<?php
require_once '../includes/constants.php';
require_once '../includes/session.php';
require_once '../includes/function1.php';

if (!isset($_SESSION['admin_id']) || !in_array($_SESSION['admin_role'], ['manager','superadmin'])) {
    die("Access denied");
}
?>
<!DOCTYPE html>
<html>
<head>
    <title><?php echo SITE_TITLE . ' | Fraud Flags'; ?></title>
    <link rel="stylesheet" href="css/admin.css">
</head>
<body>
<div class="container">
<?php
$detector = new FraudDetector($pdo);

// Handle resolution
if (isset($_GET['resolve'])) {
    $detector->resolveFlag($_GET['resolve'], $_SESSION['admin_id']);
    echo "<p class='success'>✅ Flag resolved.</p>";
}

// Fetch unresolved flags
$flags = $detector->getFlags(false);

// UI
echo "<h2>🚨 Fraud Flags</h2>
<table><tr>
    <th>ID</th><th>Affiliate</th><th>Txn</th><th>Type</th><th>Reason</th><th>Severity</th><th>Action</th>
</tr>";
foreach ($flags as $flag) {
    echo "<tr>
        <td>" . htmlspecialchars($flag['id']) . "</td>
        <td>" . htmlspecialchars($flag['affiliate_id']) . "</td>
        <td>" . htmlspecialchars($flag['transaction_id']) . "</td>
        <td>" . htmlspecialchars($flag['flag_type']) . "</td>
        <td><textarea readonly style='width:300px;height:40px'>" . htmlspecialchars($flag['flag_reason']) . "</textarea></td>
        <td>" . htmlspecialchars($flag['severity']) . "</td>
        <td><a href='admin_fraud_flags.php?resolve=" . htmlspecialchars($flag['id']) . "'>Mark Resolved</a></td>
    </tr>";
}
echo "</table>";
?>
</div>
</body>
</html>