<?php
// Client Session Management - COMPLETE FIX

// Start session if not started
if (session_status() === PHP_SESSION_NONE) {
    session_start();
}

// Database connection function
function getClientDBConnection() {
    try {
        // Update these with your database credentials
        $host = 'localhost';
        $dbname = 'u752449863_rrshop';
        $username = 'u752449863_rradmin';
        $password = 'S@n@h2016'; // UPDATE THIS!
        
        $pdo = new PDO("mysql:host=$host;dbname=$dbname;charset=utf8mb4", $username, $password);
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
        return $pdo;
    } catch (PDOException $e) {
        error_log("Client DB Connection Error: " . $e->getMessage());
        die("Database connection failed. Please contact support.");
    }
}

// Check if client is logged in
function isClientLoggedIn() {
    return isset($_SESSION['client_id']) && 
           isset($_SESSION['client_email']) && 
           !empty($_SESSION['client_id']);
}

// Require client login
function requireClientLogin() {
    if (!isClientLoggedIn()) {
        header('Location: /clients/client-login.php');
        exit;
    }
}

// Client login function
function clientLogin($email, $password) {
    try {
        $pdo = getClientDBConnection();
        
        // Get client by email
        $stmt = $pdo->prepare("
            SELECT id, client_code, company_name, contact_person, email, password, account_status 
            FROM clients 
            WHERE LOWER(email) = LOWER(?) 
            AND password IS NOT NULL 
            AND password != ''
        ");
        $stmt->execute([$email]);
        $client = $stmt->fetch();
        
        if (!$client) {
            return [
                'success' => false,
                'message' => 'Invalid email or password. Please check your credentials.'
            ];
        }
        
        // Verify password
        if (!password_verify($password, $client['password'])) {
            return [
                'success' => false,
                'message' => 'Invalid email or password. Please check your credentials.'
            ];
        }
        
        // Check account status
        if ($client['account_status'] === 'suspended') {
            return [
                'success' => false,
                'message' => 'Your account has been suspended. Please contact support.'
            ];
        }
        
        // SET SESSION VARIABLES - THIS IS CRITICAL!
        $_SESSION['client_id'] = $client['id'];
        $_SESSION['client_code'] = $client['client_code'];
        $_SESSION['client_name'] = $client['company_name'];
        $_SESSION['client_email'] = $client['email'];
        $_SESSION['client_contact'] = $client['contact_person'];
        $_SESSION['logged_in_at'] = time();
        
        // Update last login
        $updateStmt = $pdo->prepare("UPDATE clients SET last_login = NOW() WHERE id = ?");
        $updateStmt->execute([$client['id']]);
        
        // Log activity
        logClientActivity($client['id'], 'login', 'Client logged in successfully');
        
        return [
            'success' => true,
            'message' => 'Login successful!',
            'client_id' => $client['id']
        ];
        
    } catch (Exception $e) {
        error_log("Client login error: " . $e->getMessage());
        return [
            'success' => false,
            'message' => 'An error occurred during login. Please try again.'
        ];
    }
}

// Send email function
function sendClientEmail($to, $subject, $message) {
    $headers = "MIME-Version: 1.0" . "\r\n";
    $headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
    $headers .= "From: Relevant Reflex <noreply@relevantreflex.com>" . "\r\n";
    
    return mail($to, $subject, $message, $headers);
}

// Log client activity
function logClientActivity($client_id, $action, $details = '') {
    try {
        $pdo = getClientDBConnection();
        $stmt = $pdo->prepare("
            INSERT INTO client_activity_log (client_id, action, details, ip_address, created_at) 
            VALUES (?, ?, ?, ?, NOW())
        ");
        $ip = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
        $stmt->execute([$client_id, $action, $details, $ip]);
    } catch (Exception $e) {
        error_log("Log activity error: " . $e->getMessage());
    }
}

// Define SITE_URL constant if not defined
if (!defined('SITE_URL')) {
    $protocol = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http';
    $host = $_SERVER['HTTP_HOST'];
    define('SITE_URL', $protocol . '://' . $host);
}
?>