<?php
require_once "../config.php";
require_once "../auth.php";
require_staff_or_admin();  // admin + staff เท่านั้น

include "header.php";

// ฟังก์ชันสุ่มรหัสผ่านใหม่
function random_password($length = 8) {
    $chars = 'ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz23456789';
    return substr(str_shuffle($chars), 0, $length);
}

/* ==========================================================
   ADD USER
========================================================== */
if (isset($_POST['add_user'])) {

    $username = trim($_POST['username']);
    $fullname = trim($_POST['fullname']);
    $role     = $_POST['role'];
    $password = $_POST['password'];

    // staff ห้ามสร้าง admin
    if ($ROLE === 'staff' && $role === 'admin') {
        echo "<script>alert('Staff ไม่สามารถสร้างบัญชี Admin ได้');</script>";
    } else {
        $hash = hash("sha256", $password);

        $stmt = $conn->prepare("
            INSERT INTO users (username, password_hash, fullname, role)
            VALUES (?, ?, ?, ?)
        ");
        $stmt->bind_param("ssss", $username, $hash, $fullname, $role);
        $stmt->execute();

        echo "<script>alert('เพิ่มผู้ใช้สำเร็จ');</script>";
    }
}

/* ==========================================================
   EDIT USER
========================================================== */
if (isset($_POST['edit_user'])) {

    $uid      = $_POST['user_id'];
    $username = trim($_POST['username']);
    $fullname = trim($_POST['fullname']);
    $role     = $_POST['role'];

    // staff ห้ามแก้ admin
    staff_cannot_edit_admin($uid, $conn);

    // staff ห้ามเปลี่ยน role ให้เป็น admin
    if ($ROLE === "staff" && $role === "admin") {
        echo "<script>alert('Staff ไม่สามารถกำหนด role Admin ได้');</script>";
    } else {
        $stmt = $conn->prepare("
            UPDATE users SET username=?, fullname=?, role=? WHERE id=?
        ");
        $stmt->bind_param("sssi", $username, $fullname, $role, $uid);
        $stmt->execute();

        echo "<script>alert('บันทึกข้อมูลเรียบร้อย');</script>";
    }
}

/* ==========================================================
   RESET PASSWORD
========================================================== */
if (isset($_GET['reset'])) {

    $uid = intval($_GET['reset']);

    // staff ห้าม reset password ของ admin
    staff_cannot_edit_admin($uid, $conn);

    $newpass = random_password(8);
    $hash = hash("sha256", $newpass);

    $conn->query("UPDATE users SET password_hash='$hash' WHERE id=$uid");

    echo "<script>alert('รหัสผ่านใหม่คือ: $newpass');</script>";
}

/* ==========================================================
   DELETE USER
========================================================== */
if (isset($_GET['del'])) {

    $uid = intval($_GET['del']);

    // staff ห้ามลบ admin
    staff_cannot_edit_admin($uid, $conn);

    $conn->query("DELETE FROM users WHERE id=$uid");
    echo "<script>alert('ลบผู้ใช้เรียบร้อย');</script>";
}

?>

<style>
.user-card {
    border-radius: 12px;
    padding: 15px;
    background: #fff;
    border: 1px solid #e0e0e0;
    transition: .2s;
}
.user-card:hover {
    transform: translateY(-4px);
    box-shadow: 0 4px 18px rgba(0,0,0,0.12);
}
.badge-role {
    font-size: 12px;
}
</style>

<h3><i class="bi bi-people"></i> จัดการผู้ใช้</h3>
<hr>

<!-- ADD USER BUTTON -->
<button class="btn btn-primary mb-3" data-bs-toggle="modal" data-bs-target="#addModal">
    <i class="bi bi-person-plus"></i> เพิ่มผู้ใช้
</button>

<div class="row g-3">

<?php
$res = $conn->query("SELECT * FROM users ORDER BY role DESC, fullname ASC");
while ($u = $res->fetch_assoc()):
?>

<div class="col-md-4">
    <div class="user-card">

        <h5><?= htmlspecialchars($u['fullname']) ?></h5>
        <div>ชื่อผู้ใช้: <strong><?= htmlspecialchars($u['username']) ?></strong></div>

        <div class="mt-1">
            <?php
            $role = $u['role'];
            $badge = [
                "admin" => "danger",
                "staff" => "warning",
                "user"  => "secondary"
            ];
            ?>
            <span class="badge bg-<?= $badge[$role] ?> badge-role">
                <?= $role ?>
            </span>
        </div>

        <div class="text-end mt-3">

            <!-- EDIT -->
            <button class="btn btn-warning btn-sm"
                    data-bs-toggle="modal"
                    data-bs-target="#editModal<?= $u['id'] ?>">
                <i class="bi bi-pencil-square"></i>
            </button>

            <!-- RESET PASSWORD -->
            <?php if (!($ROLE=="staff" && $u['role']=="admin")): ?>
            <a href="?reset=<?= $u['id'] ?>"
               onclick="return confirm('Reset password ผู้ใช้นี้?')"
               class="btn btn-info btn-sm text-white">
               <i class="bi bi-key"></i>
            </a>
            <?php endif; ?>

            <!-- DELETE -->
            <?php if (!($ROLE=="staff" && $u['role']=="admin")): ?>
            <a href="?del=<?= $u['id'] ?>"
               onclick="return confirm('ลบผู้ใช้นี้?')"
               class="btn btn-danger btn-sm">
               <i class="bi bi-trash"></i>
            </a>
            <?php endif; ?>

        </div>
    </div>
</div>

<!-- EDIT MODAL -->
<div class="modal fade" id="editModal<?= $u['id'] ?>">
  <div class="modal-dialog">
    <div class="modal-content">
      <form method="post">

        <div class="modal-header">
          <h5 class="modal-title">แก้ไขผู้ใช้</h5>
          <button class="btn-close" data-bs-dismiss="modal"></button>
        </div>

        <div class="modal-body">
          <input type="hidden" name="user_id" value="<?= $u['id'] ?>">

          <label>ชื่อผู้ใช้</label>
          <input type="text" name="username" class="form-control mb-2"
                 value="<?= htmlspecialchars($u['username']) ?>" required>

          <label>ชื่อจริง</label>
          <input type="text" name="fullname" class="form-control mb-2"
                 value="<?= htmlspecialchars($u['fullname']) ?>" required>

          <label>สิทธิ์</label>
          <select name="role" class="form-select">
            <option value="user"  <?= $u['role']=='user'?'selected':'' ?>>user</option>
            <option value="staff" <?= $u['role']=='staff'?'selected':'' ?>>staff</option>
            <option value="admin" <?= $u['role']=='admin'?'selected':'' ?>
                <?= ($ROLE=='staff')?'disabled':'' ?>>
                admin
            </option>
          </select>

        </div>

        <div class="modal-footer">
          <button name="edit_user" class="btn btn-success">
            <i class="bi bi-save"></i> บันทึก
          </button>
        </div>

      </form>
    </div>
  </div>
</div>

<?php endwhile; ?>
</div>


<!-- ADD MODAL -->
<div class="modal fade" id="addModal">
  <div class="modal-dialog">
    <div class="modal-content">
      <form method="post">

        <div class="modal-header">
          <h5 class="modal-title">เพิ่มผู้ใช้ใหม่</h5>
          <button class="btn-close" data-bs-dismiss="modal"></button>
        </div>

        <div class="modal-body">

          <label>ชื่อผู้ใช้</label>
          <input type="text" name="username" class="form-control mb-2" required>

          <label>ชื่อจริง</label>
          <input type="text" name="fullname" class="form-control mb-2" required>

          <label>สิทธิ์</label>
          <select name="role" class="form-select mb-2">
            <option value="user">user</option>
            <option value="staff">staff</option>
            <?php if ($ROLE == 'admin'): ?>
            <option value="admin">admin</option>
            <?php endif; ?>
          </select>

          <label>รหัสผ่านเริ่มต้น</label>
          <input type="text" name="password" class="form-control mb-2" required>

        </div>

        <div class="modal-footer">
          <button name="add_user" class="btn btn-primary">
            <i class="bi bi-plus-circle"></i> เพิ่มผู้ใช้
          </button>
        </div>

      </form>
    </div>
  </div>
</div>

<?php include "../footer.php"; ?>
