<?php
declare(strict_types=1);

require_once __DIR__ . '/archive_bootstrap.php';
ensure_archive_table();
$user = require_login();
verify_csrf_or_fail();

$id = isset($_POST['id']) ? (int) $_POST['id'] : 0;
$referenceCode = trim((string) ($_POST['reference_code'] ?? ''));
$title = trim((string) ($_POST['title'] ?? ''));
$mainMenu = trim((string) ($_POST['main_menu'] ?? ''));
$folderPath = trim((string) ($_POST['folder_path'] ?? ''));
$countryTag = trim((string) ($_POST['country_tag'] ?? ''));
$recordDay = (int) ($_POST['record_day'] ?? 0);
$recordMonth = (int) ($_POST['record_month'] ?? 0);
$recordYear = (int) ($_POST['record_year'] ?? 0);
$confidentiality = trim((string) ($_POST['confidentiality'] ?? ''));
$keywords = trim((string) ($_POST['keywords'] ?? ''));
$description = trim((string) ($_POST['description'] ?? ''));

if ($referenceCode === '' || $title === '' || $folderPath === '' || $description === '' || $mainMenu === '' || $countryTag === '' || $confidentiality === '') {
    flash('error', 'Semua field wajib harus diisi sebelum menyimpan arsip.');
    header('Location: index.php#arsip-form');
    exit;
}

$folderInfo = normalize_folder_path($folderPath);
if (!$folderInfo || $folderInfo['has_children']) {
    flash('error', 'Pilih folder terdalam yang valid.');
    header('Location: index.php#arsip-form');
    exit;
}
if ($folderInfo['main_menu'] !== $mainMenu) {
    flash('error', 'Menu utama tidak sesuai dengan folder yang dipilih.');
    header('Location: index.php#arsip-form');
    exit;
}
if (!can_access_menu($user, $mainMenu)) {
    flash('error', 'Akun ini tidak memiliki izin untuk folder tersebut.');
    header('Location: index.php');
    exit;
}

$documentDate = validate_record_date($recordDay, $recordMonth, $recordYear);
if (!$documentDate) {
    flash('error', 'Tanggal arsip tidak valid.');
    header('Location: index.php#arsip-form');
    exit;
}

$existing = null;
if ($id > 0) {
    $existing = fetch_record_by_id($id);
    if (!$existing || !can_edit_record($user, $existing)) {
        flash('error', 'Arsip tidak ditemukan atau tidak dapat diedit.');
        header('Location: index.php');
        exit;
    }
}

$attachmentName = $existing['attachment_name'] ?? null;
$attachmentPath = $existing['attachment_path'] ?? null;
if (!empty($_FILES['attachment']['name'])) {
    if (!isset($_FILES['attachment']['error']) || $_FILES['attachment']['error'] !== UPLOAD_ERR_OK) {
        flash('error', 'Lampiran gagal diunggah.');
        header('Location: index.php#arsip-form');
        exit;
    }
    if ((int) $_FILES['attachment']['size'] > 8 * 1024 * 1024) {
        flash('error', 'Ukuran file maksimal 8 MB.');
        header('Location: index.php#arsip-form');
        exit;
    }
    $originalName = basename((string) $_FILES['attachment']['name']);
    $extension = strtolower((string) pathinfo($originalName, PATHINFO_EXTENSION));
    if (!in_array($extension, allowed_file_extensions(), true)) {
        flash('error', 'Format lampiran belum didukung.');
        header('Location: index.php#arsip-form');
        exit;
    }
    $safeName = date('YmdHis') . '-' . bin2hex(random_bytes(6)) . '.' . $extension;
    $relativePath = 'uploads/archives/' . $safeName;
    $destination = __DIR__ . '/' . $relativePath;
    upload_dir();
    if (!move_uploaded_file($_FILES['attachment']['tmp_name'], $destination)) {
        flash('error', 'Lampiran gagal disimpan ke server.');
        header('Location: index.php#arsip-form');
        exit;
    }
    if ($attachmentPath && is_file(__DIR__ . '/' . $attachmentPath)) {
        @unlink(__DIR__ . '/' . $attachmentPath);
    }
    $attachmentName = $originalName;
    $attachmentPath = $relativePath;
}

$ownerUnit = $user['unit'];
if ($mainMenu === 'INFORMASI NEGARA' && in_array($user['unit'], ['Politik', 'Pimpinan'], true)) {
    $ownerUnit = 'Politik';
}

if ($id > 0) {
    $stmt = db()->prepare('UPDATE archive_records SET
        reference_code = :reference_code,
        title = :title,
        main_menu = :main_menu,
        folder_path = :folder_path,
        country_tag = :country_tag,
        owner_unit = :owner_unit,
        record_day = :record_day,
        record_month = :record_month,
        record_year = :record_year,
        document_date = :document_date,
        confidentiality = :confidentiality,
        keywords = :keywords,
        description = :description,
        attachment_name = :attachment_name,
        attachment_path = :attachment_path
        WHERE id = :id');
    $stmt->bindValue(':id', $id, PDO::PARAM_INT);
} else {
    $stmt = db()->prepare('INSERT INTO archive_records (
        reference_code, title, main_menu, folder_path, country_tag, owner_unit,
        created_by_username, created_by_name, record_day, record_month, record_year,
        document_date, confidentiality, keywords, description, attachment_name, attachment_path
    ) VALUES (
        :reference_code, :title, :main_menu, :folder_path, :country_tag, :owner_unit,
        :created_by_username, :created_by_name, :record_day, :record_month, :record_year,
        :document_date, :confidentiality, :keywords, :description, :attachment_name, :attachment_path
    )');
    $stmt->bindValue(':created_by_username', $user['username'], PDO::PARAM_STR);
    $stmt->bindValue(':created_by_name', $user['name'], PDO::PARAM_STR);
}

$stmt->bindValue(':reference_code', $referenceCode, PDO::PARAM_STR);
$stmt->bindValue(':title', $title, PDO::PARAM_STR);
$stmt->bindValue(':main_menu', $mainMenu, PDO::PARAM_STR);
$stmt->bindValue(':folder_path', $folderPath, PDO::PARAM_STR);
$stmt->bindValue(':country_tag', $countryTag, PDO::PARAM_STR);
$stmt->bindValue(':owner_unit', $ownerUnit, PDO::PARAM_STR);
$stmt->bindValue(':record_day', $recordDay, PDO::PARAM_INT);
$stmt->bindValue(':record_month', $recordMonth, PDO::PARAM_INT);
$stmt->bindValue(':record_year', $recordYear, PDO::PARAM_INT);
$stmt->bindValue(':document_date', $documentDate, PDO::PARAM_STR);
$stmt->bindValue(':confidentiality', $confidentiality, PDO::PARAM_STR);
$stmt->bindValue(':keywords', $keywords !== '' ? $keywords : null, $keywords !== '' ? PDO::PARAM_STR : PDO::PARAM_NULL);
$stmt->bindValue(':description', $description, PDO::PARAM_STR);
$stmt->bindValue(':attachment_name', $attachmentName, $attachmentName ? PDO::PARAM_STR : PDO::PARAM_NULL);
$stmt->bindValue(':attachment_path', $attachmentPath, $attachmentPath ? PDO::PARAM_STR : PDO::PARAM_NULL);
$stmt->execute();

$recordId = $id > 0 ? $id : (int) db()->lastInsertId();
flash('success', $id > 0 ? 'Perubahan arsip berhasil disimpan.' : 'Arsip baru berhasil ditambahkan ke database.');
header('Location: archive_detail.php?id=' . $recordId);