<?php
error_reporting(0);
ini_set('display_errors', '0');
require_once __DIR__ . '/../config/auth.php';
$user = require_auth();

$db     = db();
$action = $_POST['action'] ?? $_GET['action'] ?? 'list';
$id     = (int)($_POST['id'] ?? $_GET['id'] ?? 0);

try {

switch ($action) {

    case 'list':
        $search = '%' . trim($_GET['search'] ?? '') . '%';
        $stmt = $db->prepare('SELECT * FROM tests WHERE test_name LIKE ? ORDER BY test_name ASC');
        $stmt->execute([$search]);
        json_success(['tests' => $stmt->fetchAll()]);
        break;

    case 'get':
        if (!$id) json_error('ID required');
        $stmt = $db->prepare('SELECT * FROM tests WHERE record_id=?');
        $stmt->execute([$id]);
        $test = $stmt->fetch();
        if (!$test) json_error('Not found', 404);

        // Questions (test_questions table)
        $q_stmt = $db->prepare('SELECT * FROM test_questions WHERE test_id=? ORDER BY record_id ASC');
        $q_stmt->execute([$id]);
        $questions = $q_stmt->fetchAll();
        foreach ($questions as &$q) {
            $a_stmt = $db->prepare('SELECT * FROM test_answers WHERE test_question_id=? ORDER BY record_id ASC');
            $a_stmt->execute([$q['record_id']]);
            $q['answers'] = $a_stmt->fetchAll();
        }
        $test['questions'] = $questions;
        json_success(['test' => $test]);
        break;

    case 'create':
        require_admin($user);
        $name     = trim($_POST['test_name'] ?? '');
        $expiry   = trim($_POST['expiry'] ?? '36');
        $desc     = trim($_POST['test_description'] ?? '');
        $nqf      = (int)($_POST['nqf_level'] ?? 0);
        $credits  = (int)($_POST['credits'] ?? 0);
        $passmark = trim($_POST['passmark'] ?? '0.8');
        if (empty($name)) json_error('Test name required');
        $db->prepare('INSERT INTO tests (test_name,expiry,test_description,nqf_level,credits,passmark) VALUES (?,?,?,?,?,?)')->execute([$name,$expiry,$desc,$nqf,$credits,$passmark]);
        json_success(['id' => $db->lastInsertId()], 'Test created');
        break;

    case 'update':
        require_admin($user);
        if (!$id) json_error('ID required');
        $db->prepare('UPDATE tests SET test_name=?,expiry=?,test_description=?,nqf_level=?,credits=?,passmark=? WHERE record_id=?')
           ->execute([$_POST['test_name']??'',$_POST['expiry']??'36',$_POST['test_description']??'',(int)($_POST['nqf_level']??0),(int)($_POST['credits']??0),$_POST['passmark']??'0.8',$id]);
        json_success([], 'Test updated');
        break;

    case 'delete':
        require_admin($user);
        if (!$id) json_error('ID required');
        $db->prepare('DELETE FROM tests WHERE record_id=?')->execute([$id]);
        json_success([], 'Test deleted');
        break;

    case 'add_question':
        $test_id = (int)($_POST['test_id'] ?? 0);
        $section = trim($_POST['section_name'] ?? '');
        if (!$test_id || empty($section)) json_error('test_id and section_name required');
        $db->prepare('INSERT INTO test_questions (test_id,section_name) VALUES (?,?)')->execute([$test_id,$section]);
        json_success(['id' => $db->lastInsertId()], 'Question added');
        break;

    case 'update_question':
        $q_id    = (int)($_POST['question_id'] ?? 0);
        $section = trim($_POST['section_name'] ?? '');
        if (!$q_id || empty($section)) json_error('Fields required');
        $db->prepare('UPDATE test_questions SET section_name=? WHERE record_id=?')->execute([$section,$q_id]);
        json_success([], 'Question updated');
        break;

    case 'delete_question':
        $q_id = (int)($_POST['question_id'] ?? 0);
        if (!$q_id) json_error('question_id required');
        $db->prepare('DELETE FROM test_questions WHERE record_id=?')->execute([$q_id]);
        $db->prepare('DELETE FROM test_answers WHERE test_question_id=?')->execute([$q_id]);
        json_success([], 'Question deleted');
        break;

    case 'add_answer':
        $q_id    = (int)($_POST['test_question_id'] ?? 0);
        $answer  = trim($_POST['answer'] ?? '');
        $option  = (int)($_POST['option'] ?? 0); // 1=correct
        $comment = trim($_POST['comment'] ?? '');
        if (!$q_id || empty($answer)) json_error('test_question_id and answer required');
        $db->prepare('INSERT INTO test_answers (test_question_id,answer,`option`,comment) VALUES (?,?,?,?)')->execute([$q_id,$answer,$option,$comment]);
        json_success(['id' => $db->lastInsertId()], 'Answer added');
        break;

    case 'update_answer':
        $a_id    = (int)($_POST['answer_id'] ?? 0);
        $answer  = trim($_POST['answer'] ?? '');
        $option  = (int)($_POST['option'] ?? 0);
        $comment = trim($_POST['comment'] ?? '');
        if (!$a_id) json_error('answer_id required');
        $db->prepare('UPDATE test_answers SET answer=?,`option`=?,comment=? WHERE record_id=?')->execute([$answer,$option,$comment,$a_id]);
        json_success([], 'Answer updated');
        break;

    case 'delete_answer':
        $a_id = (int)($_POST['answer_id'] ?? 0);
        if (!$a_id) json_error('answer_id required');
        $db->prepare('DELETE FROM test_answers WHERE record_id=?')->execute([$a_id]);
        json_success([], 'Answer deleted');
        break;

    default:
        json_error('Unknown action');
}
} catch (Throwable $e) {
    json_error('DB error: ' . $e->getMessage() . ' in ' . basename($e->getFile()) . ':' . $e->getLine(), 500);
}