<?php
/**
 * Client Session Management
 * Location: /clients/client-session.php
 * 
 * All client portal files include this file.
 * This file includes client-config.php for constants and email functions.
 * 
 * FIX 2026-02-07: 
 *   1. Added require_once client-config.php (provides SITE_URL, sendClientEmail)
 *   2. Fixed account_status check: 'Active' Ã¢â€ â€™ 'active' (matches DB enum)
 */

// Start session if not started
if (session_status() === PHP_SESSION_NONE) {
    session_start();
}

// Include config for SITE_URL, SITE_NAME, sendClientEmail(), logClientActivity()
require_once __DIR__ . '/client-config.php';

// Database connection function
function getClientDBConnection() {
    try {
        $host = defined('CLIENT_DB_HOST') ? CLIENT_DB_HOST : 'localhost';
        $dbname = defined('CLIENT_DB_NAME') ? CLIENT_DB_NAME : 'u752449863_rrshop';
        $username = defined('CLIENT_DB_USER') ? CLIENT_DB_USER : 'u752449863_rradmin';
        $password = defined('CLIENT_DB_PASS') ? CLIENT_DB_PASS : 'S@n@h2016';

        $pdo = new PDO("mysql:host=$host;dbname=$dbname;charset=utf8mb4", $username, $password);
        $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
        return $pdo;
    } catch (PDOException $e) {
        error_log("Client DB Connection Error: " . $e->getMessage());
        die("Database connection failed. Please contact support.");
    }
}

// Alias for survey URL management files
function getShopDBConnection() {
    return getClientDBConnection();
}

// Panel database connection (for support tickets - stored in rrpanel)
if (!function_exists('getPanelDBConnection')) {
    function getPanelDBConnection() {
        try {
            $pdo = new PDO(
                "mysql:host=localhost;dbname=u752449863_rrpanel;charset=utf8mb4",
                "u752449863_rrpaneladmin",
                "S@n@h2016",
                [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION, PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC]
            );
            return $pdo;
        } catch (PDOException $e) {
            error_log("Panel DB Connection Error: " . $e->getMessage());
            die("Database connection failed. Please contact support.");
        }
    }
}

// Check if client is logged in
function isClientLoggedIn() {
    return isset($_SESSION['client_id']) && 
           isset($_SESSION['client_email']) && 
           !empty($_SESSION['client_id']);
}

// Require client login
function requireClientLogin() {
    if (!isClientLoggedIn()) {
        header('Location: /clients/client-login.php');
        exit;
    }
    // Check ban status (cached for 5 minutes)
    if (!isset($_SESSION['ban_checked_at']) || time() - $_SESSION['ban_checked_at'] > 300) {
        try {
            $pdo = getClientDBConnection();
            // Check if invoices table exists
            $tables = $pdo->query("SHOW TABLES LIKE 'invoices'")->fetchAll();
            if (!empty($tables)) {
                $stmt = $pdo->prepare("
                    SELECT COUNT(*) FROM invoices 
                    WHERE client_id = ? AND status != 'paid' 
                    AND due_date < DATE_SUB(CURDATE(), INTERVAL 90 DAY)
                ");
                $stmt->execute([$_SESSION['client_id']]);
                $_SESSION['client_banned'] = (int)$stmt->fetchColumn() > 0;
                
                // Also get overdue count for warnings
                $stmt = $pdo->prepare("
                    SELECT COUNT(*) FROM invoices 
                    WHERE client_id = ? AND status NOT IN ('paid','invoiced')
                ");
                $stmt->execute([$_SESSION['client_id']]);
                $_SESSION['client_overdue_invoices'] = (int)$stmt->fetchColumn();
            } else {
                $_SESSION['client_banned'] = false;
                $_SESSION['client_overdue_invoices'] = 0;
            }
            $_SESSION['ban_checked_at'] = time();
        } catch (Exception $e) {
            $_SESSION['client_banned'] = false;
            $_SESSION['client_overdue_invoices'] = 0;
        }
    }
}

// Client login function
function clientLogin($email, $password) {
    try {
        $pdo = getClientDBConnection();
        
        // Get client by email - only those with a password set
        $stmt = $pdo->prepare("
            SELECT id, client_code, company_name, contact_person, email, password, account_status 
            FROM clients 
            WHERE LOWER(email) = LOWER(?) 
            AND password IS NOT NULL 
            AND password != ''
        ");
        $stmt->execute([$email]);
        $client = $stmt->fetch();
        
        if (!$client) {
            return [
                'success' => false,
                'message' => 'Invalid email or password. Please check your credentials.'
            ];
        }
        
        // Verify password
        if (!password_verify($password, $client['password'])) {
            return [
                'success' => false,
                'message' => 'Invalid email or password. Please check your credentials.'
            ];
        }
        
        // Check account status
        // FIX: DB enum is lowercase: 'pending','active','suspended'
        if ($client['account_status'] !== 'active') {
            return [
                'success' => false,
                'message' => 'Your account is not active. Please contact support.'
            ];
        }
        
        // Set session variables
        $_SESSION['client_id'] = $client['id'];
        $_SESSION['client_code'] = $client['client_code'];
        $_SESSION['client_email'] = $client['email'];
        $_SESSION['client_name'] = $client['company_name'];
        $_SESSION['contact_person'] = $client['contact_person'];
        
        return [
            'success' => true,
            'message' => 'Login successful!'
        ];
        
    } catch (Exception $e) {
        error_log("Client login error: " . $e->getMessage());
        return [
            'success' => false,
            'message' => 'An error occurred. Please try again.'
        ];
    }
}

// Client logout function
function clientLogout() {
    // Clear all session variables
    $_SESSION = array();
    
    // Destroy the session cookie
    if (isset($_COOKIE[session_name()])) {
        setcookie(session_name(), '', time() - 3600, '/');
    }
    
    // Destroy the session
    session_destroy();
}

// Get current client ID
function getCurrentClientId() {
    return $_SESSION['client_id'] ?? null;
}

// Get current client email  
function getCurrentClientEmail() {
    return $_SESSION['client_email'] ?? null;
}