<?php
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . '/src/config/env.php');
require_once($rootPath . '/src/config/session.php');
require_once($rootPath . '/src/config/connection.php');

if (!isset($_SESSION['user_id'])) {
    http_response_code(403);
    exit(json_encode(['error' => 'Unauthorized']));
}

$album_id = intval($_GET['id'] ?? 0);

if (!$album_id) {
    http_response_code(400);
    exit(json_encode(['error' => 'Album ID is required']));
}

// Verify album exists and user has access
$albumCheck = $conn->prepare("SELECT user_id FROM photo_albums WHERE album_id = ?");
$albumCheck->bind_param("i", $album_id);
$albumCheck->execute();
$albumResult = $albumCheck->get_result();

if ($albumResult->num_rows === 0) {
    $conn->close();
    http_response_code(404);
    exit(json_encode(['error' => 'Album not found']));
}

$album = $albumResult->fetch_assoc();
// Allow viewing own albums or public albums (owner is a member)
if ($album['user_id'] !== $_SESSION['user_id']) {
    // For now, only allow owners to edit
    $conn->close();
    http_response_code(403);
    exit(json_encode(['error' => 'Unauthorized']));
}
$albumCheck->close();

// Get photos
$photoStmt = $conn->prepare("SELECT photo_id, file_path, caption, display_order FROM photos WHERE album_id = ? ORDER BY display_order ASC");
$photoStmt->bind_param("i", $album_id);
$photoStmt->execute();
$photoResult = $photoStmt->get_result();

$photos = [];
while ($photo = $photoResult->fetch_assoc()) {
    $photos[] = $photo;
}
$photoStmt->close();

$conn->close();

header('Content-Type: application/json');
echo json_encode($photos);
?>