<?php
/**
 * PACK BEACON – SECURE API
 * Update Item Status
 * Path: /api-secure/update_item_status.php
 *
 * ใช้สำหรับ:
 *  - อัปเดตสถานะของ item ของวันนี้ว่าผู้ใช้กดทำแล้วหรือยัง
 *
 * Input:
 *  - user_id
 *  - item_id
 *  - status: pending | done
 * 
 * Secure:
 *  - Token + Timestamp + Signature
 */

require_once __DIR__ . "/config-secure.php";
require_once __DIR__ . "/auth-secure.php";

require_method("POST");

// Load secure JSON payload
list($raw, $input) = require_secure_json();

/* ============================================================
   Validate Input
============================================================ */
$user_id = intval($input["user_id"] ?? 0);
$item_id = intval($input["item_id"] ?? 0);
$status  = $input["status"] ?? "";

if ($user_id <= 0 || $item_id <= 0) {
    api_json([
        "status" => "error",
        "message" => "user_id and item_id are required"
    ]);
}

if (!in_array($status, ["pending", "done"])) {
    api_json([
        "status" => "error",
        "message" => "invalid status"
    ]);
}

/* ============================================================
   Validate Ownership – user ต้องเป็นเจ้าของ item
============================================================ */
$chk = $conn->query("
    SELECT * FROM items
    WHERE id = $item_id AND user_id = $user_id
");

if ($chk->num_rows == 0) {
    api_json([
        "status" => "error",
        "message" => "Item does not belong to this user"
    ]);
}

/* ============================================================
   Today's Date
============================================================ */
$today = date("Y-m-d");

/* ============================================================
   Check Existing Status
============================================================ */
$exist = $conn->query("
    SELECT id FROM item_status
    WHERE user_id = $user_id AND item_id = $item_id AND date = '$today'
");

if ($exist->num_rows == 0) {

    // create new status
    $stmt = $conn->prepare("
        INSERT INTO item_status (user_id, item_id, date, status)
        VALUES (?, ?, ?, ?)
    ");
    $stmt->bind_param("iiss", $user_id, $item_id, $today, $status);
    $stmt->execute();

} else {

    // update existing
    $row = $exist->fetch_assoc();
    $sid = $row["id"];

    $stmt = $conn->prepare("
        UPDATE item_status SET status=? WHERE id=?
    ");
    $stmt->bind_param("si", $status, $sid);
    $stmt->execute();
}

/* ============================================================
   Log
============================================================ */
$msg = "User $user_id update item #$item_id to status [$status]";
$stmt = $conn->prepare("
    INSERT INTO logs (user_id, message)
    VALUES (?, ?)
");
$stmt->bind_param("is", $user_id, $msg);
$stmt->execute();

/* ============================================================
   Return JSON
============================================================ */
api_json([
    "status" => "success",
    "message" => "status updated",
    "user_id" => $user_id,
    "item_id" => $item_id,
    "date" => $today,
    "new_status" => $status
]);
