<?php
header('Content-Type: application/json');
include 'dbconnect.php';

$signed_request = $_POST['signed_request'];
$data = parse_signed_request($signed_request);
$user_id = $data['user_id'];

// Start data deletion
$stmt = $mysqli->prepare("DELETE FROM player WHERE facebookid=?");

 if ( false === $stmt ) {
        // echo $sqli->error; /*HIDE THIS DURING DEPLOY*/ 
        die('prep failed'); // probably remove this later
    }
    $rc = $stmt->bind_param("i", $user_id);
    if ( false === $rc ) {
        die('bind failed'); // probably remove this later
    }
    $rc = $stmt->execute();
    if ( false === $rc ) {
        // echo $stmt->error; /*HIDE THIS DURING DEPLOY*/ 
        die('exec failed');// probably remove this later
    }


$status_url = 'https://www.egybasra.com/basra/deletion.php?id='.$user_id; // URL to track the deletion
$confirmation_code = $user_id; // unique code for the deletion request

$data = array(
  'url' => $status_url,
  'confirmation_code' => $confirmation_code
);
echo json_encode($data);

function parse_signed_request($signed_request) {
  list($encoded_sig, $payload) = explode('.', $signed_request, 2);

  $secret = "29d3d203fbb24d481e1e84c85cec8e5a"; // Use your app secret here

  // decode the data
  $sig = base64_url_decode($encoded_sig);
  $data = json_decode(base64_url_decode($payload), true);

  // confirm the signature
  $expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
  if ($sig !== $expected_sig) {
    error_log('Bad Signed JSON signature!');
    return null;
  }

  return $data;
}

function base64_url_decode($input) {
  return base64_decode(strtr($input, '-_', '+/'));
}
?>