<?php
session_start();
require_once 'db/config.php';

header('Content-Type: application/json');

// Check if user is a logged-in partner
if (!isset($_SESSION['user_id']) || $_SESSION['user_role'] !== 'partner') {
    echo json_encode(['success' => false, 'message' => 'Unauthorized']);
    exit;
}

// Check for POST request
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    echo json_encode(['success' => false, 'message' => 'Invalid request method.']);
    exit;
}

// Get and validate input
$input = json_decode(file_get_contents('php://input'), true);
$referral_id = $input['referral_id'] ?? null;
$new_status = $input['status'] ?? null;

if (!$referral_id || !$new_status) {
    echo json_encode(['success' => false, 'message' => 'Missing required parameters.']);
    exit;
}

if (!in_array($new_status, ['Accepted', 'Rejected'])) {
    echo json_encode(['success' => false, 'message' => 'Invalid status.']);
    exit;
}

$pdo = db();

// Verify the partner owns this referral
$stmt = $pdo->prepare("SELECT r.id FROM referrals r JOIN partners p ON r.partner_id = p.id WHERE r.id = ? AND p.user_id = ?");
$stmt->execute([$referral_id, $_SESSION['user_id']]);
$referral = $stmt->fetch();

if (!$referral) {
    echo json_encode(['success' => false, 'message' => 'Referral not found or you do not have permission to modify it.']);
    exit;
}

// Update the referral status
try {
    $update_stmt = $pdo->prepare("UPDATE referrals SET status = ? WHERE id = ?");
    $update_stmt->execute([$new_status, $referral_id]);

    if ($update_stmt->rowCount() > 0) {
        echo json_encode(['success' => true, 'message' => 'Referral status updated successfully.']);
    } else {
        echo json_encode(['success' => false, 'message' => 'Failed to update status or status was already set.']);
    }
} catch (PDOException $e) {
    // Log error properly in a real application
    echo json_encode(['success' => false, 'message' => 'Database error: ' . $e->getMessage()]);
}

?>