<?php
require_once '../includes/constants.php';
require_once '../includes/session.php';
require_once '../includes/functions.php';

if (!isset($_SESSION['admin_id']) || !in_array($_SESSION['admin_role'], ['manager','superadmin'])) {
    die("Access denied");
}
?>
<!DOCTYPE html>
<html>
<head>
    <title><?php echo SITE_TITLE . ' | Offer Affiliates'; ?></title>
    <link rel="stylesheet" href="css/admin.css">
</head>
<body>
<div class="container">
<?php
$offerId = $_GET['id'] ?? 0;
if (!$offerId) die("Missing offer ID");

// Handle access grant
if (isset($_POST['grant_affiliate'])) {
    $stmt = $pdo->prepare("INSERT INTO partners_offer_access (offer_id, affiliate_id, access_type, notes)
                           VALUES (?, ?, 'approved', ?)");
    $stmt->execute([$offerId, $_POST['affiliate_id'], $_POST['notes']]);
    echo "<p class='success'>✅ Affiliate access granted.</p>";
}

// Handle blacklist
if (isset($_POST['blacklist_affiliate'])) {
    $stmt = $pdo->prepare("INSERT INTO partners_offer_access (offer_id, affiliate_id, access_type, notes)
                           VALUES (?, ?, 'blacklisted', ?)");
    $stmt->execute([$offerId, $_POST['affiliate_id'], $_POST['notes']]);
    echo "<p class='success'>🚫 Affiliate blacklisted.</p>";
}

// Handle subid block
if (isset($_POST['block_subid'])) {
    $stmt = $pdo->prepare("INSERT INTO partners_offer_subid_blocks (offer_id, affiliate_id, subid, reason)
                           VALUES (?, ?, ?, ?)");
    $stmt->execute([$offerId, $_POST['affiliate_id'], $_POST['subid'], $_POST['reason']]);
    echo "<p class='success'>🔒 Subid blocked.</p>";
}

// Handle stealth commission
if (isset($_POST['stealth_affiliate'])) {
    $stmt = $pdo->prepare("INSERT INTO partners_offer_stealth (offer_id, affiliate_id, stealth_percent, notes)
                           VALUES (?, ?, ?, ?)");
    $stmt->execute([$offerId, $_POST['affiliate_id'], $_POST['stealth_percent'], $_POST['notes']]);
    echo "<p class='success'>🧠 Stealth commission set.</p>";
}

// Fetch access list
$stmt = $pdo->prepare("SELECT a.*, u.username FROM partners_offer_access a JOIN users u ON a.affiliate_id = u.id WHERE a.offer_id = ?");
$stmt->execute([$offerId]);
$accessList = $stmt->fetchAll(PDO::FETCH_ASSOC);

// UI
echo "<h2>👥 Manage Affiliates for Offer #" . htmlspecialchars($offerId) . "</h2>
<form method='post'>
    <label>Affiliate ID:<br><input name='affiliate_id' required></label><br>
    <label>Notes:<br><textarea name='notes' placeholder='Notes'></textarea></label><br>
    <button name='grant_affiliate' type='submit'>Grant Access</button>
    <button name='blacklist_affiliate' type='submit'>Blacklist Affiliate</button>
</form>";

echo "<hr><h3>🚫 Block Subid</h3>
<form method='post'>
    <label>Affiliate ID:<br><input name='affiliate_id' required></label><br>
    <label>Subid:<br><input name='subid' required></label><br>
    <label>Reason:<br><textarea name='reason' placeholder='Reason'></textarea></label><br>
    <button name='block_subid' type='submit'>Block Subid</button>
</form>";

echo "<hr><h3>🧠 Stealth Commission</h3>
<form method='post'>
    <label>Affiliate ID:<br><input name='affiliate_id' required></label><br>
    <label>Stealth %:<br><input name='stealth_percent' required></label><br>
    <label>Notes:<br><textarea name='notes' placeholder='Notes'></textarea></label><br>
    <button name='stealth_affiliate' type='submit'>Set Stealth</button>
</form>";

echo "<hr><h3>📋 Affiliate Access List</h3>
<table><tr><th>Affiliate</th><th>Type</th><th>Notes</th></tr>";
foreach ($accessList as $a) {
    echo "<tr>
        <td>" . htmlspecialchars($a['username']) . " (#" . htmlspecialchars($a['affiliate_id']) . ")</td>
        <td>" . htmlspecialchars($a['access_type']) . "</td>
        <td><textarea readonly style='width:300px;height:40px'>" . htmlspecialchars($a['notes']) . "</textarea></td>
    </tr>";
}
echo "</table>";
?>
</div>
</body>
</html>