<?php
// Database connection
include('../../Connections/repnew.php');
// Starts the session to handle session variables
$conn = new mysqli($servername, $username, $password, $database);

// Check the connection
if ($conn->connect_error) {
    die("Connection failed: " . $conn->connect_error);
}

// Check if JSON was received via POST
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Receive JSON from the laboratory
    $json_data = file_get_contents('php://input');

    // Decode JSON for optional validation
    $decoded_data = json_decode($json_data, true);

    // If the JSON is valid
    if (json_last_error() === JSON_ERROR_NONE) {
        // Authenticate using key, secret_key, and reflab
        if (!isset($decoded_data['key']) || !isset($decoded_data['secret_key']) || !isset($decoded_data['reflab'])) {
            echo json_encode([
                "status" => "error",
                "message" => "Missing authentication fields (key, secret_key, reflab)."
            ]);
            exit;
        }

        $api_key = $decoded_data['key'];
        $secret_key = $decoded_data['secret_key'];
        $reflab = $decoded_data['reflab'];

        $query = "SELECT * FROM laboratories WHERE reflab = ? AND api_key = ?";
        $stmt = $conn->prepare($query);
        $stmt->bind_param("ss", $reflab, $api_key);
        $stmt->execute();
        $result = $stmt->get_result();

        // Controllo se un laboratorio valido è stato trovato con `reflab` e `api_key`
        if ($result->num_rows > 0) {
            $row = $result->fetch_assoc();

            // Verifica lo stato del laboratorio
            if ($row['status'] !== 'active') {
                echo json_encode([
                    "status" => "error",
                    "message" => "Laboratory is inactive."
                ]);
                exit;
            }

            // Verifica la chiave segreta utilizzando `password_verify`
            if (!password_verify($secret_key, $row['api_secret'])) {
                echo json_encode([
                    "status" => "error",
                    "message" => "Invalid secret key."
                ]);
                exit;
            }
        } else {
            // Verifica se il `reflab` è valido, ma l'`api_key` non corrisponde
            $query = "SELECT * FROM laboratories WHERE reflab = ?";
            $stmt = $conn->prepare($query);
            $stmt->bind_param("s", $reflab);
            $stmt->execute();
            $result = $stmt->get_result();

            if ($result->num_rows > 0) {
                echo json_encode([
                    "status" => "error",
                    "message" => "Invalid API key."
                ]);
            } else {
                echo json_encode([
                    "status" => "error",
                    "message" => "Invalid reflab."
                ]);
            }
            exit;
        }


        // Generate a UUID to uniquely identify the record
        $uuid = uniqid(); // Alternatively, use UUID() in MySQL

        // Extract some information from JSON
        if (!isset($decoded_data['product']['products_refnumber'])) {
            echo json_encode([
                "status" => "error",
                "message" => "Missing product reference number."
            ]);
            exit;
        }

        $product_refnumber = $decoded_data['product']['products_refnumber']; // Product number
        $report_number = $decoded_data['product']['reports'][0]['reportsNumberLab'] ?? null; // Report number
        $rating = $decoded_data['product']['reports'][0]['reportsRating'] ?? null; // Report rating (e.g., Pass/Fail)
        $saved_at = date("Y-m-d H:i:s"); // Save date

        // Query to insert data into the temp_json_queue table
        $stmt = $conn->prepare("INSERT INTO temp_json_queue (uuid, lab_id, json_data) VALUES (?, ?, ?)");
        $lab_id = 1; // Set lab_id to a fixed value for testing purposes
        $stmt->bind_param("sss", $uuid, $lab_id, $json_data);

        if ($stmt->execute()) {
            // Set a session variable to notify the report import
            $_SESSION['new_report'] = [
                'report_number' => $report_number,
                'rating' => $rating,
                'timestamp' => time()  // You can use a timestamp to manage the expiration of the notification
            ];

            echo json_encode([
                "status" => "success",
                "message" => "Data successfully saved.",
                "uuid" => $uuid,
                "product_refnumber" => $product_refnumber,  // Product number
                "report_number" => $report_number,  // Report number
                "rating" => $rating,  // Report rating
                "saved_at" => $saved_at  // Save date
            ]);
        } else {
            echo json_encode([
                "status" => "error",
                "message" => "Failed to save data."
            ]);
        }

        $stmt->close();
    } else {
        // If the JSON is invalid
        echo json_encode([
            "status" => "error",
            "message" => "Invalid JSON format."
        ]);
    }
} else {
    echo json_encode([
        "status" => "error",
        "message" => "Invalid request method."
    ]);
}

// Close the database connection
$conn->close();