<?php
// ============================================================
// uploadImagePortrate.php
// رفع صورة الكابتن بأمان
// ============================================================

require_once __DIR__ . '/connect.php'; // يفترض أنه يستدعي core/bootstrap.php

appLog("🚀 [upload_profile_image.php] بدأ تنفيذ سكربت رفع الصورة");

try {
    // 1. Rate Limiting للرفع
    $limiter = new RateLimiter($redis);
    $limiter->enforce(RateLimiter::identifier($user_id ?? null), 'upload');

    $driverID = filterRequest("driverID");
    appLog("📥 Received driverID: $driverID");

    if (empty($driverID)) {
        jsonError('Driver ID is required.', 400);
    }

    // 2. استخدام دالة الرفع الآمنة (MIME check, random name, 5MB limit)
    $target_dir = __DIR__ . "/portrate_captain_image/";
    $uploadResult = uploadImageSecure('image', $target_dir, $driverID);

    if (!$uploadResult['success']) {
        securityLog("❌ Image upload failed", ['driverID' => $driverID, 'error' => $uploadResult['error']]);
        jsonError($uploadResult['error'], 400);
    }

    $new_filename = $uploadResult['filename'];
    appLog("✅ File moved successfully to: " . $uploadResult['path']);

    // 3. تحديث قاعدة البيانات
    $linkImage = 'https://intaleq.xyz/portrate_captain_image/' . $new_filename;
    $uploadDate = date("Y-m-d H:i:s");
    
    // تأكد من أن الاتصال قادم من connect.php أو اجلبه
    $con = Database::get('main');

    // التحقق من وجود السائق
    $stmt = $con->prepare("SELECT COUNT(*) FROM card_images WHERE driverID = ?");
    $stmt->execute([$driverID]);
    $count = $stmt->fetchColumn();

    if ($count > 0) {
        // تحديث
        $updateSQL = "UPDATE card_images SET upload_date = ?, image_name = ?, link = ? WHERE driverID = ?";
        $updateStmt = $con->prepare($updateSQL);
        $success = $updateStmt->execute([$uploadDate, $new_filename, $linkImage, $driverID]);
    } else {
        // إدخال جديد
        $insertSQL = "INSERT INTO imageProfileCaptain (driverID, image_name, link) VALUES (?, ?, ?)";
        $insertStmt = $con->prepare($insertSQL);
        $success = $insertStmt->execute([$driverID, $new_filename, $linkImage]);
    }

    if ($success) {
        appLog("✅ Record updated for driverID: $driverID");
        jsonSuccess(['file_link' => $linkImage], 'Record updated successfully.');
    } else {
        appLog("❌ Failed to update DB record for driverID: $driverID");
        jsonError('Failed to update record.', 500);
    }

} catch (PDOException $e) {
    securityLog("💥 PDO ERROR in uploadImage", ['error' => $e->getMessage()]);
    jsonError('Database error.', 500);
} catch (Exception $e) {
    securityLog("💥 GENERAL ERROR in uploadImage", ['error' => $e->getMessage()]);
    jsonError('Server error.', 500);
}