<?php
// /www/esp32_data.php
// Disclaimer: This example code is part of a research prototype.
// It is provided “as is”, without any warranty of any kind.
// Please review, adapt, and test carefully before using it in production.

// Shared secret token used by the ESP32 device when sending data.
// TODO: Replace this placeholder with your own long, random token string
//       and configure the same value in the ESP32 firmware.
$expectedToken = 'YOUR_LONG_RANDOM_SHARED_TOKEN_HERE';

// Check token from URL query parameter, e.g. /esp32_data.php?token=...
if (!isset($_GET['token']) || $_GET['token'] !== $expectedToken) {
    http_response_code(401);
    header('Content-Type: text/plain; charset=utf-8');
    exit('Unauthorized');
}

// Read JSON body
$raw = file_get_contents('php://input');
$data = json_decode($raw, true);

if (!is_array($data)) {
    http_response_code(400);
    header('Content-Type: text/plain; charset=utf-8');
    exit('Invalid JSON payload');
}

// Validate required fields from the device
if (!isset($data['device_id'], $data['sht_temp'], $data['humidity'], $data['bmp_temp'])) {
    http_response_code(400);
    header('Content-Type: text/plain; charset=utf-8');
    exit('Missing required fields');
}

$deviceId  = (string)$data['device_id'];
$shtTemp   = (float)$data['sht_temp'];
$humidity  = (float)$data['humidity'];
$bmpTemp   = (float)$data['bmp_temp'];

// Optional fields – use null if not provided
$pressure  = array_key_exists('pressure', $data) ? (float)$data['pressure'] : null;
$par       = array_key_exists('par', $data) ? (float)$data['par'] : null;
$battery   = array_key_exists('battery', $data) ? (float)$data['battery'] : null;

// Database connection configuration.
// TODO: Replace the placeholders below with your actual database settings.
$host    = 'localhost';                  // Database host, usually 'localhost'
$db      = 'YOUR_DATABASE_NAME_HERE';    // TODO: set your database name
$user    = 'YOUR_DATABASE_USER_HERE';    // TODO: set your database user
$pass    = 'YOUR_DATABASE_PASSWORD_HERE';// TODO: set your database password
$charset = 'utf8mb4';

$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$options = [
    PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
    PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
];

header('Content-Type: application/json; charset=utf-8');

try {
    $pdo = new PDO($dsn, $user, $pass, $options);

    $stmt = $pdo->prepare("
        INSERT INTO sensor_data (
            device_id,
            sht_temp,
            humidity,
            bmp_temp,
            pressure,
            par,
            battery
        ) VALUES (
            :device_id,
            :sht_temp,
            :humidity,
            :bmp_temp,
            :pressure,
            :par,
            :battery
        )
    ");

    $stmt->execute([
        ':device_id' => $deviceId,
        ':sht_temp'  => $shtTemp,
        ':humidity'  => $humidity,
        ':bmp_temp'  => $bmpTemp,
        ':pressure'  => $pressure,
        ':par'       => $par,
        ':battery'   => $battery,
    ]);

    echo json_encode(['status' => 'OK'], JSON_PRETTY_PRINT);
} catch (PDOException $e) {
    http_response_code(500);
    // For production you would usually log the error instead of returning it.
    echo json_encode(['error' => 'Database error'], JSON_PRETTY_PRINT);
}
