<?php
/**
 * TELVERO BACKOFFICE - API PROXY (V8.1 - LOGGING RESTORED)
 */
session_start();
ini_set('display_errors', 0);
error_reporting(E_ALL);

require __DIR__ . '/vendor/autoload.php';

if (file_exists(__DIR__ . '/.env')) {
    $dotenv = Dotenv\Dotenv::createImmutable(__DIR__);
    $dotenv->load();
}

use Automattic\WooCommerce\Client;
use Mollie\Api\MollieApiClient;

header('Content-Type: application/json');

$db = new mysqli($_ENV['DB_HOST'], $_ENV['DB_USER'], $_ENV['DB_PASS'], $_ENV['DB_NAME']);
if ($db->connect_error) { die(json_encode(['error' => 'Database connectie mislukt'])); }

function writeLog($action, $details) {
    global $db;
    $user = $_SESSION['user'] ?? 'system';
    $stmt = $db->prepare("INSERT INTO sales_logs (username, action, details, created_at) VALUES (?, ?, ?, NOW())");
    $stmt->bind_param("sss", $user, $action, $details);
    $stmt->execute();
}


$action = $_GET['action'] ?? '';

// --- AUTH ---
if ($action === 'login') {
    $input = json_decode(file_get_contents('php://input'), true);
    $stmt = $db->prepare("SELECT password, full_name FROM sales_users WHERE username = ?");
    $stmt->bind_param("s", $input['username']);
    $stmt->execute();
    $res = $stmt->get_result()->fetch_assoc();
    if ($res && password_verify($input['password'], $res['password'])) {
        $_SESSION['user'] = $input['username'];
        $_SESSION['full_name'] = $res['full_name'];
        writeLog('LOGIN', 'Gebruiker ingelogd');
        session_write_close();
        echo json_encode(['success' => true, 'user' => $res['full_name']]);
    } else {
        http_response_code(401); echo json_encode(['error' => 'Login mislukt']);
    }
    exit;
}

if (!isset($_SESSION['user']) && $action !== 'login') {
    http_response_code(403); exit;
}

$woocommerce = new Client($_ENV['WC_URL'], $_ENV['WC_KEY'], $_ENV['WC_SECRET'], ['version' => 'wc/v3', 'verify_ssl' => false, 'timeout' => 400]);

// --- HELPERS ---
if ($action === 'get_payment_methods') {
    try {
        $gateways = $woocommerce->get('payment_gateways');
        $output = [];
        foreach ($gateways as $gw) {
            if (str_contains($gw->id, 'applepay') || str_contains($gw->id, 'googlepay')) continue;
            if ($gw->enabled && (str_contains($gw->id, 'mollie') || str_contains($gw->id, 'riverty') || str_contains($gw->id, 'klarna'))) {
                $output[] = ['id' => $gw->id, 'title' => $gw->method_title];
            }
        }
        echo json_encode($output);
    } catch (Exception $e) { echo json_encode([]); }
    exit;
}

if ($action === 'get_products') {
    try {
        $products = $woocommerce->get('products', ['status' => 'publish', 'per_page' => 100]);
        $enriched = [];
        foreach ($products as $product) {
            $p = (array)$product;
            $p['variation_details'] = ($product->type === 'variable') ? (array)$woocommerce->get("products/{$product->id}/variations", ['per_page' => 50]) : [];
            $enriched[] = $p;
        }
        echo json_encode($enriched);
    } catch (Exception $e) { echo json_encode([]); }
    exit;
}

if ($action === 'postcode_check') {
    $postcode = str_replace(' ', '', $_GET['postcode']);
    $url = "https://postcode.tech/api/v1/postcode?postcode={$postcode}&number=" . $_GET['number'];
    $ch = curl_init($url); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($ch, CURLOPT_HTTPHEADER, ["Authorization: Bearer " . $_ENV['POSTCODE_TECH_KEY']]);
    echo curl_exec($ch); exit;
}

// --- CREATE ORDER (V8.1 - MET LOGGING) ---
if ($action === 'create_order') {
    $input = json_decode(file_get_contents('php://input'), true);
    try {
        $email = $input['billing']['email'];
        $mediacode = $input['mediacode_internal'] ?? 'Geen';
        $shipping_incl_tax = (float)($input['shipping_total'] ?? 0);
        $wc_gateway_id = $input['payment_method'];
        $mollie_method = str_replace(['mollie_wc_gateway_', 'rve_'], '', $wc_gateway_id);

        // 1. ACCOUNT SYNC
        $existing_customers = $woocommerce->get('customers', ['email' => $email]);
        $input['customer_id'] = !empty($existing_customers) ? $existing_customers[0]->id : 0;

        // 2. SHIPPING TAX FIX
        if ($shipping_incl_tax > 0) {
            $shipping_ex_tax = $shipping_incl_tax / 1.21;
            $input['shipping_lines'] = [['method_id' => 'flat_rate', 'method_title' => 'Verzendkosten', 'total' => number_format($shipping_ex_tax, 4, '.', '')]];
        }

        $input['payment_method'] = $wc_gateway_id;
        $input['customer_note'] = "Agent: {$_SESSION['user']} | Mediacode: $mediacode";

        // 3. ATTRIBUTION METADATA
        $input['meta_data'][] = ['key' => '_wc_order_attribution_source_type', 'value' => 'utm'];
        $input['meta_data'][] = ['key' => '_wc_order_attribution_utm_source', 'value' => 'SalesPanel'];
        $input['meta_data'][] = ['key' => '_wc_order_attribution_utm_campaign', 'value' => $mediacode];
        $input['meta_data'][] = ['key' => 'Mediacode', 'value' => $mediacode];

        // ORDER AANMAKEN
        $order = $woocommerce->post('orders', $input);

        // 4. TERMIJN CHECK
        if (in_array($mollie_method, ['in3', 'klarna', 'klarnapaylater', 'klarnasliceit', 'riverty']) && (float)$order->total < 100.00) {
            $woocommerce->delete("orders/{$order->id}", ['force' => true]);
            throw new Exception("Termijnbetaling pas vanaf €100,-");
        }

        // 5. MOLLIE PAYMENT
        $mollie = new MollieApiClient();
        $mollie->setApiKey($_ENV['MOLLIE_KEY']);
        
        $paymentData = [
            "amount" => ["currency" => "EUR", "value" => number_format((float)$order->total, 2, '.', '')],
            "description" => "Order #{$order->id} [$mediacode]",
            "redirectUrl" => $_ENV['WC_URL'] . "/checkout/order-received/{$order->id}/?key={$order->order_key}&order_id={$order->id}&utm_source=SalesPanel&utm_campaign=" . urlencode($mediacode),
            "webhookUrl"  => $_ENV['WC_URL'] . "/wc-api/{$wc_gateway_id}/?key={$order->order_key}&order_id={$order->id}",
            "method"      => $mollie_method,
            "metadata"    => ["order_id" => (string)$order->id, "mediacode" => $mediacode]
        ];

        if (in_array($mollie_method, ['in3', 'klarna', 'klarnapaylater', 'klarnasliceit', 'riverty'])) {
            if ($mollie_method === 'riverty') $paymentData["captureMode"] = "manual";
            $paymentData["billingAddress"] = ["givenName" => $input['billing']['first_name'], "familyName" => $input['billing']['last_name'], "email" => $input['billing']['email'], "streetAndNumber" => $input['billing']['address_1'], "city" => $input['billing']['city'], "postalCode" => $input['billing']['postcode'], "country" => "NL"];
            $paymentData["lines"] = [["name" => "Bestelling #" . $order->id, "quantity" => 1, "unitPrice" => ["currency" => "EUR", "value" => number_format((float)$order->total, 2, '.', '')], "totalAmount" => ["currency" => "EUR", "value" => number_format((float)$order->total, 2, '.', '')], "vatRate" => "21.00", "vatAmount" => ["currency" => "EUR", "value" => number_format((float)$order->total_tax, 2, '.', '')]]];
        }

        $payment = $mollie->payments->create($paymentData);

        // 7. FINISH ORDER
        $woocommerce->put("orders/{$order->id}", ['meta_data' => [['key' => '_mollie_payment_id', 'value' => $payment->id], ['key' => '_transaction_id', 'value' => $payment->id]]]);
        $woocommerce->post("orders/{$order->id}/notes", ['note' => "Voltooi de betaling of keur de incasso z.s.m. goed via de volgende link: <br/>  " . $payment->getCheckoutUrl(), 'customer_note' => true]);
        writeLog('ORDER_CREATED', "Order #{$order->id} voor {$input['billing']['email']}");

        echo json_encode(['payment_url' => $payment->getCheckoutUrl()]);
    } catch (Exception $e) {
        writeLog('ERROR', $e->getMessage());
        http_response_code(422); echo json_encode(['error' => $e->getMessage()]);
    }
    exit;
}

if ($action === 'logout') { session_destroy(); echo json_encode(['success' => true]); exit; }