<?php
require_once __DIR__ . '/../helpers.php';
runAuth();

/*
  User Profile API
  GET: Returns current user's profile info
  POST: Updates profile (firstName, lastName)
*/

global $userId;

if ($userId <= 0) {
    apiAbort(['OK' => false, 'ERROR' => 'not_logged_in', 'MESSAGE' => 'Authentication required']);
}

// GET — return profile
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $user = queryOne(
        "SELECT ID, FirstName, LastName, EmailAddress, ContactNumber, ImageExtension, Balance
         FROM Users WHERE ID = ? LIMIT 1",
        [$userId]
    );

    if (!$user) {
        apiAbort(['OK' => false, 'ERROR' => 'user_not_found', 'MESSAGE' => 'User not found']);
    }

    $avatarUrl = '';
    if (!empty(trim($user['ImageExtension'] ?? ''))) {
        $avatarUrl = baseUrl() . '/uploads/users/' . $user['ID'] . '.' . $user['ImageExtension'] . '?t=' . time();
    }

    jsonResponse([
        'OK'   => true,
        'USER' => [
            'UserID'    => (int) $user['ID'],
            'FirstName' => $user['FirstName'] ?? '',
            'LastName'  => $user['LastName'] ?? '',
            'Email'     => $user['EmailAddress'] ?? '',
            'Phone'     => $user['ContactNumber'] ?? '',
            'AvatarUrl' => $avatarUrl,
            'Balance'   => (float) ($user['Balance'] ?? 0),
        ],
    ]);
}

// POST — update profile
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $data = readJsonBody();

    $sets = [];
    $params = [];

    if (isset($data['firstName'])) {
        $sets[] = 'FirstName = ?';
        $params[] = $data['firstName'];
    }
    if (isset($data['lastName'])) {
        $sets[] = 'LastName = ?';
        $params[] = $data['lastName'];
    }

    if (empty($sets)) {
        apiAbort(['OK' => false, 'ERROR' => 'no_changes', 'MESSAGE' => 'No fields to update']);
    }

    $params[] = $userId;
    queryTimed("UPDATE Users SET " . implode(', ', $sets) . " WHERE ID = ?", $params);

    // Return updated profile
    $user = queryOne(
        "SELECT ID, FirstName, LastName, EmailAddress, ContactNumber, ImageExtension
         FROM Users WHERE ID = ? LIMIT 1",
        [$userId]
    );

    $avatarUrl = '';
    if (!empty(trim($user['ImageExtension'] ?? ''))) {
        $avatarUrl = baseUrl() . '/uploads/users/' . $user['ID'] . '.' . $user['ImageExtension'] . '?t=' . time();
    }

    jsonResponse([
        'OK'      => true,
        'MESSAGE' => 'Profile updated',
        'USER'    => [
            'UserID'    => (int) $user['ID'],
            'FirstName' => $user['FirstName'] ?? '',
            'LastName'  => $user['LastName'] ?? '',
            'Email'     => $user['EmailAddress'] ?? '',
            'Phone'     => $user['ContactNumber'] ?? '',
            'AvatarUrl' => $avatarUrl,
        ],
    ]);
}

apiAbort(['OK' => false, 'ERROR' => 'bad_method', 'MESSAGE' => 'Use GET or POST']);