<?php
header("Content-Type: application/json");
header("Access-Control-Allow-Origin: *");
header("Access-Control-Allow-Headers: Content-Type, Authorization");
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if ($_SERVER["REQUEST_METHOD"] === "OPTIONS") { http_response_code(200); exit; }

$pg = pg_connect("host=127.0.0.1 dbname=adx_system user=postgres");
if (!$pg) { echo json_encode(["ok"=>false,"error"=>"db"]); exit; }

$action = $_GET["action"] ?? $_POST["action"] ?? "";
$data = json_decode(file_get_contents("php://input"), true) ?: [];

// Workspace sends POST with {name,email,company,product} → auto-register/login
if ($_SERVER["REQUEST_METHOD"] === "POST" && !$action && !empty($data["email"])) {
    $action = "auto";
}

switch($action) {
    case "auto":
        $email = pg_escape_string($pg, $data["email"] ?? "");
        $name = pg_escape_string($pg, $data["name"] ?? "User");
        $company = pg_escape_string($pg, $data["company"] ?? "");
        if (!$email) { echo json_encode(["error"=>"Email requis"]); exit; }
        
        // Check existing
        $r = pg_query($pg, "SELECT id,email,first_name,last_name,status,master_access FROM admin.users WHERE email='$email' LIMIT 1");
        $u = pg_fetch_assoc($r);
        
        if ($u) {
            $key = "wv_" . md5($u["email"] . "weval2026");
            echo json_encode(["ok"=>true,"api_key"=>$key,"user"=>["id"=>$u["id"],"email"=>$u["email"],"name"=>trim($u["first_name"]." ".$u["last_name"]),"tier"=>$u["master_access"]??"free"],"message"=>"Bienvenue !"]);
        } else {
            $parts = explode(" ", $name, 2);
            $fn = pg_escape_string($pg, $parts[0]); 
            $ln = pg_escape_string($pg, $parts[1] ?? "");
            $maxId = pg_fetch_result(pg_query($pg, "SELECT COALESCE(MAX(id),0)+1 FROM admin.users"), 0, 0);
            $prodId = $maxId;
            $hash = password_hash("weval2026", PASSWORD_DEFAULT);
            $r = pg_query($pg, "INSERT INTO admin.users(id,production_id,email,password,first_name,last_name,status,master_access,created_by,created_date) VALUES($maxId,$prodId,'$email','$hash','$fn','$ln','Activated','free','system',CURRENT_DATE)");
            if (!$r) error_log("AUTH INSERT FAIL: " . pg_last_error($pg));
            $key = "wv_" . md5($email . "weval2026");
            
            // Send notification to Yanis
            $msg = "Nouveau signup WEVAL Workspace:
Nom: $name
Email: $email
Company: $company
Date: ".date("Y-m-d H:i");
            @file_put_contents("/tmp/weval-signups.log", $msg."
---
", FILE_APPEND);
            
            echo json_encode(["ok"=>true,"api_key"=>$key,"tier"=>"free","user"=>["name"=>$name,"email"=>$email,"tier"=>"free"],"message"=>"Compte créé !"]);
        }
        break;
        
    case "dashboard":
        $key = pg_escape_string($pg, $_GET["key"] ?? "");
        if (!$key) { echo json_encode(["error"=>"Clé requise"]); exit; }
        // Find user by key (reverse lookup)
        $r = pg_query($pg, "SELECT * FROM admin.users WHERE status='Activated' ORDER BY id");
        $found = null;
        while ($row = pg_fetch_assoc($r)) {
            $check = "wv_" . md5($row["email"] . "weval2026");
            if ($check === $key) { $found = $row; break; }
        }
        if ($found) {
            echo json_encode(["ok"=>true,"api_key"=>$key,"user"=>["id"=>$found["id"],"email"=>$found["email"],"name"=>trim($found["first_name"]." ".$found["last_name"]),"tier"=>$found["master_access"]??"free"]]);
        } else {
            echo json_encode(["error"=>"Clé invalide"]);
        }
        break;
        
    case "status":
        $count = pg_fetch_result(pg_query($pg, "SELECT count(*) FROM admin.users"), 0, 0);
        echo json_encode(["ok"=>true,"status"=>"operational","users"=>intval($count)]);
        break;
        
    default:
        echo json_encode(["ok"=>false,"error"=>"action inconnue"]);
}
pg_close($pg);