<?php

namespace Vanguard\Http\Controllers\Web\Auth;

use Auth;
use Illuminate\Contracts\Auth\Authenticatable as BaseAuthenticatable;
use Illuminate\Contracts\View\View;
use Illuminate\Http\RedirectResponse;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Vanguard\Events\User\LoggedIn;
use Vanguard\Events\User\LoggedOut;
use Vanguard\Http\Controllers\Controller;
use Vanguard\Http\Requests\Auth\LoginRequest;
use Vanguard\Repositories\Session\SessionRepository;
use Vanguard\Repositories\User\UserRepository;
use Vanguard\Services\Auth\ThrottlesLogins;
use Vanguard\User;
use Vanguard\Models\School;

class LoginController extends Controller
{
    use ThrottlesLogins;

    public function __construct(private readonly UserRepository $users)
    {
        $this->middleware('guest')->except('logout');
        $this->middleware('auth')->only('logout');
    }

    /**
     * Show the application login form.
     */
    public function show($school = null): View
    {
        // Debug: aggiungiamo un log per verificare se arriviamo qui
        \Log::info('LoginController::show chiamato con school = ' . ($school ?? 'null'));

        // Cerca la scuola in base allo slug
        $schoolData = null;
        if ($school) {
            $schoolData = School::where('slug', $school)->first();
        }

        return view('auth.login', [
            'socialProviders' => config('auth.social.providers'),
            'school_slug' => $school,
            'school_logo' => $schoolData ? $schoolData->logo : null,
        ]);
    }

    public function login(LoginRequest $request, SessionRepository $sessions): Response|RedirectResponse
    {
        // Debug: aggiungiamo un log per verificare se arriviamo qui
        \Log::info('LoginController::login chiamato con input: ' . json_encode($request->all()));

        // In case that request throttling is enabled, we have to check if user can perform this request.
        $throttles = (bool) setting('throttle_enabled');

        // Redirect URL that can be passed as hidden field.
        $to = $request->has('to') ? '?to=' . $request->get('to') : '';

        if ($throttles && $this->hasTooManyLoginAttempts($request)) {
            return $this->sendLockoutResponse($request);
        }

        // Validazione del campo school
        $schoolSlug = $request->input('school');

        if ($schoolSlug) {
            $school = School::where('slug', $schoolSlug)->first();

            if ($school) {
                // Se presente e valida → salva in sessione
                $request->session()->put('school_id', $school->id);
            }
            // ⚠️ se non esiste → NON blocchiamo il login
        }
        // ⚠️ se è vuota → NON facciamo nulla


        $credentials = $request->getCredentials();

        if (! Auth::validate($credentials)) {
            if ($throttles) {
                $this->incrementLoginAttempts($request);
            }

            return redirect()->to('login' . $to)
                ->withErrors(trans('auth.failed'));
        }

        $user = Auth::getProvider()->retrieveByCredentials($credentials);

        if ($user->isBanned()) {
            return redirect()->to('login' . $to)
                ->withErrors(trans('auth.banned'));
        }

        $maxSessions = setting('max_active_sessions');
        if ($maxSessions && $sessions->getActiveSessionsCount($user->id) >= $maxSessions) {
            return redirect()->to('login' . $to)
                ->withErrors(trans('auth.max_sessions_reached'));
        }

        Auth::login($user, setting('remember_me') && $request->get('remember'));

        return $this->authenticated($request, $throttles, $user);
    }

    /**
     * Send the response after the user was authenticated.
     */
    protected function authenticated(
        Request $request,
        bool $throttles,
        BaseAuthenticatable $user,
    ): Response|RedirectResponse {
        if ($throttles) {
            $this->clearLoginAttempts($request);
        }

        // Redirezione basata sul ruolo
        if ($user->hasRole('Admin')) {
            return redirect()->to('userarea/admin.php');
        } elseif ($user->hasRole('User')) {
            return redirect()->to('userarea/select_school.php');
        } elseif ($user->hasRole('teacher')) {
            return redirect()->to('userarea/teacher.php');
        } elseif ($user->hasRole('school_owner')) {
            return redirect()->to('userarea/school_dashboard.php');
        }

        return redirect()->intended('userarea/default.php');
    }

    protected function logoutAndRedirectToTokenPage(Request $request, $user, ?string $redirectPage): RedirectResponse
    {
        Auth::logout();

        $request->session()->put('auth.2fa.id', $user->id);

        if ($redirectPage) {
            $request->session()->put('auth.redirect_to', $redirectPage);
        }

        return redirect()->route('auth.token');
    }

    /**
     * Log the user out of the application.
     */


    public function logout(Request $request): RedirectResponse
    {
        event(new LoggedOut);

        // 1) Logout Laravel
        Auth::logout();

        // 2) Pulisci + invalida session Laravel (NON solo forget)
        $request->session()->forget(['school_id', 'school_name', 'school_selected']);
        $request->session()->invalidate();
        $request->session()->regenerateToken();

        // 3) Pulisci anche la session PHP nativa usata in userarea (PHPSESSID)
        if (session_status() !== PHP_SESSION_ACTIVE) {
            @session_start();
        }

        unset(
            $_SESSION['school_id'],
            $_SESSION['school_name'],
            $_SESSION['school_selected']
        );

        // Se vuoi essere ancora più “definitivo”, distruggi tutta la PHP session:
        $_SESSION = [];

        if (ini_get('session.use_cookies')) {
            $params = session_get_cookie_params();
            setcookie(
                session_name(),
                '',
                time() - 42000,
                $params['path'],
                $params['domain'],
                $params['secure'],
                $params['httponly']
            );
        }
        @session_destroy();

        return redirect('login');
    }
}