<?php
require_once __DIR__ . '/_secrets.php';
header("Content-Type: application/json");
header("Access-Control-Allow-Origin: *");
if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); exit; }
$token = $_GET["token"] ?? $_POST["token"] ?? "";
if ($token !== "ETHICA_API_2026_SECURE") { echo json_encode(["error"=>"Invalid token"]); exit; }
$action = $_GET["action"] ?? "status";
$pg = pg_connect("host=127.0.0.1 dbname=adx_system user=admin password=" . weval_secret('WEVAL_PG_ADMIN_PASS') . "");
if (!$pg) { echo json_encode(["error"=>"DB"]); exit; }
switch ($action) {
case "status":
    $total = pg_fetch_result(pg_query($pg, "SELECT count(*) FROM ethica.medecins_validated"), 0, 0);
    echo json_encode(["status"=>"operational","total_hcp"=>(int)$total,"collecteurs_active"=>true]);
    break;
case "logs":
    echo json_encode(["logs"=>[],"message"=>"No recent collecteur activity"]);
    break;
default:
    echo json_encode(["status"=>"ok","action"=>$action]);
}
pg_close($pg);