<?php
defined($security_key) or exit;

//------------------------------------------
// Marketing Update
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);

//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

//default whereclause
list($whereclause,$condition) = getWhereclauselvl2("",$permission,$partner,'');

//QUERY AND VERIFY ALLOWED
if (isAllowed('marketing',$profile,$permission,'U') === 1){
    // Get JSON input
    $input = json_decode(file_get_contents('php://input'), true);
    
    $file_id = $input['file_id'] ?? '';

    if (empty($file_id)) {
        echo json_encode(['success' => false, 'error' => 'File ID is required']);
        exit;
    }

    try {
        // First verify the file exists and user has access
        $check_sql = 'SELECT id FROM `marketing_files` WHERE `id` = ?';
        $check_stmt = $pdo->prepare($check_sql);
        $check_stmt->execute([$file_id]);
        
        if ($check_stmt->rowCount() === 0) {
            echo json_encode(['success' => false, 'error' => 'File not found or access denied']);
            exit;
        }

        // Build dynamic UPDATE query for only changed fields
        $update_fields = [];
        $update_params = [];
        
        if (isset($input['title'])) {
            $update_fields[] = '`title` = ?';
            $update_params[] = $input['title'];
        }
        
        if (isset($input['folder_id'])) {
            $update_fields[] = '`folder_id` = ?';
            $update_params[] = $input['folder_id'] ?: null;
        }
        
        // Always update updatedby if there are changes
        if (!empty($update_fields)) {
            $update_fields[] = '`updatedby` = ?';
            $update_params[] = $username;
            $update_params[] = $file_id;
            
            $update_sql = 'UPDATE `marketing_files` SET ' . implode(', ', $update_fields) . ' WHERE `id` = ?';
            $stmt = $pdo->prepare($update_sql);
            $stmt->execute($update_params);
        }

        // Update tags only if provided
        if (isset($input['tags'])) {
            // Remove existing tags
            $pdo->prepare('DELETE FROM `marketing_file_tags` WHERE `file_id` = ?')->execute([$file_id]);

            // Parse and insert new tags
            $tags_string = $input['tags'];
            $tags_array = array_filter(array_map('trim', explode(',', $tags_string)));
            
            if (!empty($tags_array)) {
                $tag_sql = 'INSERT IGNORE INTO `marketing_tags` (`tag_name`) VALUES (?)';
                $tag_stmt = $pdo->prepare($tag_sql);
                
                $file_tag_sql = 'INSERT INTO `marketing_file_tags` (`file_id`, `tag_id`) SELECT ?, id FROM marketing_tags WHERE tag_name = ?';
                $file_tag_stmt = $pdo->prepare($file_tag_sql);
                
                foreach ($tags_array as $tag) {
                    $tag_stmt->execute([$tag]);
                    $file_tag_stmt->execute([$file_id, $tag]);
                }
            }
        }

        echo json_encode(['success' => true, 'message' => 'File updated successfully']);
    } catch (Exception $e) {
        echo json_encode(['success' => false, 'error' => 'Update failed: ' . $e->getMessage()]);
    }
} else {
    echo json_encode(['success' => false, 'error' => 'Insufficient permissions']);
}
?>