<?php
include('../includes/dbcon.php');

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    // Validate CSRF token
    if (!validate_csrf_token($_POST['csrf_token'])) {
        $_SESSION['message'] = "Invalid CSRF token";
        $_SESSION['message_type'] = "danger";
        redirect('callender.php');
    }
    
    $action = sanitize_input($_POST['action']);
    
    try {
        if ($action === 'add') {
            // Add new academic year
            $academic_year = sanitize_input($_POST['academic_year']);
            
            // Validate academic year format
            if (!preg_match('/^\d{4}\/\d{4}$/', $academic_year)) {
                $_SESSION['message'] = "Invalid academic year format. Please use YYYY/YYYY format.";
                $_SESSION['message_type'] = "danger";
                redirect('callender.php');
            }
            
            // Check if academic year already exists
            $check_stmt = $DBcon->prepare("SELECT sn FROM calender WHERE academic_year = :academic_year");
            $check_stmt->bindParam(':academic_year', $academic_year);
            $check_stmt->execute();
            
            if ($check_stmt->rowCount() > 0) {
                $_SESSION['message'] = "Academic year '$academic_year' already exists!";
                $_SESSION['message_type'] = "danger";
                redirect('callender.php');
            }
            
            $stmt = $DBcon->prepare("INSERT INTO calender (academic_year) VALUES (:academic_year)");
            $stmt->bindParam(':academic_year', $academic_year);
            $stmt->execute();
            
            $_SESSION['message'] = "Academic year '$academic_year' added successfully!";
            $_SESSION['message_type'] = "success";
            
        } elseif ($action === 'edit') {
            // Update existing academic year
            $calendar_id = intval($_POST['calendar_id']);
            $academic_year = sanitize_input($_POST['academic_year']);
            
            // Validate academic year format
            if (!preg_match('/^\d{4}\/\d{4}$/', $academic_year)) {
                $_SESSION['message'] = "Invalid academic year format. Please use YYYY/YYYY format.";
                $_SESSION['message_type'] = "danger";
                redirect('callender.php');
            }
            
            // Check if academic year already exists (excluding current record)
            $check_stmt = $DBcon->prepare("SELECT sn FROM calender WHERE academic_year = :academic_year AND sn != :calendar_id");
            $check_stmt->bindParam(':academic_year', $academic_year);
            $check_stmt->bindParam(':calendar_id', $calendar_id);
            $check_stmt->execute();
            
            if ($check_stmt->rowCount() > 0) {
                $_SESSION['message'] = "Academic year '$academic_year' already exists!";
                $_SESSION['message_type'] = "danger";
                redirect('callender.php');
            }
            
            $stmt = $DBcon->prepare("UPDATE calender SET academic_year = :academic_year WHERE sn = :calendar_id");
            $stmt->bindParam(':academic_year', $academic_year);
            $stmt->bindParam(':calendar_id', $calendar_id);
            $stmt->execute();
            
            $_SESSION['message'] = "Academic year updated successfully!";
            $_SESSION['message_type'] = "success";
            
        } elseif ($action === 'delete') {
            // Delete academic year
            $calendar_id = intval($_POST['calendar_id']);
            
            // Optional: Check if academic year is being used in other tables before deletion
            // $check_usage = $DBcon->prepare("SELECT COUNT(*) FROM marks WHERE acyear = (SELECT academic_year FROM calender WHERE sn = :calendar_id)");
            // $check_usage->bindParam(':calendar_id', $calendar_id);
            // $check_usage->execute();
            // $usage_count = $check_usage->fetchColumn();
            
            // if ($usage_count > 0) {
            //     $_SESSION['message'] = "Cannot delete academic year. It is being used in marks records.";
            //     $_SESSION['message_type'] = "danger";
            //     redirect('calendar.php');
            // }
            
            $stmt = $DBcon->prepare("DELETE FROM calender WHERE sn = :calendar_id");
            $stmt->bindParam(':calendar_id', $calendar_id);
            $stmt->execute();
            
            $_SESSION['message'] = "Academic year deleted successfully!";
            $_SESSION['message_type'] = "success";
        }
    } catch(PDOException $e) {
        error_log("Database error: " . $e->getMessage());
        $_SESSION['message'] = "Database error: " . $e->getMessage();
        $_SESSION['message_type'] = "danger";
    }
    
    // Redirect back to calendar.php
    redirect('callender.php');
} else {
    http_response_code(405);
    $_SESSION['message'] = "Method not allowed";
    $_SESSION['message_type'] = "danger";
    redirect('callender.php');
}
?>