<?php
defined($security_key) or exit;

//------------------------------------------
// Appointment
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);

//CONTENT FROM API (POST)
$post_content = json_decode($input,true);

//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');

//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';

if(isset($post_content['action']) && $post_content['action'] == 'book_appointment'){

    //APPOINTMENT BOOKING
    $dealer_id = $post_content['dealer_id'];
    $name = $post_content['name'] ?? '';
    $email = $post_content['email'] ?? '';
    $phone = $post_content['phone'] ?? '';
    $starttime = $post_content['starttime'] ?? '';
    $endtime = $post_content['endtime'] ?? '';
   
    // First check if the slot is still available
    $sql = "SELECT start_time, end_time, is_available FROM appointment_slots WHERE start_time = ? AND end_time = ? AND is_available = ? AND dealer_id = ?";
    $stmt = $pdo->prepare($sql);
    $stmt->execute([$starttime,$endtime,1,$dealer_id]);
    $result = $stmt->fetch(PDO::FETCH_ASSOC);

    if (isset($result['id'])){
        $messages = ['success' => false, 'message' => 'This slot is no longer available'];
    }
    else {      
        try {
        //INSERT TIMESLOT
        $sql = "INSERT INTO appointment_slots (dealer_id, start_time, end_time, is_available,createdby) VALUES (?,?, ?, ?, ?)";
        $stmt = $pdo->prepare($sql);
        $stmt->execute([$dealer_id,$starttime,$endtime,0,'system']);

        $appointment_id = $pdo->lastInsertId();

        //INSERT APPOINTMENT
        $sql = "INSERT INTO appointments (appointment_slot_id, client_name, client_email, client_phone,	appointment_status,createdby, dealer_id) VALUES (?,?,?,?,?,?,?)";
        $stmt = $pdo->prepare($sql);
        $stmt->execute([$appointment_id,$name, $email, $phone,0,'system', $dealer_id]);
            
        $messages = [
            'success' => true, 
            'message' => 'Appointment requested successfully', 
            'appointment_id' => $appointment_id
        ];
        } catch (Exception $e) {
            // Roll back transaction on error
            $pdo->rollback();
            $messages = ['success' => false, 'message' => 'Error: ' . $e->getMessage()];
        }
    }

    //------------------------------------------
    //JSON_ENCODE
    //------------------------------------------
    $messages = json_encode($messages, JSON_UNESCAPED_UNICODE);

    //Send results
    echo $messages;
} 
else {

    //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
    if ($command == 'update'){
        $post_content['updatedby'] = $username ;

    }
    elseif ($command == 'insert'){
        $post_content['createdby'] = $username;
    }
    else {
        //do nothing
    }

    //CREAT NEW ARRAY AND MAP TO CLAUSE
    if(isset($post_content) && $post_content!=''){   
        foreach ($post_content as $key => $var){
            if ($key == 'submit' || $key == 'id'){
                //do nothing
            }
            else {
                $criterias[$key] = $var;
                $clause .= ' , '.$key.' = ?';
                $clause_insert .= ' , '.$key.'';
                $input_insert .= ', ?'; // ? for each insert item
                $execute_input[]= $var; // Build array for input
            }
        }
    }

    //CLEAN UP INPUT
    $clause = substr($clause, 2); //Clean clause - remove first comma
    $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
    $input_insert = substr($input_insert, 1); //Clean clause - remove first comma

    //QUERY AND VERIFY ALLOWED
    if ($command == 'update' && isAllowed('appointment',$profile,$permission,'U') === 1){
        $sql = 'UPDATE appointment SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
        $execute_input[] = $id;
        $stmt = $pdo->prepare($sql);
        $stmt->execute($execute_input);
    } 
    elseif ($command == 'insert' && isAllowed('appointment',$profile,$permission,'C') === 1){
        $sql = 'INSERT INTO appointment ('.$clause_insert.') VALUES ('.$input_insert.')';
        $stmt = $pdo->prepare($sql);
        $stmt->execute($execute_input);
        // Return ID            
        echo json_encode(array('rowID'=> $pdo->lastInsertId()));
    }
    elseif ($command == 'delete' && isAllowed('appointment',$profile,$permission,'D') === 1){
        $stmt = $pdo->prepare('DELETE FROM appointment WHERE rowID = ? '.$whereclause.'');
        $stmt->execute([ $id ]); 

        //Add deletion to changelog
        changelog($dbname,'appointment',$id,'Delete','Delete',$username);
    } else
    {
        //do nothing
    }
}
?>