prepare("SELECT id FROM companies WHERE id = ? AND tenant_id = ? AND deleted_at IS NULL"); $stmt->execute([$companyId, $tenantId]); if (!$stmt->fetch()) { json_error('Access denied to this company or invalid company ID', 403); } // 4. Handle File Upload (Step-by-step for permission safety) $tenantDir = STORAGE_PATH . '/invoices/' . $tenantId; $companyDir = $tenantDir . '/' . $companyId; $dateFolder = date('Y-m-d'); $uploadDir = $companyDir . '/' . $dateFolder . '/'; foreach ([$tenantDir, $companyDir, $uploadDir] as $dir) { if (!is_dir($dir)) { if (!mkdir($dir, 0777, true)) { error_log("UPLOAD ERROR: Failed to create directory: " . $dir); json_error('فشل في إنشاء مجلد التخزين: ' . $dir, 500); } chmod($dir, 0777); // Force permissions } } $extension = pathinfo($_FILES['invoice']['name'], PATHINFO_EXTENSION); $fileName = bin2hex(random_bytes(8)) . '_' . time() . '.' . $extension; $targetFile = $uploadDir . $fileName; if (move_uploaded_file($_FILES['invoice']['tmp_name'], $targetFile)) { // 5. Run AI Extraction $mimeType = $_FILES['invoice']['type']; $fileContent = file_get_contents($targetFile); if (!$fileContent) { error_log("UPLOAD ERROR: Failed to read file content: " . $targetFile); json_error('فشل في قراءة الملف المرفوع', 500); } $base64Data = base64_encode($fileContent); $extracted = \App\Core\AI::extractInvoiceData($base64Data, $mimeType); if (!$extracted) { // Still save basic record if AI fails $stmt = $db->prepare("INSERT INTO invoices (tenant_id, company_id, uploaded_by, original_file_path, status, created_at) VALUES (?, ?, ?, ?, 'uploaded', NOW())"); $stmt->execute([$tenantId, $companyId, $userId, $targetFile]); json_success(['id' => $db->lastInsertId()], 'تم رفع الفاتورة ولكن فشل استخراج البيانات تلقائياً'); } // 5.5 Duplicate Prevention Check $supplierTin = $extracted['supplier']['tin'] ?? ''; $invoiceNum = $extracted['invoice_number'] ?? ''; $invoiceDate = $extracted['invoice_date'] ?? ''; // Only hash if we have the critical data to avoid false duplicate collisions $invoiceHash = null; if ($supplierTin && $invoiceNum && $invoiceDate) { $rawHashString = $companyId . '_' . $supplierTin . '_' . $invoiceNum . '_' . $invoiceDate; $invoiceHash = hash('sha256', strtolower($rawHashString)); $checkStmt = $db->prepare("SELECT id FROM invoices WHERE company_id = ? AND invoice_hash = ? AND deleted_at IS NULL"); $checkStmt->execute([$companyId, $invoiceHash]); if ($checkStmt->fetch()) { json_error('هذه الفاتورة تم رفعها مسبقاً لهذه الشركة (رقم الفاتورة مكرر لنفس المورد والتاريخ).', 409); } } // 6. Save Extracted Data with Encryption try { $db->beginTransaction(); $invoiceId = bin2hex(random_bytes(16)); // Generate UUID (simple version for now or use a lib) // Let's use a standard UUID format if possible, but MySQL CHAR(36) accepts anything. // Actually, let's just use the DB's UUID() function but FETCH it back or generate it here. // I'll use a better UUID generator logic. $invoiceId = vsprintf('%s%s-%s-%s-%s-%s%s%s', str_split(bin2hex(random_bytes(16)), 4)); $stmt = $db->prepare(" INSERT INTO invoices ( id, tenant_id, company_id, uploaded_by, original_file_path, status, invoice_number, invoice_date, invoice_type, invoice_category, supplier_tin, supplier_name, supplier_address, buyer_tin, buyer_name, buyer_national_id, subtotal, tax_amount, discount_total, grand_total, currency_code, invoice_hash, validation_warnings, created_at ) VALUES ( :id, :tenant_id, :company_id, :uploaded_by, :path, 'extracted', :num, :date, :type, :cat, :s_tin, :s_name, :s_addr, :b_tin, :b_name, :b_nid, :sub, :tax, :disc, :total, :cur, :hash, :warnings, NOW() ) "); $stmt->execute([ 'id' => $invoiceId, 'tenant_id' => $tenantId, 'company_id' => $companyId, 'uploaded_by'=> $userId, 'path' => $targetFile, 'num' => $extracted['invoice_number'] ?? null, 'date' => $extracted['invoice_date'] ?? null, 'type' => $extracted['invoice_type'] ?? 'cash', 'cat' => $extracted['invoice_category'] ?? 'simplified', 's_tin' => \App\Core\Encryption::encrypt($extracted['supplier']['tin'] ?? ''), 's_name' => \App\Core\Encryption::encrypt($extracted['supplier']['name'] ?? ''), 's_addr' => \App\Core\Encryption::encrypt($extracted['supplier']['address'] ?? ''), 'b_tin' => \App\Core\Encryption::encrypt($extracted['buyer']['tin'] ?? ''), 'b_name' => \App\Core\Encryption::encrypt($extracted['buyer']['name'] ?? ''), 'b_nid' => \App\Core\Encryption::encrypt($extracted['buyer']['national_id'] ?? ''), 'sub' => $extracted['subtotal'] ?? 0, 'tax' => $extracted['tax_amount'] ?? 0, 'disc' => $extracted['discount_total'] ?? 0, 'total' => $extracted['grand_total'] ?? 0, 'cur' => $extracted['currency_code'] ?? 'JOD', 'hash' => $invoiceHash, 'warnings' => isset($extracted['validation_warnings']) && !empty($extracted['validation_warnings']) ? json_encode($extracted['validation_warnings']) : null ]); // Save Line Items if (!empty($extracted['lines'])) { $lineStmt = $db->prepare(" INSERT INTO invoice_lines (invoice_id, line_number, description, quantity, unit_price, tax_rate, line_total) VALUES (?, ?, ?, ?, ?, ?, ?) "); foreach ($extracted['lines'] as $item) { $lineStmt->execute([ $invoiceId, $item['line_number'] ?? 1, $item['description'] ?? 'N/A', $item['quantity'] ?? 1, $item['unit_price'] ?? 0, $item['tax_rate'] ?? 0.16, $item['line_total'] ?? 0 ]); } } $db->commit(); // --- INCREMENT QUOTA --- \App\Middleware\QuotaMiddleware::incrementInvoiceUsage($tenantId); // ----------------------- json_success(['id' => $invoiceId], 'تم رفع الفاتورة واستخراج البيانات بنجاح'); } catch (\Exception $e) { $db->rollBack(); error_log("DB Error during invoice save: " . $e->getMessage()); json_error('حدث خطأ أثناء حفظ بيانات الفاتورة', 500); } } else { $uploadError = $_FILES['invoice']['error'] ?? 'Unknown'; error_log("UPLOAD ERROR: move_uploaded_file failed. Error Code: $uploadError. Target: $targetFile. Tmp: " . ($_FILES['invoice']['tmp_name'] ?? 'N/A')); json_error('Failed to save uploaded file. PHP Error Code: ' . $uploadError, 500); }