<?php
require_once("env.php");
require_once("session.php");
require_once("connection.php");
require_once("functions.php");

if (!isset($_SESSION['user_id'])) {
    http_response_code(401);
    echo "Not authorized";
    exit;
}

$article_id = (int)($_POST['id'] ?? 0);
$title = $_POST['title'] ?? '';
$content = $_POST['content'] ?? '';
$description = $_POST['subtitle'] ?? '';
$category = $_POST['category'] ?? '';
$user_id = $_SESSION['user_id'];


// Default to current user
$author_id = $_SESSION['user_id'];

// Allow override if admin
$role = getUserRole();
if (($role === 'admin' || $role === 'superadmin') && isset($_POST['author'])) {
    $author_id = (int)$_POST['author'];
}
echo $author_id;

$cover_image_path = null;

// Only attempt upload if a file was submitted
if (!empty($_FILES['cover_image']['name'])) {
    $uploadDir = __DIR__ . "/uploads/blogs/".$article_id."/images/";
    if (!is_dir($uploadDir)) {
        mkdir($uploadDir, 0777, true);
    }

    // Sanitize and rename file
    $originalName = basename($_FILES['cover_image']['name']);
    $originalName = preg_replace("/[^a-zA-Z0-9\._-]/", "_", $originalName); // remove unsafe characters

    $targetPath = $uploadDir . $originalName;
    $publicPath = "/uploads/blogs/".$article_id."/images/" . $originalName;

    // Error detection before upload
    $fileError = $_FILES['cover_image']['error'];
    if ($fileError !== UPLOAD_ERR_OK) {
        $errorMessages = [
            UPLOAD_ERR_INI_SIZE   => 'The uploaded file exceeds the upload_max_filesize directive in php.ini.',
            UPLOAD_ERR_FORM_SIZE  => 'The uploaded file exceeds the MAX_FILE_SIZE directive in the HTML form.',
            UPLOAD_ERR_PARTIAL    => 'The uploaded file was only partially uploaded.',
            UPLOAD_ERR_NO_FILE    => 'No file was uploaded.',
            UPLOAD_ERR_NO_TMP_DIR => 'Missing a temporary folder.',
            UPLOAD_ERR_CANT_WRITE => 'Failed to write file to disk.',
            UPLOAD_ERR_EXTENSION  => 'A PHP extension stopped the upload.',
        ];
        $errorMessage = $errorMessages[$fileError] ?? 'Unknown upload error.';
        http_response_code(500);
        echo "Upload error: $errorMessage";
        exit;
    }

    // Skip upload if identical file already exists
    if (file_exists($targetPath)) {
        $cover_image_path = $publicPath;
    } else {
        if (move_uploaded_file($_FILES['cover_image']['tmp_name'], $targetPath)) {
            $cover_image_path = $publicPath;
        } else {
            http_response_code(500);
            echo "Failed to move uploaded file.";
            exit;
        }
    }
}

// Prepare SQL with/without image update
if ($cover_image_path) {
    $stmt = $conn->prepare("
        UPDATE blogs
        SET title = ?, content = ?, description = ?, category = ?, image = ?, author = ?
        WHERE blog_id = ?
    ");
    $stmt->bind_param("ssssssi", $title, $content, $description, $category, $cover_image_path, $author_id, $article_id);
} else {
    $stmt = $conn->prepare("
        UPDATE blogs
        SET title = ?, content = ?, description = ?, category = ?, author = ?
        WHERE blog_id = ?
    ");
    $stmt->bind_param("ssssii", $title, $content, $description, $category, $author_id, $article_id);
}

if ($stmt->execute()) {
    echo "Saved";
} else {
    http_response_code(500);
    echo "Database update failed: " . $stmt->error;
}