<?php
session_start();
require_once("connection.php");
require_once("functions.php");

// CSRF Token Validation
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
    http_response_code(403);
    echo json_encode(['status' => 'error', 'message' => 'Security token validation failed.']);
    exit();
}

if (isset($_POST['tab_id']) && isset($_SESSION['cart'][$_POST['tab_id']])) {
    $tab_id = (int) $_POST['tab_id']; // Ensure it's an integer
    $drinks = $_SESSION['cart'][$tab_id];
    $created_at = date('Y-m-d H:i:s');

    $errors = []; // Array to store SQL errors

    foreach ($drinks as $drink) {
        $drink_id = (int) $drink['item_id']; // Ensure drink ID is an integer
        $drink_name = mysqli_real_escape_string($conn, $drink['item_name']);
        $drink_price = (float) $drink['item_price']; // Ensure price is a float
        $user_id = (float) $drink['user_id']; // Ensure price is a float

        // Insert each drink into the bar_transactions table
        $sql = "INSERT INTO bar_transactions (user_id, tab_id, item_id, item_name, item_price) VALUES ('$user_id', '$tab_id', '$drink_id', '$drink_name', '$drink_price')";
        if (!mysqli_query($conn, $sql)) {
            $errors[] = "Error inserting drink ID $drink_id: " . mysqli_error($conn);
        }
    }

    if (empty($errors)) {
        // Clear the cart for this tab after successful submission
        unset($_SESSION['cart'][$tab_id]);
        echo json_encode(['status' => 'success', 'message' => 'Order submitted successfully!']);
    } else {
        // Log all errors and return failure message
        error_log(implode("\n", $errors)); // Log errors to the server
        echo json_encode(['status' => 'error', 'message' => 'Some items failed to be added.', 'errors' => $errors]);
    }
} else {
    echo json_encode(['status' => 'error', 'message' => 'Cart is empty or tab ID is invalid.']);
}