<?php

require $baseDir . '/../composer/vendor/autoload.php';

use Shuchkin\SimpleXLSX;

if (isset($_POST['apply_bulk_action']) ) {
    verify_csrf();
    if ( empty($_POST['turnerin_ids']) || !is_array($_POST['turnerin_ids']) ) {
        $_SESSION['form_message'] = 'Keine Turnerinnen für die Aktion ausgewählt.';
        $_SESSION['form_message_type'] = 0;
    } elseif (!isset($_POST['bulk_action_programm']) && !isset($_POST['bulk_action_bezahlt'])) {
        $_SESSION['form_message'] = 'Kein Programm für die Massenänderung ausgewählt.';
        $_SESSION['form_message_type'] = 0;
    } else {
        $ids_to_update = array_map('intval', $_POST['turnerin_ids'] ?? []);
        $new_programm = isset($_POST['bulk_action_programm']) ? trim($_POST['bulk_action_programm']) : '';
        $bezahlt_update = $_POST['bulk_action_bezahlt'] ?? null;

        if (empty($ids_to_update)) {
            $_SESSION['form_message'] = 'Keine Einträge ausgewählt.';
            $_SESSION['form_message_type'] = 0;
            header("Location: " . $_SERVER['REQUEST_URI']);
            exit;
        }

        $set_clauses = [];
        $params = [];
        $types = '';

        if ($new_programm !== '') {
            $set_clauses[] = 'programm = ?';
            $params[] = $new_programm;
            $types .= 's';
        }

        if (in_array($bezahlt_update, ['0', '3', '4', '5'], true)) {
            $set_clauses[] = 'bezahltoverride = ?';
            $params[] = (int)$bezahlt_update;
            $types .= 'i';
        }

        if (empty($set_clauses)) {
            $_SESSION['form_message'] = 'Keine gültigen Änderungen gewählt.';
            $_SESSION['form_message_type'] = 0;
            header("Location: " . $_SERVER['REQUEST_URI']);
            exit;
        }

        if (strlen($types) !== count($params) || count($params) !== count($set_clauses)) {
            die('Type/value mismatch: ' . strlen($types) . ' vs ' . count($params));
        }

        /* WHERE id IN (?, ?, ...) */
        $placeholders = implode(',', array_fill(0, count($ids_to_update), '?'));
        $sql = "UPDATE $tableTurnerinnen SET " . implode(', ', $set_clauses) . " WHERE id IN ($placeholders)";

        $stmt = $mysqli->prepare($sql);

        /* add ID params */
        foreach ($ids_to_update as $id) {
            $params[] = $id;
            $types .= 'i';
        }

        $stmt->bind_param($types, ...$params);

        if (!$stmt->execute()) {
            throw new RuntimeException('DB error: ' . $stmt->error);
        }

        $updated_count = $stmt->affected_rows;

        $stmt->close();

        if ($updated_count === -1) {
            $_SESSION['form_message'] = 'Ein Fehler ist bei der Aktualisierung aufgetreten.';
            $_SESSION['form_message_type'] = 0;
        } elseif ($updated_count > 0) {
            $_SESSION['form_message'] = $updated_count . ' Einträge erfolgreich aktualisiert.';
            $_SESSION['form_message_type'] = 1;
        } else {
            $_SESSION['form_message'] = 'Keine Änderungen vorgenommen.';
            $_SESSION['form_message_type'] = 0;
        }
    }

    header('Location: ' . $_SERVER['REQUEST_URI']);
    exit; 
}

if (isset($_POST['delete_id'])) {
    verify_csrf();
    $delete_id = intval($_POST['delete_id']);

    $stmt = $mysqli->prepare("DELETE FROM $tableTurnerinnen where id = ?");

    $stmt->bind_param('i', $delete_id);
    
    if ($stmt->execute()) {
        $_SESSION['form_message'] = 'Eintrag erfolgreich gelöscht.';
        $_SESSION['form_message_type'] = 1;
    } else {
        $_SESSION['form_message'] = 'Löschen fehlgeschlagen.';
        $_SESSION['form_message_type'] = 0;
    }

    header("Location: ". $_SERVER['REQUEST_URI']);
    exit;
}	

if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_FILES['xlsx_file'])) {
    verify_csrf();

    if ($_FILES['xlsx_file']['error'] === UPLOAD_ERR_OK) {

    $tmpName = $_FILES['xlsx_file']['tmp_name'];

    if (class_exists('Shuchkin\\SimpleXLSX') && $xlsx = SimpleXLSX::parse($tmpName)) {

        $rows = $xlsx->rows();

        $vereine_rows = db_select($mysqli, $tableVereine, 'verein', '', [], 'verein ASC');
        $vereine = array_column($vereine_rows, 'verein');

        if (count($rows) < 2) {
        $excelMessage = '❌ Excel must have headers and at least one data row.';
        } else {
        $headers = array_map('trim', $rows[0]);
        unset($rows[0]);

        $columnMap = [
            'Nachname' => 'name',
            'Vorname'  => 'vorname',
            'Geburtsdatum' => 'geburtsdatum',
            'Programm' => 'programm'
        ];
        

        if ($selectedverein === 'admin') {
            $columnMap['Verein'] = 'verein';
        }
        

        $columnIndexes = [];
        foreach ($columnMap as $excelHeader => $dbColumn) {
            $index = array_search($excelHeader, $headers);
            if ($index === false) {
            $excelMessage = "❌ Column '$excelHeader' not found in Excel.";
            break;
            }
            $columnIndexes[$dbColumn] = $index;
        }

        if (empty($excelMessage)) {
            $inserted = 0;

            foreach ($rows as $row) {
            if (!array_filter($row)) continue;

            $data = [];
            foreach ($columnIndexes as $dbCol => $i) {
                $data[$dbCol] = isset($row[$i]) ? trim($row[$i]) : null;
            }
            
            if ($selectedverein !== 'admin'){
                $data['verein'] = $selectedverein;
            } else {

                if (!in_array($data['verein'], $vereine, true)) {
                $excelMessage = "❌ admin: {$data['verein']} not valid";
                }
            }
                    
            
            $raw = trim($data['geburtsdatum']);

            // Try DD.MM.YYYY first
            $temp = DateTime::createFromFormat('d.m.Y', $raw);

            if ($temp && $temp->format('d.m.Y') === $raw) {
                $data['geburtsdatum'] = $temp->format('Y-m-d');
            } else {
                // Fallback: if it's already YYYY-MM-DD or YYYY-MM-DD HH:MM:SS
                $data['geburtsdatum'] = substr($raw, 0, 10); // take first 10 chars
            }
            
            
            if (!(in_array($data['programm'], $programmes)) && is_array($programmes)){
                $_SESSION['form_message'] = "❌ Programm '{$data['programm']}' nicht valide bei Turnerin ".$data['name']." ".$data['vorname'].". Alle Turnereinnen nach ".$data['name']." ".$data['vorname']." wurden nicht geladen.";
                $_SESSION['form_message_type'] = 0;
                header('Location: '. $_SERVER['REQUEST_URI']); // Redirect to same page
                exit;
            }

            if (!empty($tableTurnerinnen)) {
                $columns = array_keys($data);

                $set = implode(
                    ', ',
                    array_map(fn($col) => "$col = ?", $columns)
                );

                $sql = "INSERT INTO $tableTurnerinnen SET $set";

                $stmt = $mysqli->prepare($sql);

                $types  = str_repeat('s', count($data));
                $values = array_values($data);

                $stmt->bind_param($types, ...$values);

                if (!$stmt->execute()) {
                    echo 'DB error: ' . $stmt->error;
                }

                $stmt->close();

                $inserted++;
            }
            }
            
            $_SESSION['form_message'] = "✅ Erfolgreich $inserted Turnerinnen via Excel geladen.";
            $_SESSION['form_message_type'] = 1;
            header("Location: ". $_SERVER['REQUEST_URI']); // Redirect to same page
            exit;
        }
        }

    } else {
        $parseError = SimpleXLSX::parseError();
        $excelMessage = '❌ Failed to parse Excel file: ' . $parseError;
    }

    } else {
    $excelMessage = '❌ File upload error.';
    }
}


$edit_row = null;
if ($access_granted_trainer && isset($_GET['edit_id']) && is_numeric($_GET['edit_id']) && !isset($_POST['submit_turnerinnen_form'])) {
    $edit_id = intval($_GET['edit_id']);
    $edit_rows = db_select($mysqli, $tableTurnerinnen, "*", 'id = ?', [$edit_id]);
    if (!isset($edit_rows) || !is_array($edit_rows) || count($edit_rows) !== 1){http_response_code(422); exit;}
    $edit_row = $edit_rows[0];
    if ($edit_row && ($edit_row['verein'] === $selectedverein || $selectedverein === 'admin')) {
        $_POST['nachname'] = $edit_row['name'] ?? '';
        $_POST['vorname'] = $edit_row['vorname'] ?? '';
        $_POST['geburtsdatum'] = $edit_row['geburtsdatum'] ?? '';
        $_POST['programm'] = $edit_row['programm'] ?? '';
        $_POST['edit_id'] = $edit_id;
        if ($selectedverein === 'admin'){
            $_POST['verein'] = $edit_row['verein'] ?? '';
            if (intval($edit_row['bezahltoverride']) !== 0) {
                $_POST['bezahltoverride'] = $edit_row['bezahltoverride'] ?? '';
            } else {
                $_POST['bezahltoverride'] = $edit_row['bezahlt'] ?? '';
            }
        }
    } else {
        $_SESSION['form_message'] = 'Ungültiger Eintrag zum Bearbeiten.';
        $_SESSION['form_message_type'] = 0;
        header('Location: '. $_SERVER['REQUEST_URI']);
        exit;
    }
}

// === INSERT/UPDATE Handler ===
if ( $access_granted_trainer && isset($_POST['submit_turnerinnen_form']) ) {
    // Check nonce
    verify_csrf();
    $name     = htmlspecialchars( $_POST['nachname'] );
    $vorname  = htmlspecialchars( $_POST['vorname'] );
    $geburtsdatum = trim($_POST['geburtsdatum'] );
    $programm = htmlspecialchars( $_POST['programm'] );
    if ($selectedverein !== 'admin'){
        $verein   = $selectedverein;
    } else {$verein = htmlspecialchars( $_POST['verein'] ); $bezahlt = htmlspecialchars( $_POST['bezahlt'] ); }
    if ( empty($name) || empty($vorname) || empty($geburtsdatum) || empty($programm)) {
        $_SESSION['form_message'] = 'Bitte füllen Sie alle erforderlichen Felder aus.';
        $_SESSION['form_message_type'] = 0;
    } else {

        $data_to_insert = [];
        
        $data_to_insert = array(
            'name'     => $name,
            'vorname'  => $vorname,
            'geburtsdatum' => $geburtsdatum,
            'programm' => $programm,
            'verein'   => $verein,
        );
        

        $data_formats = array('%s', '%s', '%s', '%s', '%s');

        if ($selectedverein === 'admin') {
            $data_to_insert['bezahltoverride'] = $bezahlt;
            $data_formats[] = '%d';
        }

        print_r($data_to_insert);


        // Check if we are editing an existing entry
        $is_editing = isset($_POST['edit_id']) && is_numeric($_POST['edit_id']) && $_POST['edit_id'] > 0;
        
        if ($is_editing) {
            $edit_id = intval($_POST['edit_id']);

            $entries = db_select($mysqli, $tableTurnerinnen, '*', 'id = ?', [$edit_id], 'rang ASC');

            $entry = $entries[0]; // since you're fetching by ID, this should return exactly one row

            $columns = array_keys($data_to_insert);

            $set = implode(
                ', ',
                array_map(fn($col) => "$col = ?", $columns)
            );

            $sql = "UPDATE $tableTurnerinnen SET $set WHERE id = ?";

            var_dump($sql);
            $stmt = $mysqli->prepare($sql);

            $types = str_repeat('s', count($data_to_insert)) . 'i';
            $values = array_values($data_to_insert);
            $values[] = $edit_id;

            $stmt->bind_param($types, ...$values);

            $updated = $stmt->execute();

            $stmt->close();

            if ($updated === false) {
                error_log('DB Update Error: ' . $wpdb->last_error);
                $_SESSION['form_message'] = 'Fehler beim Aktualisieren des Eintrags.';
                $_SESSION['form_message_type'] = 0;
            } else if ($updated === 0) {
                $_SESSION['form_message'] = 'Keine Änderungen vorgenommen.';
                $_SESSION['form_message_type'] = 0;
            } else {
                $_SESSION['form_message'] = 'Eintrag erfolgreich aktualisiert!';
                $_SESSION['form_message_type'] = 1;
                $_POST = [];
                header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
                exit;
            }
        } else {

            $columns = array_keys($data_to_insert);

            $set = implode(
                ', ',
                array_map(fn($col) => "$col = ?", $columns)
            );

            $sql = "INSERT INTO $tableTurnerinnen SET $set";               

            $stmt = $mysqli->prepare($sql);

            $types  = str_repeat('s', count($data_to_insert));
            $values = array_values($data_to_insert);

            $stmt->bind_param($types, ...$values);

            $inserted = $stmt->execute();

            $stmt->close();


            if ( $inserted ) {
                $_SESSION['form_message'] = 'Daten erfolgreich gespeichert!';
                $_SESSION['form_message_type'] = 1;
                header('Location: ' . strtok($_SERVER['REQUEST_URI'], '?'));
                exit;
            } else {
                $_SESSION['form_message'] = 'Fehler beim Speichern der Daten. Bitte versuchen Sie es später erneut.';
                $_SESSION['form_message_type'] = 0;
            }
        }
    }
}