<?php
require_once '../db/config.php';

header('Content-Type: application/json');

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['error' => 'Method Not Allowed']);
    exit;
}

$data = json_decode(file_get_contents('php://input'), true);

$product_id = $data['product_id'] ?? null;
$quantity = $data['quantity'] ?? null;

if (!$product_id || !isset($quantity)) {
    http_response_code(400);
    echo json_encode(['error' => 'Missing required fields: product_id, quantity']);
    exit;
}

if (!is_numeric($quantity) || $quantity < 0) {
    http_response_code(400);
    echo json_encode(['error' => 'Invalid quantity']);
    exit;
}

try {
    $pdo = db();

    $stmt = $pdo->prepare("SELECT id FROM products WHERE id = ?");
    $stmt->execute([$product_id]);
    if (!$stmt->fetch()) {
        http_response_code(404);
        echo json_encode(['error' => 'Product not found']);
        exit;
    }

    $stmt = $pdo->prepare("UPDATE products SET quantity = ? WHERE id = ?");
    $stmt->execute([$quantity, $product_id]);

    echo json_encode(['success' => 'Inventory updated successfully']);

} catch (PDOException $e) {
    http_response_code(500);
    echo json_encode(['error' => 'Database error: ' . $e->getMessage()]);
}