<?php
require_once __DIR__ . '/../helpers.php';
runAuth();

try {
    $data = readJsonBody();
    $tabID = (int) ($data['TabID'] ?? 0);
    $ownerUserID = (int) ($data['OwnerUserID'] ?? 0);
    $targetUserID = (int) ($data['TargetUserID'] ?? 0);

    if ($tabID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_TabID']);
    if ($ownerUserID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_OwnerUserID']);
    if ($targetUserID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_TargetUserID']);

    $qTab = queryOne("SELECT OwnerUserID, StatusID FROM Tabs WHERE ID = ? LIMIT 1", [$tabID]);
    if (!$qTab) apiAbort(['OK' => false, 'ERROR' => 'tab_not_found']);
    if ((int) $qTab['StatusID'] !== 1) apiAbort(['OK' => false, 'ERROR' => 'tab_not_open']);
    if ((int) $qTab['OwnerUserID'] !== $ownerUserID) apiAbort(['OK' => false, 'ERROR' => 'not_owner']);
    if ($targetUserID === $ownerUserID) apiAbort(['OK' => false, 'ERROR' => 'cannot_remove_self']);

    // Reject pending orders from this member
    queryTimed("UPDATE TabOrders SET ApprovalStatus = 'rejected' WHERE TabID = ? AND UserID = ? AND ApprovalStatus = 'pending'",
        [$tabID, $targetUserID]);

    queryTimed("UPDATE TabMembers SET StatusID = 2, LeftOn = NOW() WHERE TabID = ? AND UserID = ? AND StatusID = 1",
        [$tabID, $targetUserID]);

    jsonResponse(['OK' => true]);

} catch (Exception $e) {
    jsonResponse(['OK' => false, 'ERROR' => 'server_error', 'MESSAGE' => $e->getMessage()]);
}