Application Approved!

<?php
header('Content-Type: application/json');
require_once __DIR__ . '/../db/config.php';
require_once __DIR__ . '/../mail/MailService.php';

$response = ['success' => false, 'message' => 'Invalid request'];

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $data = json_decode(file_get_contents('php://input'), true);
    $id = $data['id'] ?? null;
    $status = $data['status'] ?? null;

    $allowed_statuses = ['Pending', 'Approved', 'Rejected'];

    if ($id && $status && in_array($status, $allowed_statuses)) {
        try {
            $pdo = db();
            $stmt = $pdo->prepare("UPDATE subscriptions SET status = :status WHERE id = :id");
            $stmt->execute([':status' => $status, ':id' => $id]);

            if ($stmt->rowCount() > 0) {
                $response = ['success' => true, 'message' => 'Status updated successfully.'];

                // Fetch user details for email notification
                $stmt = $pdo->prepare("SELECT fullName, email, insuranceType FROM subscriptions WHERE id = :id");
                $stmt->execute([':id' => $id]);
                $subscription = $stmt->fetch(PDO::FETCH_ASSOC);

                if ($subscription) {
                    $user_email = $subscription['email'];
                    $user_name = $subscription['fullName'];
                    $insurance_type = $subscription['insuranceType'];
                    $subject = '';
                    $body = '';

                    if ($status === 'Approved') {
                        $subject = "Congratulations! Your SecureLife Application is Approved";
                        $body = "<h1>Application Approved!</h1><p>Dear {$user_name},</p><p>We are pleased to inform you that your application for <strong>{$insurance_type}</strong> insurance has been approved. Welcome to SecureLife!</p><p>We will follow up with your policy documents shortly.</p>";
                    } elseif ($status === 'Rejected') {
                        $subject = "Update on Your SecureLife Application";
                        $body = "<h1>Application Update</h1><p>Dear {$user_name},</p><p>We have carefully reviewed your application for <strong>{$insurance_type}</strong> insurance. We regret to inform you that we are unable to approve your application at this time.</p><p>Thank you for your interest in SecureLife.</p>";
                    }

                    if (!empty($subject) && !empty($body)) {
                        MailService::sendMail($user_email, $subject, $body);
                    }
                }

            } else {
                $response['message'] = 'Could not find a subscription with that ID or status is unchanged.';
            }
        } catch (Exception $e) {
            $response['message'] = 'An error occurred: ' . $e->getMessage();
        }
    } else {
        $response['message'] = 'Invalid ID or status provided.';
    }
}

echo json_encode($response);