<?php
declare(strict_types=1);

require_once __DIR__ . '/includes/layout.php'; require_role('admin');

$userId = (int)($_GET['id'] ?? 0);
$isAjax = isset($_GET['ajax']) && $_GET['ajax'] === '1';

if ($userId <= 0) {
    if ($isAjax) {
        echo json_encode(['success' => false, 'message' => 'Invalid ID']);
        exit;
    }
    header('Location: admin_shippers.php');
    exit;
}

$errors = [];
$flash = null;

// Fetch Shipper Profile
$stmt = db()->prepare("
    SELECT u.id, u.email, u.full_name, u.status, u.role,
           p.company_name, p.phone, p.address_line, p.country_id, p.city_id
    FROM users u
    LEFT JOIN shipper_profiles p ON u.id = p.user_id
    WHERE u.id = ? AND u.role = 'shipper'
");
$stmt->execute([$userId]);
$shipper = $stmt->fetch();

if (!$shipper) {
    if ($isAjax) {
        echo json_encode(['success' => false, 'message' => 'Shipper not found']);
        exit;
    }
    header('Location: admin_shippers.php');
    exit;
}

$countries = db()->query("SELECT id, name_en, name_ar FROM countries ORDER BY name_en ASC")->fetchAll();
$cities = db()->query("SELECT id, country_id, name_en, name_ar FROM cities ORDER BY name_en ASC")->fetchAll();

if ($_SERVER['REQUEST_METHOD'] === 'POST') { validate_csrf_token();
    $fullName = trim($_POST['full_name'] ?? '');
    $email = trim($_POST['email'] ?? '');
    $phone = trim($_POST['phone'] ?? '');
    $countryId = (int)($_POST['country_id'] ?? 0);
    $cityId = (int)($_POST['city_id'] ?? 0);
    $addressLine = trim($_POST['address_line'] ?? '');
    $companyName = trim($_POST['company_name'] ?? '');
    $status = trim($_POST['status'] ?? '');
    $password = $_POST['password'] ?? '';

    if ($fullName === '') $errors[] = 'Full name is required.';
    if (!filter_var($email, FILTER_VALIDATE_EMAIL)) $errors[] = 'Valid email is required.';
    if ($phone === '') $errors[] = 'Phone number is required.';
    if ($companyName === '') $errors[] = 'Company name is required.';
    if (!in_array($status, ['pending', 'active', 'rejected'], true)) $errors[] = 'Invalid status.';
    
    if ($countryId <= 0 || $cityId <= 0) {
        $errors[] = 'Please select country and city.';
    } else {
        $cityCheck = db()->prepare("SELECT COUNT(*) FROM cities WHERE id = ? AND country_id = ?");
        $cityCheck->execute([$cityId, $countryId]);
        if ((int)$cityCheck->fetchColumn() === 0) {
            $errors[] = 'Selected city does not belong to selected country.';
        }
    }

    if (!$errors) {
        try {
            db()->beginTransaction();

            $stmtUser = db()->prepare("UPDATE users SET full_name = ?, email = ?, status = ? WHERE id = ? AND role = 'shipper'");
            $stmtUser->execute([$fullName, $email, $status, $userId]);

            if ($password !== '') {
                $stmtPass = db()->prepare("UPDATE users SET password = ? WHERE id = ? AND role = 'shipper'");
                $stmtPass->execute([password_hash($password, PASSWORD_DEFAULT), $userId]);
            }

            $stmtProfile = db()->prepare("
                UPDATE shipper_profiles 
                SET company_name = ?, phone = ?, address_line = ?, country_id = ?, city_id = ?
                WHERE user_id = ?
            ");
            $stmtProfile->execute([$companyName, $phone, $addressLine, $countryId, $cityId, $userId]);

            db()->commit();
            $flash = 'Shipper profile updated successfully.';

            if ($isAjax) {
                header('Content-Type: application/json');
                echo json_encode(['success' => true, 'message' => $flash]);
                exit;
            }

            // Refresh data
            $shipper['full_name'] = $fullName;
            $shipper['email'] = $email;
            $shipper['status'] = $status;
            $shipper['company_name'] = $companyName;
            $shipper['phone'] = $phone;
            $shipper['address_line'] = $addressLine;
            $shipper['country_id'] = $countryId;
            $shipper['city_id'] = $cityId;

        } catch (Throwable $e) {
            db()->rollBack();
            if (stripos($e->getMessage(), 'Duplicate entry') !== false) {
                $errors[] = 'This email is already in use by another account.';
            } else {
                $errors[] = 'Failed to update shipper profile. Please try again.';
            }
        }
    }

    if ($isAjax && $errors) {
        header('Content-Type: application/json');
        echo json_encode(['success' => false, 'message' => implode('<br>', $errors)]);
        exit;
    }
}

// -- OUTPUT START --
if (!$isAjax):
    render_header('Edit Shipper', 'admin', true);
?>

<div class="row g-0">
    <div class="col-md-2 bg-white border-end min-vh-100">
        <?php render_admin_sidebar('shippers'); ?>
    </div>
    <div class="col-md-10 p-4">
        <div class="page-intro d-flex flex-column flex-md-row justify-content-between align-items-md-center mb-4">
            <div>
                <a href="admin_shippers.php" class="text-decoration-none small text-muted mb-2 d-inline-block">&larr; Back to Shippers</a>
                <h1 class="section-title mb-1">Edit Shipper</h1>
                <p class="muted mb-0">Update profile information for <?= e($shipper['full_name']) ?>.</p>
            </div>
        </div>

        <?php if ($flash): ?>
            <div class="alert alert-success" data-auto-dismiss="true"><?= e($flash) ?></div>
        <?php endif; ?>
        <?php if ($errors): ?>
            <div class="alert alert-warning"><?= e(implode('<br>', $errors)) ?></div>
        <?php endif; ?>

        <div class="panel p-4">
<?php endif; // End non-ajax wrapper ?>

            <form method="post" action="admin_shipper_edit.php?id=<?= $userId ?> <?= csrf_field() ?><?= $isAjax ? '&ajax=1' : '' ?>" class="ajax-form">
                <?php if ($isAjax): ?>
                <div class="modal-header">
                    <h5 class="modal-title">Edit Shipper: <?= e($shipper['full_name']) ?></h5>
                    <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button>
                </div>
                <div class="modal-body">
                    <div id="form-errors" class="alert alert-danger d-none"></div>
                <?php endif; ?>

                <div class="row g-3">
                    <div class="col-md-6">
                        <label class="form-label" for="full_name">Full Name</label>
                        <input type="text" name="full_name" id="full_name" class="form-control" value="<?= e((string)$shipper['full_name']) ?>" required>
                    </div>
                    <div class="col-md-6">
                        <label class="form-label" for="email">Email</label>
                        <input type="email" name="email" id="email" class="form-control" value="<?= e((string)$shipper['email']) ?>" required>
                    </div>

                    <div class="col-md-6">
                        <label class="form-label" for="company_name">Company Name</label>
                        <input type="text" name="company_name" id="company_name" class="form-control" value="<?= e((string)$shipper['company_name']) ?>" required>
                    </div>
                    <div class="col-md-6">
                        <label class="form-label" for="phone">Phone</label>
                        <input type="text" name="phone" id="phone" class="form-control" value="<?= e((string)$shipper['phone']) ?>" required>
                    </div>

                    <div class="col-md-6">
                        <label class="form-label" for="country_id">Country</label>
                        <select name="country_id" id="country_id" class="form-select" onchange="syncCities()" required>
                            <option value="">Select country</option>
                            <?php foreach ($countries as $country): ?>
                                <option value="<?= e((string)$country['id']) ?>" <?= (string)$shipper['country_id'] === (string)$country['id'] ? 'selected' : '' ?>>
                                    <?= e($lang === 'ar' && !empty($country['name_ar']) ? $country['name_ar'] : $country['name_en']) ?>
                                </option>
                            <?php endforeach; ?>
                        </select>
                    </div>
                    <div class="col-md-6">
                        <label class="form-label" for="city_id">City</label>
                        <select name="city_id" id="city_id" class="form-select" required data-selected="<?= e((string)$shipper['city_id']) ?>">
                            <option value="">Select city</option>
                        </select>
                    </div>

                    <div class="col-md-6">
                        <label class="form-label" for="address_line">Address Line</label>
                        <input type="text" name="address_line" id="address_line" class="form-control" value="<?= e((string)$shipper['address_line']) ?>" required>
                    </div>
                    
                    <div class="col-md-3">
                        <label class="form-label" for="password">Password <small class="text-muted">(leave blank)</small></label>
                        <input type="password" name="password" id="password" class="form-control" autocomplete="new-password">
                    </div>

                    <div class="col-md-3">
                        <label class="form-label" for="status">Account Status</label>
                        <select name="status" id="status" class="form-select" required>
                            <option value="pending" <?= $shipper['status'] === 'pending' ? 'selected' : '' ?>>Pending</option>
                            <option value="active" <?= $shipper['status'] === 'active' ? 'selected' : '' ?>>Active</option>
                            <option value="rejected" <?= $shipper['status'] === 'rejected' ? 'selected' : '' ?>>Rejected</option>
                        </select>
                    </div>

                    <?php if ($isAjax): ?>
                    </div> <!-- modal-body end -->
                    <div class="modal-footer">
                        <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Cancel</button>
                        <button type="submit" class="btn btn-primary">Save Changes</button>
                    </div>
                    <?php else: ?>
                    <div class="col-12 mt-4">
                        <button type="submit" class="btn btn-primary">Save Changes</button>
                        <a href="admin_shippers.php" class="btn btn-outline-dark ms-2">Cancel</a>
                    </div>
                    <?php endif; ?>
                </div>
            </form>

<?php if (!$isAjax): ?>
        </div>
    </div>
</div>
<?php endif; ?>

<script>
(function() {
    const allCities = <?= json_encode($cities, JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES) ?>;
    const countrySelect = document.querySelector('#country_id');
    const citySelect = document.querySelector('#city_id');
    const lang = '<?= $lang ?>';

    window.syncCities = function() {
        if (!countrySelect || !citySelect) return;
        
        const countryId = countrySelect.value;
        const selectedValue = citySelect.dataset.selected || '';
        citySelect.innerHTML = '<option value="">Select city</option>';

        allCities.forEach((city) => {
            if (String(city.country_id) !== String(countryId)) {
                return;
            }
            const option = document.createElement('option');
            option.value = city.id;
            option.textContent = lang === 'ar' && city.name_ar ? city.name_ar : (city.name_en || city.name_ar);
            if (String(city.id) === String(selectedValue)) {
                option.selected = true;
            }
            citySelect.appendChild(option);
        });
        citySelect.dataset.selected = '';
    };

    if (countrySelect && citySelect) {
        syncCities();
    }
})();
</script>

<?php if (!$isAjax) render_footer(); ?>