<?php
require_once '../includes/constants.php';
require_once '../includes/session.php';

if (!isset($_SESSION['admin_id']) || !in_array($_SESSION['admin_role'], ['manager','superadmin'])) {
    die("Access denied");
}
?>
<!DOCTYPE html>
<html>
<head>
    <title><?php echo SITE_TITLE . ' | Affiliate Flags'; ?></title>
    <link rel="stylesheet" href="css/admin.css">
</head>
<body>
<div class="container">
<?php
$adminId = $_SESSION['admin_id'];

// Handle new flag
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $stmt = $pdo->prepare("INSERT INTO affiliate_flags 
        (affiliate_id, flagged_by_admin, reason, severity) 
        VALUES (?, ?, ?, ?)");
    $stmt->execute([
        $_POST['affiliate_id'],
        $adminId,
        $_POST['reason'],
        $_POST['severity']
    ]);
    log_admin_action($pdo, 'flag_affiliate', "Flagged affiliate #{$_POST['affiliate_id']} ({$_POST['severity']})");
    echo "<p class='success'>✅ Affiliate flagged.</p>";
}

// Display flags
$stmt = $pdo->query("SELECT f.*, a.name AS affiliate_name, u.username AS admin_name 
    FROM affiliate_flags f 
    JOIN affiliates a ON f.affiliate_id = a.id 
    JOIN admin_users u ON f.flagged_by_admin = u.id 
    ORDER BY f.created_at DESC");
$flags = $stmt->fetchAll(PDO::FETCH_ASSOC);

// UI
echo "<h2>🚩 Affiliate Flags</h2>
<form method='post'>
    <input name='affiliate_id' placeholder='Affiliate ID' required>
    <input name='reason' placeholder='Reason' required>
    <select name='severity'>
        <option value='low'>Low</option>
        <option value='medium'>Medium</option>
        <option value='high'>High</option>
    </select>
    <button type='submit'>Flag Affiliate</button>
</form>";

echo "<table><tr>
    <th>Affiliate</th><th>Reason</th><th>Severity</th><th>Flagged By</th><th>Time</th>
</tr>";
foreach ($flags as $f) {
    echo "<tr>
        <td>" . htmlspecialchars($f['affiliate_name']) . " (#" . htmlspecialchars($f['affiliate_id']) . ")</td>
        <td>" . htmlspecialchars($f['reason']) . "</td>
        <td>" . htmlspecialchars($f['severity']) . "</td>
        <td>" . htmlspecialchars($f['admin_name']) . "</td>
        <td>{$f['created_at']}</td>
    </tr>";
}
echo "</table>";
?>
</div>
</body>
</html>