<?php
require_once(__DIR__ . '/class/db-functions.php');
include('../../extra/auth.php');

if (!Auth::check()) {
    redirectTo('../public/login');
}

$user = Auth::user();
$id = $_POST['iduserlogin'];

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $first_name = $_POST['first_name'];
    $last_name = $_POST['last_name'];
    $email = $_POST['email'];
    $password = $_POST['password'] ?: null;

    $db = DBHandlerSelect::getInstance()->getConnection();

    // Gestione avatar
    $avatar = $user->present()->avatar;
    if (isset($_FILES['avatar']) && $_FILES['avatar']['error'] === UPLOAD_ERR_OK) {
        $avatar = time() . '_' . basename($_FILES['avatar']['name']);
        $uploadDir = __DIR__ . '/../../public/upload/users/';
        if (!is_dir($uploadDir)) {
            mkdir($uploadDir, 0755, true);
        }
        move_uploaded_file($_FILES['avatar']['tmp_name'], $uploadDir . $avatar);
    }

    // Aggiornamento dati
    $sql = "UPDATE auth_users SET first_name = ?, last_name = ?, email = ?, avatar = ? WHERE id = ?";
    $stmt = $db->prepare($sql);
    $stmt->execute([$first_name, $last_name, $email, $avatar, $id]);

    // Aggiornamento password se fornita
    if ($password) {
        $hashedPassword = password_hash($password, PASSWORD_BCRYPT);
        $sql = "UPDATE auth_users SET password = ? WHERE id = ?";
        $stmt = $db->prepare($sql);
        $stmt->execute([$hashedPassword, $id]);
    }

    // Aggiorna la sessione con i nuovi dati
    $_SESSION["nameuser"] = $first_name;
    $_SESSION["surnameuser"] = $last_name;
    $_SESSION["emailuser"] = $email;
    $_SESSION["photouser"] = $avatar;

    header('Location: user-profile.php');
    exit;
}