<?php
session_start();
require_once __DIR__ . '/../src/db.php';

header('Content-Type: application/json');

if (!isset($_SESSION['onboarding_token'])) {
    http_response_code(400);
    echo json_encode(['error' => 'No session found']);
    exit;
}

$token = $_SESSION['onboarding_token'];

try {
    // Prepare update data
    $updates = [];
    $params = [];
    
    // Company branding fields
    if (isset($_POST['company_name'])) {
        $updates[] = 'company_name = ?';
        $params[] = $_POST['company_name'];
    }
    if (isset($_POST['primary_color'])) {
        $updates[] = 'primary_color = ?';
        $params[] = $_POST['primary_color'];
    }
    if (isset($_POST['secondary_color'])) {
        $updates[] = 'secondary_color = ?';
        $params[] = $_POST['secondary_color'];
    }
    if (isset($_POST['industry'])) {
        $updates[] = 'industry = ?';
        $params[] = $_POST['industry'];
    }
    if (isset($_POST['company_tagline'])) {
        $updates[] = 'company_tagline = ?';
        $params[] = $_POST['company_tagline'];
    }
    
    // Quote preferences fields
    if (isset($_POST['quote_format'])) {
        $updates[] = 'quote_format = ?';
        $params[] = $_POST['quote_format'];
    }
    if (isset($_POST['payment_terms'])) {
        $updates[] = 'payment_terms = ?';
        $params[] = $_POST['payment_terms'];
    }
    if (isset($_POST['quote_validity_days'])) {
        $updates[] = 'quote_validity_days = ?';
        $params[] = intval($_POST['quote_validity_days']);
    }
    
    // Checkboxes (handle unchecked state)
    $updates[] = 'show_itemized_pricing = ?';
    $params[] = isset($_POST['show_itemized_pricing']) ? 1 : 0;
    
    $updates[] = 'include_terms_conditions = ?';
    $params[] = isset($_POST['include_terms_conditions']) ? 1 : 0;
    
    // Contact information fields
    if (isset($_POST['contact_name'])) {
        $updates[] = 'contact_name = ?';
        $params[] = $_POST['contact_name'];
    }
    if (isset($_POST['contact_email'])) {
        $updates[] = 'contact_email = ?';
        $params[] = $_POST['contact_email'];
    }
    if (isset($_POST['contact_phone'])) {
        $updates[] = 'contact_phone = ?';
        $params[] = $_POST['contact_phone'];
    }
    if (isset($_POST['contact_address'])) {
        $updates[] = 'contact_address = ?';
        $params[] = $_POST['contact_address'];
    }
    if (isset($_POST['website'])) {
        $updates[] = 'website = ?';
        $params[] = $_POST['website'];
    }
    
    // Update current step
    if (isset($_POST['current_step'])) {
        $updates[] = 'current_step = ?';
        $params[] = intval($_POST['current_step']);
    }
    
    // Mark as completed if requested
    if (isset($_POST['complete'])) {
        $updates[] = 'completed = 1';
    }
    
    if (!empty($updates)) {
        $sql = "UPDATE onboarding_sessions SET " . implode(', ', $updates) . " WHERE session_token = ?";
        $params[] = $token;
        
        $stmt = $pdo->prepare($sql);
        $stmt->execute($params);
        
        echo json_encode(['success' => true]);
    } else {
        echo json_encode(['success' => true, 'message' => 'No updates']);
    }
    
} catch (PDOException $e) {
    http_response_code(500);
    echo json_encode(['error' => 'Database error: ' . $e->getMessage()]);
}