<?php
header('Content-Type: application/json');

$input = json_decode(file_get_contents('php://input'), true);
$code = $input['code'] ?? '';
$language = $input['language'] ?? 'python';
$timeout = min($input['timeout'] ?? 10, 30); // Max 30 secondes

if (empty($code)) {
    echo json_encode(['error' => 'Code requis']);
    exit;
}

// Sandbox directory
$sandboxDir = "/tmp/hamid_sandbox_" . uniqid();
mkdir($sandboxDir, 0755, true);

$result = ['success' => false, 'output' => '', 'error' => '', 'execution_time' => 0];
$startTime = microtime(true);

switch ($language) {
    case 'python':
    case 'python3':
        $filename = "$sandboxDir/script.py";
        file_put_contents($filename, $code);
        
        // Exécuter avec timeout et restrictions
        $cmd = "cd $sandboxDir && timeout {$timeout}s python3 -u script.py 2>&1";
        exec($cmd, $output, $returnCode);
        
        $result['output'] = implode("\n", $output);
        $result['success'] = ($returnCode === 0);
        $result['return_code'] = $returnCode;
        break;
        
    case 'javascript':
    case 'js':
    case 'node':
        $filename = "$sandboxDir/script.js";
        file_put_contents($filename, $code);
        
        $cmd = "cd $sandboxDir && timeout {$timeout}s node script.js 2>&1";
        exec($cmd, $output, $returnCode);
        
        $result['output'] = implode("\n", $output);
        $result['success'] = ($returnCode === 0);
        $result['return_code'] = $returnCode;
        break;
        
    case 'php':
        $filename = "$sandboxDir/script.php";
        // Sécuriser le code PHP
        $safeCode = "<?php\n" . str_replace(['exec', 'shell_exec', 'system', 'passthru', 'popen', 'proc_open', 'file_get_contents', 'file_put_contents', 'unlink', 'rmdir'], '', $code);
        file_put_contents($filename, $safeCode);
        
        $cmd = "cd $sandboxDir && timeout {$timeout}s php script.php 2>&1";
        exec($cmd, $output, $returnCode);
        
        $result['output'] = implode("\n", $output);
        $result['success'] = ($returnCode === 0);
        $result['return_code'] = $returnCode;
        break;
        
    case 'bash':
    case 'shell':
        // Très restreint pour bash
        $safeCmds = ['echo', 'printf', 'date', 'cal', 'expr', 'seq', 'head', 'tail', 'wc', 'sort', 'uniq', 'grep', 'awk', 'sed'];
        $firstWord = explode(' ', trim($code))[0];
        
        if (!in_array($firstWord, $safeCmds)) {
            $result['error'] = "Commande '$firstWord' non autorisée. Commandes permises: " . implode(', ', $safeCmds);
            break;
        }
        
        $filename = "$sandboxDir/script.sh";
        file_put_contents($filename, "#!/bin/bash\n" . $code);
        chmod($filename, 0755);
        
        $cmd = "cd $sandboxDir && timeout {$timeout}s bash script.sh 2>&1";
        exec($cmd, $output, $returnCode);
        
        $result['output'] = implode("\n", $output);
        $result['success'] = ($returnCode === 0);
        break;
        
    case 'sql':
        // Lecture seule sur une base de test
        $result['error'] = "SQL execution désactivée pour sécurité. Utilisez l'interface DB directement.";
        break;
        
    default:
        $result['error'] = "Langage '$language' non supporté. Supportés: python, javascript, php, bash";
}

$result['execution_time'] = round((microtime(true) - $startTime) * 1000);
$result['language'] = $language;

// Nettoyer le sandbox
exec("rm -rf $sandboxDir");

echo json_encode($result);