<?php
session_start();
require_once 'db/config.php';

if (!isset($_SESSION['user_id'])) {
    header('Location: login.php');
    exit();
}

if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
    header('Location: dashboard.php?error=Invalid CV ID');
    exit();
}

$cv_id = $_GET['id'];
$user_id = $_SESSION['user_id'];

try {
    $pdo = db();
    
    // First, verify the CV belongs to the current user
    $stmt = $pdo->prepare("SELECT user_id FROM cvs WHERE id = ?");
    $stmt->execute([$cv_id]);
    $cv = $stmt->fetch(PDO::FETCH_ASSOC);

    if (!$cv || $cv['user_id'] != $user_id) {
        // CV not found or does not belong to the user
        header('Location: dashboard.php?error=CV not found or permission denied.');
        exit();
    }

    // Delete the CV
    $stmt = $pdo->prepare("DELETE FROM cvs WHERE id = ? AND user_id = ?");
    $stmt->execute([$cv_id, $user_id]);

    header('Location: dashboard.php?success=CV deleted successfully.');
    exit();

} catch (PDOException $e) {
    // Log error and redirect
    error_log("CV Deletion Error: " . $e->getMessage());
    header('Location: dashboard.php?error=An error occurred while deleting the CV.');
    exit();
}
?>