<?php
require 'db.php';
require 'auth.php';

header('Content-Type: application/json');
require_login();

$user_id = current_user_id();

$input = json_decode(file_get_contents('php://input'), true);
$profile_id = (int)($input['profile_id'] ?? 0);

if ($profile_id <= 0) {
  http_response_code(400);
  echo json_encode(['success' => false, 'error' => 'Invalid profile_id']);
  exit;
}

$stmt = $pdo->prepare("SELECT id FROM profiles WHERE id = ? AND user_id = ?");
$stmt->execute([$profile_id, $user_id]);

if (!$stmt->fetchColumn()) {
  http_response_code(403);
  echo json_encode(['success' => false, 'error' => 'Profile not allowed']);
  exit;
}

$_SESSION['active_profile_id'] = $profile_id;

echo json_encode(['success' => true, 'active_profile_id' => $profile_id]);