<?php
require_once 'db/config.php';
session_start();

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $personId = $_POST['id'];
    $firstName = $_POST['firstName'];
    $lastName = $_POST['lastName'];
    $email = $_POST['email'];
    $companyName = $_POST['companyName'];
    $phone = $_POST['phone'];
    $role = $_POST['role'] ?? 'członek'; // Default to 'członek'
    $functions = isset($_POST['functions']) ? $_POST['functions'] : [];
    $password = $_POST['password'];

    try {
        $pdo = db();
        
        // Update person details
        if (!empty($password)) {
            $passwordHash = password_hash($password, PASSWORD_DEFAULT);
            $sql = "UPDATE people SET firstName = ?, lastName = ?, email = ?, companyName = ?, phone = ?, password = ?, role = ? WHERE id = ?";
            $stmt = $pdo->prepare($sql);
            $stmt->execute([$firstName, $lastName, $email, $companyName, $phone, $passwordHash, $role, $personId]);
        } else {
            $sql = "UPDATE people SET firstName = ?, lastName = ?, email = ?, companyName = ?, phone = ?, role = ? WHERE id = ?";
            $stmt = $pdo->prepare($sql);
            $stmt->execute([$firstName, $lastName, $email, $companyName, $phone, $role, $personId]);
        }

        // Update functions
        $stmt = $pdo->prepare("DELETE FROM user_functions WHERE user_id = ?");
        $stmt->execute([$personId]);

        if (!empty($functions)) {
            $sql = "INSERT INTO user_functions (user_id, function_id) VALUES (?, ?)";
            $stmt = $pdo->prepare($sql);
            foreach ($functions as $functionId) {
                $stmt->execute([$personId, $functionId]);
            }
        }

        $_SESSION['success_message'] = 'Osoba zaktualizowana pomyślnie.';

    } catch (PDOException $e) {
        error_log('Update failed: ' . $e->getMessage());
        $_SESSION['error_message'] = "Błąd podczas aktualizacji osoby.";
    }

    header('Location: index.php');
    exit();
}