<?php

// Force CLI only
if (PHP_SAPI !== 'cli') {
    fwrite(STDERR, "Access denied.\n");
    exit(1);
}

/**
 * SILENCE PHP ENGINE OUTPUT (CRITICAL)
 */
ini_set('display_errors', '0');
ini_set('display_startup_errors', '0');
error_reporting(0);

/**
 * CAPTURE STDOUT
 */
ob_start();

// Prevent WordPress from emitting headers or themes
define('WP_USE_THEMES', false);
define('WP_DEBUG', false);
define('WP_DEBUG_DISPLAY', false);
define('WP_DEBUG_LOG', false);

// Load WordPress
require_once __DIR__ . '/wp-load.php';

// Discard ALL output generated so far
ob_end_clean();

/**
 * Generate secure token
 */
function generate_unique_token(): string {
    return rtrim(
        strtr(base64_encode(random_bytes(32)), '+/', '-_'),
        '='
    );
}

/**
 * CLI-safe JSON response
 */
function send_response(string $status, string $message, $data = null): void {
    $payload = [
        'status'  => $status,
        'message' => $message,
        'data'    => $data
    ];

    // Write ONLY to STDOUT
    fwrite(STDOUT, json_encode($payload, JSON_UNESCAPED_SLASHES) . PHP_EOL);
    exit($status === 'success' ? 0 : 1);
}

// Validate args
global $argc, $argv;

if ($argc < 2) {
    send_response('error', 'Username not provided.');
}

$username = $argv[1];

try {
    $user = get_user_by('login', $username);

    if (!$user) {
        send_response('error', 'User not found.');
    }

    $token = generate_unique_token();

    update_user_meta($user->ID, 'magic_login_token', $token);
    update_user_meta($user->ID, 'magic_login_created', time());

    $url = site_url('/wp-magic-login.php') .
        '?token=' . rawurlencode($token) .
        '&username=' . rawurlencode($username);

    send_response('success', 'Auto-login URL generated', [
        'auto_login_url' => $url
    ]);

} catch (Throwable $e) {
    send_response('error', $e->getMessage());
}