<?php
session_start();

// Authentication check
if (!isset($_SESSION['user_id']) || $_SESSION['role_name'] !== 'admin') {
    //header('Location: login.php');
    //exit();
}

require_once 'db/config.php';

try {
    $pdo = db();
    
    // Create users table if it doesn't exist
    //$pdo->exec("CREATE TABLE IF NOT EXISTS users (
    //    id INT AUTO_INCREMENT PRIMARY KEY,
    //    username VARCHAR(255) NOT NULL UNIQUE,
    //    email VARCHAR(255) NOT NULL UNIQUE,
    //    password VARCHAR(255) NOT NULL,
    //    role_id INT,
    //    first_name VARCHAR(255),
    //    last_name VARCHAR(255),
    //    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
    //    FOREIGN KEY (role_id) REFERENCES roles(id) ON DELETE SET NULL
    //)");

    // Fetch all roles for the dropdown
    $roles = $pdo->query("SELECT * FROM roles ORDER BY role_name")->fetchAll();

    // Function to log activity
    function log_activity($user_id, $action) {
        global $pdo;
        $stmt = $pdo->prepare("INSERT INTO activities (user_id, action) VALUES (:user_id, :action)");
        $stmt->execute(['user_id' => $user_id, 'action' => $action]);
    }

    // Handle Create and Update
    if ($_SERVER['REQUEST_METHOD'] === 'POST') {
        if (isset($_POST['add_user'])) {
            $username = trim($_POST['username']);
            $email = trim($_POST['email']);
            $password = $_POST['password'];
            $role_id = $_POST['role_id'];
            $first_name = trim($_POST['first_name']);
            $last_name = trim($_POST['last_name']);

            if (!empty($username) && !empty($email) && !empty($password) && !empty($role_id)) {
                $hashed_password = password_hash($password, PASSWORD_DEFAULT);
                $stmt = $pdo->prepare("INSERT INTO users (username, email, password, role_id, first_name, last_name) VALUES (:username, :email, :password, :role_id, :first_name, :last_name)");
                $stmt->execute([
                    'username' => $username,
                    'email' => $email,
                    'password' => $hashed_password,
                    'role_id' => $role_id,
                    'first_name' => $first_name,
                    'last_name' => $last_name
                ]);
                $new_user_id = $pdo->lastInsertId();
                log_activity($_SESSION['user_id'], "Created user {$username} (ID: {$new_user_id})");
            }
        } elseif (isset($_POST['update_user'])) {
            $id = $_POST['user_id'];
            $username = trim($_POST['username']);
            $email = trim($_POST['email']);
            $password = $_POST['password'];
            $role_id = $_POST['role_id'];
            $first_name = trim($_POST['first_name']);
            $last_name = trim($_POST['last_name']);

            if (!empty($id) && !empty($username) && !empty($email) && !empty($role_id)) {
                if (!empty($password)) {
                    $hashed_password = password_hash($password, PASSWORD_DEFAULT);
                    $stmt = $pdo->prepare("UPDATE users SET username = :username, email = :email, password = :password, role_id = :role_id, first_name = :first_name, last_name = :last_name WHERE id = :id");
                    $stmt->execute([
                        'username' => $username,
                        'email' => $email,
                        'password' => $hashed_password,
                        'role_id' => $role_id,
                        'first_name' => $first_name,
                        'last_name' => $last_name,
                        'id' => $id
                    ]);
                } else {
                    $stmt = $pdo->prepare("UPDATE users SET username = :username, email = :email, role_id = :role_id, first_name = :first_name, last_name = :last_name WHERE id = :id");
                    $stmt->execute([
                        'username' => $username,
                        'email' => $email,
                        'role_id' => $role_id,
                        'first_name' => $first_name,
                        'last_name' => $last_name,
                        'id' => $id
                    ]);
                }
                log_activity($_SESSION['user_id'], "Updated user {$username} (ID: {$id})");
        } elseif (isset($_POST['link_parent_child'])) {
            $parent_id = $_POST['parent_id'];
            $child_id = $_POST['child_id'];

            if (!empty($parent_id) && !empty($child_id)) {
                $stmt = $pdo->prepare("INSERT INTO parent_child (parent_id, child_id) VALUES (:parent_id, :child_id)");
                $stmt->execute(['parent_id' => $parent_id, 'child_id' => $child_id]);
                log_activity($_SESSION['user_id'], "Linked parent (ID: {$parent_id}) to child (ID: {$child_id})");
            }
            header("Location: users.php?link_success=1");
            exit;
        }
        header("Location: users.php");
        exit;
    }

    // Handle Delete
    if (isset($_GET['delete_id'])) {
        $id = $_GET['delete_id'];
        // Get username for logging
        $stmt = $pdo->prepare("SELECT username FROM users WHERE id = :id");
        $stmt->execute(['id' => $id]);
        $deleted_user = $stmt->fetch();

        $stmt = $pdo->prepare("DELETE FROM users WHERE id = :id");
        $stmt->execute(['id' => $id]);

        if ($deleted_user) {
            log_activity($_SESSION['user_id'], "Deleted user {$deleted_user['username']} (ID: {$id})");
        }
        header("Location: users.php");
        exit;
    }

    // Fetch all users with their role names
    $users = $pdo->query("
        SELECT users.*, roles.role_name AS role_name 
        FROM users 
        LEFT JOIN roles ON users.role_id = roles.id 
        ORDER BY users.id DESC
    ")->fetchAll();

    // Fetch all parents and students
    $parents = $pdo->query("SELECT u.id, u.first_name, u.last_name FROM users u JOIN roles r ON u.role_id = r.id WHERE r.role_name = 'parent'")->fetchAll();
    $students = $pdo->query("SELECT u.id, u.first_name, u.last_name FROM users u JOIN roles r ON u.role_id = r.id WHERE r.role_name = 'student'")->fetchAll();

    // Fetch user for editing
    $editing_user = null;
    if (isset($_GET['edit_id'])) {
        $id = $_GET['edit_id'];
        $stmt = $pdo->prepare("SELECT * FROM users WHERE id = :id");
        $stmt->execute(['id' => $id]);
        $editing_user = $stmt->fetch();
    }

} catch (PDOException $e) {
    die("Database error: " . $e->getMessage());
}
?>
<!DOCTYPE html>
<html lang="fa" dir="rtl">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>مدیریت کاربران</title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/css/bootstrap.rtl.min.css" rel="stylesheet">
    <link href="https://fonts.googleapis.com/css2?family=Vazirmatn:wght@400;700&display=swap" rel="stylesheet">
    <link rel="stylesheet" href="assets/css/custom.css?v=<?php echo time(); ?>">
    <script src="https://unpkg.com/feather-icons"></script>
</head>
<body>

    <header class="p-3 mb-3 border-bottom sticky-top bg-light">
        <div class="container">
            <div class="d-flex flex-wrap align-items-center justify-content-center justify-content-lg-start">
                <a href="/" class="d-flex align-items-center mb-2 mb-lg-0 text-dark text-decoration-none">
                    <span class="fs-4">مدیریت مدرسه</span>
                </a>
                <ul class="nav col-12 col-lg-auto me-lg-auto mb-2 justify-content-center mb-md-0">
                    <li><a href="index.php" class="nav-link px-2 link-dark">خانه</a></li>
                    <li><a href="roles.php" class="nav-link px-2 link-dark">مدیریت نقش‌ها</a></li>
                    <li><a href="users.php" class="nav-link px-2 link-secondary">مدیریت کاربران</a></li>
                    <li><a href="activities.php" class="nav-link px-2 link-dark">Activities</a></li>
                    <li><a href="exams.php" class="nav-link px-2 link-dark">Exams</a></li>
                    <li><a href="attendance.php" class="nav-link px-2 link-dark">Attendance</a></li>
                </ul>
                <div class="text-end">
                    <?php if (isset($_SESSION['user_id'])): ?>
                        <a href="logout.php" class="btn btn-outline-primary">خروج</a>
                    <?php else: ?>
                        <a href="login.php" class="btn btn-primary">ورود</a>
                    <?php endif; ?>
                </div>
            </div>
        </div>
    </header>

    <main class="container py-5">
        <div class="row">
            <div class="col-md-8">
                <h2>فهرست کاربران</h2>
                <div class="table-responsive">
                    <table class="table table-striped table-hover">
                        <thead>
                            <tr>
                                <th>#</th>
                                <th>نام کاربری</th>
                                <th>ایمیل</th>
                                <th>نقش</th>
                                <th>عملیات</th>
                            </tr>
                        </thead>
                        <tbody>
                            <?php foreach ($users as $user): ?>
                            <tr>
                                <td><?php echo htmlspecialchars($user['id']); ?></td>
                                <td><?php echo htmlspecialchars($user['username']); ?></td>
                                <td><?php echo htmlspecialchars($user['email']); ?></td>
                                <td><?php echo htmlspecialchars($user['role_name'] ?? 'بدون نقش'); ?></td>
                                <td>
                                    <a href="users.php?edit_id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-primary">ویرایش</a>
                                    <a href="users.php?delete_id=<?php echo $user['id']; ?>" class="btn btn-sm btn-outline-danger" onclick="return confirm('آیا مطمئن هستید؟')">حذف</a>
                                </td>
                            </tr>
                            <?php endforeach; ?>
                        </tbody>
                    </table>
                </div>
            </div>
            <div class="col-md-4">
                <h2><?php echo $editing_user ? 'ویرایش کاربر' : 'افزودن کاربر جدید'; ?></h2>
                <form method="POST" action="users.php">
                    <?php if ($editing_user): ?>
                        <input type="hidden" name="user_id" value="<?php echo $editing_user['id']; ?>">
                    <?php endif; ?>
                    <div class="mb-3">
                        <label for="username" class="form-label">نام کاربری</label>
                        <input type="text" class="form-control" id="username" name="username" value="<?php echo htmlspecialchars($editing_user['username'] ?? ''); ?>" required>
                    </div>
                    <div class="mb-3">
                        <label for="email" class="form-label">ایمیل</label>
                        <input type="email" class="form-control" id="email" name="email" value="<?php echo htmlspecialchars($editing_user['email'] ?? ''); ?>" required>
                    </div>
                    <div class="mb-3">
                        <label for="first_name" class="form-label">نام</label>
                        <input type="text" class="form-control" id="first_name" name="first_name" value="<?php echo htmlspecialchars($editing_user['first_name'] ?? ''); ?>">
                    </div>
                    <div class="mb-3">
                        <label for="last_name" class="form-label">نام خانوادگی</label>
                        <input type="text" class="form-control" id="last_name" name="last_name" value="<?php echo htmlspecialchars($editing_user['last_name'] ?? ''); ?>">
                    </div>
                    <div class="mb-3">
                        <label for="password" class="form-label">رمز عبور <?php echo $editing_user ? '(خالی بگذارید تا بدون تغییر بماند)' : ''; ?></label>
                        <input type="password" class="form-control" id="password" name="password" <?php echo !$editing_user ? 'required' : ''; ?>>
                    </div>
                    <div class="mb-3">
                        <label for="role_id" class="form-label">نقش</label>
                        <select class="form-select" id="role_id" name="role_id" required>
                            <option value="">یک نقش انتخاب کنید</option>
                            <?php foreach ($roles as $role): ?>
                                <option value="<?php echo $role['id']; ?>" <?php echo (isset($editing_user) && $editing_user['role_id'] == $role['id']) ? 'selected' : ''; ?>>
                                    <?php echo htmlspecialchars($role['role_name']); ?>
                                </option>
                            <?php endforeach; ?>
                        </select>
                    </div>
                    <?php if ($editing_user): ?>
                        <button type="submit" name="update_user" class="btn btn-primary w-100">به‌روزرسانی</button>
                        <a href="users.php" class="btn btn-secondary w-100 mt-2">انصراف</a>
                    <?php else: ?>
                        <button type="submit" name="add_user" class="btn btn-success w-100">افزودن</button>
                    <?php endif; ?>
                </form>
            </div>
        </div>

        <div class="row mt-5">
            <div class="col-md-12">
                <h2>Link Parent to Child</h2>
                <?php if (isset($_GET['link_success'])): ?>
                    <div class="alert alert-success">Parent and child linked successfully.</div>
                <?php endif; ?>
                <form method="POST" action="users.php">
                    <div class="row">
                        <div class="col-md-5">
                            <label for="parent_id" class="form-label">Parent</label>
                            <select class="form-select" id="parent_id" name="parent_id" required>
                                <option value="">Select a parent</option>
                                <?php foreach ($parents as $parent): ?>
                                    <option value="<?php echo $parent['id']; ?>"><?php echo htmlspecialchars($parent['first_name'] . ' ' . $parent['last_name']); ?></option>
                                <?php endforeach; ?>
                            </select>
                        </div>
                        <div class="col-md-5">
                            <label for="child_id" class="form-label">Child</label>
                            <select class="form-select" id="child_id" name="child_id" required>
                                <option value="">Select a child</option>
                                <?php foreach ($students as $student): ?>
                                    <option value="<?php echo $student['id']; ?>"><?php echo htmlspecialchars($student['first_name'] . ' ' . $student['last_name']); ?></option>
                                <?php endforeach; ?>
                            </select>
                        </div>
                        <div class="col-md-2 d-flex align-items-end">
                            <button type="submit" name="link_parent_child" class="btn btn-primary w-100">Link</button>
                        </div>
                    </div>
                </form>
            </div>
        </div>
    </main>

    <footer class="footer mt-auto py-3 bg-light">
        <div class="container text-center">
            <span class="text-muted">© 2025 سیستم مدیریت مدرسه</span>
        </div>
    </footer>

    <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js"></script>
    <script>
        feather.replace()
    </script>
</body>
</html>