<?php
require_once("env.php");
require_once("session.php");
require_once("connection.php");
require_once("functions.php");

if (!isset($_SESSION['user_id'])) {
    die(json_encode(['status' => 'error', 'message' => 'User not logged in']));
}

if (isset($_POST['signature'])) {
    // CSRF Token Validation
    // if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
    //     auditLog($_SESSION['user_id'], 'CSRF_VALIDATION_FAILED', 'membership_application', null, ['endpoint' => 'process_signature.php']);
    //     die(json_encode(['status' => 'error', 'message' => 'Security token validation failed']));
    // }
    
    $user_id = $_SESSION['user_id']; // Get the user ID from the session
    $signature = $_POST['signature']; // Base64 image data

    // Decode the base64 image
    $signature = str_replace('data:image/png;base64,', '', $signature);
    $signature = str_replace(' ', '+', $signature);
    $signatureData = base64_decode($signature);

    // Create a file path for the signature image
    $fileName = 'signature_' . $user_id . '.png';
    $filePath = 'uploads/signatures/' . $fileName;

    // Ensure the directory exists
    if (!is_dir('uploads/signatures')) {
        mkdir('uploads/signatures', 0777, true);
    }

    // Save the image file
    if (file_put_contents($filePath, $signatureData)) {
        // Update the database

        if ($conn->connect_error) {
            die(json_encode(['status' => 'error', 'message' => 'Database connection failed']));
        }

        // Update the signature and indemnity acceptance in the membership application table
        $stmt = $conn->prepare("UPDATE membership_application SET sig = ?, accept_indemnity = 1 WHERE user_id = ?");
        $stmt->bind_param('si', $filePath, $user_id);

        if ($stmt->execute()) {
            // Check the payment status
            $paymentStatus = checkMembershipPaymentStatus($user_id) ? 'PAID' : 'NOT_PAID';

            // Respond with the appropriate redirect URL based on the payment status
            echo json_encode([
                'status' => 'success',
                'message' => 'Signature saved successfully!',
                'paymentStatus' => $paymentStatus // Send payment status
            ]);
        } else {
            echo json_encode(['status' => 'error', 'message' => 'Database update failed']);
        }

        $stmt->close();
        $conn->close();
    } else {
        echo json_encode(['status' => 'error', 'message' => 'Failed to save signature']);
    }
} else {
    echo json_encode(['status' => 'error', 'message' => 'Signature not provided']);
}