<?php
require_once __DIR__ . '/../db/config.php';
header('Content-Type: application/json');

if (session_status() === PHP_SESSION_NONE) session_start();

if (!isset($_SESSION['user_id'])) {
    echo json_encode(['error' => 'Unauthorized']);
    exit;
}

$order_id = $_GET['id'] ?? null;
if (!$order_id) {
    echo json_encode(['error' => 'Missing order ID']);
    exit;
}

try {
    $stmt = db()->prepare("SELECT status, account_bank, account_number, account_name, amount FROM finance_requests WHERE id = ? AND user_id = ?");
    $stmt->execute([$order_id, $_SESSION['user_id']]);
    $order = $stmt->fetch();

    if (!$order) {
        echo json_encode(['error' => 'Order not found']);
        exit;
    }

    echo json_encode([
        'success' => true,
        'status' => (int)$order['status'],
        'account_bank' => $order['account_bank'],
        'account_number' => $order['account_number'],
        'account_name' => $order['account_name'],
        'amount' => $order['amount']
    ]);
} catch (Exception $e) {
    echo json_encode(['error' => $e->getMessage()]);
}