<?php
defined($security_key) or exit;
  ini_set('display_errors', '1');
    ini_set('display_startup_errors', '1');
    error_reporting(E_ALL);  
//------------------------------------------
// Payment Creation (for Software Upgrades)
//------------------------------------------
// This endpoint creates a Mollie payment and stores transaction data

//Connect to DB
$pdo = dbConnect($dbname);

//CONTENT FROM API (POST)
$post_content = json_decode($input, true);


// Validate required inputs
if (empty($post_content['serial_number']) || empty($post_content['version_id'])) {
    http_response_code(400);
    echo json_encode(['error' => 'Missing required fields: serial_number, version_id'], JSON_UNESCAPED_UNICODE);
    exit;
}

$serial_number = $post_content['serial_number'];
$version_id = $post_content['version_id'];
$user_data = $post_content['user_data'] ?? [];

//+++++++++++++++++++++++++++++++++++++++++++++++++++++
// STEP 1: Get equipment data from serial_number
//+++++++++++++++++++++++++++++++++++++++++++++++++++++
$sql = 'SELECT rowID, sw_version, sw_version_license, hw_version FROM equipment WHERE serialnumber = ?';
$stmt = $pdo->prepare($sql);
$stmt->execute([$serial_number]);
$equipment = $stmt->fetch(PDO::FETCH_ASSOC);

if (!$equipment) {
    
    http_response_code(404);
    echo json_encode(['error' => 'Device not found with serial number: ' . $serial_number], JSON_UNESCAPED_UNICODE);
    exit;
}

$equipment_id = $equipment['rowID'];
$current_sw_version = trim(strtolower(ltrim($equipment['sw_version'], '0')));
$sw_version_license = $equipment['sw_version_license'] ?? null;
$hw_version = $equipment['hw_version'] ?? '';

//+++++++++++++++++++++++++++++++++++++++++++++++++++++
// STEP 2: Get version data from version_id
//+++++++++++++++++++++++++++++++++++++++++++++++++++++
$sql = 'SELECT rowID as version_id, version, name, description, hw_version
        FROM products_software_versions
        WHERE rowID = ? AND status = 1';
$stmt = $pdo->prepare($sql);
$stmt->execute([$version_id]);
$version = $stmt->fetch(PDO::FETCH_ASSOC);

if (!$version) {
    
    http_response_code(404);
    echo json_encode(['error' => 'Software version not found or inactive'], JSON_UNESCAPED_UNICODE);
    exit;
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++
// STEP 3: Calculate price SERVER-SIDE (same logic as software_update.php)
//+++++++++++++++++++++++++++++++++++++++++++++++++++++
$final_price = '0.00';
$final_currency = '';

// Check if version has upgrade paths defined
$sql = 'SELECT COUNT(*) as path_count FROM products_software_upgrade_paths WHERE to_version_id = ? AND is_active = 1';
$stmt = $pdo->prepare($sql);
$stmt->execute([$version_id]);
$path_count_result = $stmt->fetch(PDO::FETCH_ASSOC);
$has_upgrade_paths = ($path_count_result['path_count'] > 0);

if (!$has_upgrade_paths) {
    // No upgrade paths defined = FREE (lines 240-242 in software_update.php)
    $final_price = '0.00';
} else {
    // Check for valid upgrade path FROM current version
    $sql = 'SELECT pup.price, pup.currency
            FROM products_software_upgrade_paths pup
            JOIN products_software_versions from_ver ON pup.from_version_id = from_ver.rowID
            WHERE pup.to_version_id = ?
                AND LOWER(TRIM(LEADING "0" FROM from_ver.version)) = ?
                AND pup.is_active = 1';
    $stmt = $pdo->prepare($sql);
    $stmt->execute([$version_id, $current_sw_version]);
    $upgrade_path = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($upgrade_path) {
        $final_price = $upgrade_path['price'] ?? '0.00';
        $final_currency = $upgrade_path['currency'] ?? 'EUR';
    } else {
        // No upgrade path FROM current version
        
        http_response_code(400);
        echo json_encode(['error' => 'No valid upgrade path from current version'], JSON_UNESCAPED_UNICODE);
        exit;
    }
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++
// STEP 4: Check license validity (lines 280-311 in software_update.php)
//+++++++++++++++++++++++++++++++++++++++++++++++++++++
if ($final_price > 0 && $sw_version_license) {
    $sql = 'SELECT status, starts_at, expires_at
            FROM products_software_licenses
            WHERE license_key = ?';
    $stmt = $pdo->prepare($sql);
    $stmt->execute([$sw_version_license]);
    $license = $stmt->fetch(PDO::FETCH_ASSOC);

    if ($license && $license['status'] == 1) {
        $now = date('Y-m-d H:i:s');
        $starts_at = $license['starts_at'];
        $expires_at = $license['expires_at'];

        // Check if license is within valid date range
        if ((!$starts_at || $starts_at <= $now) && (!$expires_at || $expires_at >= $now)) {
            $final_price = '0.00';
        }
    }
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++
// STEP 5: Verify price > 0 (free upgrades shouldn't reach payment API)
//+++++++++++++++++++++++++++++++++++++++++++++++++++++
if ($final_price <= 0) {
    
    http_response_code(400);
    echo json_encode(['error' => 'This upgrade is free. No payment required.'], JSON_UNESCAPED_UNICODE);
    exit;
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++
// STEP 6: DEBUG MODE - Log but continue to real Mollie
//+++++++++++++++++++++++++++++++++++++++++++++++++++++
if (debug) {
    debuglog("DEBUG MODE: Creating real Mollie payment for testing");
    debuglog("DEBUG: Serial Number: $serial_number, Version ID: $version_id, Price: $final_price");
}

//+++++++++++++++++++++++++++++++++++++++++++++++++++++
// STEP 7: Call Mollie API to create payment
//+++++++++++++++++++++++++++++++++++++++++++++++++++++
try {
    // Initialize Mollie
    require dirname(__FILE__, 4).'/initialize.php';

    // Format price for Mollie (must be string with 2 decimals)
    $formatted_price = number_format((float)$final_price, 2, '.', '');

    //+++++++++++++++++++++++++++++++++++++++++++++++++++++
    // STEP 7A: Generate transaction ID BEFORE creating Mollie payment
    //+++++++++++++++++++++++++++++++++++++++++++++++++++++
    // Generate unique transaction ID (same as placeorder.php)
    $txn_id = strtoupper(uniqid('SC') . substr(md5(mt_rand()), 0, 5));

    // Build webhook URL and redirect URL with actual transaction ID
    $protocol = 'https';
    $hostname = $_SERVER['SERVER_NAME'];
    $path = '/';
    $webhook_url = "{$protocol}://{$hostname}{$path}webhook_mollie.php";
    $redirect_url = "{$protocol}://{$hostname}{$path}?page=softwaretool&payment_return=1&order_id={$txn_id}";

    if (debug) {
        debuglog("DEBUG: Transaction ID: {$txn_id}");
        debuglog("DEBUG: redirectUrl being sent to Mollie: " . $redirect_url);
    }

    // Create payment with Mollie
    $payment = $mollie->payments->create([
        'amount' => [
            'currency' => $final_currency ?: 'EUR',
            'value' => "{$formatted_price}"
        ],
        'description' => "Software upgrade Order #{$txn_id}",
        'redirectUrl' => "{$redirect_url}",
        'webhookUrl' => "{$webhook_url}",
        'metadata' => [
            'order_id' => $txn_id,
            'serial_number' => $serial_number,
            'version_id' => $version_id,
            'equipment_id' => $equipment_id
        ]
    ]);

    $mollie_payment_id = $payment->id;
    $checkout_url = $payment->getCheckoutUrl();

    if (debug) {
        debuglog("DEBUG: Mollie payment created successfully");
        debuglog("DEBUG: Payment ID: $mollie_payment_id");
        debuglog("DEBUG: Redirect URL sent: $redirect_url");
        debuglog("DEBUG: Redirect URL from Mollie object: " . $payment->redirectUrl);
        debuglog("DEBUG: Full payment object: " . json_encode($payment));
        debuglog("DEBUG: Checkout URL: $checkout_url");
    }

    //+++++++++++++++++++++++++++++++++++++++++++++++++++++
    // STEP 8: Store transaction in DB using txn_id (order ID)
    //+++++++++++++++++++++++++++++++++++++++++++++++++++++
    // Split name into first/last (simple split on first space)
    $full_name = $user_data['name'] ?? '';
    $name_parts = explode(' ', $full_name, 2);
    $first_name = $name_parts[0] ?? '';
    $last_name = $name_parts[1] ?? '';

    // BUILD UP PARTNERHIERARCHY FROM USER
    $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);

    $sql = 'INSERT INTO transactions (txn_id, payment_amount, payment_status, payer_email, first_name, last_name,
            address_street, address_city, address_state, address_zip, address_country, account_id, payment_method, accounthierarchy, created)
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)';
    $stmt = $pdo->prepare($sql);
    $stmt->execute([
        $txn_id,  // Use generated transaction ID, not Mollie payment ID
        $final_price,
        0, // 0 = pending
        $user_data['email'] ?? '',
        $first_name,
        $last_name,
        $user_data['address'] ?? '',
        $user_data['city'] ?? '',
        '', // address_state (not collected)
        $user_data['postal'] ?? '',
        $user_data['country'] ?? '',
        $serial_number,
        0, // payment method
        $partner_product,
        date('Y-m-d H:i:s')
    ]);

    // Get the database ID
    $transaction_id = $pdo->lastInsertId();

    //+++++++++++++++++++++++++++++++++++++++++++++++++++++
    // STEP 9: Store transaction item with serial_number in item_options
    //+++++++++++++++++++++++++++++++++++++++++++++++++++++
    $item_options = json_encode([
        'serial_number' => $serial_number,
        'equipment_id' => $equipment_id,
        'hw_version' => $hw_version,
        'mollie_payment_id' => $mollie_payment_id  // Store Mollie payment ID in options
    ], JSON_UNESCAPED_UNICODE);

    $sql = 'INSERT INTO transactions_items (txn_id, item_id, item_price, item_quantity, item_options, created)
            VALUES (?, ?, ?, ?, ?, ?)';
    $stmt = $pdo->prepare($sql);
    $stmt->execute([
        $transaction_id,  // Use database transaction ID (not txn_id string, not mollie_payment_id)
        $version_id,
        $final_price,
        1,
        $item_options,
        date('Y-m-d H:i:s')
    ]);

    //+++++++++++++++++++++++++++++++++++++++++++++++++++++
    // STEP 10: Return checkout URL and payment ID
    //+++++++++++++++++++++++++++++++++++++++++++++++++++++
    $messages = json_encode([
        'checkout_url' => $checkout_url,
        'payment_id' => $mollie_payment_id
    ], JSON_UNESCAPED_UNICODE);
    echo $messages;

} catch (Exception $e) {
    http_response_code(500);
    echo json_encode(['error' => 'Payment creation failed: ' . $e->getMessage()], JSON_UNESCAPED_UNICODE);
    exit;
}

?>