use Slim\Factory\AppFactory;
use Slim\Psr7\Response;
use Psr\Http\Message\ServerRequestInterface;

require __DIR__ . '/../vendor/autoload.php';
session_start();

$app = AppFactory::create();
$app->addRoutingMiddleware();
$app->addBodyParsingMiddleware();
$app->addErrorMiddleware(true, true, true);

$app->post('/auth/login', function (ServerRequestInterface $request, Response $response) {
    $data = $request->getParsedBody();
    $email = $data['email'] ?? '';
    $password = $data['password'] ?? '';

    $pdo = new PDO("mysql:host=localhost;dbname=bsr_dc;charset=utf8mb4", "bsr_dbad", "4MpG3p9sUAnmhuS");
    $stmt = $pdo->prepare("SELECT * FROM users WHERE email = ?");
    $stmt->execute([$email]);
    $user = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($user && password_verify($password, $user['password_hash'])) {
        $_SESSION['user'] = [
            'id' => $user['id'],
            'first_name' => $user['first_name'],
            'last_name' => $user['last_name'],
            'role' => $user['role'],
            'email' => $user['email']
        ];
        $response->getBody()->write(json_encode(['status' => 'ok']));
        return $response->withHeader('Content-Type', 'application/json');
    } else {
        $response->getBody()->write(json_encode([
            'status' => 'error',
            'message' => 'Invalid credentials'
        ]));
        return $response->withStatus(401)->withHeader('Content-Type', 'application/json');
    }
});

$app->get('/auth/me', function (ServerRequestInterface $request, Response $response) {
    if (isset($_SESSION['user'])) {
        $response->getBody()->write(json_encode($_SESSION['user']));
        return $response->withHeader('Content-Type', 'application/json');
    } else {
        $response->getBody()->write(json_encode([
            'status' => 'error',
            'message' => 'Not logged in'
        ]));
        return $response->withStatus(401)->withHeader('Content-Type', 'application/json');
    }
});

$app->post('/auth/logout', function (ServerRequestInterface $request, Response $response) {
    session_destroy();
    $response->getBody()->write(json_encode(['status' => 'ok']));
    return $response->withHeader('Content-Type', 'application/json');
});

// Upload route
$app->post('/api/upload', function (ServerRequestInterface $request, Response $response) {
    $uploadedFiles = $request->getUploadedFiles();
    $campaignName = $_POST['campaignName'] ?? 'Unnamed';

    if (!isset($uploadedFiles['csvFile'])) {
        $response->getBody()->write("No file uploaded");
        return $response->withStatus(400);
    }

    $csvFile = $uploadedFiles['csvFile'];
    if ($csvFile->getError() !== UPLOAD_ERR_OK) {
        $response->getBody()->write("File upload failed");
        return $response->withStatus(500);
    }

    $csvContent = $csvFile->getStream()->getContents();
    $lines = explode("\n", $csvContent);
    $pdo = new PDO("mysql:host=localhost;dbname=bsr_dc;charset=utf8mb4", "bsr_dbad", "4MpG3p9sUAnmhuS");

    $stmt = $pdo->prepare("INSERT INTO campaigns (name) VALUES (?)");
    $stmt->execute([$campaignName]);
    $campaignId = $pdo->lastInsertId();

    $insert = $pdo->prepare("INSERT INTO call_entries (campaign_id, name, phone) VALUES (?, ?, ?)");

    foreach ($lines as $line) {
        $fields = str_getcsv($line);
        if (count($fields) >= 2) {
            $insert->execute([$campaignId, $fields[0], $fields[1]]);
        }
    }

    $response->getBody()->write("Upload successful");
    return $response;
});

$app->run();