false, 'error' => 'Method not allowed'], 405); } $people = normalizePeopleList(readJsonFile('people.json')); if (count($people) > 0) { sendJson(['success' => false, 'error' => 'People already exist; use signed-in Head of Household'], 403); } $body = readJsonBody(); $name = isset($body['name']) ? trim((string) $body['name']) : ''; $pin = isset($body['pin']) ? (string) $body['pin'] : ''; if ($name === '') { sendJson(['success' => false, 'error' => 'Name is required'], 400); } if (strlen($pin) < 4) { sendJson(['success' => false, 'error' => 'PIN must be at least 4 characters'], 400); } $icon = isset($body['icon']) ? trim((string) $body['icon']) : ''; $description = isset($body['description']) ? trim((string) $body['description']) : ''; $birthday = isset($body['birthday']) ? trim((string) $body['birthday']) : ''; $favoriteColor = isset($body['favoriteColor']) ? trim((string) $body['favoriteColor']) : '#4a90e2'; if ($favoriteColor !== '' && !preg_match('/^#[0-9A-Fa-f]{6}$/', $favoriteColor)) { sendJson(['success' => false, 'error' => 'favoriteColor must be a #RRGGBB value'], 400); } if ($birthday !== '' && !preg_match('/^\d{4}-\d{2}-\d{2}$/', $birthday)) { sendJson(['success' => false, 'error' => 'birthday must be YYYY-MM-DD'], 400); } $newPerson = [ 'id' => bin2hex(random_bytes(8)), 'name' => $name, 'role' => ROLE_HEAD, 'pin_hash' => password_hash($pin, PASSWORD_DEFAULT), 'icon' => $icon, 'description' => $description, 'birthday' => $birthday, 'favoriteColor' => $favoriteColor, 'currency_balance' => 0, 'created_at' => gmdate('c'), ]; if (!writeJsonFile('people.json', [$newPerson])) { sendJson(['success' => false, 'error' => 'Failed to save people'], 500); } setSessionPerson($newPerson['id'], true); $safe = $newPerson; unset($safe['pin_hash']); sendJson(['success' => true, 'person' => $safe]);