<?php
require_once __DIR__ . '/../db/config.php';
session_start();

header('Content-Type: application/json');

$db = db();
$user_id = $_SESSION['user_id'] ?? null;

if (!$user_id) {
    echo json_encode(['success' => false, 'error' => 'Unauthorized']);
    exit;
}

// Check frozen status
$stmt = $db->prepare("SELECT status FROM users WHERE id = ?");
$stmt->execute([$user_id]);
if ($stmt->fetchColumn() === 'frozen') {
    echo json_encode(['success' => false, 'error' => 'Account frozen']);
    exit;
}

$action = $_REQUEST['action'] ?? '';

if ($action === 'get_orders') {
    $tab = $_GET['tab'] ?? 'spot';
    $symbol = $_GET['symbol'] ?? 'BTC';
    
    $open = [];
    $settlement = [];
    
    if ($tab === 'binary') {
        $stmt = $db->prepare("SELECT * FROM binary_orders WHERE user_id = ? ORDER BY created_at DESC");
        $stmt->execute([$user_id]);
        $orders = $stmt->fetchAll();
        foreach ($orders as $o) {
            $row = [
                'id' => $o['id'],
                'time' => $o['created_at'],
                'pair' => $o['symbol'] . '/USDT',
                'type' => 'Binary',
                'side' => ($o['direction'] === 'up' || $o['direction'] === 'buy') ? 'Buy Up' : 'Buy Down',
                'side_type' => ($o['direction'] === 'up' || $o['direction'] === 'buy') ? 'up' : 'down',
                'price' => $o['entry_price'],
                'amount' => $o['amount'],
                'pnl' => $o['status'] === 'won' ? ($o['amount'] * $o['profit_rate'] / 100) : ($o['status'] === 'lost' ? -$o['amount'] : 0),
                'total' => $o['status'] === 'won' ? ($o['amount'] + ($o['amount'] * $o['profit_rate'] / 100)) : ($o['status'] === 'lost' ? '0.00' : '---'),
                'status' => ucfirst($o['status']),
                'profitRate' => $o['profit_rate']
            ];
            if ($o['status'] === 'pending') {
                $row['status'] = 'Executing';
                $row['totalSeconds'] = $o['duration'];
                // Calculate seconds left
                $elapsed = time() - strtotime($o['created_at']);
                $row['secondsLeft'] = max(0, $o['duration'] - $elapsed);
                if ($row['secondsLeft'] > 0) $open[] = $row;
                else $settlement[] = $row;
            } else {
                $settlement[] = $row;
            }
        }
    } elseif ($tab === 'spot') {
        $stmt = $db->prepare("SELECT * FROM spot_orders WHERE user_id = ? ORDER BY created_at DESC");
        $stmt->execute([$user_id]);
        $orders = $stmt->fetchAll();
        foreach ($orders as $o) {
            $row = [
                'id' => $o['id'],
                'time' => $o['created_at'],
                'pair' => $o['symbol'] . '/USDT',
                'type' => 'Spot',
                'side' => ucfirst($o['side']),
                'side_type' => $o['side'],
                'price' => $o['price'],
                'amount' => $o['amount'],
                'total' => ($o['price'] * $o['amount']),
                'status' => ucfirst($o['status'])
            ];
            if ($o['status'] === 'pending') $open[] = $row;
            else $settlement[] = $row;
        }
    } elseif ($tab === 'contract') {
        $stmt = $db->prepare("SELECT * FROM contract_orders WHERE user_id = ? ORDER BY created_at DESC");
        $stmt->execute([$user_id]);
        $orders = $stmt->fetchAll();
        foreach ($orders as $o) {
            $row = [
                'id' => $o['id'],
                'time' => $o['created_at'],
                'pair' => $o['symbol'] . '/USDT',
                'type' => 'Contract',
                'side' => ucfirst($o['direction']),
                'side_type' => $o['direction'] === 'long' ? 'up' : 'down',
                'price' => $o['entry_price'],
                'amount' => $o['amount'],
                'pnl' => $o['profit'],
                'total' => ($o['amount'] / $o['leverage']) + $o['profit'],
                'status' => ucfirst($o['status'])
            ];
            if ($o['status'] === 'open') $open[] = $row;
            else $settlement[] = $row;
        }
    }
    
    echo json_encode(['success' => true, 'open' => $open, 'settlement' => $settlement]);
    exit;
}

if ($action === 'recharge') {
    $amount = (float)$_POST['amount'];
    $symbol = $_POST['symbol'] ?? 'USDT';
    $method = $_POST['method'] ?? 'Crypto';
    $tx_hash = $_POST['tx_hash'] ?? '';
    
    if ($amount <= 0) {
        echo json_encode(['success' => false, 'error' => 'Invalid amount']);
        exit;
    }
    
    $stmt = $db->prepare("INSERT INTO finance_requests (user_id, type, amount, symbol, payment_method, tx_hash, status) VALUES (?, 'recharge', ?, ?, ?, ?, 'pending')");
    $stmt->execute([$user_id, $amount, $symbol, $method, $tx_hash]);
    
    echo json_encode(['success' => true]);
    exit;
}

if ($action === 'withdraw') {
    $amount = (float)$_POST['amount'];
    $symbol = $_POST['symbol'] ?? 'USDT';
    $address = $_POST['address'] ?? '';
    $password = $_POST['password'] ?? '';
    
    // Validate balance
    $stmt = $db->prepare("SELECT available FROM user_balances WHERE user_id = ? AND symbol = ?");
    $stmt->execute([$user_id, $symbol]);
    $bal = $stmt->fetchColumn();
    
    if ($bal < $amount) {
        echo json_encode(['success' => false, 'error' => 'Insufficient balance']);
        exit;
    }
    
    // In a real app, validate withdrawal password here. 
    // For now we just proceed as requested.
    
    $db->beginTransaction();
    try {
        // Deduct balance
        $db->prepare("UPDATE user_balances SET available = available - ? WHERE user_id = ? AND symbol = ?")
           ->execute([$amount, $user_id, $symbol]);
        
        // Record request
        $stmt = $db->prepare("INSERT INTO finance_requests (user_id, type, amount, symbol, payment_details, status) VALUES (?, 'withdrawal', ?, ?, ?, 'pending')");
        $stmt->execute([$user_id, $amount, $symbol, $address]);
        
        // Add to transactions as pending
        $db->prepare("INSERT INTO transactions (user_id, type, amount, symbol, status) VALUES (?, 'withdrawal', ?, ?, 'pending')")
           ->execute([$user_id, $amount, $symbol]);
           
        $db->commit();
        echo json_encode(['success' => true]);
    } catch (Exception $e) {
        $db->rollBack();
        echo json_encode(['success' => false, 'error' => $e->getMessage()]);
    }
    exit;
}

echo json_encode(['success' => false, 'error' => 'Invalid action']);