<?php
// ============================================================
//  db/add-user.php
// ============================================================
//
//  Creates a new member (or admin) from the command line.
//  Run from the project root:
//
//    php db/add-user.php \
//        --email=admin@elegantwork.co.za \
//        --password='some-strong-password' \
//        --first="Elegant" \
//        --last="Work" \
//        --business="Elegant Work Group" \
//        --role=admin
//
//  Required: --email, --password
//  Optional: --first (default "Admin"), --last (default "User"),
//            --business (default business name), --role (member|admin, default member),
//            --tier (default Bronze), --phone, --industry
//
//  Refuses to run unless invoked from CLI (PHP_SAPI === 'cli').
//
// ============================================================

if (PHP_SAPI !== 'cli') {
    http_response_code(403);
    exit("This script must be run from the command line.\n");
}

require_once __DIR__ . '/../includes/db.php';

// ---- Parse --key=value style args ----
$args = [];
foreach (array_slice($argv, 1) as $arg) {
    if (preg_match('/^--([^=]+)=(.*)$/', $arg, $m)) {
        $args[$m[1]] = $m[2];
    }
}

$email    = strtolower(trim($args['email']    ?? ''));
$password = $args['password'] ?? '';

if (!$email || !$password) {
    fwrite(STDERR, "Usage:\n");
    fwrite(STDERR, "  php db/add-user.php --email=USER --password=PASS [options]\n\n");
    fwrite(STDERR, "Options:\n");
    fwrite(STDERR, "  --first=NAME      First name (default 'Admin')\n");
    fwrite(STDERR, "  --last=NAME       Last name (default 'User')\n");
    fwrite(STDERR, "  --business=NAME   Business name\n");
    fwrite(STDERR, "  --role=ROLE       'member' or 'admin' (default 'member')\n");
    fwrite(STDERR, "  --tier=TIER       Bronze/Silver/Gold/Platinum/Diamond (default 'Bronze')\n");
    fwrite(STDERR, "  --phone=PHONE\n");
    fwrite(STDERR, "  --industry=SLUG   Directory category slug\n");
    exit(1);
}

if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
    fwrite(STDERR, "Error: invalid email\n");
    exit(1);
}

if (strlen($password) < 8) {
    fwrite(STDERR, "Error: password must be at least 8 characters\n");
    exit(1);
}

$first    = $args['first']    ?? 'Admin';
$last     = $args['last']     ?? 'User';
$business = $args['business'] ?? ($first . ' ' . $last);
$role     = $args['role']     ?? 'member';
$tier     = $args['tier']     ?? 'Bronze';
$phone    = $args['phone']    ?? null;
$industry = $args['industry'] ?? null;

if (!in_array($role, ['member', 'admin'], true)) {
    fwrite(STDERR, "Error: role must be 'member' or 'admin'\n");
    exit(1);
}

if (!in_array($tier, ['Bronze','Silver','Gold','Platinum','Diamond'], true)) {
    fwrite(STDERR, "Error: tier must be Bronze / Silver / Gold / Platinum / Diamond\n");
    exit(1);
}

// ---- Check for existing user ----
$existing = db_row('SELECT id FROM members WHERE email = :e', ['e' => $email]);
if ($existing) {
    fwrite(STDERR, "Error: a member already exists with email $email (id #{$existing['id']})\n");
    fwrite(STDERR, "If you meant to reset their password, use this in MySQL instead:\n");
    fwrite(STDERR, "  UPDATE members SET password_hash = '...' WHERE id = {$existing['id']};\n");
    exit(1);
}

// ---- Insert ----
$hash = password_hash($password, PASSWORD_BCRYPT, ['cost' => AUTH_BCRYPT_COST]);

$id = db_insert('members', [
    'email'         => $email,
    'password_hash' => $hash,
    'first_name'    => $first,
    'last_name'     => $last,
    'phone'         => $phone,
    'business_name' => $business,
    'industry'      => $industry,
    'tier'          => $tier,
    'role'          => $role,
    'status'        => 'active',
    'join_date'     => date('Y-m-d'),
    'renewal_date'  => date('Y-m-d', strtotime('+1 year')),
]);

echo "Created member #{$id}\n";
echo "  email:    {$email}\n";
echo "  name:     {$first} {$last}\n";
echo "  business: {$business}\n";
echo "  role:     {$role}\n";
echo "  tier:     {$tier}\n";
echo "  status:   active\n";
echo "\nThey can now sign in at " . (defined('SITE_URL') ? SITE_URL : '') . "/login.php\n";