<?php
/**
 * Copyright seit 2024 Webshop System
 *
 * Admin-Kunden-Controller für das Webshop-System
 *
 * @author    Webshop System
 * @license   GPL v3
 */

namespace App\Admin\Controllers;

use Doctrine\DBAL\DriverManager;
use Doctrine\DBAL\Exception;

class AdminCustomerController
{
    public function index()
    {
        // Session prüfen
        session_start();
        if (!isset($_SESSION['admin_user_id'])) {
            header('Location: /admin/login');
            exit;
        }

        // DB-Verbindung herstellen
        $connectionParams = [
            'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
            'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
            'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
            'host' => getenv('DB_HOST') ?: 'db',
            'driver' => 'pdo_mysql',
            'port' => getenv('DB_PORT') ?: 3306,
            'charset' => 'utf8mb4',
        ];

        try {
            $conn = DriverManager::getConnection($connectionParams);
            
            // Kunden laden (nur Nicht-Admins)
            $stmt = $conn->prepare('
                SELECT u.*, 
                       COUNT(o.id) as order_count,
                       SUM(o.total) as total_spent
                FROM ws_user u 
                LEFT JOIN ws_order o ON u.id = o.user_id
                WHERE u.is_admin = 0
                GROUP BY u.id
                ORDER BY u.created_at DESC
            ');
            $stmt->execute();
            
            $customers = [];
            while ($row = $stmt->fetchAssociative()) {
                $customers[] = $row;
            }
            
            $this->render('admin/customers/index.html.twig', [
                'title' => 'Webshop Admin - Kunden',
                'user_name' => $_SESSION['admin_user_name'],
                'customers' => $customers
            ]);
            
        } catch (Exception $e) {
            $this->render('admin/customers/index.html.twig', [
                'title' => 'Webshop Admin - Kunden',
                'user_name' => $_SESSION['admin_user_name'],
                'customers' => [],
                'error' => 'Datenbankfehler: ' . $e->getMessage()
            ]);
        }
    }

    public function show($id)
    {
        // Session prüfen
        session_start();
        if (!isset($_SESSION['admin_user_id'])) {
            header('Location: /admin/login');
            exit;
        }

        // DB-Verbindung herstellen
        $connectionParams = [
            'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
            'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
            'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
            'host' => getenv('DB_HOST') ?: 'db',
            'driver' => 'pdo_mysql',
            'port' => getenv('DB_PORT') ?: 3306,
            'charset' => 'utf8mb4',
        ];

        try {
            $conn = DriverManager::getConnection($connectionParams);
            
            // Kunde laden
            $stmt = $conn->prepare('SELECT * FROM ws_user WHERE id = ? AND is_admin = 0');
            $stmt->execute([$id]);
            $customer = $stmt->fetchAssociative();
            
            if (!$customer) {
                header('Location: /admin/customers?error=Kunde nicht gefunden');
                exit;
            }
            
            // Bestellungen des Kunden laden
            $stmt = $conn->prepare('
                SELECT o.*, 
                       COUNT(op.product_id) as item_count
                FROM ws_order o 
                LEFT JOIN ws_order_product op ON o.id = op.order_id
                WHERE o.user_id = ?
                GROUP BY o.id
                ORDER BY o.created_at DESC
            ');
            $stmt->execute([$id]);
            
            $orders = [];
            while ($row = $stmt->fetchAssociative()) {
                $orders[] = $row;
            }
            
            $this->render('admin/customers/show.html.twig', [
                'title' => 'Webshop Admin - Kunde Details',
                'user_name' => $_SESSION['admin_user_name'],
                'customer' => $customer,
                'orders' => $orders
            ]);
            
        } catch (Exception $e) {
            header('Location: /admin/customers?error=Datenbankfehler: ' . $e->getMessage());
            exit;
        }
    }

    public function create()
    {
        // Session prüfen
        session_start();
        if (!isset($_SESSION['admin_user_id'])) {
            header('Location: /admin/login');
            exit;
        }

        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
            $this->store();
            return;
        }

        $this->render('admin/customers/create.html.twig', [
            'title' => 'Webshop Admin - Neuer Kunde',
            'user_name' => $_SESSION['admin_user_name']
        ]);
    }

    private function store()
    {
        $email = $_POST['email'] ?? '';
        $firstname = $_POST['firstname'] ?? '';
        $lastname = $_POST['lastname'] ?? '';
        $password = $_POST['password'] ?? '';

        if (empty($email) || empty($firstname) || empty($lastname)) {
            header('Location: /admin/customers/create?error=Fehlende Pflichtfelder');
            exit;
        }

        // Passwort hashen falls angegeben
        $hashedPassword = '';
        if (!empty($password)) {
            $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
        }

        $connectionParams = [
            'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
            'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
            'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
            'host' => getenv('DB_HOST') ?: 'db',
            'driver' => 'pdo_mysql',
            'port' => getenv('DB_PORT') ?: 3306,
            'charset' => 'utf8mb4',
        ];

        try {
            $conn = DriverManager::getConnection($connectionParams);
            
            // Prüfen ob E-Mail bereits existiert
            $stmt = $conn->prepare('SELECT id FROM ws_user WHERE email = ?');
            $stmt->execute([$email]);
            if ($stmt->fetchAssociative()) {
                header('Location: /admin/customers/create?error=E-Mail bereits vergeben');
                exit;
            }
            
            $stmt = $conn->prepare('
                INSERT INTO ws_user (email, firstname, lastname, password, is_admin) 
                VALUES (?, ?, ?, ?, 0)
            ');
            $stmt->execute([$email, $firstname, $lastname, $hashedPassword]);
            
            header('Location: /admin/customers?success=Kunde erfolgreich erstellt');
            exit;
            
        } catch (Exception $e) {
            header('Location: /admin/customers/create?error=Datenbankfehler: ' . $e->getMessage());
            exit;
        }
    }

    public function edit($id)
    {
        // Session prüfen
        session_start();
        if (!isset($_SESSION['admin_user_id'])) {
            header('Location: /admin/login');
            exit;
        }

        if ($_SERVER['REQUEST_METHOD'] === 'POST') {
            $this->update($id);
            return;
        }

        $connectionParams = [
            'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
            'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
            'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
            'host' => getenv('DB_HOST') ?: 'db',
            'driver' => 'pdo_mysql',
            'port' => getenv('DB_PORT') ?: 3306,
            'charset' => 'utf8mb4',
        ];

        try {
            $conn = DriverManager::getConnection($connectionParams);
            
            // Kunde laden
            $stmt = $conn->prepare('SELECT * FROM ws_user WHERE id = ? AND is_admin = 0');
            $stmt->execute([$id]);
            $customer = $stmt->fetchAssociative();
            
            if (!$customer) {
                header('Location: /admin/customers?error=Kunde nicht gefunden');
                exit;
            }
            
            $this->render('admin/customers/edit.html.twig', [
                'title' => 'Webshop Admin - Kunde bearbeiten',
                'user_name' => $_SESSION['admin_user_name'],
                'customer' => $customer
            ]);
            
        } catch (Exception $e) {
            header('Location: /admin/customers?error=Datenbankfehler: ' . $e->getMessage());
            exit;
        }
    }

    private function update($id)
    {
        $email = $_POST['email'] ?? '';
        $firstname = $_POST['firstname'] ?? '';
        $lastname = $_POST['lastname'] ?? '';
        $password = $_POST['password'] ?? '';

        if (empty($email) || empty($firstname) || empty($lastname)) {
            header('Location: /admin/customers/edit/' . $id . '?error=Fehlende Pflichtfelder');
            exit;
        }

        $connectionParams = [
            'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
            'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
            'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
            'host' => getenv('DB_HOST') ?: 'db',
            'driver' => 'pdo_mysql',
            'port' => getenv('DB_PORT') ?: 3306,
            'charset' => 'utf8mb4',
        ];

        try {
            $conn = DriverManager::getConnection($connectionParams);
            
            // Prüfen ob E-Mail bereits existiert (außer bei diesem Kunden)
            $stmt = $conn->prepare('SELECT id FROM ws_user WHERE email = ? AND id != ?');
            $stmt->execute([$email, $id]);
            if ($stmt->fetchAssociative()) {
                header('Location: /admin/customers/edit/' . $id . '?error=E-Mail bereits vergeben');
                exit;
            }
            
            if (!empty($password)) {
                // Passwort aktualisieren
                $hashedPassword = password_hash($password, PASSWORD_DEFAULT);
                $stmt = $conn->prepare('
                    UPDATE ws_user 
                    SET email = ?, firstname = ?, lastname = ?, password = ? 
                    WHERE id = ?
                ');
                $stmt->execute([$email, $firstname, $lastname, $hashedPassword, $id]);
            } else {
                // Nur Daten aktualisieren
                $stmt = $conn->prepare('
                    UPDATE ws_user 
                    SET email = ?, firstname = ?, lastname = ? 
                    WHERE id = ?
                ');
                $stmt->execute([$email, $firstname, $lastname, $id]);
            }
            
            header('Location: /admin/customers?success=Kunde erfolgreich aktualisiert');
            exit;
            
        } catch (Exception $e) {
            header('Location: /admin/customers/edit/' . $id . '?error=Datenbankfehler: ' . $e->getMessage());
            exit;
        }
    }

    public function delete($id)
    {
        // Session prüfen
        session_start();
        if (!isset($_SESSION['admin_user_id'])) {
            header('Location: /admin/login');
            exit;
        }

        $connectionParams = [
            'dbname' => getenv('DB_DATABASE') ?: 'freeshop',
            'user' => getenv('DB_USERNAME') ?: 'freeshop_user',
            'password' => getenv('DB_PASSWORD') ?: 'freeshop_password',
            'host' => getenv('DB_HOST') ?: 'db',
            'driver' => 'pdo_mysql',
            'port' => getenv('DB_PORT') ?: 3306,
            'charset' => 'utf8mb4',
        ];

        try {
            $conn = DriverManager::getConnection($connectionParams);
            
            // Prüfen ob Kunde Bestellungen hat
            $stmt = $conn->prepare('SELECT COUNT(*) as count FROM ws_order WHERE user_id = ?');
            $stmt->execute([$id]);
            $orderCount = $stmt->fetchAssociative()['count'];
            
            if ($orderCount > 0) {
                header('Location: /admin/customers?error=Kunde kann nicht gelöscht werden, da Bestellungen vorhanden sind');
                exit;
            }
            
            $stmt = $conn->prepare('DELETE FROM ws_user WHERE id = ? AND is_admin = 0');
            $stmt->execute([$id]);
            
            header('Location: /admin/customers?success=Kunde erfolgreich gelöscht');
            exit;
            
        } catch (Exception $e) {
            header('Location: /admin/customers?error=Datenbankfehler: ' . $e->getMessage());
            exit;
        }
    }

    protected function render($template, $data = [])
    {
        // Einfache Template-Engine (später durch Twig ersetzen)
        extract($data);
        include __DIR__ . '/../../templates/' . $template;
    }
}