<?php
session_start();
require_once __DIR__ . '/db/config.php';

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    exit('Method Not Allowed');
}

if (!isset($_SESSION['user'])) {
    http_response_code(403);
    exit('Unauthorized');
}

$pdo = db();

try {
    // Get the role ID for the first approval level
    $stmt_role = $pdo->prepare("SELECT id FROM roles WHERE name = 'Approver Level 1'");
    $stmt_role->execute();
    $approver_role = $stmt_role->fetch(PDO::FETCH_ASSOC);
    $approver_role_id = $approver_role ? $approver_role['id'] : null;

    $pdo->beginTransaction();

    // 1. Insert into customer_applications
    $application_id = 'APP-' . strtoupper(uniqid());
    $created_by = $_SESSION['user']['username'] ?? 'system';

    $stmt = $db->prepare(
        'INSERT INTO customer_applications (user_id, company_name, company_website, company_phone, sales_owner, payment_terms, tags, notes, declaration_text, signature_path, major_product, capital, capital_currency, main_shareholders, num_employees, payment_terms_ar, pl_year, net_sales, net_income_margin, net_income_margin_ratio, sales_target_this_year, sales_target_next_year, sales_target_after_next, credit_rank, credit_limit, credit_research_status, credit_research_reason, tax_rate_area, billing_type, del_to_code, delivery_abbreviation, del_to_customer_name, del_to_address_1, del_to_address_2, del_to_address_3, del_to_address_4, del_to_postcode, del_to_phone, del_to_area_code, del_to_transportation_code, del_to_stock_point_code, del_to_recipient_section, del_to_country_code, del_to_shipment_flag, del_to_transport_days, del_to_shipment_condition_category, del_to_transport_service_exist, del_to_shipment_condition_place, doc_req_do, doc_req_packing_list, doc_req_invoice, doc_req_export_permit, doc_req_po_do_inv, doc_req_do_inv, doc_req_others, pack_req_one_line_carton, pack_req_one_item_carton, pack_req_one_item_pocket, pack_req_thomson_label, pack_req_contents_label, pack_req_delivery_schedule, forwarder_name, forwarder_code, forwarder_address, forwarder_contact_person, forwarder_phone, forwarder_fax, forwarder_delivery_method, forwarder_delivery_timings, forwarder_delivery_requirements, special_instructions_shipping_mark, special_instructions_fax_documents, special_instructions_details, special_instructions_attention_to, special_instructions_fax_number, remarks) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)'
    );
    $stmt->execute([
        $_SESSION['user_id'],
        $_POST['company_name'],
        $_POST['company_website'],
        $_POST['company_phone'],
        $_POST['sales_owner'],
        $_POST['payment_terms'],
        $_POST['tags'],
        $_POST['notes'],
        $_POST['declaration_text'],
        $signature_path,
        $_POST['major_product'] ?? null,
        $_POST['capital'] ?? null,
        $_POST['capital_currency'] ?? null,
        $_POST['main_shareholders'] ?? null,
        $_POST['num_employees'] ?? null,
        $_POST['payment_terms_ar'] ?? null,
        $_POST['pl_year'] ?? null,
        $_POST['net_sales'] ?? null,
        $_POST['net_income_margin'] ?? null,
        $_POST['net_income_margin_ratio'] ?? null,
        $_POST['sales_target_this_year'] ?? null,
        $_POST['sales_target_next_year'] ?? null,
        $_POST['sales_target_after_next'] ?? null,
        $_POST['credit_rank'] ?? null,
        $_POST['credit_limit'] ?? null,
        $_POST['credit_research_status'] ?? null,
        $_POST['credit_research_reason'] ?? null,
        $_POST['tax_rate_area'] ?? null,
        $_POST['billing_type'] ?? null,
        $_POST['del_to_code'] ?? null,
        $_POST['delivery_abbreviation'] ?? null,
        $_POST['del_to_customer_name'] ?? null,
        $_POST['del_to_address_1'] ?? null,
        $_POST['del_to_address_2'] ?? null,
        $_POST['del_to_address_3'] ?? null,
        $_POST['del_to_address_4'] ?? null,
        $_POST['del_to_postcode'] ?? null,
        $_POST['del_to_phone'] ?? null,
        $_POST['del_to_area_code'] ?? null,
        $_POST['del_to_transportation_code'] ?? null,
        $_POST['del_to_stock_point_code'] ?? null,
        $_POST['del_to_recipient_section'] ?? null,
        $_POST['del_to_country_code'] ?? null,
        $_POST['del_to_shipment_flag'] ?? null,
        $_POST['del_to_transport_days'] ?? null,
        $_POST['del_to_shipment_condition_category'] ?? null,
        isset($_POST['del_to_transport_service_exist']) ? implode(',', $_POST['del_to_transport_service_exist']) : null,
        $_POST['del_to_shipment_condition_place'] ?? null,
        $_POST['doc_req_do'] ?? null,
        $_POST['doc_req_packing_list'] ?? null,
        $_POST['doc_req_invoice'] ?? null,
        $_POST['doc_req_export_permit'] ?? null,
        $_POST['doc_req_po_do_inv'] ?? null,
        $_POST['doc_req_do_inv'] ?? null,
        $_POST['doc_req_others'] ?? null,
        $_POST['pack_req_one_line_carton'] ?? null,
        $_POST['pack_req_one_item_carton'] ?? null,
        $_POST['pack_req_one_item_pocket'] ?? null,
        $_POST['pack_req_thomson_label'] ?? null,
        $_POST['pack_req_contents_label'] ?? null,
        $_POST['pack_req_delivery_schedule'] ?? null,
        $_POST['forwarder_name'] ?? null,
        $_POST['forwarder_code'] ?? null,
        $_POST['forwarder_address'] ?? null,
        $_POST['forwarder_contact_person'] ?? null,
        $_POST['forwarder_phone'] ?? null,
        $_POST['forwarder_fax'] ?? null,
        $_POST['forwarder_delivery_method'] ?? null,
        $_POST['forwarder_delivery_timings'] ?? null,
        $_POST['forwarder_delivery_requirements'] ?? null,
        $_POST['special_instructions_shipping_mark'] ?? null,
        $_POST['special_instructions_fax_documents'] ?? null,
        $_POST['special_instructions_details'] ?? null,
        $_POST['special_instructions_attention_to'] ?? null,
        $_POST['special_instructions_fax_number'] ?? null,
        $_POST['remarks'] ?? null
    ]);
    $customer_application_id = $pdo->lastInsertId();

    // 2. Insert into customer_contacts
    if (isset($_POST['contact']) && is_array($_POST['contact'])) {
        $stmt_contact = $pdo->prepare(
            'INSERT INTO customer_contacts (customer_application_id, name, email, phone, is_primary) VALUES (?, ?, ?, ?, ?)'
        );
        foreach ($_POST['contact'] as $index => $contact) {
            $is_primary = (isset($contact['is_primary']) && $contact['is_primary'] == '1');
            $stmt_contact->execute([
                $customer_application_id,
                $contact['name'],
                $contact['email'],
                $contact['phone'],
                $is_primary ? 1 : 0
            ]);
        }
    }

    // 3. Insert into customer_addresses
    if (isset($_POST['address']) && is_array($_POST['address'])) {
        $stmt_address = $pdo->prepare(
            'INSERT INTO customer_addresses (customer_application_id, address_type, address_line_1, address_line_2, city, state, postal_code, country) VALUES (?, ?, ?, ?, ?, ?, ?, ?)'
        );
        foreach ($_POST['address'] as $address) {
            $stmt_address->execute([
                $customer_application_id,
                $address['type'],
                $address['line1'],
                $address['line2'],
                $address['city'],
                $address['state'],
                $address['postal_code'],
                $address['country']
            ]);
        }
    }

    // 4. Insert into customer_trade_references
    if (isset($_POST['trade_reference']) && is_array($_POST['trade_reference'])) {
        $stmt_trade_ref = $pdo->prepare(
            'INSERT INTO customer_trade_references (customer_application_id, company_name, contact_person, email, phone, address) VALUES (?, ?, ?, ?, ?, ?)'
        );
        foreach ($_POST['trade_reference'] as $trade_ref) {
            $stmt_trade_ref->execute([
                $customer_application_id,
                $trade_ref['company_name'],
                $trade_ref['contact_person'],
                $trade_ref['email'],
                $trade_ref['phone'],
                $trade_ref['address']
            ]);
        }
    }

    // 5. Insert into customer_bank_details
    if (isset($_POST['bank_name'])) {
        $stmt_bank = $pdo->prepare(
            'INSERT INTO customer_bank_details (customer_application_id, bank_name, branch, bsb_number, account_number, account_name) VALUES (?, ?, ?, ?, ?, ?)'
        );
        $stmt_bank->execute([
            $customer_application_id,
            $_POST['bank_name'],
            $_POST['branch'],
            $_POST['bsb_number'],
            $_POST['account_number'],
            $_POST['account_name']
        ]);
    }

    // 6. Handle Signature and Declaration
    $signature_path = null;
    if (isset($_POST['signature']) && !empty($_POST['signature'])) {
        $signature_data = $_POST['signature'];
        list($type, $data) = explode(';', $signature_data);
        list(, $data)      = explode(',', $data);
        $data = base64_decode($data);
        $signature_filename = 'signature_' . $application_id . '_' . time() . '.png';
        $signature_path = 'uploads/' . $signature_filename;
        file_put_contents($signature_path, $data);
    }

    $stmt_declar = $pdo->prepare('UPDATE customer_applications SET declaration_text = ?, signature_path = ? WHERE id = ?');
    $stmt_declar->execute([
        $_POST['declaration_text'],
        $signature_path,
        $customer_application_id
    ]);

    $pdo->commit();

    // Redirect to dashboard with success message
    $_SESSION['flash_message'] = [
        'type' => 'success',
        'message' => 'Customer application (' . $application_id . ') submitted successfully!'
    ];
    header('Location: index.php');
    exit();

} catch (PDOException $e) {
    $pdo->rollBack();
    error_log('Application submission failed: ' . $e->getMessage());
    
    // Redirect back to form with error message
    $_SESSION['flash_message'] = [
        'type' => 'danger',
        'message' => 'There was an error submitting your application. Please try again. ' . $e->getMessage()
    ];
    header('Location: new_application.php');
    exit();
}