<?php
include('../include/headscript.php');
include('../class/company.php');
$conn = new mysqli($servername, $username, $password, $database);

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $name = $_POST['name'];
    $country = $_POST['country'];

    // Generate unique reflab (1 letter followed by 5 digits)
    do {
        $reflab = chr(rand(65, 90)) . str_pad(rand(0, 99999), 5, '0', STR_PAD_LEFT);
        $check_query = $conn->prepare("SELECT idlab FROM laboratories WHERE reflab = ?");
        $check_query->bind_param("s", $reflab);
        $check_query->execute();
        $check_query->store_result();
    } while ($check_query->num_rows > 0);
    $check_query->close();

    // Generate API Key and Secret Key
    $api_key = bin2hex(random_bytes(16));
    $api_secret = bin2hex(random_bytes(16));

    // Hash secret key before saving
    $hashed_secret = password_hash($api_secret, PASSWORD_BCRYPT);

    $stmt = $conn->prepare("INSERT INTO laboratories (name, reflab, country, api_key, api_secret) VALUES (?, ?, ?, ?, ?)");
    $stmt->bind_param("sssss", $name, $reflab, $country, $api_key, $hashed_secret);

    if ($stmt->execute()) {
        // Show API Key, Secret Key, and Reflab to the user
        echo json_encode(["status" => "success", "message" => "Laboratory added successfully.", "reflab" => $reflab, "api_key" => $api_key, "api_secret" => $api_secret]);
    } else {
        echo json_encode(["status" => "error", "message" => "Failed to add laboratory."]);
    }
    $stmt->close();
}
$conn->close();