<?php
// ============================================================
//  admin/cancel-requests.php
//
//  Lists all members who have submitted a cancellation request
//  but whose membership has not yet been processed.
//
//  Admin can:
//    - View the member's reason
//    - Process cancellation (pauses PayFast + schedules end date)
//    - Dismiss request (clears request without cancelling)
// ============================================================
$page_title = 'Cancellation Requests';
require __DIR__ . '/_guard.php';

require_once __DIR__ . '/../includes/payfast.php';
require_once __DIR__ . '/../includes/mailer.php';
require_once __DIR__ . '/../includes/member_history.php';

$msg   = '';
$error = '';

// ── POST actions ──────────────────────────────────────────────────────────────
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    csrf_verify();
    $do        = $_POST['do']        ?? '';
    $member_id = (int)($_POST['member_id'] ?? 0);

    if (!$member_id) {
        $error = 'Invalid member.';
    } else {
        $m = db_row('SELECT * FROM members WHERE id = :id', ['id' => $member_id]);
        if (!$m) {
            $error = 'Member not found.';
        } elseif ($do === 'dismiss') {
            // ── Dismiss — clear the request without cancelling ────────────
            db_exec(
                'UPDATE members SET cancel_request_at = NULL, cancel_request_reason = NULL WHERE id = :id',
                ['id' => $member_id]
            );
            member_history_log($member_id, 'cancel_request_dismissed',
                'Admin dismissed the cancellation request without actioning it');
            app_log("Cancel request dismissed by admin for member {$member_id} <{$m['email']}>");
            $msg = 'Request dismissed for ' . htmlspecialchars($m['first_name'] . ' ' . $m['last_name']) . '.';

        } elseif ($do === 'process') {
            // ── Process — pause PayFast + schedule end date ───────────────
            $tokens = db_all(
                "SELECT id, token, status FROM payment_tokens
                  WHERE member_id = :m AND token IS NOT NULL AND token != ''",
                ['m' => $member_id]
            );

            $pf_paused   = false;
            $pf_failures = [];

            foreach ($tokens as $t) {
                if (in_array(strtolower($t['status'] ?? ''), ['cancelled', 'failed'], true)) continue;
                $r = pf_pause_subscription($t['token']);
                app_log(sprintf(
                    'Admin cancel: PayFast pause for member %d token=%s ok=%s msg=%s',
                    $member_id, substr($t['token'], 0, 8) . '…',
                    $r['ok'] ? 'yes' : 'no', $r['message']
                ));
                if ($r['ok']) $pf_paused = true;
                else $pf_failures[] = $r['message'];
            }

            if (!empty($pf_failures) && !$pf_paused && !pf_is_sandbox()) {
                $error = 'PayFast pause failed: ' . htmlspecialchars(implode('; ', $pf_failures))
                    . '. The member has NOT been cancelled — please check PayFast directly.';
            } else {
                $effective_date = $m['renewal_date'] ?: date('Y-m-d');

                db_exec(
                    'UPDATE members
                        SET cancel_effective_at = :d,
                            cancel_request_at = NULL,
                            cancel_request_reason = NULL
                      WHERE id = :id',
                    ['d' => $effective_date, 'id' => $member_id]
                );

                member_history_log($member_id, 'cancellation_scheduled',
                    'Cancellation processed by admin — access ends ' . date('j M Y', strtotime($effective_date)),
                    ['effective_date' => $effective_date, 'action' => 'pause', 'gateway' => 'payfast', 'processed_by' => 'admin']
                );
                app_log("Cancellation processed by admin for member {$member_id} <{$m['email']}> — access ends {$effective_date}");

                // Email to member confirming cancellation is now scheduled
                $member_name = trim($m['first_name'] . ' ' . $m['last_name']);
                email_enqueue('cancellation_scheduled', $m['email'], $member_name, [
                    'first_name'    => $m['first_name'],
                    'business_name' => $m['business_name'],
                    'end_date'      => date('j F Y', strtotime($effective_date)),
                ]);

                $msg = 'Cancellation processed for ' . htmlspecialchars($member_name)
                     . '. Access ends ' . date('j F Y', strtotime($effective_date)) . '.';
            }
        }
    }
}

// ── Load all pending requests ─────────────────────────────────────────────────
// Check columns exist first
$has_cols = false;
try {
    db_value('SELECT cancel_request_at FROM members LIMIT 1');
    $has_cols = true;
} catch (Throwable $e) {}

$requests = $has_cols ? db_all(
    "SELECT m.*,
            l.name AS listing_name
       FROM members m
       LEFT JOIN listings l ON l.member_id = m.id
      WHERE m.cancel_request_at IS NOT NULL
        AND m.status != 'cancelled'
        AND m.cancel_effective_at IS NULL
      ORDER BY m.cancel_request_at ASC"
) : [];
?>

<style>
.req-card{background:#fff;border:1px solid var(--line);border-radius:var(--radius);padding:1.25rem 1.5rem;margin-bottom:1rem;}
.req-card h3{margin:0 0 .25rem;font-size:1rem;}
.req-meta{font-size:.8rem;color:var(--ink-muted);display:flex;flex-wrap:wrap;gap:.75rem;margin-bottom:.75rem;}
.reason-box{background:var(--surface-alt);border-left:3px solid #b91c1c;padding:.6rem .9rem;font-size:.875rem;border-radius:0 var(--radius) var(--radius) 0;margin:.75rem 0;white-space:pre-wrap;word-break:break-word;}
.req-actions{display:flex;gap:.5rem;flex-wrap:wrap;margin-top:.75rem;}
</style>

<section class="section">
<div class="container">

<div style="display:flex;justify-content:space-between;align-items:center;margin-bottom:1.25rem;">
    <h1 style="margin:0;">Cancellation Requests
        <?php if (count($requests)): ?>
            <span style="background:#b91c1c;color:#fff;font-size:.65rem;font-weight:700;border-radius:999px;padding:.2em .65em;vertical-align:middle;font-family:var(--font-sans);">
                <?= count($requests) ?>
            </span>
        <?php endif; ?>
    </h1>
</div>

<?php if (!$has_cols): ?>
    <div class="alert alert-error">
        The <code>cancel_request_at</code> column is missing.
        Run <code>db/cancel-request.sql</code> first.
    </div>
<?php endif; ?>

<?php if ($error): ?>
    <div class="alert alert-error"><?= $error ?></div>
<?php endif; ?>
<?php if ($msg): ?>
    <div class="alert alert-success" data-autohide><?= $msg ?></div>
<?php endif; ?>

<?php if ($has_cols && empty($requests)): ?>
    <div class="card" style="text-align:center;padding:3rem;">
        <p style="font-size:2rem;margin:0 0 .5rem;">✅</p>
        <p class="muted">No pending cancellation requests.</p>
    </div>
<?php endif; ?>

<?php foreach ($requests as $r):
    $member_name = trim($r['first_name'] . ' ' . $r['last_name']);
    $requested   = date('j M Y H:i', strtotime($r['cancel_request_at']));
?>
<div class="req-card">
    <div style="display:flex;justify-content:space-between;align-items:flex-start;flex-wrap:wrap;gap:.5rem;">
        <div>
            <h3>
                <?= htmlspecialchars($member_name) ?>
                <?php if ($r['business_name']): ?>
                    <span style="font-weight:400;color:var(--ink-muted);">— <?= htmlspecialchars($r['business_name']) ?></span>
                <?php endif; ?>
            </h3>
            <div class="req-meta">
                <span>📧 <?= htmlspecialchars($r['email']) ?></span>
                <span>📦 <?= htmlspecialchars($r['tier'] ?? '—') ?></span>
                <?php if ($r['renewal_date']): ?>
                    <span>📅 Renewal: <?= htmlspecialchars(date('j M Y', strtotime($r['renewal_date']))) ?></span>
                <?php endif; ?>
                <span>⏰ Requested: <?= $requested ?></span>
            </div>
        </div>
        <a href="member-edit.php?id=<?= $r['id'] ?>" style="font-size:.8rem;color:var(--ink-muted);">View member →</a>
    </div>

    <div class="reason-box"><?= htmlspecialchars($r['cancel_request_reason'] ?? '—') ?></div>

    <div class="req-actions">
        <!-- Process cancellation -->
        <form method="post"
              onsubmit="return confirm('Process cancellation for <?= htmlspecialchars(addslashes($member_name)) ?>? This will pause their PayFast subscription and schedule their membership to end on their renewal date.');">
            <?= csrf_field() ?>
            <input type="hidden" name="do" value="process">
            <input type="hidden" name="member_id" value="<?= $r['id'] ?>">
            <button class="btn" style="background:#b91c1c;">
                ✓ Process Cancellation
            </button>
        </form>

        <!-- Dismiss without actioning -->
        <form method="post"
              onsubmit="return confirm('Dismiss this request without cancelling the membership?');">
            <?= csrf_field() ?>
            <input type="hidden" name="do" value="dismiss">
            <input type="hidden" name="member_id" value="<?= $r['id'] ?>">
            <button class="btn btn-outline">
                × Dismiss Request
            </button>
        </form>
    </div>
</div>
<?php endforeach; ?>

</div>
</section>

<?php require __DIR__ . '/_footer.php'; ?>