<?php
session_start();

if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true) {
    header("location: login.php");
    exit;
}

require_once 'db/config.php';

$user_id = $_SESSION["id"];

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    $name = trim($_POST["name"]);
    $email = trim($_POST["email"]);
    $new_password = $_POST["new_password"];
    $confirm_password = $_POST["confirm_password"];

    $pdo = db();
    $sql = "UPDATE users SET name = :name, email = :email";

    // Password update logic
    if (!empty($new_password)) {
        if (strlen($new_password) < 6) {
            $_SESSION['error_message'] = "Password must have at least 6 characters.";
            header("location: profile.php");
            exit;
        } elseif ($new_password != $confirm_password) {
            $_SESSION['error_message'] = "Passwords do not match.";
            header("location: profile.php");
            exit;
        }
        $sql .= ", password = :password";
        $hashed_password = password_hash($new_password, PASSWORD_DEFAULT);
    }

    $sql .= " WHERE id = :id";

    if ($stmt = $pdo->prepare($sql)) {
        $stmt->bindParam(":name", $name, PDO::PARAM_STR);
        $stmt->bindParam(":email", $email, PDO::PARAM_STR);
        $stmt->bindParam(":id", $user_id, PDO::PARAM_INT);

        if (!empty($new_password)) {
            $stmt->bindParam(":password", $hashed_password, PDO::PARAM_STR);
        }

        if ($stmt->execute()) {
            $_SESSION['success_message'] = "Your profile has been updated successfully.";
        } else {
            $_SESSION['error_message'] = "Oops! Something went wrong. Please try again later.";
        }
        unset($stmt);
    }
    unset($pdo);

    header("location: profile.php");
    exit;
}
?>