<?php
require_once(__DIR__ . '/class/db-functions.php');
include('../../extra/auth.php');

if (!Auth::check()) {
    redirectTo('../public/login');
}

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    header('Location: user-profile.php');
    exit;
}

$user = Auth::user();
$id = isset($_POST['iduserlogin']) ? (int)$_POST['iduserlogin'] : 0;

$first_name = trim($_POST['first_name'] ?? '');
$last_name = trim($_POST['last_name'] ?? '');
$email = trim($_POST['email'] ?? '');
$password = trim($_POST['password'] ?? '');

$lims_user_id = isset($_POST['lims_user_id']) && $_POST['lims_user_id'] !== ''
    ? (int)$_POST['lims_user_id']
    : null;

$lims_global_user_id = isset($_POST['lims_global_user_id']) && $_POST['lims_global_user_id'] !== ''
    ? (int)$_POST['lims_global_user_id']
    : null;

if ($id <= 0) {
    die('Invalid user ID');
}

$db = DBHandlerSelect::getInstance()->getConnection();

// Current avatar
$avatar = $user->present()->avatar;

// Avatar upload
if (isset($_FILES['avatar']) && $_FILES['avatar']['error'] === UPLOAD_ERR_OK) {
    $originalName = basename($_FILES['avatar']['name']);
    $safeName = preg_replace('/[^A-Za-z0-9_\.-]/', '_', $originalName);
    $avatar = time() . '_' . $safeName;

    $uploadDir = __DIR__ . '/../../public/upload/users/';
    if (!is_dir($uploadDir)) {
        mkdir($uploadDir, 0755, true);
    }

    move_uploaded_file($_FILES['avatar']['tmp_name'], $uploadDir . $avatar);
}

// Update main user data
$sql = "UPDATE auth_users 
        SET first_name = ?, 
            last_name = ?, 
            email = ?, 
            avatar = ?, 
            lims_user_id = ?, 
            lims_global_user_id = ?
        WHERE id = ?";
$stmt = $db->prepare($sql);
$stmt->execute([
    $first_name,
    $last_name,
    $email,
    $avatar,
    $lims_user_id,
    $lims_global_user_id,
    $id
]);

// Update password only if provided
if ($password !== '') {
    $hashedPassword = password_hash($password, PASSWORD_BCRYPT);

    $sql = "UPDATE auth_users SET password = ? WHERE id = ?";
    $stmt = $db->prepare($sql);
    $stmt->execute([$hashedPassword, $id]);
}

// Update session
if (session_status() === PHP_SESSION_NONE) {
    session_start();
}

$_SESSION["nameuser"] = $first_name;
$_SESSION["surnameuser"] = $last_name;
$_SESSION["emailuser"] = $email;
$_SESSION["photouser"] = $avatar;

header('Location: user-profile.php');
exit;