<?php
require_once __DIR__ . '/../../core/bootstrap.php';
require_once __DIR__ . '/../../functions.php';

header('Content-Type: application/json');

try {
    $con = Database::get('main');
} catch (Exception $e) {
    http_response_code(500);
    echo json_encode(['status' => 'Database connection failed.']);
    exit;
}

if (!isset($_FILES['image']) || $_FILES['image']['error'] != UPLOAD_ERR_OK) {
    echo json_encode(['status' => 'The image file was not uploaded successfully.']);
    exit;
}

$image_file = $_FILES['image'];
$driverID = filterRequest("driver_id");

if (empty($driverID)) {
    echo json_encode(['status' => 'Missing driver ID.']);
    exit;
}

// التحقق من نوع الملف (MIME Type) للحماية من رفع سكربتات خبيثة
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime_type = finfo_file($finfo, $image_file['tmp_name']);
finfo_close($finfo);

$allowed_mime_types = ['image/jpeg', 'image/png', 'image/jpg'];
if (!in_array($mime_type, $allowed_mime_types)) {
    echo json_encode(['status' => 'The image file is not a valid image file.']);
    exit;
}

$image_name = $image_file['name'];
$image_extension = strtolower(pathinfo($image_name, PATHINFO_EXTENSION));
$allowed_extensions = ['jpg', 'jpeg', 'png'];

if (!in_array($image_extension, $allowed_extensions)) {
    echo json_encode(['status' => 'Invalid file extension.']);
    exit;
}

$new_filename = $driverID . '.' . $image_extension;
$target_dir = __DIR__ . "/../../card_image/";

if (!is_dir($target_dir)) {
    mkdir($target_dir, 0755, true);
}

$target_file = $target_dir . $new_filename;
if (!move_uploaded_file($image_file['tmp_name'], $target_file)) {
    echo json_encode(['status' => 'Failed to move uploaded file.']);
    exit;
}

$linlImage = 'https://ride.mobile-app.store/card_image/' . $new_filename;

try {
    // استخدام Prepared Statements للحماية من الحقن (SQL Injection)
    $stmt = $con->prepare("SELECT id FROM card_images WHERE driver_id = :driver_id");
    $stmt->execute([':driver_id' => $driverID]);
    
    if ($stmt->rowCount() > 0) {
        $uploadDate = date("Y-m-d H:i:s");
        $updateStmt = $con->prepare("UPDATE card_images SET upload_date = :upload_date WHERE driver_id = :driver_id");
        $updateStmt->execute([
            ':upload_date' => $uploadDate,
            ':driver_id' => $driverID
        ]);
        
        echo json_encode(['status' => 'Record updated successfully']);
    } else {
        $insertStmt = $con->prepare("INSERT INTO card_images (id, driver_id, image_name, link) VALUES (SHA2(UUID(), 256), :driver_id, :image_name, :link)");
        $insertStmt->execute([
            ':driver_id' => $driverID,
            ':image_name' => $new_filename,
            ':link' => $linlImage
        ]);
        
        echo json_encode(['status' => 'Record inserted successfully']);
    }
} catch (PDOException $e) {
    error_log("Database Error in card-image-driver/add.php: " . $e->getMessage());
    echo json_encode(['status' => 'Database operation failed.']);
}
?>