<?php

require_once __DIR__ . '/db/auth.php';

auth_start_session();
auth_bootstrap();

if (!auth_is_admin()) {
    header('Location: index.php');
    exit;
}

$flash = auth_flash_get();
$flash_type = $flash['type'] ?? '';
$flash_message = $flash['message'] ?? '';

$edit_cl_auth_id = isset($_GET['edit']) ? (int) $_GET['edit'] : 0;
$edit_cl_auth_user = '';
$edit_cl_auth_right = 'member';

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $csrf_token = isset($_POST['csrf_token']) ? (string) $_POST['csrf_token'] : null;

    if (!auth_validate_csrf($csrf_token)) {
        auth_flash_set('error', 'Jeton CSRF invalide.');
        header('Location: admin.php');
        exit;
    }

    $admin_action = (string) ($_POST['admin_action'] ?? '');

    if ($admin_action === 'create') {
        $submitted_cl_auth_user = trim((string) ($_POST['cl_auth_user'] ?? ''));
        $submitted_cl_auth_pass = (string) ($_POST['cl_auth_pass'] ?? '');
        $submitted_cl_auth_right = (string) ($_POST['cl_auth_right'] ?? 'member');

        if ($submitted_cl_auth_user === '' || $submitted_cl_auth_pass === '') {
            auth_flash_set('error', 'Le login et le mot de passe sont obligatoires.');
            header('Location: admin.php');
            exit;
        }

        if (!in_array($submitted_cl_auth_right, ['admin', 'member'], true)) {
            auth_flash_set('error', 'Droit utilisateur invalide.');
            header('Location: admin.php');
            exit;
        }

        $stmt_duplicate_user = db()->prepare('SELECT COUNT(*) FROM tbl_auth WHERE cl_auth_user = :cl_auth_user');
        $stmt_duplicate_user->execute([
            'cl_auth_user' => $submitted_cl_auth_user,
        ]);
        $cl_auth_user_total = (int) $stmt_duplicate_user->fetchColumn();

        if ($cl_auth_user_total > 0) {
            auth_flash_set('error', 'Ce login existe déjà.');
            header('Location: admin.php');
            exit;
        }

        $cl_auth_user = $submitted_cl_auth_user;
        $cl_auth_pass = password_hash($submitted_cl_auth_pass, PASSWORD_DEFAULT);
        $cl_auth_right = $submitted_cl_auth_right;

        $stmt_create_user = db()->prepare(
            'INSERT INTO tbl_auth (cl_auth_user, cl_auth_pass, cl_auth_right) VALUES (:cl_auth_user, :cl_auth_pass, :cl_auth_right)'
        );
        $stmt_create_user->execute([
            'cl_auth_user' => $cl_auth_user,
            'cl_auth_pass' => $cl_auth_pass,
            'cl_auth_right' => $cl_auth_right,
        ]);

        auth_flash_set('success', 'Compte créé avec succès.');
        header('Location: admin.php');
        exit;
    }

    if ($admin_action === 'update') {
        $cl_auth_id = (int) ($_POST['cl_auth_id'] ?? 0);
        $submitted_cl_auth_user = trim((string) ($_POST['cl_auth_user'] ?? ''));
        $submitted_cl_auth_pass = (string) ($_POST['cl_auth_pass'] ?? '');
        $submitted_cl_auth_right = (string) ($_POST['cl_auth_right'] ?? 'member');

        if ($cl_auth_id <= 0 || $submitted_cl_auth_user === '') {
            auth_flash_set('error', 'Données de modification invalides.');
            header('Location: admin.php');
            exit;
        }

        if (!in_array($submitted_cl_auth_right, ['admin', 'member'], true)) {
            auth_flash_set('error', 'Droit utilisateur invalide.');
            header('Location: admin.php?edit=' . $cl_auth_id);
            exit;
        }

        $stmt_tbl_auth = db()->prepare('SELECT cl_auth_id, cl_auth_user, cl_auth_pass, cl_auth_right FROM tbl_auth WHERE cl_auth_id = :cl_auth_id LIMIT 1');
        $stmt_tbl_auth->execute([
            'cl_auth_id' => $cl_auth_id,
        ]);
        $tbl_auth = $stmt_tbl_auth->fetch();

        if (!$tbl_auth) {
            auth_flash_set('error', 'Utilisateur introuvable.');
            header('Location: admin.php');
            exit;
        }

        $current_cl_auth_id = (int) $tbl_auth['cl_auth_id'];
        $current_cl_auth_user = (string) $tbl_auth['cl_auth_user'];
        $current_cl_auth_pass = (string) $tbl_auth['cl_auth_pass'];
        $current_cl_auth_right = (string) $tbl_auth['cl_auth_right'];
        unset($current_cl_auth_id, $current_cl_auth_user);

        $stmt_duplicate_user = db()->prepare(
            'SELECT COUNT(*) FROM tbl_auth WHERE cl_auth_user = :cl_auth_user AND cl_auth_id <> :cl_auth_id'
        );
        $stmt_duplicate_user->execute([
            'cl_auth_user' => $submitted_cl_auth_user,
            'cl_auth_id' => $cl_auth_id,
        ]);
        $cl_auth_user_total = (int) $stmt_duplicate_user->fetchColumn();

        if ($cl_auth_user_total > 0) {
            auth_flash_set('error', 'Ce login existe déjà.');
            header('Location: admin.php?edit=' . $cl_auth_id);
            exit;
        }

        if ($current_cl_auth_right === 'admin' && $submitted_cl_auth_right !== 'admin') {
            $stmt_admin_total = db()->query("SELECT COUNT(*) FROM tbl_auth WHERE cl_auth_right = 'admin'");
            $cl_auth_admin_total = (int) $stmt_admin_total->fetchColumn();
            if ($cl_auth_admin_total <= 1) {
                auth_flash_set('error', 'Impossible de rétrograder le dernier administrateur.');
                header('Location: admin.php?edit=' . $cl_auth_id);
                exit;
            }
        }

        $cl_auth_user = $submitted_cl_auth_user;
        $cl_auth_right = $submitted_cl_auth_right;
        $cl_auth_pass = $current_cl_auth_pass;

        if ($submitted_cl_auth_pass !== '') {
            $cl_auth_pass = password_hash($submitted_cl_auth_pass, PASSWORD_DEFAULT);
        }

        $stmt_update_user = db()->prepare(
            'UPDATE tbl_auth
             SET cl_auth_user = :cl_auth_user,
                 cl_auth_pass = :cl_auth_pass,
                 cl_auth_right = :cl_auth_right
             WHERE cl_auth_id = :cl_auth_id'
        );
        $stmt_update_user->execute([
            'cl_auth_user' => $cl_auth_user,
            'cl_auth_pass' => $cl_auth_pass,
            'cl_auth_right' => $cl_auth_right,
            'cl_auth_id' => $cl_auth_id,
        ]);

        if (isset($_SESSION['user']) && $_SESSION['user'] === $tbl_auth['cl_auth_user']) {
            $_SESSION['user'] = $cl_auth_user;
            $_SESSION['role'] = $cl_auth_right;
        }

        auth_flash_set('success', 'Compte modifié avec succès.');
        header('Location: admin.php');
        exit;
    }

    if ($admin_action === 'delete') {
        $cl_auth_id = (int) ($_POST['cl_auth_id'] ?? 0);

        if ($cl_auth_id <= 0) {
            auth_flash_set('error', 'Suppression impossible.');
            header('Location: admin.php');
            exit;
        }

        $stmt_tbl_auth = db()->prepare('SELECT cl_auth_id, cl_auth_user, cl_auth_pass, cl_auth_right FROM tbl_auth WHERE cl_auth_id = :cl_auth_id LIMIT 1');
        $stmt_tbl_auth->execute([
            'cl_auth_id' => $cl_auth_id,
        ]);
        $tbl_auth = $stmt_tbl_auth->fetch();

        if (!$tbl_auth) {
            auth_flash_set('error', 'Utilisateur introuvable.');
            header('Location: admin.php');
            exit;
        }

        $cl_auth_user = (string) $tbl_auth['cl_auth_user'];
        $cl_auth_pass = (string) $tbl_auth['cl_auth_pass'];
        $cl_auth_right = (string) $tbl_auth['cl_auth_right'];
        unset($cl_auth_pass);

        if ($cl_auth_right === 'admin') {
            $stmt_admin_total = db()->query("SELECT COUNT(*) FROM tbl_auth WHERE cl_auth_right = 'admin'");
            $cl_auth_admin_total = (int) $stmt_admin_total->fetchColumn();
            if ($cl_auth_admin_total <= 1) {
                auth_flash_set('error', 'Impossible de supprimer le dernier administrateur.');
                header('Location: admin.php');
                exit;
            }
        }

        $stmt_delete_user = db()->prepare('DELETE FROM tbl_auth WHERE cl_auth_id = :cl_auth_id');
        $stmt_delete_user->execute([
            'cl_auth_id' => $cl_auth_id,
        ]);

        if (isset($_SESSION['user']) && $_SESSION['user'] === $cl_auth_user) {
            header('Location: logout.php');
            exit;
        }

        auth_flash_set('success', 'Compte supprimé avec succès.');
        header('Location: admin.php');
        exit;
    }
}

if ($edit_cl_auth_id > 0) {
    $stmt_edit_user = db()->prepare('SELECT cl_auth_id, cl_auth_user, cl_auth_pass, cl_auth_right FROM tbl_auth WHERE cl_auth_id = :cl_auth_id LIMIT 1');
    $stmt_edit_user->execute([
        'cl_auth_id' => $edit_cl_auth_id,
    ]);
    $tbl_auth = $stmt_edit_user->fetch();

    if ($tbl_auth) {
        $edit_cl_auth_id = (int) $tbl_auth['cl_auth_id'];
        $edit_cl_auth_user = (string) $tbl_auth['cl_auth_user'];
        $edit_cl_auth_pass = (string) $tbl_auth['cl_auth_pass'];
        $edit_cl_auth_right = (string) $tbl_auth['cl_auth_right'];
        unset($edit_cl_auth_pass);
    } else {
        $edit_cl_auth_id = 0;
        auth_flash_set('error', 'Utilisateur introuvable.');
        header('Location: admin.php');
        exit;
    }
}

$stmt_users = db()->query('SELECT cl_auth_id, cl_auth_user, cl_auth_pass, cl_auth_right FROM tbl_auth ORDER BY cl_auth_user ASC');
$tbl_auth_all = $stmt_users->fetchAll();
$csrf_token = auth_csrf_token();
[$default_admin_user, $default_admin_password] = auth_default_admin_credentials();
$current_session_user = isset($_SESSION['user']) ? (string) $_SESSION['user'] : '';
?>
<!DOCTYPE html>
<html lang="fr">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Administration Sécure | R.E.A.C.T.</title>
    <link rel="stylesheet" type="text/css" href="css/styles.css">
    <link rel="stylesheet" type="text/css" href="css/default.css">
    <style>
        :root {
            --primary: #a29b78;
            --primary-glow: rgba(162, 155, 120, 0.4);
            --bg-dark: #080a0f;
            --card-bg: rgba(20, 24, 33, 0.85);
            --border-glow: rgba(162, 155, 120, 0.25);
            --danger: #ff4d4d;
            --success: #00ff88;
        }

        body {
            background: radial-gradient(circle at top right, #1a1f2e, var(--bg-dark));
            background-attachment: fixed;
            color: #e0e0e0;
            font-family: 'Electrolize', sans-serif;
            margin: 0;
            overflow-x: hidden;
            min-height: 100vh;
        }

        .admin-layout {
            display: flex;
            flex-direction: column;
            max-width: 1400px;
            margin: 0 auto;
            padding: 2rem;
            animation: fadeIn 0.6s ease-out;
        }

        @keyframes fadeIn {
            from { opacity: 0; transform: translateY(10px); }
            to { opacity: 1; transform: translateY(0); }
        }

        .admin-topbar {
            display: flex;
            justify-content: space-between;
            align-items: center;
            padding: 1.5rem 2rem;
            background: var(--card-bg);
            backdrop-filter: blur(10px);
            border: 1px solid var(--border-glow);
            border-radius: 12px;
            margin-bottom: 2rem;
            box-shadow: 0 8px 32px rgba(0, 0, 0, 0.3);
        }

        .topbar-info h1 {
            margin: 0;
            font-size: 1.5rem;
            letter-spacing: 2px;
            text-transform: uppercase;
            background: linear-gradient(90deg, #fff, var(--primary));
            -webkit-background-clip: text;
            -webkit-text-fill-color: transparent;
        }

        .topbar-info p {
            margin: 0.25rem 0 0;
            font-size: 0.85rem;
            color: var(--primary);
            opacity: 0.8;
        }

        .topbar-actions {
            display: flex;
            gap: 1rem;
        }

        .btn-modern {
            padding: 0.6rem 1.2rem;
            border: 1px solid var(--primary);
            background: transparent;
            color: #fff;
            font-family: 'Electrolize', sans-serif;
            font-size: 0.9rem;
            text-transform: uppercase;
            cursor: pointer;
            transition: all 0.3s cubic-bezier(0.4, 0, 0.2, 1);
            border-radius: 4px;
            text-decoration: none;
            display: inline-flex;
            align-items: center;
            justify-content: center;
        }

        .btn-modern:hover {
            background: var(--primary);
            color: var(--bg-dark);
            box-shadow: 0 0 15px var(--primary-glow);
        }

        .btn-modern.danger {
            border-color: var(--danger);
            color: var(--danger);
        }

        .btn-modern.danger:hover {
            background: var(--danger);
            color: #fff;
            box-shadow: 0 0 15px rgba(255, 77, 77, 0.3);
        }

        .nav-tabs { display: flex; gap: 1rem; margin-bottom: 2rem; border-bottom: 1px solid var(--border-glow); padding-bottom: 1rem; }
        .nav-tabs a { text-decoration: none; color: #888; text-transform: uppercase; font-size: 0.9rem; transition: color 0.3s; }
        .nav-tabs a:hover, .nav-tabs a.active { color: var(--primary); }

        .admin-content {
            display: grid;
            grid-template-columns: 1fr 2fr;
            gap: 2rem;
        }

        @media (max-width: 1024px) {
            .admin-content { grid-template-columns: 1fr; }
        }

        .glass-card {
            background: var(--card-bg);
            backdrop-filter: blur(12px);
            border: 1px solid var(--border-glow);
            border-radius: 12px;
            padding: 2rem;
            box-shadow: 0 8px 32px rgba(0, 0, 0, 0.2);
        }

        .glass-card h2 {
            margin-top: 0;
            margin-bottom: 1.5rem;
            font-size: 1.25rem;
            color: var(--primary);
            border-bottom: 1px solid var(--border-glow);
            padding-bottom: 0.75rem;
        }

        .form-group {
            margin-bottom: 1.5rem;
        }

        .form-group label {
            display: block;
            margin-bottom: 0.5rem;
            font-size: 0.85rem;
            color: #aaa;
            text-transform: uppercase;
        }

        .form-control {
            width: 100%;
            padding: 0.8rem 1rem;
            background: rgba(0, 0, 0, 0.3);
            border: 1px solid #444;
            border-radius: 4px;
            color: #fff;
            font-family: 'Electrolize', sans-serif;
            transition: border-color 0.3s;
        }

        .form-control:focus {
            outline: none;
            border-color: var(--primary);
            background: rgba(0, 0, 0, 0.5);
        }

        .modern-table {
            width: 100%;
            border-collapse: separate;
            border-spacing: 0 8px;
        }

        .modern-table th {
            text-align: left;
            padding: 1rem;
            font-size: 0.8rem;
            text-transform: uppercase;
            color: var(--primary);
            opacity: 0.7;
        }

        .modern-table td {
            padding: 1rem;
            background: rgba(255, 255, 255, 0.03);
            border-top: 1px solid rgba(255, 255, 255, 0.05);
            border-bottom: 1px solid rgba(255, 255, 255, 0.05);
        }

        .modern-table td:first-child {
            border-left: 1px solid rgba(255, 255, 255, 0.05);
            border-radius: 8px 0 0 8px;
        }

        .modern-table td:last-child {
            border-right: 1px solid rgba(255, 255, 255, 0.05);
            border-radius: 0 8px 8px 0;
        }

        .modern-table tr:hover td {
            background: rgba(162, 155, 120, 0.05);
        }

        .badge {
            padding: 0.25rem 0.6rem;
            border-radius: 4px;
            font-size: 0.75rem;
            text-transform: uppercase;
        }

        .badge-admin { background: rgba(162, 155, 120, 0.2); color: var(--primary); border: 1px solid var(--primary); }
        .badge-member { background: rgba(255, 255, 255, 0.1); color: #ccc; border: 1px solid #555; }

        .flash {
            padding: 1rem 1.5rem;
            border-radius: 8px;
            margin-bottom: 1.5rem;
            font-size: 0.9rem;
            border-left: 4px solid var(--primary);
            background: rgba(162, 155, 120, 0.1);
        }

        .flash.error { border-color: var(--danger); background: rgba(255, 77, 77, 0.1); color: #ffbaba; }
        .flash.success { border-color: var(--success); background: rgba(0, 255, 136, 0.1); color: #baffda; }

        .row-actions {
            display: flex;
            gap: 0.5rem;
        }

        .btn-mini {
            padding: 0.3rem 0.6rem;
            font-size: 0.75rem;
        }

        .user-id {
            font-family: monospace;
            color: var(--primary);
            font-weight: bold;
        }

        .empty-state {
            padding: 2rem;
            text-align: center;
            color: #666;
            font-style: italic;
        }
    </style>
</head>
<body>
    <div class="admin-layout">
        <header class="admin-topbar">
            <div class="topbar-info">
                <h1>R.E.A.C.T. Core Admin</h1>
                <p>Niveau d'accès : <strong>Administrateur</strong> | Session : <strong><?php echo htmlspecialchars($current_session_user, ENT_QUOTES, 'UTF-8'); ?></strong></p>
            </div>
            <div class="topbar-actions">
                <a href="index.php" class="btn-modern">Retour au site</a>
                <a href="logout.php" class="btn-modern danger">Session End</a>
            </div>
        </header>

        <nav class="nav-tabs">
            <a href="admin.php" class="active">Utilisateurs</a>
            <a href="scwebhook.php">WEBHOOK</a>
            <a href="scnotification.php">NOTIF DISCORD</a>
            <a href="scitems.php">Base d'Objets</a>
            <a href="scstatsitem.php">Stats Item</a>
            <a href="scitemcustom.php">Item Custom</a>
            <a href="scmining.php">Scanner Minage</a>
            <a href="scmanufactures.php">Manufactures</a>
            <a href="scvaisseaux.php">Vaisseaux</a>
            <a href="scpreset.php">Presets Vaisseau</a>
        </nav>

        <?php if ($flash_message !== ''): ?>
            <div class="flash <?php echo htmlspecialchars($flash_type, ENT_QUOTES, 'UTF-8'); ?>">
                <?php echo htmlspecialchars($flash_message, ENT_QUOTES, 'UTF-8'); ?>
            </div>
        <?php endif; ?>

        <?php if ($default_admin_user === 'admin'): ?>
            <div class="flash">
                <strong style="color: var(--primary);">Sécurité critique :</strong> Les identifiants par défaut sont actifs. 
                (<code><?php echo htmlspecialchars($default_admin_user, ENT_QUOTES, 'UTF-8'); ?></code> / <code><?php echo htmlspecialchars($default_admin_password, ENT_QUOTES, 'UTF-8'); ?></code>)
                <br><small>Veuillez modifier ces accès dès maintenant.</small>
            </div>
        <?php endif; ?>

        <main class="admin-content">
            <!-- Form Card -->
            <section class="glass-card">
                <h2><?php echo $edit_cl_auth_id > 0 ? 'Mise à jour sujet' : 'Nouveau sujet'; ?></h2>
                <form method="post" action="admin.php<?php echo $edit_cl_auth_id > 0 ? '?edit=' . $edit_cl_auth_id : ''; ?>">
                    <input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($csrf_token, ENT_QUOTES, 'UTF-8'); ?>">
                    <input type="hidden" name="admin_action" value="<?php echo $edit_cl_auth_id > 0 ? 'update' : 'create'; ?>">
                    <?php if ($edit_cl_auth_id > 0):
                    ?><input type="hidden" name="cl_auth_id" value="<?php echo $edit_cl_auth_id; ?>">
                    <?php endif; ?>

                    <div class="form-group">
                        <label for="cl_auth_user">Identifiant Système</label>
                        <input class="form-control" id="cl_auth_user" name="cl_auth_user" type="text" required value="<?php echo htmlspecialchars($edit_cl_auth_user, ENT_QUOTES, 'UTF-8'); ?>" placeholder="Nom d'utilisateur">
                    </div>

                    <div class="form-group">
                        <label for="cl_auth_pass"><?php echo $edit_cl_auth_id > 0 ? 'Nouveau Secret (vide = inchangé)' : 'Secret d\'accès'; ?></label>
                        <input class="form-control" id="cl_auth_pass" name="cl_auth_pass" type="password" <?php echo $edit_cl_auth_id > 0 ? '' : 'required'; ?> placeholder="••••••••">
                    </div>

                    <div class="form-group">
                        <label for="cl_auth_right">Niveau d'accréditation</label>
                        <select class="form-control" id="cl_auth_right" name="cl_auth_right">
                            <option value="admin" <?php echo $edit_cl_auth_right === 'admin' ? 'selected' : ''; ?>>Admin</option>
                            <option value="member" <?php echo $edit_cl_auth_right === 'member' ? 'selected' : ''; ?>>Membre</option>
                        </select>
                    </div>

                    <div style="display: flex; gap: 10px; margin-top: 2rem;">
                        <button class="btn-modern" style="flex: 2;" type="submit">
                            <?php echo $edit_cl_auth_id > 0 ? 'Appliquer' : 'Initialiser'; ?>
                        </button>
                        <?php if ($edit_cl_auth_id > 0):
                        ?><a class="btn-modern danger" style="flex: 1;" href="admin.php">Annuler</a>
                        <?php endif; ?>
                    </div>
                </form>
            </section>

            <!-- Table Card -->
            <section class="glass-card">
                <h2>Base de données sujets</h2>
                <div style="overflow-x: auto;">
                    <table class="modern-table">
                        <thead>
                            <tr>
                                <th>UID</th>
                                <th>Sujet</th>
                                <th>Accréditation</th>
                                <th style="text-align: right;">Opérations</th>
                            </tr>
                        </thead>
                        <tbody>
                            <?php if (empty($tbl_auth_all)): ?>
                                <tr>
                                    <td colspan="4" class="empty-state">Aucun sujet détecté dans la base.</td>
                                </tr>
                            <?php else:
                            ?><?php foreach ($tbl_auth_all as $tbl_auth):
                            ?><?php
                            $cl_auth_id = (int) $tbl_auth['cl_auth_id'];
                            $cl_auth_user = (string) $tbl_auth['cl_auth_user'];
                            $cl_auth_right = (string) $tbl_auth['cl_auth_right'];
                            ?>
                                    <tr>
                                        <td><span class="user-id">#<?php echo sprintf('%03d', $cl_auth_id); ?></span></td>
                                        <td><strong><?php echo htmlspecialchars($cl_auth_user, ENT_QUOTES, 'UTF-8'); ?></strong></td>
                                        <td>
                                            <span class="badge <?php echo $cl_auth_right === 'admin' ? 'badge-admin' : 'badge-member'; ?>">
                                                <?php echo $cl_auth_right; ?>
                                            </span>
                                        </td>
                                        <td>
                                            <div class="row-actions" style="justify-content: flex-end;">
                                                <a class="btn-modern btn-mini" href="admin.php?edit=<?php echo $cl_auth_id; ?>">Editer</a>
                                                <form method="post" action="admin.php" onsubmit="return confirm('Terminer ce sujet ? Cette action est irréversible.');">
                                                    <input type="hidden" name="csrf_token" value="<?php echo htmlspecialchars($csrf_token, ENT_QUOTES, 'UTF-8'); ?>">
                                                    <input type="hidden" name="admin_action" value="delete">
                                                    <input type="hidden" name="cl_auth_id" value="<?php echo $cl_auth_id; ?>">
                                                    <button class="btn-modern btn-mini danger" type="submit">X</button>
                                                </form>
                                            </div>
                                        </td>
                                    </tr>
                                <?php endforeach;
                            ?><?php endif; ?>
                        </tbody>
                    </table>
                </div>
            </section>
        </main>
    </div>
</body>
</html>