<?php
require_once '../includes/constants.php';
require_once '../includes/session.php';

if (!isset($_SESSION['admin_id']) || !in_array($_SESSION['admin_role'], ['manager','superadmin'])) {
    die("Access denied");
}
?>
<!DOCTYPE html>
<html>
<head>
    <title><?php echo SITE_TITLE . ' | Affiliate Payments'; ?></title>
    <link rel="stylesheet" href="css/admin.css">
</head>
<body>
<div class="container">
<?php
$adminId = $_SESSION['admin_id'];

// Handle payout update
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $stmt = $pdo->prepare("UPDATE affiliate_payments 
        SET status = ?, notes = ?, processed_by = ?, processed_at = NOW() 
        WHERE id = ?");
    $stmt->execute([
        $_POST['status'],
        $_POST['notes'],
        $adminId,
        $_POST['payment_id']
    ]);
    echo "<p class='success'>✅ Payment updated.</p>";
}

// Fetch payments
$stmt = $pdo->query("SELECT p.*, u.username, o.offer_name, a.username as admin_name 
                     FROM affiliate_payments p 
                     JOIN users u ON p.affiliate_id = u.id 
                     LEFT JOIN partners_offers o ON p.offer_id = o.offer_id 
                     LEFT JOIN admin_users a ON p.processed_by = a.id 
                     ORDER BY p.status, p.processed_at DESC");
$payments = $stmt->fetchAll(PDO::FETCH_ASSOC);

// UI
echo "<h2>💳 Affiliate Payments</h2>
<table><tr>
    <th>Affiliate</th><th>Offer</th><th>Amount</th><th>Currency</th>
    <th>Status</th><th>Notes</th><th>Processed By</th><th>Time</th><th>Action</th>
</tr>";
foreach ($payments as $p) {
    echo "<tr>
        <td>" . htmlspecialchars($p['username']) . " (#" . htmlspecialchars($p['affiliate_id']) . ")</td>
        <td>" . htmlspecialchars($p['offer_name']) . "</td>
        <td>$" . number_format($p['amount'], 2) . "</td>
        <td>" . htmlspecialchars($p['currency']) . "</td>
        <td>" . htmlspecialchars($p['status']) . "</td>
        <td><textarea readonly style='width:200px;height:40px'>" . htmlspecialchars($p['notes']) . "</textarea></td>
        <td>" . htmlspecialchars($p['admin_name']) . "</td>
        <td>{$p['processed_at']}</td>
        <td>
            <form method='post' style='display:inline'>
                <input type='hidden' name='payment_id' value='" . htmlspecialchars($p['id']) . "'>
                <select name='status'>
                    <option value='pending'" . ($p['status']=='pending'?' selected':'') . ">Pending</option>
                    <option value='approved'" . ($p['status']=='approved'?' selected':'') . ">Approved</option>
                    <option value='paid'" . ($p['status']=='paid'?' selected':'') . ">Paid</option>
                    <option value='rejected'" . ($p['status']=='rejected'?' selected':'') . ">Rejected</option>
                </select><br>
                <textarea name='notes' placeholder='Notes'>" . htmlspecialchars($p['notes']) . "</textarea><br>
                <button type='submit'>Update</button>
            </form>
        </td>
    </tr>";
}
echo "</table>";
?>
</div>
</body>
</html>