<?php
// install.php - Simple Installer for Flatlogic LAMP Project
session_start();

// Ensure errors are displayed for debugging during installation
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);

$step = isset($_GET['step']) ? (int)$_GET['step'] : 1;
$message = '';
$messageType = '';

function write_db_config($host, $name, $user, $pass) {
    $content = "<?php\n";
    $content .= "// Generated by install.php\n";
    $content .= "define('DB_HOST', '" . addslashes($host) . "');\n";
    $content .= "define('DB_NAME', '" . addslashes($name) . "');\n";
    $content .= "define('DB_USER', '" . addslashes($user) . "');\n";
    $content .= "define('DB_PASS', '" . addslashes($pass) . "');\n\n";
    $content .= "function db() {\n";
    $content .= "  static $pdo;
";
    $content .= "  if (! $pdo) {\n";
    $content .= "    $pdo = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME.';charset=utf8mb4', DB_USER, DB_PASS, [
";
    $content .= "      PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
";
    $content .= "      PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
";
    $content .= "    ]);
";
    $content .= "  }
";
    $content .= "  return $pdo;
";
    $content .= "}
";
    
    return file_put_contents(__DIR__ . '/db/config.php', $content);
}

// Handle Form Submissions
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Determine step from hidden field or GET, defaulting to 1
    $postStep = isset($_POST['step']) ? (int)$_POST['step'] : $step;

    if ($postStep == 1) {
        $host = $_POST['db_host'] ?? '';
        $name = $_POST['db_name'] ?? '';
        $user = $_POST['db_user'] ?? '';
        $pass = $_POST['db_pass'] ?? '';

        try {
            // Test Connection
            $dsn = "mysql:host=$host;dbname=$name;charset=utf8mb4";
            $testPdo = new PDO($dsn, $user, $pass, [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]);
            
            // If successful, write config
            if (write_db_config($host, $name, $user, $pass)) {
                $message = "Database connection established and saved!";
                $messageType = "success";
                // Redirect to avoid resubmission
                header("Location: install.php?step=2");
                exit;
            } else {
                $message = "Could not write to db/config.php. Check permissions.";
                $messageType = "danger";
            }
        } catch (PDOException $e) {
            $message = "Connection failed: " . $e->getMessage();
            $messageType = "danger";
        }
    } elseif ($postStep == 2) {
        // Step 2: Create Admin & Run Migrations
        
        // Include config and migration script
        if (file_exists(__DIR__ . '/db/config.php')) {
            require_once __DIR__ . '/db/config.php';
        } else {
            $message = "Configuration file missing. Please go back to Step 1.";
            $messageType = "danger";
            $step = 1;
        }

        if (file_exists(__DIR__ . '/db/migrate.php')) {
            require_once __DIR__ . '/db/migrate.php';
        }

        $email = $_POST['admin_email'] ?? '';
        $password = $_POST['admin_pass'] ?? '';
        $fullName = $_POST['admin_name'] ?? 'Administrator';

        if ($email && $password && defined('DB_HOST')) {
            try {
                // 1. Run Migrations
                $migrationResults = [];
                if (function_exists('run_migrations')) {
                    $migrationResults = run_migrations();
                }
                
                // 2. Also ensure basic schema from app.php (just in case)
                // We do this after migrations so migrations take precedence if they exist
                if (file_exists(__DIR__ . '/includes/app.php')) {
                    // We catch output to prevent it from messing up headers/layout if app.php has echoes
                    ob_start(); 
                    require_once __DIR__ . '/includes/app.php';
                    if (function_exists('ensure_schema')) {
                        ensure_schema();
                    }
                    ob_end_clean();
                }
                
                // 3. Create Admin User
                $pdo = db();
                
                // Check if admin exists
                $stmt = $pdo->prepare("SELECT id FROM users WHERE email = ?");
                $stmt->execute([$email]);
                
                if ($stmt->fetch()) {
                     // Update existing
                     $stmt = $pdo->prepare("UPDATE users SET password = ?, full_name = ?, role = 'admin', status = 'active' WHERE email = ?");
                     $stmt->execute([password_hash($password, PASSWORD_DEFAULT), $fullName, $email]);
                } else {
                    // Create new
                    $stmt = $pdo->prepare("INSERT INTO users (email, password, full_name, role, status) VALUES (?, ?, ?, 'admin', 'active')");
                    $stmt->execute([$email, password_hash($password, PASSWORD_DEFAULT), $fullName]);
                }
                
                $migMsg = implode("<br>", $migrationResults);
                $message = "Admin account created successfully!<br><small>$migMsg</small>";
                $messageType = "success";
                $step = 3; // Success page
                
            } catch (Exception $e) {
                $message = "Error: " . $e->getMessage();
                $messageType = "danger";
            } catch (Throwable $e) {
                $message = "Fatal Error: " . $e->getMessage();
                $messageType = "danger";
            }
        } else {
            $message = "Please fill in all fields.";
            $messageType = "danger";
        }
    }
}

// Load current config values for Step 1
$current_db_host = '127.0.0.1';
$current_db_name = 'app';
$current_db_user = 'root';
$current_db_pass = '';

if (file_exists(__DIR__ . '/db/config.php')) {
    include __DIR__ . '/db/config.php';
    if (defined('DB_HOST')) $current_db_host = DB_HOST;
    if (defined('DB_NAME')) $current_db_name = DB_NAME;
    if (defined('DB_USER')) $current_db_user = DB_USER;
    if (defined('DB_PASS')) $current_db_pass = DB_PASS;
}

?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Installation - Step <?php echo $step; ?></title>
    <link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.0/dist/css/bootstrap.min.css" rel="stylesheet">
    <style>
        body { background-color: #f8f9fa; }
        .install-container { max_width: 600px; margin: 50px auto; background: white; padding: 30px; border-radius: 8px; box-shadow: 0 2px 10px rgba(0,0,0,0.1); }
        .step-indicator { margin-bottom: 20px; font-weight: bold; color: #6c757d; }
        .step-active { color: #0d6efd; }
    </style>
</head>
<body>

<div class="container">
    <div class="install-container">
        <h2 class="text-center mb-4">Application Installer</h2>
        
        <div class="step-indicator text-center">
            <span class="<?php echo $step == 1 ? 'step-active' : ''; ?>">1. Database</span> &rarr;
            <span class="<?php echo $step == 2 ? 'step-active' : ''; ?>">2. Admin User</span> &rarr;
            <span class="<?php echo $step == 3 ? 'step-active' : ''; ?>">3. Finish</span>
        </div>

        <?php if ($message): ?>
            <div class="alert alert-<?php echo $messageType; ?>"><?php echo $message; ?></div>
        <?php endif; ?>

        <?php if ($step == 1): ?>
            <form method="POST">
                <input type="hidden" name="step" value="1">
                <div class="mb-3">
                    <label class="form-label">Database Host</label>
                    <input type="text" name="db_host" class="form-control" value="<?php echo htmlspecialchars($current_db_host); ?>" required>
                </div>
                <div class="mb-3">
                    <label class="form-label">Database Name</label>
                    <input type="text" name="db_name" class="form-control" value="<?php echo htmlspecialchars($current_db_name); ?>" required>
                </div>
                <div class="mb-3">
                    <label class="form-label">Database User</label>
                    <input type="text" name="db_user" class="form-control" value="<?php echo htmlspecialchars($current_db_user); ?>" required>
                </div>
                <div class="mb-3">
                    <label class="form-label">Database Password</label>
                    <input type="password" name="db_pass" class="form-control" value="<?php echo htmlspecialchars($current_db_pass); ?>">
                </div>
                <button type="submit" class="btn btn-primary w-100">Check Connection & Continue</button>
            </form>
            
            <?php 
            // Auto-check if GET request and already configured
            if ($_SERVER['REQUEST_METHOD'] === 'GET' && file_exists(__DIR__ . '/db/config.php')) {
                try {
                    $dsn = "mysql:host=$current_db_host;dbname=$current_db_name;charset=utf8mb4";
                    $pdo = new PDO($dsn, $current_db_user, $current_db_pass);
                    echo '<div class="alert alert-success mt-3">Current configuration is valid! <a href="?step=2" class="fw-bold">Skip to Step 2</a></div>';
                } catch (PDOException $e) {
                    // Silent fail, user sees form
                }
            }
            ?>

        <?php elseif ($step == 2): ?>
            <form method="POST">
                <input type="hidden" name="step" value="2">
                <div class="mb-3">
                    <label class="form-label">Admin Full Name</label>
                    <input type="text" name="admin_name" class="form-control" placeholder="Admin User" required>
                </div>
                <div class="mb-3">
                    <label class="form-label">Admin Email</label>
                    <input type="email" name="admin_email" class="form-control" placeholder="admin@example.com" required>
                </div>
                <div class="mb-3">
                    <label class="form-label">Password</label>
                    <input type="password" name="admin_pass" class="form-control" required>
                </div>
                <button type="submit" class="btn btn-primary w-100">Create Admin Account & Run Migrations</button>
            </form>

        <?php elseif ($step == 3): ?>
            <div class="text-center">
                <div class="text-success display-1 mb-3">&check;</div>
                <h3>Installation Complete!</h3>
                <p>You can now login to your admin dashboard.</p>
                <a href="login.php" class="btn btn-success">Go to Login</a>
            </div>
        <?php endif; ?>
    </div>
</div>

</body>
</html>