<?php
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . '/src/config/env.php');
require_once($rootPath . '/src/config/session.php');
require_once($rootPath . '/src/config/connection.php');
require_once($rootPath . '/src/config/functions.php');

header('Content-Type: application/json');

// Log incoming request
error_log("Link membership user request received. Method: " . $_SERVER['REQUEST_METHOD']);
error_log("POST data: " . json_encode($_POST));
error_log("Session user_id: " . ($_SESSION['user_id'] ?? 'NOT SET'));

if (!isset($_SESSION['user_id']) || $_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(403);
    error_log("Forbidden: No session or wrong method");
    exit(json_encode(['success' => false, 'message' => 'Forbidden']));
}

// Validate CSRF token
if (!isset($_POST['csrf_token'])) {
    http_response_code(400);
    error_log("No CSRF token provided");
    exit(json_encode(['success' => false, 'message' => 'CSRF token missing']));
}

if (!validateCSRFToken($_POST['csrf_token'])) {
    http_response_code(400);
    error_log("Invalid CSRF token: " . $_POST['csrf_token']);
    error_log("Available tokens: " . json_encode($_SESSION['csrf_tokens'] ?? []));
    exit(json_encode(['success' => false, 'message' => 'Invalid CSRF token']));
}

$primary_user_id = intval($_SESSION['user_id']);
$secondary_email = trim($_POST['secondary_email'] ?? '');
$relationship = trim($_POST['relationship'] ?? 'spouse');

error_log("Processing link: primary=$primary_user_id, secondary_email=$secondary_email, relationship=$relationship");

if (empty($secondary_email)) {
    http_response_code(400);
    error_log("Secondary email is empty");
    exit(json_encode(['success' => false, 'message' => 'Secondary user email is required']));
}

// Get the secondary user by email
$conn = openDatabaseConnection();
if (!$conn) {
    http_response_code(500);
    error_log("Failed to open database connection");
    exit(json_encode(['success' => false, 'message' => 'Database connection failed']));
}

$userQuery = $conn->prepare("SELECT user_id FROM users WHERE email = ?");
if (!$userQuery) {
    http_response_code(500);
    error_log("Prepare statement failed: " . $conn->error);
    $conn->close();
    exit(json_encode(['success' => false, 'message' => 'Database error']));
}

$userQuery->bind_param("s", $secondary_email);
if (!$userQuery->execute()) {
    http_response_code(500);
    error_log("Query execution failed: " . $userQuery->error);
    $userQuery->close();
    $conn->close();
    exit(json_encode(['success' => false, 'message' => 'Database error']));
}

$userResult = $userQuery->get_result();
$userQuery->close();

if ($userResult->num_rows === 0) {
    $conn->close();
    error_log("User not found with email: $secondary_email");
    http_response_code(404);
    exit(json_encode(['success' => false, 'message' => 'User with that email not found']));
}

$user = $userResult->fetch_assoc();
$secondary_user_id = $user['user_id'];
error_log("Found secondary user: $secondary_user_id");
$conn->close();

// Use the linking function from functions.php
$result = linkSecondaryUserToMembership($primary_user_id, $secondary_user_id, $relationship);
error_log("Link result: " . json_encode($result));

http_response_code($result['success'] ? 200 : 400);
echo json_encode([
    'success' => $result['success'],
    'message' => $result['message'],
    'link_id' => $result['link_id'] ?? null
]);
?>