<?php
// admin/pages/shoutouts.php
// Shoutouts beheerpagina voor admin

require_once __DIR__ . '/../../config.php';

// Basis beveiliging: controleer of admin ingelogd is (pas aan naar jouw login check)
session_start();
if (!isset($_SESSION['admin_logged_in']) || $_SESSION['admin_logged_in'] !== true) {
    header('Location: ../login.php');
    exit;
}

// Acties: delete / toggle_block / add / generate_ai
$messages = [];

if ($_SERVER['REQUEST_METHOD'] === 'POST') {

    // Verwijderen
    if (isset($_POST['action']) && $_POST['action'] === 'delete' && isset($_POST['id'])) {
        $id = intval($_POST['id']);
        $stmt = $db_conx->prepare("DELETE FROM shoutouts WHERE id = ?");
        $stmt->bind_param("i", $id);
        if ($stmt->execute()) {
            $messages[] = "Shout-out #$id verwijderd.";
        } else {
            $messages[] = "Fout bij verwijderen: " . $db_conx->error;
        }
        $stmt->close();
    }

    // Blokkeren / deblokkeren (voegt/uses 'blocked' boolean)
    if (isset($_POST['action']) && $_POST['action'] === 'toggle_block' && isset($_POST['id'])) {
        $id = intval($_POST['id']);
        // Zorg dat de kolom 'blocked' bestaat; als niet, maak hem aan
        $db_conx->query("ALTER TABLE shoutouts ADD COLUMN IF NOT EXISTS blocked TINYINT(1) NOT NULL DEFAULT 0");
        // Haal huidig
        $res = $db_conx->query("SELECT blocked FROM shoutouts WHERE id = " . $id);
        if ($res && $row = $res->fetch_assoc()) {
            $new = $row['blocked'] ? 0 : 1;
            $stmt = $db_conx->prepare("UPDATE shoutouts SET blocked = ? WHERE id = ?");
            $stmt->bind_param("ii", $new, $id);
            if ($stmt->execute()) {
                $messages[] = $new ? "Shout-out #$id geblokkeerd." : "Shout-out #$id vrijgegeven.";
            } else {
                $messages[] = "Fout bij updaten: " . $db_conx->error;
            }
            $stmt->close();
        }
    }

    // Handmatig toevoegen
    if (isset($_POST['action']) && $_POST['action'] === 'add') {
        $name = trim($_POST['name'] ?? '');
        $shout = trim($_POST['shoutout'] ?? '');
        $photo = trim($_POST['photo'] ?? '');

        if ($name === '' || $shout === '') {
            $messages[] = "Naam en shout-out zijn verplicht.";
        } else {
            $stmt = $db_conx->prepare("INSERT INTO shoutouts (name, shoutout, photo, created_at) VALUES (?, ?, ?, NOW())");
            $stmt->bind_param("sss", $name, $shout, $photo);
            if ($stmt->execute()) {
                $messages[] = "Handmatige shout-out toegevoegd.";
            } else {
                $messages[] = "Fout bij toevoegen: " . $db_conx->error;
            }
            $stmt->close();
        }
    }

    // Trigger AI generate (roept jouw data/generate_ai_shoutout.php aan)
    if (isset($_POST['action']) && $_POST['action'] === 'generate_ai') {
        // call local script via curl (server-side)
        $url = rtrim(dirname($_SERVER['REQUEST_SCHEME'] . '://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']), '/') . '/../../data/generate_ai_shoutout.php';
        // beter: lokale filesystem invocation met include zodat je niet afhankelijk bent van HTTP:
        $genPath = __DIR__ . '/../../data/generate_ai_shoutout.php';
        if (is_file($genPath)) {
            // include in buffer om output te suppressen and avoid double headers
            ob_start();
            include $genPath;
            $out = ob_get_clean();
            $messages[] = "AI generator aangeroepen: " . strip_tags($out);
        } else {
            $messages[] = "AI generator niet gevonden op $genPath";
        }
    }
}

// Pagination / zoek filter (eenvoudig)
$page = max(1, intval($_GET['p'] ?? 1));
$perPage = 30;
$offset = ($page - 1) * $perPage;

$searchSql = "";
$params = [];
if (!empty($_GET['q'])) {
    $q = '%' . $db_conx->real_escape_string($_GET['q']) . '%';
    $searchSql = "WHERE (name LIKE ? OR shoutout LIKE ?)";
    $params = [$q, $q];
}

// Count totaal
if ($searchSql === "") {
    $totalRes = $db_conx->query("SELECT COUNT(*) AS cnt FROM shoutouts");
    $total = $totalRes->fetch_assoc()['cnt'] ?? 0;
} else {
    $stmtc = $db_conx->prepare("SELECT COUNT(*) AS cnt FROM shoutouts $searchSql");
    $stmtc->bind_param("ss", $params[0], $params[1]);
    $stmtc->execute();
    $rc = $stmtc->get_result()->fetch_assoc();
    $total = $rc['cnt'] ?? 0;
    $stmtc->close();
}

$pages = max(1, ceil($total / $perPage));

// Haal data
$rows = [];
if ($searchSql === "") {
    $res = $db_conx->query("SELECT * FROM shoutouts ORDER BY id DESC LIMIT $perPage OFFSET $offset");
    while ($r = $res->fetch_assoc()) $rows[] = $r;
} else {
    $stmts = $db_conx->prepare("SELECT * FROM shoutouts $searchSql ORDER BY id DESC LIMIT ? OFFSET ?");
    $stmts->bind_param("ssii", $params[0], $params[1], $perPage, $offset); // bind_param types adjusted below if needed
    // bind_param doesn't accept mixed types easily here — fallback to manual query
    $safeQ = $db_conx->real_escape_string($_GET['q']);
    $res = $db_conx->query("SELECT * FROM shoutouts WHERE (name LIKE '%$safeQ%' OR shoutout LIKE '%$safeQ%') ORDER BY id DESC LIMIT $perPage OFFSET $offset");
    while ($r = $res->fetch_assoc()) $rows[] = $r;
}

?>
<!doctype html>
<html>
<head>
    <meta charset="utf-8">
    <title>Admin – Shoutouts</title>
    <style>
        body { font-family: Arial, sans-serif; background:#f7f7f7; color:#222; padding:20px; }
        .wrap { max-width:1100px; margin:0 auto; }
        .box { background:#fff; border-radius:6px; padding:15px; box-shadow:0 2px 6px rgba(0,0,0,0.06); margin-bottom:15px; }
        table { width:100%; border-collapse:collapse; }
        th,td { padding:8px 10px; border-bottom:1px solid #eee; text-align:left; vertical-align:middle; }
        th { background:#fafafa; }
        .actions form { display:inline-block; margin-right:6px; }
        .btn { display:inline-block; padding:6px 10px; border-radius:4px; text-decoration:none; color:#fff; background:#0073aa; }
        .btn.danger { background:#d9534f; }
        .btn.warn { background:#f0ad4e; }
        .meta { color:#666; font-size:12px; }
        .thumb { width:48px; height:48px; object-fit:cover; border-radius:50%; }
    </style>
</head>
<body>
<div class="wrap">
    <h1>Shoutouts beheer</h1>

    <?php foreach ($messages as $m): ?>
        <div class="box" style="border-left:4px solid #0073aa;"><?php echo htmlspecialchars($m); ?></div>
    <?php endforeach; ?>

    <div class="box">
        <form method="get" action="">
            <input type="text" name="q" placeholder="Zoek op naam of tekst" value="<?php echo htmlspecialchars($_GET['q'] ?? ''); ?>" style="padding:8px; width:300px;">
            <button type="submit" class="btn">Zoek</button>
            <a href="?p=1" class="btn" style="background:#6c757d;">Reset</a>
        </form>
    </div>

    <div class="box" style="display:flex; gap:12px; align-items:flex-start;">
        <!-- Handmatig toevoegen -->
        <div style="flex:1;">
            <h3>Nieuwe shout-out toevoegen</h3>
            <form method="post" action="">
                <input type="hidden" name="action" value="add">
                <p><input type="text" name="name" placeholder="Naam" style="width:100%; padding:8px;"></p>
                <p><textarea name="shoutout" placeholder="Shout-out tekst" style="width:100%; padding:8px;" rows="4"></textarea></p>
                <p><input type="text" name="photo" placeholder="Foto pad (optioneel) bv. uploads/shoutouts/user.png" style="width:100%; padding:8px;"></p>
                <p><button class="btn" type="submit">Toevoegen</button></p>
            </form>
        </div>

        <!-- AI generate -->
        <div style="width:260px;">
            <h3>AI acties</h3>
            <form method="post" action="">
                <input type="hidden" name="action" value="generate_ai">
                <p>Genereer één AI-shoutout en sla direct op in DB.</p>
                <p><button class="btn" type="submit">Genereer AI Shoutout</button></p>
            </form>

            <form method="post" action="" style="margin-top:8px;">
                <input type="hidden" name="action" value="cleanup">
                <p>Opschonen (houd max 200)</p>
                <p><a href="../data/cleanup_shoutouts.php" class="btn warn" target="_blank">Opschonen via script</a></p>
            </form>
        </div>
    </div>

    <div class="box">
        <h3>Shoutouts (<?php echo $total; ?>)</h3>

        <table>
            <thead>
                <tr>
                    <th>#</th>
                    <th>Datum</th>
                    <th>Naam</th>
                    <th>Shout-out</th>
                    <th>Foto</th>
                    <th>Geblokkeerd</th>
                    <th>Acties</th>
                </tr>
            </thead>
            <tbody>
            <?php if (empty($rows)): ?>
                <tr><td colspan="7" class="meta">Geen shoutouts gevonden.</td></tr>
            <?php else: ?>
                <?php foreach ($rows as $r): ?>
                    <tr>
                        <td><?php echo $r['id']; ?></td>
                        <td class="meta"><?php echo htmlspecialchars($r['created_at'] ?? ''); ?></td>
                        <td><?php echo htmlspecialchars($r['name']); ?></td>
                        <td><?php echo htmlspecialchars($r['shoutout']); ?></td>
                        <td>
                            <?php if (!empty($r['photo']) && file_exists(__DIR__ . '/../../' . $r['photo'])): ?>
                                <img src="<?php echo '../' . $r['photo']; ?>" class="thumb" alt="">
                            <?php else: ?>
                                <span class="meta">Geen</span>
                            <?php endif; ?>
                        </td>
                        <td><?php echo !empty($r['blocked']) ? 'Ja' : 'Nee'; ?></td>
                        <td class="actions">
                            <form method="post" action="" onsubmit="return confirm('Verwijder shout-out #<?php echo $r['id']; ?>?');">
                                <input type="hidden" name="action" value="delete">
                                <input type="hidden" name="id" value="<?php echo $r['id']; ?>">
                                <button type="submit" class="btn danger">Verwijder</button>
                            </form>

                            <form method="post" action="" style="display:inline;">
                                <input type="hidden" name="action" value="toggle_block">
                                <input type="hidden" name="id" value="<?php echo $r['id']; ?>">
                                <button type="submit" class="btn warn"><?php echo !empty($r['blocked']) ? 'Deblokkeer' : 'Blokkeer'; ?></button>
                            </form>
                        </td>
                    </tr>
                <?php endforeach; ?>
            <?php endif; ?>
            </tbody>
        </table>

        <!-- Pagination -->
        <div style="margin-top:12px;">
            <?php for ($i=1;$i<=$pages;$i++): ?>
                <a href="?p=<?php echo $i; ?>" class="btn" style="background:<?php echo $i==$page ? '#333' : '#0073aa'; ?>; margin-right:6px;"><?php echo $i; ?></a>
            <?php endfor; ?>
        </div>
    </div>
</div>
</body>
</html>