAN */
$banUntil = date('Y-m-d H:i:s', time() + ($days * 86400));

$db->prepare("UPDATE users SET is_banned = 1, ban_until = ? WHERE id = ?")
   ->execute([$banUntil, $userId]);

echo json_encode([
    "ok" => true,
    "ban" => "temporary",
    "until" => $banUntil
]);