<?php
require_once("session.php");
require_once("connection.php");
require_once("functions.php");

// CSRF Token Validation
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
    http_response_code(403);
    echo json_encode(['status' => 'error', 'message' => 'Security token validation failed.']);
    exit();
}

// Check if user_id is set in the POST request
if (isset($_POST['user_id']) && !empty($_POST['user_id'])) {
    // Sanitize the input to prevent SQL injection
    $user_id = mysqli_real_escape_string($conn, $_POST['user_id']);
    $created_at = date('Y-m-d H:i:s'); // Use current date and time for created_at

    // First, check if a bar tab already exists for this user_id
    $checkSql = "SELECT * FROM bar_tabs WHERE user_id = '$user_id' LIMIT 1";
    $checkResult = mysqli_query($conn, $checkSql);

    if (mysqli_num_rows($checkResult) > 0) {
        // If a bar tab already exists for this user_id, return an error message
        echo json_encode(['status' => 'error', 'message' => 'A bar tab already exists for this user.']);
    } else {
        // Prepare the SQL query to insert a new record into the bar_tabs table
        $sql = "INSERT INTO bar_tabs (user_id) VALUES ('$user_id')";

        // Execute the query
        if (mysqli_query($conn, $sql)) {
            // If the insertion is successful, return a success message
            echo json_encode(['status' => 'success', 'message' => 'Bar tab created successfully.']);
        } else {
            // If there's an error, return an error message
            echo json_encode(['status' => 'error', 'message' => 'Error: ' . mysqli_error($conn)]);
        }
    }
} else {
    // If user_id is not provided, return an error message
    echo json_encode(['status' => 'error', 'message' => 'User ID is required.']);
}

// Close the database connection
mysqli_close($conn);
?>