<?php
// Database connection
include('../../Connections/repnew.php');
// Starts the session to handle session variables
$conn = new mysqli($servername, $username, $password, $database);

// Check the connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// Check if POST request was received
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Array to collect messages about file processing
    $file_messages = [];

    // Receive JSON from the laboratory via a field in the form (e.g., 'json_data')
    if (isset($_POST['json_data'])) {
        $json_data = $_POST['json_data'];

        // Decode JSON for optional validation
        $decoded_data = json_decode($json_data, true);

        // If the JSON is valid
        if (json_last_error() === JSON_ERROR_NONE) {
            // Authenticate using key, secret_key, and reflab
            if (!isset($decoded_data['key']) || !isset($decoded_data['secret_key']) || !isset($decoded_data['reflab'])) {
                echo json_encode([
                    "status" => "error",
                    "message" => "Missing authentication fields (key, secret_key, reflab)."
                ]);
                exit;
            }

            $api_key = $decoded_data['key'];
            $secret_key = $decoded_data['secret_key'];
            $reflab = $decoded_data['reflab'];

            $query = "SELECT * FROM laboratories WHERE reflab = ? AND api_key = ?";
            $stmt = $conn->prepare($query);
            $stmt->bind_param("ss", $reflab, $api_key);
            $stmt->execute();
            $result = $stmt->get_result();

            // Check if a valid laboratory was found with `reflab` and `api_key`
            if ($result->num_rows > 0) {
                $row = $result->fetch_assoc();

                // Verify the status of the laboratory
                if ($row['status'] !== 'active') {
                    echo json_encode([
                        "status" => "error",
                        "message" => "Laboratory is inactive."
                    ]);
                    exit;
                }

                // Verify the secret key using `password_verify`
                if (!password_verify($secret_key, $row['api_secret'])) {
                    echo json_encode([
                        "status" => "error",
                        "message" => "Invalid secret key."
                    ]);
                    exit;
                }
            } else {
                // Check if the `reflab` is valid, but the `api_key` doesn't match
                $query = "SELECT * FROM laboratories WHERE reflab = ?";
                $stmt = $conn->prepare($query);
                $stmt->bind_param("s", $reflab);
                $stmt->execute();
                $result = $stmt->get_result();

                if ($result->num_rows > 0) {
                    echo json_encode([
                        "status" => "error",
                        "message" => "Invalid API key."
                    ]);
                } else {
                    echo json_encode([
                        "status" => "error",
                        "message" => "Invalid reflab."
                    ]);
                }
                exit;
            }

            // Generate a UUID to uniquely identify the record
            $uuid = uniqid(); // Alternatively, use UUID() in MySQL

            // Extract some information from JSON
            if (!isset($decoded_data['product']['products_refnumber'])) {
                echo json_encode([
                    "status" => "error",
                    "message" => "Missing product reference number."
                ]);
                exit;
            }

            $product_refnumber = $decoded_data['product']['products_refnumber']; // Product number
            $report_number = $decoded_data['product']['reports'][0]['reportsNumberLab'] ?? null; // Report number
            $rating = $decoded_data['product']['reports'][0]['reportsRating'] ?? null; // Report rating (e.g., Pass/Fail)
            $saved_at = date("Y-m-d H:i:s"); // Save date

            // Query to insert data into the temp_json_queue table
            $stmt = $conn->prepare("INSERT INTO temp_json_queue (uuid, lab_id, json_data) VALUES (?, ?, ?)");
            $lab_id = 1; // Set lab_id to a fixed value for testing purposes
            $stmt->bind_param("sss", $uuid, $lab_id, $json_data);

            if ($stmt->execute()) {
                // Handle file uploads if they exist
                if (!empty($_FILES)) {
                    include('process_files.php'); // Include file processing logic here

                    // Retrieve any messages added in process_files.php for files
                    if (!empty($GLOBALS['file_messages'])) {
                        $file_messages = $GLOBALS['file_messages'];
                    }
                }

                // Set a session variable to notify the report import
                $_SESSION['new_report'] = [
                    'report_number' => $report_number,
                    'rating' => $rating,
                    'timestamp' => time()  // You can use a timestamp to manage the expiration of the notification
                ];

                echo json_encode([
                    "status" => "success",
                    "message" => "Data successfully saved.",
                    "uuid" => $uuid,
                    "product_refnumber" => $product_refnumber,  // Product number
                    "report_number" => $report_number,  // Report number
                    "rating" => $rating,  // Report rating
                    "saved_at" => $saved_at,  // Save date
                    "file_messages" => $file_messages  // Include file messages
                ]);
            } else {
                echo json_encode([
                    "status" => "error",
                    "message" => "Failed to save data."
                ]);
            }

            $stmt->close();
        } else {
            // If the JSON is invalid
            echo json_encode([
                "status" => "error",
                "message" => "Invalid JSON format."
            ]);
        }
    } else {
        echo json_encode([
            "status" => "error",
            "message" => "Missing JSON data."
        ]);
    }
} else {
    echo json_encode([
        "status" => "error",
        "message" => "Invalid request method."
    ]);
}

// Close the database connection
$conn->close();