<?php
// register.php
ini_set('display_errors', 0); // Do not display errors to the user

require_once 'db/config.php';

function redirect_with_message($type, $message) {
    header("Location: index.php?$type=" . urlencode($message));
    exit();
}

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    redirect_with_message('error', 'Invalid request method.');
}

// --- Input Validation ---
$full_name = trim($_POST['full_name'] ?? '');
$mobile_number = trim($_POST['mobile_number'] ?? '');
$password = $_POST['password'] ?? '';
$agree_terms = isset($_POST['agree_terms']);

if (empty($full_name) || empty($mobile_number) || empty($password)) {
    redirect_with_message('error', 'All fields are required.');
}

if (!$agree_terms) {
    redirect_with_message('error', 'You must agree to the terms and conditions.');
}

if (strlen($password) < 8) {
    redirect_with_message('error', 'Password must be at least 8 characters long.');
}

// Basic mobile number validation (doesn't cover all edge cases)
if (!preg_match('/^\+?[1-9]\d{1,14}$/', $mobile_number)) {
    redirect_with_message('error', 'Invalid mobile number format.');
}


try {
    $pdo = db();

    // --- Idempotent Table Creation ---
    $pdo->exec(" 
        CREATE TABLE IF NOT EXISTS users (
            id INT AUTO_INCREMENT PRIMARY KEY,
            full_name VARCHAR(255) NOT NULL,
            mobile_number VARCHAR(20) NOT NULL UNIQUE,
            password_hash VARCHAR(255) NOT NULL,
            created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
        );
    ");

    // --- Check if user already exists ---
    $stmt = $pdo->prepare("SELECT id FROM users WHERE mobile_number = :mobile_number");
    $stmt->execute(['mobile_number' => $mobile_number]);
    if ($stmt->fetch()) {
        redirect_with_message('error', 'A user with this mobile number already exists.');
    }

    // --- Create User ---
    $password_hash = password_hash($password, PASSWORD_DEFAULT);

    $stmt = $pdo->prepare(
        "INSERT INTO users (full_name, mobile_number, password_hash) VALUES (:full_name, :mobile_number, :password_hash)"
    );

    $stmt->execute([
        ':full_name' => $full_name,
        ':mobile_number' => $mobile_number,
        ':password_hash' => $password_hash
    ]);

    redirect_with_message('success', 'Registration successful! You can now log in.');

} catch (PDOException $e) {
    // In a real app, you would log this error.
    // error_log("Registration failed: " . $e->getMessage());
    redirect_with_message('error', 'An internal error occurred. Please try again later.');
}