34132-vm/save_cv.php

<?php
session_start();
require_once __DIR__ . '/db/config.php';

// If user is not logged in, store CV data in session and redirect to register
if (!isset($_SESSION['user_id'])) {
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        $_SESSION['guest_cv_data'] = $_POST;
        $_SESSION['info_message'] = 'Create an account to save your CV.';
        header('Location: /register.php');
        exit;
    } else {
        // Not a POST request and not logged in
        header('Location: /login.php');
        exit;
    }
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $pdo = db();
    $user_id = $_SESSION['user_id'];
    $user_role = $_SESSION['user_role'] ?? 'free';
    $cv_id = $_POST['cv_id'] ?? null;
    $title = $_POST['title'] ?? 'My CV';
    $template_id = $_POST['template_id'] ?? 1; // Default to template 1

    // --- Role-based Limitation ---
    if (empty($cv_id) && $user_role === 'free') {
        $stmt = $pdo->prepare("SELECT COUNT(*) FROM cvs WHERE user_id = ?");
        $stmt->execute([$user_id]);
        $cv_count = $stmt->fetchColumn();

        if ($cv_count >= 2) {
            // Limit reached for free users
            $_SESSION['error_message'] = 'You have reached the maximum of 2 CVs for the Free Plan. Please upgrade to create more.';
            header('Location: /dashboard.php');
            exit;
        }
    }
    
    $content = json_encode([
        'personal_info' => $_POST['personal_info'] ?? [],
        'experience' => array_values($_POST['experience'] ?? []),
        'education' => array_values($_POST['education'] ?? []),
        'skills' => $_POST['skills'] ?? ''
    ]);

    if ($cv_id) {
        // Update existing CV
        $stmt = $pdo->prepare('UPDATE cvs SET title = :title, content = :content, template_id = :template_id, updated_at = NOW() WHERE id = :id AND user_id = :user_id');
        $stmt->execute([
            'id' => $cv_id,
            'user_id' => $user_id,
            'title' => $title,
            'content' => $content,
            'template_id' => $template_id
        ]);
    } else {
        // Insert new CV
        $stmt = $pdo->prepare('INSERT INTO cvs (user_id, title, content, template_id) VALUES (:user_id, :title, :content, :template_id)');
        $stmt->execute([
            'user_id' => $user_id,
            'title' => $title,
            'content' => $content,
            'template_id' => $template_id
        ]);
    }

    header('Location: /dashboard.php');
    exit;
} else {
    // Not a POST request
    header('Location: /dashboard.php');
    exit;
}