<?php
$rootPath = dirname(dirname(__DIR__));
require_once($rootPath . '/src/config/env.php');
require_once($rootPath . '/src/config/session.php');
require_once($rootPath . '/src/config/connection.php');
require_once($rootPath . '/src/config/functions.php');

if (!isset($_SESSION['user_id']) || $_SERVER['REQUEST_METHOD'] !== 'POST') {
    http_response_code(403);
    exit(json_encode(['error' => 'Forbidden']));
}

// Validate CSRF token
if (!isset($_POST['csrf_token']) || !validateCSRFToken($_POST['csrf_token'])) {
    http_response_code(400);
    exit(json_encode(['error' => 'Invalid request']));
}

$photo_id = intval($_POST['photo_id'] ?? 0);
$user_id = $_SESSION['user_id'];

if (!$photo_id) {
    http_response_code(400);
    exit(json_encode(['error' => 'Photo ID is required']));
}

// Get photo and verify ownership through album
$photoStmt = $conn->prepare("
    SELECT p.photo_id, p.album_id, p.file_path, a.user_id 
    FROM photos p 
    JOIN photo_albums a ON p.album_id = a.album_id 
    WHERE p.photo_id = ?
");
$photoStmt->bind_param("i", $photo_id);
$photoStmt->execute();
$photoResult = $photoStmt->get_result();

if ($photoResult->num_rows === 0) {
    $conn->close();
    http_response_code(404);
    exit(json_encode(['error' => 'Photo not found']));
}

$photo = $photoResult->fetch_assoc();
if ($photo['user_id'] !== $user_id) {
    $conn->close();
    http_response_code(403);
    exit(json_encode(['error' => 'You do not have permission to delete this photo']));
}
$photoStmt->close();

try {
    // Delete photo from filesystem
    $photoPath = $_SERVER['DOCUMENT_ROOT'] . $photo['file_path'];
    if (file_exists($photoPath)) {
        unlink($photoPath);
    }

    // Delete from database
    $deleteStmt = $conn->prepare("DELETE FROM photos WHERE photo_id = ?");
    $deleteStmt->bind_param("i", $photo_id);
    $deleteStmt->execute();
    $deleteStmt->close();

    // Update album's cover image if this was the cover
    $albumCheck = $conn->prepare("SELECT cover_image FROM photo_albums WHERE album_id = ?");
    $albumCheck->bind_param("i", $photo['album_id']);
    $albumCheck->execute();
    $albumResult = $albumCheck->get_result();
    $album = $albumResult->fetch_assoc();
    $albumCheck->close();

    if ($album['cover_image'] === $photo['file_path']) {
        // Set new cover to first remaining photo
        $newCoverStmt = $conn->prepare("
            SELECT file_path FROM photos 
            WHERE album_id = ? 
            ORDER BY display_order ASC 
            LIMIT 1
        ");
        $newCoverStmt->bind_param("i", $photo['album_id']);
        $newCoverStmt->execute();
        $newCoverResult = $newCoverStmt->get_result();

        if ($newCoverResult->num_rows > 0) {
            $newCover = $newCoverResult->fetch_assoc();
            $updateCoverStmt = $conn->prepare("UPDATE photo_albums SET cover_image = ? WHERE album_id = ?");
            $updateCoverStmt->bind_param("si", $newCover['file_path'], $photo['album_id']);
            $updateCoverStmt->execute();
            $updateCoverStmt->close();
        } else {
            // No more photos, clear cover image
            $clearCoverStmt = $conn->prepare("UPDATE photo_albums SET cover_image = NULL WHERE album_id = ?");
            $clearCoverStmt->bind_param("i", $photo['album_id']);
            $clearCoverStmt->execute();
            $clearCoverStmt->close();
        }
        $newCoverStmt->close();
    }

    $conn->close();

    header('Content-Type: application/json');
    echo json_encode(['success' => true]);
    exit;

} catch (Exception $e) {
    $conn->close();
    http_response_code(400);
    echo json_encode(['error' => $e->getMessage()]);
    exit;
}
?>