<?php
require_once(__DIR__ . '/../hr_auth_check.php');

header('Content-Type: application/json');

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(405);
    echo json_encode(['success' => false, 'message' => 'Metodo non consentito.']);
    exit;
}

$pdo = DBHandlerSelect::getInstance()->getConnection();

$employeeId = (int)($_POST['employee_id'] ?? 0);
$category   = trim($_POST['category'] ?? 'other');
$notes      = trim($_POST['notes'] ?? '');

$allowedCategories = ['job_description', 'contract', 'rules', 'other'];
if (!in_array($category, $allowedCategories, true)) {
    $category = 'other';
}

if ($employeeId <= 0) {
    echo json_encode(['success' => false, 'message' => 'ID dipendente non valido.']);
    exit;
}

$check = $pdo->prepare("SELECT COUNT(*) FROM employees WHERE id = :id");
$check->execute(['id' => $employeeId]);
if ((int)$check->fetchColumn() === 0) {
    echo json_encode(['success' => false, 'message' => 'Dipendente non trovato.']);
    exit;
}

if (empty($_FILES['file']) || $_FILES['file']['error'] !== UPLOAD_ERR_OK) {
    $errCode = $_FILES['file']['error'] ?? -1;
    $msg = 'Errore nel caricamento del file.';
    if ($errCode === UPLOAD_ERR_INI_SIZE || $errCode === UPLOAD_ERR_FORM_SIZE) {
        $msg = 'Il file supera la dimensione massima consentita.';
    }
    echo json_encode(['success' => false, 'message' => $msg]);
    exit;
}

$originalName = $_FILES['file']['name'];
$tmpPath      = $_FILES['file']['tmp_name'];
$size         = (int)$_FILES['file']['size'];
$mimeType     = mime_content_type($tmpPath) ?: ($_FILES['file']['type'] ?? null);

$dir = __DIR__ . '/../../files/employees/' . $employeeId . '/documents';
if (!is_dir($dir)) {
    if (!mkdir($dir, 0775, true) && !is_dir($dir)) {
        echo json_encode(['success' => false, 'message' => 'Impossibile creare la cartella di destinazione.']);
        exit;
    }
}

$safeOriginal = preg_replace('/[^a-zA-Z0-9._-]/', '_', $originalName);
$storedName   = uniqid('doc_') . '_' . $safeOriginal;
$destPath     = $dir . '/' . $storedName;

if (!move_uploaded_file($tmpPath, $destPath)) {
    echo json_encode(['success' => false, 'message' => 'Impossibile salvare il file su disco.']);
    exit;
}

try {
    $stmt = $pdo->prepare("
        INSERT INTO employee_documents
            (employee_id, category, original_name, stored_name, mime_type, size, notes, uploaded_by, created_at)
        VALUES
            (:employee_id, :category, :original_name, :stored_name, :mime_type, :size, :notes, :uploaded_by, NOW())
    ");
    $stmt->execute([
        'employee_id'   => $employeeId,
        'category'      => $category,
        'original_name' => $originalName,
        'stored_name'   => $storedName,
        'mime_type'     => $mimeType,
        'size'          => $size,
        'notes'         => $notes !== '' ? $notes : null,
        'uploaded_by'   => $currentUserId,
    ]);

    echo json_encode(['success' => true, 'id' => (int)$pdo->lastInsertId()]);
} catch (Exception $e) {
    @unlink($destPath);
    echo json_encode(['success' => false, 'message' => $e->getMessage()]);
}