<?php
// logout.php - Enhanced logout with session cleanup
session_start();
include_once 'db.php';

// Get user ID before destroying session
$user_id = $_SESSION['user_id'] ?? null;
$session_id = $_SESSION['session_id'] ?? null;

// Log logout activity
if ($user_id && $session_id && isset($sessionManager)) {
    try {
        $ip_address = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
        $user_agent = $_SERVER['HTTP_USER_AGENT'] ?? 'unknown';
        $sessionManager->logActivity($user_id, 'logout', 'User logged out', $ip_address, $user_agent);
        
        // Deactivate session in database
        if ($db) {
            $query = "UPDATE user_sessions SET is_active = 0 WHERE session_id = :session_id";
            $stmt = $db->prepare($query);
            $stmt->bindParam(":session_id", $session_id);
            $stmt->execute();
        }
    } catch(Exception $e) {
        error_log("Logout error: " . $e->getMessage());
    }
}

// Clear all session variables
$_SESSION = array();

// Destroy the session cookie
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000,
        $params["path"], $params["domain"],
        $params["secure"], $params["httponly"]
    );
}

// Destroy the session
session_destroy();

// Return JSON response
header('Content-Type: application/json');
echo json_encode(array(
    "success" => true, 
    "message" => "Logged out successfully",
    "redirect" => "../index.html"
));
exit;
?>