<?php
session_start();

// Load database configuration
$db_config = require_once '../config/database.php';
$host = $db_config['host'];
$dbname = $db_config['dbname'];
$username = $db_config['username'];
$password = $db_config['password'];

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $fullname = $_POST['fullname'] ?? '';
    $email = $_POST['email'] ?? '';
    $user_password = $_POST['password'] ?? '';
    $company = $_POST['company'] ?? '';
    $reason = $_POST['reason'] ?? '';
    $department_id = $_POST['department_id'] ?? '';
    
    // Validate required fields
    if (empty($fullname) || empty($email) || empty($user_password) || empty($department_id)) {
        header('Location: register.html?error=missing');
        exit();
    }
    
    try {
        $conn = new PDO("mysql:host=$host;dbname=$dbname;charset=utf8", $username, $password);
        $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
        
        // Check if email already exists
        $stmt = $conn->prepare("SELECT id FROM users WHERE email = ?");
        $stmt->execute([$email]);
        
        if ($stmt->rowCount() > 0) {
            header('Location: register.html?error=exists');
            exit();
        }
        
        // Hash the password
        $hashed_password = password_hash($user_password, PASSWORD_DEFAULT);
        
        // Check email domain for auto-approval
        $email_domain = substr(strrchr($email, "@"), 1);
        $is_internal = ($email_domain === 'creditorsrelief.com');
        
        // Determine status and role based on domain
        if ($is_internal) {
            $status = 'approved';
            // Check if user selected Management department
            $stmt = $conn->prepare("SELECT name FROM departments WHERE id = ?");
            $stmt->execute([$department_id]);
            $dept = $stmt->fetch(PDO::FETCH_ASSOC);
            
            $role = ($dept && strtolower($dept['name']) === 'management') ? 'management' : 'user';
        } else {
            $status = 'pending';
            $role = 'user';
        }
        
        // Insert new user
        $stmt = $conn->prepare("
            INSERT INTO users (fullname, email, password, company, reason, department_id, status, role, auth_provider, created_at) 
            VALUES (?, ?, ?, ?, ?, ?, ?, ?, 'email', NOW())
        ");
        
        $stmt->execute([$fullname, $email, $hashed_password, $company, $reason, $department_id, $status, $role]);
        
        if ($is_internal) {
            // Internal user - immediate login
            $user_id = $conn->lastInsertId();
            $_SESSION['user'] = $email;
            $_SESSION['user_id'] = $user_id;
            $_SESSION['fullname'] = $fullname;
            $_SESSION['logged_in'] = true;
            $_SESSION['role'] = $role;
            $_SESSION['department_id'] = $department_id;
            
            // Update last login
            $update_login = $conn->prepare("UPDATE users SET last_login = NOW() WHERE id = ?");
            $update_login->execute([$user_id]);
            
            // Redirect based on role
            if ($role === 'management') {
                header('Location: dashboard.php');
            } else {
                header('Location: dashboard.php');
            }
            exit();
        } else {
            // External user - notify admin and show pending message
            $admin_email = "alexandra@creditorsrelief.com";
            $subject = "CreditorsReliefWorkspace - New External User Registration Pending Approval";
            $message = "A new external user has registered:\n\n";
            $message .= "Name: $fullname\n";
            $message .= "Email: $email\n";
            $message .= "Company: $company\n";
            $message .= "Reason: $reason\n\n";
            $message .= "Please log in to review and approve this registration:\n";
            $message .= "https://creditorsreliefworkspace.com/users.php\n";
            
            $headers = "From: noreply@creditorsreliefworkspace.com\r\n";
            @mail($admin_email, $subject, $message, $headers);
            
            header('Location: index.html?registered=pending');
            exit();
        }
        
    } catch(PDOException $e) {
        error_log("Registration error: " . $e->getMessage());
        header('Location: register.html?error=database');
        exit();
    }
}

// If not POST request, redirect to register page
header('Location: register.html');
exit();
?>