<?php
require "db.php";
$a = $_GET['action'] ?? '';
$b = body();

function find_user($name) {
  $st=db()->prepare("SELECT user_id FROM users WHERE username=?");
  $st->execute([$name]);
  $r=$st->fetch();
  return $r ? $r["user_id"] : 0;
}

if ($a==="create") {
  $u=trim($b["username"]??"");
  $c=trim($b["name"]??"");
  if($u==""||$c=="") out(false,"invalid",[],400);
  $uid=find_user($u);
  if(!$uid) out(false,"user not found",[],404);
  db()->prepare("INSERT INTO characters(user_id,name) VALUES(?,?)")->execute([$uid,$c]);
  out(true,"created",["character_id"=>db()->lastInsertId()]);
}
if ($a==="list") {
  $st=db()->query("SELECT c.character_id,c.name,u.username FROM characters c JOIN users u ON u.user_id=c.user_id");
  out(true,"ok",["items"=>$st->fetchAll()]);
}
if ($a==="delete") {
  $u=$_GET["username"]??""; $c=$_GET["name"]??"";
  $uid=find_user($u);
  if(!$uid) out(false,"user not found",[],404);
  $d=db()->prepare("DELETE FROM characters WHERE user_id=? AND name=?");
  $d->execute([$uid,$c]);
  out(true,"deleted",["count"=>$d->rowCount()]);
}
out(false,"unknown action",[],404);