<?php
// signup.php - Enhanced user registration with session tracking
session_start();
include_once 'db.php';

// Check if database connection is available
if (!$db) {
    http_response_code(503);
    echo json_encode(array("success" => false, "message" => "Service temporarily unavailable."));
    exit;
}

// Get posted data
$input = file_get_contents("php://input");
$data = json_decode($input);

if (json_last_error() !== JSON_ERROR_NONE) {
    http_response_code(400);
    echo json_encode(array("success" => false, "message" => "Invalid JSON data."));
    exit;
}

// Check if data is not empty
if (
    !empty($data->username) &&
    !empty($data->email) &&
    !empty($data->country) &&
    !empty($data->phone) &&
    !empty($data->password) &&
    !empty($data->confirm_password)
) {
    // Validate input
    if ($data->password !== $data->confirm_password) {
        http_response_code(400);
        echo json_encode(array("success" => false, "message" => "Passwords do not match."));
        exit;
    }

    if (strlen($data->password) < 6) {
        http_response_code(400);
        echo json_encode(array("success" => false, "message" => "Password must be at least 6 characters."));
        exit;
    }

    if (!filter_var($data->email, FILTER_VALIDATE_EMAIL)) {
        http_response_code(400);
        echo json_encode(array("success" => false, "message" => "Invalid email format."));
        exit;
    }

    // Check if user already exists
    $query = "SELECT id FROM users WHERE username = :username OR email = :email";
    $stmt = $db->prepare($query);
    $stmt->bindParam(":username", $data->username);
    $stmt->bindParam(":email", $data->email);
    
    try {
        $stmt->execute();
    } catch(PDOException $e) {
        error_log("Database error: " . $e->getMessage());
        http_response_code(500);
        echo json_encode(array("success" => false, "message" => "Database error occurred."));
        exit;
    }

    if ($stmt->rowCount() > 0) {
        http_response_code(409);
        echo json_encode(array("success" => false, "message" => "User already exists with this username or email."));
        exit;
    }

    // Hash password
    $hashed_password = password_hash($data->password, PASSWORD_DEFAULT);
    
    // Generate referral code
    $referral_code = strtoupper(substr($data->username, 0, 3) . bin2hex(random_bytes(3)));

    // Insert new user
    $query = "INSERT INTO users 
              SET username = :username, email = :email, country = :country, 
                  phone_number = :phone, password_hash = :password, referral_code = :referral_code,
                  user_type = 'marketer', tier = 'Basic', package = 'None', balance = 0.00,
                  total_deposits = 0.00, total_withdrawals = 0.00, rewards = 0.00, meta_earnings = 0.00,
                  pin_hash = '', is_active = 1, account_status = 'active'";

    $stmt = $db->prepare($query);

    // Sanitize and bind values
    $username = htmlspecialchars(strip_tags($data->username));
    $email = htmlspecialchars(strip_tags($data->email));
    $country = htmlspecialchars(strip_tags($data->country));
    $phone = htmlspecialchars(strip_tags($data->phone));

    $stmt->bindParam(":username", $username);
    $stmt->bindParam(":email", $email);
    $stmt->bindParam(":country", $country);
    $stmt->bindParam(":phone", $phone);
    $stmt->bindParam(":password", $hashed_password);
    $stmt->bindParam(":referral_code", $referral_code);

    // Execute query
    try {
        if ($stmt->execute()) {
            $user_id = $db->lastInsertId();
            
            // Create session
            $ip_address = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
            $user_agent = $_SERVER['HTTP_USER_AGENT'] ?? 'unknown';
            $session_id = $sessionManager->createSession($user_id, $ip_address, $user_agent);
            
            if ($session_id) {
                // Log activity
                $sessionManager->logActivity($user_id, 'registration', 'User registered successfully', $ip_address, $user_agent);
                $sessionManager->updateLastLogin($user_id);
                
                // Set session variables
                $_SESSION['user_id'] = $user_id;
                $_SESSION['username'] = $username;
                $_SESSION['email'] = $email;
                $_SESSION['tier'] = 'Basic';
                $_SESSION['package'] = 'None';
                $_SESSION['balance'] = 0.00;
                $_SESSION['total_deposits'] = 0.00;
                $_SESSION['total_withdrawals'] = 0.00;
                $_SESSION['rewards'] = 0.00;
                $_SESSION['session_id'] = $session_id;
                $_SESSION['logged_in'] = true;
                $_SESSION['login_time'] = time();
                
                http_response_code(201);
                echo json_encode(array(
                    "success" => true, 
                    "message" => "User registered successfully.",
                    "redirect" => "src/pages/index.php",
                    "user_data" => [
                        "user_id" => $user_id,
                        "username" => $username,
                        "email" => $email,
                        "tier" => "Basic"
                    ]
                ));
            } else {
                throw new Exception("Failed to create session");
            }
        } else {
            http_response_code(503);
            echo json_encode(array("success" => false, "message" => "Unable to create user."));
        }
    } catch(PDOException $e) {
        error_log("Insert error: " . $e->getMessage());
        http_response_code(500);
        echo json_encode(array("success" => false, "message" => "Database error occurred."));
    } catch(Exception $e) {
        error_log("Session error: " . $e->getMessage());
        http_response_code(500);
        echo json_encode(array("success" => false, "message" => "Session creation failed."));
    }
} else {
    http_response_code(400);
    echo json_encode(array("success" => false, "message" => "Unable to create user. Data is incomplete."));
}
?>