<?php
require_once 'db/config.php';
session_start();

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $firstName = $_POST['firstName'];
    $lastName = $_POST['lastName'];
    $email = $_POST['email'];
    $password = $_POST['password'];
    $companyName = $_POST['companyName'] ?? null;
    $phone = $_POST['phone'] ?? null;
    $role = $_POST['role'] ?? 'członek'; // Default to 'członek'
    $functions = isset($_POST['functions']) ? $_POST['functions'] : [];

    if (empty($firstName) || empty($lastName) || empty($email) || empty($password)) {
        $_SESSION['error_message'] = 'Imię, nazwisko, email i hasło są wymagane.';
        header('Location: index.php');
        exit;
    }

    try {
        $pdo = db();

        // Insert person details
        $sql = 'INSERT INTO people (firstName, lastName, email, password, companyName, phone, role) VALUES (?, ?, ?, ?, ?, ?, ?)';
        $stmt = $pdo->prepare($sql);
        $stmt->execute([$firstName, $lastName, $email, password_hash($password, PASSWORD_DEFAULT), $companyName, $phone, $role]);
        $personId = $pdo->lastInsertId();

        // Assign functions
        if (!empty($functions)) {
            $sql = "INSERT INTO user_functions (user_id, function_id) VALUES (?, ?)";
            $stmt = $pdo->prepare($sql);
            foreach ($functions as $functionId) {
                $stmt->execute([$personId, $functionId]);
            }
        }

        $_SESSION['success_message'] = 'Osoba dodana pomyślnie.';

    } catch (PDOException $e) {
        error_log('Create failed: ' . $e->getMessage());
        if ($e->errorInfo[1] == 1062) {
            $_SESSION['error_message'] = 'Błąd: Konto z tym adresem email już istnieje.';
        } else {
            $_SESSION['error_message'] = 'Błąd podczas dodawania osoby.';
        }
    }

    header('Location: index.php');
    exit();
}
?>