<?php
require_once 'auth.php';
require_role('receptionist'); // Or a new 'pharmacist' role
require_once 'db/config.php';

header('Content-Type: application/json');
$response = ['success' => false, 'message' => 'Invalid request.'];

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $prescription_id = $_POST['prescription_id'] ?? null;
    $user_id = $_SESSION['user_id'] ?? null;

    if ($prescription_id && $user_id) {
        try {
            $pdo = db();
            $stmt = $pdo->prepare(
                "UPDATE prescriptions SET status = 'Dispensed', dispensed_at = CURRENT_TIMESTAMP, dispensed_by = ? WHERE id = ?"
            );
            
            if ($stmt->execute([$user_id, $prescription_id])) {
                $response = ['success' => true, 'message' => 'Prescription marked as dispensed.'];
            } else {
                $response['message'] = 'Failed to update prescription status.';
            }
        } catch (PDOException $e) {
            $response['message'] = 'Database error: ' . $e->getMessage();
        }
    } else {
        $response['message'] = 'Missing prescription ID or user not logged in.';
    }
}

echo json_encode($response);
?>