<?php
require_once __DIR__ . '/db/config.php';
require_once __DIR__ . '/shared/header.php';

if (!isset($_SESSION['user_id'])) {
    header('Location: login.php');
    exit();
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (isset($_POST['task_id'])) {
        $task_id = $_POST['task_id'];
        $user_id = $_SESSION['user_id'];

        // Check if user has already applied
        $stmt = db()->prepare("SELECT id FROM applications WHERE task_id = ? AND user_id = ?");
        $stmt->execute([$task_id, $user_id]);
        if ($stmt->fetch()) {
            // User has already applied
            header('Location: index.php?message=already_applied');
            exit();
        }

        // Check if user is the task owner
        $stmt = db()->prepare("SELECT id FROM tasks WHERE id = ? AND user_id = ?");
        $stmt->execute([$task_id, $user_id]);
        if ($stmt->fetch()) {
            // User is the task owner
            header('Location: index.php?message=owner_cannot_apply');
            exit();
        }

        try {
            $stmt = db()->prepare("INSERT INTO applications (task_id, user_id) VALUES (?, ?)");
            $stmt->execute([$task_id, $user_id]);
            header('Location: index.php?message=applied_successfully');
            exit();
        } catch (PDOException $e) {
            error_log($e->getMessage());
            header('Location: index.php?message=application_failed');
            exit();
        }
    }
}

// Redirect to index if accessed directly without POST
header('Location: index.php');