<?php
require_once '../includes/constants.php';
require_once '../includes/session.php';
require_once '../includes/functions.php';

if (!isset($_SESSION['admin_id']) || !in_array($_SESSION['admin_role'], ['manager','superadmin'])) {
    die("Access denied");
}

// Handle create/update
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $id = $_POST['offer_id'] ?? null;
    $data = [
        $_POST['offer_title'],
        $_POST['offer_url'],
        $_POST['offer_payout'],
        $_POST['offer_currency'],
        $_POST['offer_geo'],
        $_POST['offer_device'],
        $_POST['offer_status'],
        $_POST['offer_source']
    ];

    if ($id) {
        $sql = "UPDATE partners_offers SET 
                offer_title = ?, offer_url = ?, offer_payout = ?, offer_currency = ?, 
                offer_geo = ?, offer_device = ?, offer_status = ?, offer_source = ?
                WHERE offer_id = ?";
        $stmt = $pdo->prepare($sql);
        $stmt->execute([...$data, $id]);
    } else {
        $sql = "INSERT INTO partners_offers 
                (offer_title, offer_url, offer_payout, offer_currency, offer_geo, offer_device, offer_status, offer_source)
                VALUES (?, ?, ?, ?, ?, ?, ?, ?)";
        $stmt = $pdo->prepare($sql);
        $stmt->execute($data);
    }

    echo "<p class='success'>✅ Offer saved.</p>";
}

// Handle delete
if (isset($_GET['delete'])) {
    $stmt = $pdo->prepare("DELETE FROM partners_offers WHERE offer_id = ?");
    $stmt->execute([$_GET['delete']]);
    echo "<p class='error'>❌ Offer deleted.</p>";
}

// Fetch all offers
$stmt = $pdo->query("SELECT * FROM partners_offers ORDER BY offer_id DESC");
$offers = $stmt->fetchAll(PDO::FETCH_ASSOC);
?>
<!DOCTYPE html>
<html>
<head>
    <title><?php echo SITE_TITLE . ' | Manage Offers'; ?></title>
    <link rel="stylesheet" href="css/admin.css">
</head>
<body>
<div class="container">
<h2>📝 Create/Edit Offer</h2>
<form method="post">
    <input type="hidden" name="offer_id" value="">
    <label>Title:<br><input name="offer_title" placeholder="Title"></label><br>
    <label>Tracking URL:<br><input name="offer_url" placeholder="Tracking URL"></label><br>
    <label>Payout:<br><input name="offer_payout" placeholder="Payout"></label><br>
    <label>Currency:<br><input name="offer_currency" placeholder="Currency"></label><br>
    <label>Geo:<br><input name="offer_geo" placeholder="Geo (e.g. US,CA)"></label><br>
    <label>Device:<br><input name="offer_device" placeholder="Device (mobile, desktop)"></label><br>
    <label>Status:
        <select name="offer_status">
            <option value="active">Active</option>
            <option value="paused">Paused</option>
            <option value="deleted">Deleted</option>
        </select>
    </label><br>
    <label>Source:<br><input name="offer_source" placeholder="Source (manual, API)"></label><br>
    <button type="submit">Save Offer</button>
</form>

<hr><h2>📋 All Offers</h2>
<table><tr><th>ID</th><th>Title</th><th>Geo</th><th>Device</th><th>Status</th><th>Actions</th></tr>
<?php
foreach ($offers as $offer) {
    echo "<tr>
        <td>" . htmlspecialchars($offer['offer_id']) . "</td>
        <td>" . htmlspecialchars($offer['offer_title']) . "</td>
        <td>" . htmlspecialchars($offer['offer_geo']) . "</td>
        <td>" . htmlspecialchars($offer['offer_device']) . "</td>
        <td>" . htmlspecialchars($offer['offer_status']) . "</td>
        <td>
            <a href='admin_offers.php?edit=" . htmlspecialchars($offer['offer_id']) . "'>Edit</a> | 
            <a href='admin_offers.php?delete=" . htmlspecialchars($offer['offer_id']) . "' onclick='return confirm(\"Delete this offer?\")'>Delete</a>
        </td>
    </tr>";
}
?>
</table>
</div>
</body>
</html>