<?php
// add_teacher.php

include('include/headscript.php');
require_once 'class/mailer.php';

$dbHandler = DBHandlerSelect::getInstance();
$pdo = $dbHandler->getConnection();

if (!isset($iduserlogin)) die("Accesso negato.");

$school_id = (int)($_POST['school_id'] ?? 0);

// Recupera scuola per email mittente
$stmt = $pdo->prepare("SELECT name, email FROM schools WHERE id = ?");
$stmt->execute([$school_id]);
$school = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$school) die("Scuola non trovata.");

$first_name      = trim($_POST['first_name'] ?? '');
$last_name       = trim($_POST['last_name'] ?? '');
$email           = trim($_POST['email'] ?? '');
$phone           = trim($_POST['phone'] ?? '');
$description     = trim($_POST['description'] ?? '');
$specializations = trim($_POST['specializations'] ?? '');

// Validazione base
if (empty($first_name) || empty($last_name) || empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) {
    header("Location: teacher_list.php?error=Campi obbligatori mancanti o email non valida");
    exit;
}

// Controlla se email esiste già
$stmt = $pdo->prepare("SELECT id, first_name, last_name FROM auth_users WHERE email = ? LIMIT 1");
$stmt->execute([$email]);
$existing = $stmt->fetch(PDO::FETCH_ASSOC);

if ($existing) {

    // 1) Trova (o crea) la riga in teachers per questo auth_user
    $stmtT = $pdo->prepare("SELECT id FROM teachers WHERE user_id = ? LIMIT 1");
    $stmtT->execute([(int)$existing['id']]);
    $teacherRow = $stmtT->fetch(PDO::FETCH_ASSOC);

    if (!$teacherRow) {
        $unique_code = bin2hex(random_bytes(8));
        $insT = $pdo->prepare("
            INSERT INTO teachers (user_id, unique_code, status, created_by)
            VALUES (?, ?, 'active', ?)
        ");
        $insT->execute([(int)$existing['id'], $unique_code, (int)$iduserlogin]);
        $teacher_id = (int)$pdo->lastInsertId();
    } else {
        $teacher_id = (int)$teacherRow['id'];
    }

    // 2) Crea (o riusa) il link in teacher_schools come pending
    $checkLink = $pdo->prepare("
        SELECT id, status
        FROM teacher_schools
        WHERE teacher_id = ? AND school_id = ?
        LIMIT 1
    ");
    $checkLink->execute([$teacher_id, $school_id]);
    $link = $checkLink->fetch(PDO::FETCH_ASSOC);

    if ($link && $link['status'] === 'active') {
        header("Location: teacher_list.php?error=Insegnante già collegata alla scuola.");
        exit;
    }

    if ($link && $link['status'] === 'pending') {
        $link_id = (int)$link['id'];
    } else {
        $insLink = $pdo->prepare("
            INSERT INTO teacher_schools (teacher_id, school_id, status, created_at, updated_at)
            VALUES (?, ?, 'pending', NOW(), NOW())
        ");
        $insLink->execute([$teacher_id, $school_id]);
        $link_id = (int)$pdo->lastInsertId();
    }

    // Email richiesta collegamento
    $subject = "Richiesta di collegamento alla scuola {$school['name']}";

    // ✅ NON cambio percorso base, aggiungo solo link_id
    $confirmUrl = "http://localhost/yogiboook/public/userarea/confirm_teacher_link.php"
        . "?email=" . urlencode($email)
        . "&school_id={$school_id}"
        . "&link_id={$link_id}";

    $body = "
        <h2>Ciao {$existing['first_name']},</h2>
        <p>Il proprietario della scuola <strong>{$school['name']}</strong> vorrebbe collegarti alla sua struttura su YogiBoook.</p>
        <p>Se accetti, comparirai nelle lezioni a te associate nella scuola.</p>
        <p style='margin:30px 0;'>
            <a href='{$confirmUrl}'
               style='background:#0d6efd; color:white; padding:12px 24px; text-decoration:none; border-radius:6px;'>
                Accetta collegamento
            </a>
        </p>
        <p>Se non riconosci questa richiesta, ignora questa email.</p>
        <p style='color:#666; font-size:0.9em;'>YogiBoook – piattaforma per scuole yoga</p>
    ";

    $result = sendEmail($email, $subject, $body);

    if ($result['success']) {
        header("Location: teacher_list.php?success=Insegnante esistente trovato! Email di richiesta collegamento inviata.");
    } else {
        header("Location: teacher_list.php?error=Insegnante esistente trovato, ma errore invio email: " . urlencode($result['message']));
    }
    exit;
}

// === Nuovo utente ===
$password = password_hash(bin2hex(random_bytes(12)), PASSWORD_DEFAULT);
$stmt = $pdo->prepare("
    INSERT INTO auth_users (email, first_name, last_name, password, role_id, status, created_at)
    VALUES (?, ?, ?, ?, 2, 'active', NOW())
");
$stmt->execute([$email, $first_name, $last_name, $password]);
$user_id = (int)$pdo->lastInsertId();

// Foto profilo (opzionale)
$profile_picture = null;
if (!empty($_FILES['profile_picture']['name']) && $_FILES['profile_picture']['error'] === UPLOAD_ERR_OK) {
    $ext = strtolower(pathinfo($_FILES['profile_picture']['name'], PATHINFO_EXTENSION));
    if (in_array($ext, ['jpg', 'jpeg', 'png', 'gif'])) {
        $new_name = "phototeachers/{$user_id}-" . time() . "-profile.$ext";
        if (move_uploaded_file($_FILES['profile_picture']['tmp_name'], $new_name)) {
            $profile_picture = $new_name;
        }
    }
}

// Crea record teachers
$unique_code = bin2hex(random_bytes(8));
$stmt = $pdo->prepare("
    INSERT INTO teachers 
    (user_id, unique_code, phone, description, specializations, profile_picture, status, created_by)
    VALUES (?, ?, ?, ?, ?, ?, 'active', ?)
");
$stmt->execute([$user_id, $unique_code, $phone ?: null, $description, $specializations, $profile_picture, (int)$iduserlogin]);
$teacher_id = (int)$pdo->lastInsertId();

// Collega alla scuola (nuovo -> active diretto)
$stmt = $pdo->prepare("
    INSERT INTO teacher_schools 
    (teacher_id, school_id, status, created_at, updated_at)
    VALUES (?, ?, 'active', NOW(), NOW())
");
$stmt->execute([$teacher_id, $school_id]);

header("Location: teacher_list.php?success=Insegnante aggiunta con successo!");
exit;