<?php
require_once 'includes/config.php';
require_once 'includes/functions.php';
require_once 'includes/auth.php';
require_once 'includes/db.php';

$auth = new Auth();

// Check if user is logged in and is admin
if (!$auth->isLoggedIn() || !$auth->isAdmin()) {
    redirectTo('dashboard.php');
}

$currentUser = $auth->getCurrentUser();
$db = Database::getInstance();

$error = '';
$success = '';

// Handle form submissions
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $action = $_POST['action'] ?? '';
    
    if ($action === 'create') {
        $fullName = sanitizeInput($_POST['full_name'] ?? '');
        $email = sanitizeInput($_POST['email'] ?? '');
        $phone = sanitizeInput($_POST['phone'] ?? '');
        $whatsapp = sanitizeInput($_POST['whatsapp'] ?? '');
        $password = $_POST['password'] ?? '';
        $role = sanitizeInput($_POST['role'] ?? 'user');
        
        if (empty($fullName) || empty($email) || empty($password)) {
            $error = 'Please fill in all required fields.';
        } elseif (!validateEmail($email)) {
            $error = 'Please enter a valid email address.';
        } else {
            // Check if email already exists
            $email_escaped = $db->escape($email);
            $checkResult = $db->query("SELECT id FROM users WHERE email = '$email_escaped'");
            
            if ($checkResult && $checkResult->num_rows > 0) {
                $error = 'A user with this email already exists.';
            } else {
                $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
                $fullName_escaped = $db->escape($fullName);
                $phone_escaped = $db->escape($phone);
                $whatsapp_escaped = $db->escape($whatsapp);
                $role_escaped = $db->escape($role);
                
                $sql = "INSERT INTO users (full_name, email, phone, whatsapp, password, role) 
                        VALUES ('$fullName_escaped', '$email_escaped', '$phone_escaped', '$whatsapp_escaped', '$hashedPassword', '$role_escaped')";
                
                if ($db->query($sql)) {
                    $success = 'User created successfully.';
                } else {
                    $error = 'Error creating user: ' . $db->getLastError();
                }
            }
        }
    } elseif ($action === 'update') {
        $userId = (int)$_POST['user_id'];
        $fullName = sanitizeInput($_POST['full_name'] ?? '');
        $email = sanitizeInput($_POST['email'] ?? '');
        $phone = sanitizeInput($_POST['phone'] ?? '');
        $whatsapp = sanitizeInput($_POST['whatsapp'] ?? '');
        $role = sanitizeInput($_POST['role'] ?? 'user');
        
        if (empty($fullName) || empty($email)) {
            $error = 'Please fill in all required fields.';
        } elseif (!validateEmail($email)) {
            $error = 'Please enter a valid email address.';
        } else {
            $fullName_escaped = $db->escape($fullName);
            $email_escaped = $db->escape($email);
            $phone_escaped = $db->escape($phone);
            $whatsapp_escaped = $db->escape($whatsapp);
            $role_escaped = $db->escape($role);
            
            $sql = "UPDATE users SET 
                    full_name = '$fullName_escaped', 
                    email = '$email_escaped', 
                    phone = '$phone_escaped', 
                    whatsapp = '$whatsapp_escaped', 
                    role = '$role_escaped' 
                    WHERE id = $userId";
            
            if ($db->query($sql)) {
                $success = 'User updated successfully.';
            } else {
                $error = 'Error updating user: ' . $db->getLastError();
            }
        }
    } elseif ($action === 'delete') {
        $userId = (int)$_POST['user_id'];
        
        // Don't allow deleting yourself
        if ($userId === (int)$_SESSION['user_id']) {
            $error = 'You cannot delete your own account.';
        } else {
            $sql = "DELETE FROM users WHERE id = $userId";
            
            if ($db->query($sql)) {
                $success = 'User deleted successfully.';
            } else {
                $error = 'Error deleting user: ' . $db->getLastError();
            }
        }
    }
}

// Get all users
$users = $db->query("SELECT * FROM users ORDER BY created_at DESC");
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Users | <?php echo APP_NAME; ?></title>
    <link href="https://fonts.googleapis.com/css2?family=Roboto:wght@300;400;500;700&display=swap" rel="stylesheet">
    <style>
        :root {
            --primary-color: <?php echo BASE_COLOR; ?>;
            --primary-light: <?php echo BASE_COLOR; ?>20;
            --synthetic-color: <?php echo SYNTHETIC_COLOR; ?>;
            --white: #ffffff;
            --gray-50: #f9fafb;
            --gray-100: #f3f4f6;
            --gray-200: #e5e7eb;
            --gray-300: #d1d5db;
            --gray-400: #9ca3af;
            --gray-500: #6b7280;
            --gray-600: #4b5563;
            --gray-700: #374151;
            --gray-800: #1f2937;
            --gray-900: #111827;
            --red-500: #ef4444;
            --red-600: #dc2626;
            --green-500: #10b981;
            --green-600: #059669;
            --blue-500: #3b82f6;
            --blue-600: #2563eb;
        }

        * {
            margin: 0;
            padding: 0;
            box-sizing: border-box;
        }

        body {
            font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, sans-serif;
            background-color: var(--gray-50);
            color: var(--gray-900);
            line-height: 1.6;
        }

        .navbar {
            background: var(--white);
            border-bottom: 1px solid var(--gray-200);
            padding: 0;
            position: sticky;
            top: 0;
            z-index: 100;
            box-shadow: 0 1px 3px rgba(0, 0, 0, 0.1);
        }

        .navbar-container {
            max-width: 1280px;
            margin: 0 auto;
            padding: 1rem;
            display: flex;
            justify-content: space-between;
            align-items: center;
        }

        .navbar-left {
            display: flex;
            align-items: center;
            gap: 2rem;
        }

        .logo {
            color: var(--primary-color);
            font-size: 1.5rem;
            font-weight: 700;
            text-decoration: none;
        }

        .nav-links {
            display: flex;
            gap: 1.5rem;
            align-items: center;
        }

        .nav-link {
            color: var(--gray-600);
            text-decoration: none;
            font-weight: 500;
            padding: 0.5rem 0.75rem;
            border-radius: 0.375rem;
            transition: all 0.3s ease;
        }

        .nav-link:hover {
            color: var(--primary-color);
            background: var(--primary-light);
        }

        .nav-link.active {
            color: var(--primary-color);
            background: var(--primary-light);
        }

        .nav-link.optimaize {
            color: var(--gray-600);
        }

        .nav-link.optimaize:hover {
            color: var(--synthetic-color);
        }

        .nav-link.optimaize.active {
            color: var(--synthetic-color);
            border-bottom-color: var(--synthetic-color);
        }

        .nav-link.optimaize .ai-highlight {
            color: var(--synthetic-color);
            font-weight: 700;
        }

        .user-menu {
            display: flex;
            align-items: center;
            gap: 1rem;
        }

        .user-name {
            color: var(--gray-700);
            font-weight: 500;
        }

        .logout-btn {
            padding: 0.5rem 1rem;
            color: var(--white);
            background: var(--primary-color);
            border-radius: 0.375rem;
            text-decoration: none;
            transition: opacity 0.3s ease;
        }

        .logout-btn:hover {
            opacity: 0.9;
        }

        .main-content {
            margin-top: 2rem;
            padding: 2rem 1rem;
            max-width: 1280px;
            margin-left: auto;
            margin-right: auto;
        }

        .toggle-form-btn {
            background: var(--primary-color);
            color: var(--white);
            border: none;
            padding: 0.75rem 1.5rem;
            border-radius: 0.375rem;
            font-weight: 500;
            cursor: pointer;
            margin-bottom: 2rem;
            transition: opacity 0.3s ease;
        }

        .toggle-form-btn:hover {
            opacity: 0.9;
        }

        .alert {
            padding: 1rem;
            border-radius: 0.375rem;
            margin-bottom: 1rem;
        }

        .alert-success {
            background: #d1fae5;
            color: #065f46;
            border: 1px solid #a7f3d0;
        }

        .alert-danger {
            background: #fee2e2;
            color: #991b1b;
            border: 1px solid #fca5a5;
        }

        .inline-form {
            background: var(--white);
            padding: 1.5rem;
            border-radius: 0.5rem;
            box-shadow: 0 1px 3px rgba(0, 0, 0, 0.1);
            margin-bottom: 2rem;
        }

        .form-row {
            display: grid;
            grid-template-columns: repeat(auto-fit, minmax(200px, 1fr));
            gap: 1rem;
            margin-bottom: 1rem;
        }

        .form-control {
            padding: 0.75rem;
            border: 1px solid var(--gray-300);
            border-radius: 0.375rem;
            font-size: 0.875rem;
            transition: border-color 0.3s ease;
        }

        .form-control:focus {
            outline: none;
            border-color: var(--primary-color);
            box-shadow: 0 0 0 3px var(--primary-light);
        }

        .btn {
            padding: 0.75rem 1.5rem;
            border: none;
            border-radius: 0.375rem;
            font-weight: 500;
            cursor: pointer;
            text-decoration: none;
            display: inline-block;
            text-align: center;
            transition: all 0.3s ease;
        }

        .btn-primary {
            background: var(--primary-color);
            color: var(--white);
        }

        .btn-primary:hover {
            opacity: 0.9;
        }

        .btn-success {
            background: var(--green-500);
            color: var(--white);
        }

        .btn-success:hover {
            background: var(--green-600);
        }

        .btn-danger {
            background: var(--red-500);
            color: var(--white);
        }

        .btn-danger:hover {
            background: var(--red-600);
        }

        .users-table {
            background: var(--white);
            border-radius: 0.5rem;
            box-shadow: 0 1px 3px rgba(0, 0, 0, 0.1);
            overflow: hidden;
        }

        table {
            width: 100%;
            border-collapse: collapse;
        }

        th, td {
            padding: 1rem;
            text-align: left;
            border-bottom: 1px solid var(--gray-200);
        }

        th {
            background: var(--gray-50);
            font-weight: 600;
            color: var(--gray-700);
        }

        .status-badge {
            padding: 0.25rem 0.75rem;
            border-radius: 9999px;
            font-size: 0.75rem;
            font-weight: 500;
            text-transform: uppercase;
        }

        .status-admin {
            background: var(--blue-500);
            color: var(--white);
        }

        .status-user {
            background: var(--gray-500);
            color: var(--white);
        }

        .action-buttons {
            display: flex;
            gap: 0.5rem;
        }

        .btn-sm {
            padding: 0.375rem 0.75rem;
            font-size: 0.75rem;
        }

        @media (max-width: 768px) {
            .navbar-container {
                flex-direction: column;
                gap: 1rem;
            }

            .navbar-left {
                flex-direction: column;
                width: 100%;
                text-align: center;
            }

            .nav-links {
                flex-direction: column;
                width: 100%;
            }

            .nav-link {
                width: 100%;
                padding: 0.75rem;
            }

            .user-menu {
                flex-direction: column;
                width: 100%;
                gap: 0.5rem;
            }

            .logout-btn {
                width: 100%;
                text-align: center;
            }

            .main-content {
                margin-top: 8rem;
            }

            .form-row {
                grid-template-columns: 1fr;
            }

            .action-buttons {
                flex-direction: column;
            }

            .users-table {
                overflow-x: auto;
            }
        }
    </style>
</head>
<body>
    <nav class="navbar">
        <div class="navbar-container">
            <div class="navbar-left">
                <a href="dashboard.php" class="logo"><?php echo APP_NAME; ?></a>
                <div class="nav-links">
                    <a href="dashboard.php" class="nav-link">Dashboard</a>
                    <?php if ($auth->isAdmin()): ?>
                        <a href="users.php" class="nav-link active">Users</a>
                        <a href="base.php" class="nav-link">Base</a>
                        <a href="optimaize.php" class="nav-link optimaize">Optim<span class="ai-highlight">AI</span>ze</a>
                    <?php endif; ?>
                    <a href="panel.php" class="nav-link">Panel</a>
                    <a href="surveys.php" class="nav-link">Surveys</a>
                    <a href="projects.php" class="nav-link">Projects</a>
                </div>
            </div>
            <div class="user-menu">
                <span class="user-name"><?php echo htmlspecialchars($currentUser['full_name']); ?></span>
                <a href="logout.php" class="logout-btn">Logout</a>
            </div>
        </div>
    </nav>

    <main class="main-content">
        <div class="container">
            <button onclick="toggleAddForm()" class="toggle-form-btn">Add New User</button>
            
            <?php if ($error): ?>
                <div class="alert alert-danger"><?php echo $error; ?></div>
            <?php endif; ?>

            <?php if ($success): ?>
                <div class="alert alert-success"><?php echo $success; ?></div>
            <?php endif; ?>

            <form id="addUserForm" method="POST" onsubmit="return validateForm(this)" class="inline-form" style="display: none;">
                <input type="hidden" name="action" value="create">
                <div class="form-row">
                    <input type="text" name="full_name" class="form-control" placeholder="Full Name" required>
                    <input type="email" name="email" class="form-control" placeholder="Email" required>
                    <input type="password" name="password" class="form-control" placeholder="Password" required>
                    <input type="text" name="phone" class="form-control" placeholder="Phone">
                    <input type="text" name="whatsapp" class="form-control" placeholder="WhatsApp">
                    <select name="role" class="form-control" required>
                        <option value="user">User</option>
                        <option value="admin">Admin</option>
                    </select>
                </div>
                <button type="submit" class="btn btn-primary">Create User</button>
                <button type="button" onclick="toggleAddForm()" class="btn btn-danger">Cancel</button>
            </form>

            <div class="users-table">
                <table>
                    <thead>
                        <tr>
                            <th>Name</th>
                            <th>Email</th>
                            <th>Phone</th>
                            <th>WhatsApp</th>
                            <th>Role</th>
                            <th>Created</th>
                            <th>Actions</th>
                        </tr>
                    </thead>
                    <tbody>
                        <?php if ($users && $users->num_rows > 0): ?>
                            <?php while ($user = $users->fetch_assoc()): ?>
                                <tr>
                                    <td><?php echo htmlspecialchars($user['full_name']); ?></td>
                                    <td><?php echo htmlspecialchars($user['email']); ?></td>
                                    <td><?php echo htmlspecialchars($user['phone'] ?: '-'); ?></td>
                                    <td><?php echo htmlspecialchars($user['whatsapp'] ?: '-'); ?></td>
                                    <td>
                                        <span class="status-badge status-<?php echo $user['role']; ?>">
                                            <?php echo ucfirst($user['role']); ?>
                                        </span>
                                    </td>
                                    <td><?php echo date('M j, Y', strtotime($user['created_at'])); ?></td>
                                    <td>
                                        <div class="action-buttons">
                                            <button onclick="editUser(<?php echo $user['id']; ?>)" class="btn btn-success btn-sm">Edit</button>
                                            <?php if ($user['id'] !== (int)$_SESSION['user_id']): ?>
                                                <button onclick="deleteUser(<?php echo $user['id']; ?>)" class="btn btn-danger btn-sm">Delete</button>
                                            <?php endif; ?>
                                        </div>
                                    </td>
                                </tr>
                            <?php endwhile; ?>
                        <?php else: ?>
                            <tr>
                                <td colspan="7" style="text-align: center; color: var(--gray-500);">No users found</td>
                            </tr>
                        <?php endif; ?>
                    </tbody>
                </table>
            </div>
        </div>
    </main>

    <!-- Edit User Modal -->
    <div id="editUserModal" style="display: none; position: fixed; top: 0; left: 0; width: 100%; height: 100%; background: rgba(0,0,0,0.5); z-index: 1000;">
        <div style="position: absolute; top: 50%; left: 50%; transform: translate(-50%, -50%); background: white; padding: 2rem; border-radius: 0.5rem; width: 90%; max-width: 500px;">
            <h3 style="margin-bottom: 1rem;">Edit User</h3>
            <form id="editUserForm" method="POST">
                <input type="hidden" name="action" value="update">
                <input type="hidden" name="user_id" id="editUserId">
                <div style="margin-bottom: 1rem;">
                    <input type="text" name="full_name" id="editFullName" class="form-control" placeholder="Full Name" required>
                </div>
                <div style="margin-bottom: 1rem;">
                    <input type="email" name="email" id="editEmail" class="form-control" placeholder="Email" required>
                </div>
                <div style="margin-bottom: 1rem;">
                    <input type="text" name="phone" id="editPhone" class="form-control" placeholder="Phone">
                </div>
                <div style="margin-bottom: 1rem;">
                    <input type="text" name="whatsapp" id="editWhatsapp" class="form-control" placeholder="WhatsApp">
                </div>
                <div style="margin-bottom: 1rem;">
                    <select name="role" id="editRole" class="form-control" required>
                        <option value="user">User</option>
                        <option value="admin">Admin</option>
                    </select>
                </div>
                <div style="display: flex; gap: 1rem;">
                    <button type="submit" class="btn btn-primary">Update User</button>
                    <button type="button" onclick="closeEditModal()" class="btn btn-danger">Cancel</button>
                </div>
            </form>
        </div>
    </div>

    <script>
        function toggleAddForm() {
            const form = document.getElementById('addUserForm');
            form.style.display = form.style.display === 'none' ? 'block' : 'none';
        }

        function validateForm(form) {
            const requiredFields = form.querySelectorAll('[required]');
            for (let field of requiredFields) {
                if (!field.value.trim()) {
                    alert('Please fill in all required fields');
                    field.focus();
                    return false;
                }
            }
            return true;
        }

        function editUser(userId) {
            // Get user data from the table row
            const row = document.querySelector(`tr:has(button[onclick="editUser(${userId})"])`);
            const cells = row.querySelectorAll('td');
            
            document.getElementById('editUserId').value = userId;
            document.getElementById('editFullName').value = cells[0].textContent;
            document.getElementById('editEmail').value = cells[1].textContent;
            document.getElementById('editPhone').value = cells[2].textContent === '-' ? '' : cells[2].textContent;
            document.getElementById('editWhatsapp').value = cells[3].textContent === '-' ? '' : cells[3].textContent;
            
            const roleText = cells[4].textContent.trim().toLowerCase();
            document.getElementById('editRole').value = roleText;
            
            document.getElementById('editUserModal').style.display = 'block';
        }

        function closeEditModal() {
            document.getElementById('editUserModal').style.display = 'none';
        }

        function deleteUser(userId) {
            if (confirm('Are you sure you want to delete this user? This action cannot be undone.')) {
                const form = document.createElement('form');
                form.method = 'POST';
                form.innerHTML = `
                    <input type="hidden" name="action" value="delete">
                    <input type="hidden" name="user_id" value="${userId}">
                `;
                document.body.appendChild(form);
                form.submit();
            }
        }

        // Close modal when clicking outside
        document.getElementById('editUserModal').addEventListener('click', function(e) {
            if (e.target === this) {
                closeEditModal();
            }
        });
    </script>
</body>
</html>