<?php
require_once __DIR__ . '/../includes/app.php';
require_permission('settings', 'edit');

$user = current_user();
if (!in_array($user['role'], ['owner', 'manager'])) {
    set_flash('danger', tr('غير مصرح لك.', 'Unauthorized.'));
    redirect_to('../index.php');
    exit;
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $isAjax = strtolower((string) ($_SERVER['HTTP_X_REQUESTED_WITH'] ?? '')) === 'xmlhttprequest';
    $respond = static function (bool $success, string $type, string $message, ?string $redirect = null) use ($isAjax): void {
        if ($isAjax) {
            header('Content-Type: application/json; charset=UTF-8');
            echo json_encode([
                'success' => $success,
                'type' => $type,
                'message' => $message,
                'redirect' => $redirect,
            ], JSON_UNESCAPED_UNICODE | JSON_UNESCAPED_SLASHES);
            exit;
        }

        set_flash($type, $message);
        header('Location: ' . ($redirect ?: '../index.php'));
        exit;
    };
    $redirectBack = static function (): string {
        $referer = $_SERVER['HTTP_REFERER'] ?? '../index.php';
        $returnModal = trim((string) ($_POST['return_modal'] ?? ''));
        if ($returnModal === 'wablas') {
            return append_query_params($referer, ['open_modal' => 'wablas']);
        }
        return $referer;
    };
    $pdo = db();
    $keys = [
        'timezone', 'company_name_ar', 'company_name_en', 'vat_percentage', 
        'company_vat_number', 'company_phone', 'company_email', 'company_address',
        'wablas_enabled', 'wablas_token', 'wablas_secret_key', 'wablas_api_url',
        'wablas_invoice_recipients', 'wablas_report_recipients',
        'wablas_daily_auto_send', 'wablas_daily_auto_time', 'wablas_daily_auto_last_date',
        'wablas_template_invoice', 'wablas_template_daily_report',
        'wablas_template_created', 'wablas_template_pending', 'wablas_template_accepted', 'wablas_template_completed', 'wablas_template_rejected',
        'smtp_host', 'smtp_port', 'smtp_user', 'smtp_pass', 'smtp_secure', 'mail_from', 'mail_from_name',
        'thawani_enabled', 'thawani_mode', 'thawani_publishable_key', 'thawani_secret_key', 'thawani_success_url', 'thawani_cancel_url',
        'privacy_policy_content', 'terms_conditions_content'
    ];

    $stmt = $pdo->prepare("INSERT INTO settings (setting_key, setting_value) VALUES (?, ?) ON DUPLICATE KEY UPDATE setting_value = VALUES(setting_value)");

    $companyPhone = trim((string) ($_POST['company_phone'] ?? ''));
    if ($companyPhone !== '') {
        $companyPhone = normalize_oman_phone($companyPhone);
        if ($companyPhone === '') {
            $respond(false, 'danger', tr('رقم هاتف الشركة يجب أن يكون عمانياً من 8 خانات.', 'Company phone must be an 8-digit Oman number.'), $redirectBack());
        }
        $_POST['company_phone'] = $companyPhone;
    }

    foreach (['wablas_invoice_recipients', 'wablas_report_recipients'] as $phoneListKey) {
        $parsed = wablas_parse_phone_list((string) ($_POST[$phoneListKey] ?? ''));
        if (!empty($parsed['invalid'])) {
            $respond(false, 'danger', tr('يوجد رقم واتساب غير صالح في الحقل.', 'There is an invalid WhatsApp number in the field.') . ' ' . implode(', ', $parsed['invalid']), $redirectBack());
        }
        $_POST[$phoneListKey] = implode(',', $parsed['phones']);
    }

    $_POST['wablas_daily_auto_time'] = wablas_format_time_setting((string) ($_POST['wablas_daily_auto_time'] ?? '21:00'));
    if (!isset($_POST['wablas_daily_auto_send'])) {
        $_POST['wablas_daily_auto_send'] = '0';
    }
    if (!isset($_POST['thawani_enabled'])) {
        $_POST['thawani_enabled'] = '0';
    }
    $thawaniMode = strtolower(trim((string) ($_POST['thawani_mode'] ?? 'sandbox')));
    $_POST['thawani_mode'] = in_array($thawaniMode, ['sandbox', 'live'], true) ? $thawaniMode : 'sandbox';
    unset($_POST['wablas_daily_auto_last_date']);

    foreach ($keys as $key) {
        if (isset($_POST[$key])) {
            $value = is_string($_POST[$key]) ? trim($_POST[$key]) : $_POST[$key];
            $stmt->execute([$key, $value]);
        }
    }

    // Handle logo upload
    $uploadDir = __DIR__ . '/../assets/images/';
    if (!is_dir($uploadDir)) {
        mkdir($uploadDir, 0777, true);
    }

    if (isset($_FILES['company_logo']) && $_FILES['company_logo']['error'] === UPLOAD_ERR_OK) {
        $ext = pathinfo($_FILES['company_logo']['name'], PATHINFO_EXTENSION);
        $filename = 'logo_' . time() . '.' . $ext;
        if (move_uploaded_file($_FILES['company_logo']['tmp_name'], $uploadDir . $filename)) {
            $stmt->execute(['company_logo', 'assets/images/' . $filename]);
        }
    }

    // Handle favicon upload
    if (isset($_FILES['company_favicon']) && $_FILES['company_favicon']['error'] === UPLOAD_ERR_OK) {
        $ext = pathinfo($_FILES['company_favicon']['name'], PATHINFO_EXTENSION);
        $filename = 'favicon_' . time() . '.' . $ext;
        if (move_uploaded_file($_FILES['company_favicon']['tmp_name'], $uploadDir . $filename)) {
            $stmt->execute(['company_favicon', 'assets/images/' . $filename]);
        }
    }

    $respond(true, 'success', tr('تم حفظ الإعدادات بنجاح.', 'Settings saved successfully.'), $redirectBack());
}