<?php
// add_lead.php
session_start();
require_once 'db/config.php';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Basic server-side validation
    $lead_name = trim($_POST['lead_name'] ?? '');
    $status = trim($_POST['status'] ?? '');
    $category = trim($_POST['category'] ?? '');
    $contact_email = trim($_POST['contact_email'] ?? '');
    $owner = trim($_POST['owner'] ?? '');

    if (empty($lead_name) || empty($status) || empty($category) || !filter_var($contact_email, FILTER_VALIDATE_EMAIL) || empty($owner)) {
        $_SESSION['message'] = ['type' => 'danger', 'text' => 'Invalid input. Please fill all fields correctly.'];
        header('Location: index.php');
        exit;
    }

    $pdo = db();
    if ($pdo) {
        try {
            $stmt = $pdo->prepare(
                "INSERT INTO leads (lead_name, status, category, contact_email, owner) VALUES (?, ?, ?, ?, ?)"
            );
            $stmt->execute([$lead_name, $status, $category, $contact_email, $owner]);
            $_SESSION['message'] = ['type' => 'success', 'text' => 'Lead added successfully!'];
        } catch (PDOException $e) {
            error_log('Add Lead Error: ' . $e->getMessage());
            $_SESSION['message'] = ['type' => 'danger', 'text' => 'A database error occurred.'];
        }
    } else {
        $_SESSION['message'] = ['type' => 'danger', 'text' => 'Could not connect to the database.'];
    }
}

header('Location: index.php');
exit;
?>