<?php
require_once __DIR__ . '/db/config.php';

header('Content-Type: application/json');

$response = ['success' => false, 'message' => 'Invalid request.'];
$action = $_REQUEST['action'] ?? null;

try {
    $pdo = db();
    $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    if ($_SERVER['REQUEST_METHOD'] === 'POST' && $action === 'add') {
        $medicineName = trim($_POST['medicine_name'] ?? '');
        $expiryDate = trim($_POST['expiry_date'] ?? '');

        if (empty($medicineName) || empty($expiryDate)) {
            $response['message'] = 'Medicine name and expiry date are required.';
        } else {
            $stmt = $pdo->prepare("INSERT INTO medicines (medicine_name, expiry_date) VALUES (:name, :date)");
            $stmt->execute(['name' => $medicineName, 'date' => $expiryDate]);
            $response = ['success' => true, 'message' => 'Medicine added successfully.'];
        }
    } elseif ($_SERVER['REQUEST_METHOD'] === 'GET' && $action === 'get') {
        $stmt = $pdo->query("SELECT id, medicine_name, expiry_date FROM medicines ORDER BY expiry_date ASC");
        $medicines = $stmt->fetchAll(PDO::FETCH_ASSOC);
        $response = ['success' => true, 'medicines' => $medicines];
    } elseif ($_SERVER['REQUEST_METHOD'] === 'POST' && $action === 'delete') {
        $id = $_POST['id'] ?? null;
        if ($id) {
            $stmt = $pdo->prepare("DELETE FROM medicines WHERE id = :id");
            $stmt->execute(['id' => $id]);
            $response = ['success' => true, 'message' => 'Medicine removed.'];
        } else {
            $response['message'] = 'Medicine ID is required.';
        }
    }

} catch (PDOException $e) {
    http_response_code(500);
    $response['message'] = 'Database error: ' . $e->getMessage();
}

echo json_encode($response);
?>