<?php
require_once __DIR__ . '/db/config.php';
require_once __DIR__ . '/includes/flash_messages.php';

session_start();

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    header('Location: signup.php');
    exit();
}

$username = trim($_POST['username'] ?? '');
$email = trim($_POST['email'] ?? '');
$password = $_POST['password'] ?? '';
$confirm_password = $_POST['confirm_password'] ?? '';

// --- Basic Validation ---
if (empty($username) || empty($email) || empty($password) || empty($confirm_password)) {
    set_flash_message('Please fill all fields.', 'danger');
    header('Location: signup.php');
    exit();
}

if ($password !== $confirm_password) {
    set_flash_message('Passwords do not match.', 'danger');
    header('Location: signup.php');
    exit();
}

if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    set_flash_message('Invalid email format.', 'danger');
    header('Location: signup.php');
    exit();
}

// --- Check for existing user ---
$pdo = db();
$stmt = $pdo->prepare("SELECT id FROM users WHERE username = ? OR email = ?");
$stmt->execute([$username, $email]);
if ($stmt->fetch()) {
    set_flash_message('Username or email already exists.', 'danger');
    header('Location: signup.php');
    exit();
}

// --- Create User ---
$password_hash = password_hash($password, PASSWORD_DEFAULT);

$stmt = $pdo->prepare("INSERT INTO users (username, email, password_hash, display_name) VALUES (?, ?, ?, ?)");
try {
    $stmt->execute([$username, $email, $password_hash, $username]);
    $user_id = $pdo->lastInsertId();
    
    // Log the user in
    $_SESSION['user_id'] = $user_id;
    $_SESSION['username'] = $username;

    set_flash_message('You have successfully registered. Please complete your profile.', 'success');
    // Redirect to profile setup
    header('Location: profile_setup.php');
    exit();

} catch (PDOException $e) {
    set_flash_message('Database error. Please try again.', 'danger');
    error_log("Signup DB Error: " . $e->getMessage());
    header('Location: signup.php');
    exit();
}