<?php
class User {
    private $conn;
    private $table_name = "users";

    public $id;
    public $username;
    public $email;
    public $password_hash;
    public $first_name;
    public $last_name;
    public $role;
    public $is_active;
    public $last_login;
    public $created_at;
    public $updated_at;

    public function __construct($db) {
        $this->conn = $db;
    }

    public function create() {
        $query = "INSERT INTO " . $this->table_name . " SET username=:username, email=:email, password_hash=:password_hash, first_name=:first_name, last_name=:last_name, role=:role, is_active=:is_active, created_at=:created_at, updated_at=:updated_at";

        $stmt = $this->conn->prepare($query);

        $this->username = htmlspecialchars(strip_tags($this->username));
        $this->email = htmlspecialchars(strip_tags($this->email));
        $this->password_hash = password_hash($this->password_hash, PASSWORD_DEFAULT);
        $this->first_name = htmlspecialchars(strip_tags($this->first_name));
        $this->last_name = htmlspecialchars(strip_tags($this->last_name));
        $this->role = htmlspecialchars(strip_tags($this->role));
        $this->is_active = $this->is_active ? 1 : 0;
        $this->created_at = date('Y-m-d H:i:s');
        $this->updated_at = date('Y-m-d H:i:s');

        $stmt->bindParam(":username", $this->username);
        $stmt->bindParam(":email", $this->email);
        $stmt->bindParam(":password_hash", $this->password_hash);
        $stmt->bindParam(":first_name", $this->first_name);
        $stmt->bindParam(":last_name", $this->last_name);
        $stmt->bindParam(":role", $this->role);
        $stmt->bindParam(":is_active", $this->is_active);
        $stmt->bindParam(":created_at", $this->created_at);
        $stmt->bindParam(":updated_at", $this->updated_at);

        if($stmt->execute()) {
            return true;
        }

        return false;
    }

    public function read() {
        $query = "SELECT id, username, email, first_name, last_name, role, is_active, last_login, created_at, updated_at FROM " . $this->table_name . " ORDER BY username";

        $stmt = $this->conn->prepare($query);
        $stmt->execute();

        return $stmt;
    }

    public function readOne() {
        $query = "SELECT * FROM " . $this->table_name . " WHERE id = ? LIMIT 0,1";

        $stmt = $this->conn->prepare($query);
        $stmt->bindParam(1, $this->id);
        $stmt->execute();

        $row = $stmt->fetch(PDO::FETCH_ASSOC);

        $this->username = $row['username'];
        $this->email = $row['email'];
        $this->password_hash = $row['password_hash'];
        $this->first_name = $row['first_name'];
        $this->last_name = $row['last_name'];
        $this->role = $row['role'];
        $this->is_active = $row['is_active'];
        $this->last_login = $row['last_login'];
        $this->created_at = $row['created_at'];
        $this->updated_at = $row['updated_at'];
    }

    public function update($update_password = false) {
        if($update_password) {
            $query = "UPDATE " . $this->table_name . " SET username=:username, email=:email, password_hash=:password_hash, first_name=:first_name, last_name=:last_name, role=:role, is_active=:is_active, updated_at=:updated_at WHERE id=:id";
        } else {
            $query = "UPDATE " . $this->table_name . " SET username=:username, email=:email, first_name=:first_name, last_name=:last_name, role=:role, is_active=:is_active, updated_at=:updated_at WHERE id=:id";
        }

        $stmt = $this->conn->prepare($query);

        $this->username = htmlspecialchars(strip_tags($this->username));
        $this->email = htmlspecialchars(strip_tags($this->email));
        $this->first_name = htmlspecialchars(strip_tags($this->first_name));
        $this->last_name = htmlspecialchars(strip_tags($this->last_name));
        $this->role = htmlspecialchars(strip_tags($this->role));
        $this->is_active = $this->is_active ? 1 : 0;
        $this->updated_at = date('Y-m-d H:i:s');

        $stmt->bindParam(":username", $this->username);
        $stmt->bindParam(":email", $this->email);
        $stmt->bindParam(":first_name", $this->first_name);
        $stmt->bindParam(":last_name", $this->last_name);
        $stmt->bindParam(":role", $this->role);
        $stmt->bindParam(":is_active", $this->is_active);
        $stmt->bindParam(":updated_at", $this->updated_at);
        $stmt->bindParam(":id", $this->id);

        if($update_password) {
            $this->password_hash = password_hash($this->password_hash, PASSWORD_DEFAULT);
            $stmt->bindParam(":password_hash", $this->password_hash);
        }

        if($stmt->execute()) {
            return true;
        }

        return false;
    }

    public function delete() {
        $query = "DELETE FROM " . $this->table_name . " WHERE id = ?";

        $stmt = $this->conn->prepare($query);
        $stmt->bindParam(1, $this->id);

        if($stmt->execute()) {
            return true;
        }

        return false;
    }

    public function authenticate($username, $password) {
        $query = "SELECT * FROM " . $this->table_name . " WHERE username = ? AND is_active = TRUE LIMIT 0,1";

        $stmt = $this->conn->prepare($query);
        $stmt->bindParam(1, $username);
        $stmt->execute();

        $row = $stmt->fetch(PDO::FETCH_ASSOC);

        if($row && password_verify($password, $row['password_hash'])) {
            // Update last login
            $update_query = "UPDATE " . $this->table_name . " SET last_login = ? WHERE id = ?";
            $update_stmt = $this->conn->prepare($update_query);
            $current_time = date('Y-m-d H:i:s');
            $update_stmt->bindParam(1, $current_time);
            $update_stmt->bindParam(2, $row['id']);
            $update_stmt->execute();

            // Remove password hash from response
            unset($row['password_hash']);
            return $row;
        }

        return false;
    }

    public function findByEmail($email) {
        $query = "SELECT * FROM " . $this->table_name . " WHERE email = ? LIMIT 0,1";

        $stmt = $this->conn->prepare($query);
        $stmt->bindParam(1, $email);
        $stmt->execute();

        return $stmt->fetch(PDO::FETCH_ASSOC);
    }

    public function updatePassword($user_id, $new_password) {
        $query = "UPDATE " . $this->table_name . " SET password_hash = ?, updated_at = ? WHERE id = ?";
        $stmt = $this->conn->prepare($query);
        
        $password_hash = password_hash($new_password, PASSWORD_DEFAULT);
        $updated_at = date('Y-m-d H:i:s');
        
        $stmt->bindParam(1, $password_hash);
        $stmt->bindParam(2, $updated_at);
        $stmt->bindParam(3, $user_id);

        return $stmt->execute();
    }

    public function getRoleBadge() {
        $badges = [
            'admin' => '<span style="background-color: #dc3545; color: white; padding: 2px 6px; border-radius: 4px; font-size: 12px;">Admin</span>',
            'manager' => '<span style="background-color: #6f42c1; color: white; padding: 2px 6px; border-radius: 4px; font-size: 12px;">Manager</span>',
            'user' => '<span style="background-color: #6c757d; color: white; padding: 2px 6px; border-radius: 4px; font-size: 12px;">User</span>'
        ];
        
        return $badges[$this->role] ?? $this->role;
    }

    public function getFullName() {
        return trim($this->first_name . ' ' . $this->last_name);
    }

    public function isActive() {
        return $this->is_active;
    }

    public function getStatusBadge() {
        if($this->is_active) {
            return '<span style="background-color: #28a745; color: white; padding: 2px 6px; border-radius: 4px; font-size: 12px;">Active</span>';
        } else {
            return '<span style="background-color: #6c757d; color: white; padding: 2px 6px; border-radius: 4px; font-size: 12px;">Inactive</span>';
        }
    }

    public function findByUsername($username) {
        $query = "SELECT id, username, email, first_name, last_name, role, is_active, last_login, created_at, updated_at FROM " . $this->table_name . " WHERE username = ? LIMIT 0,1";

        $stmt = $this->conn->prepare($query);
        $stmt->bindParam(1, $username);
        $stmt->execute();

        $row = $stmt->fetch(PDO::FETCH_ASSOC);

        if($row) {
            return $row;
        }

        return false;
    }
}
?>