<?php
declare(strict_types=1);

require __DIR__ . '/config.php';
boot_session();

/*
 Verwacht payload (JSON of form-data):
 {
   email, name, phone, company, vat, address, postcode, city, country,
   notes, payment: "stripe"|"sepa",
   items: [{sku,title|name,qty,price,meta?}],
   totals: { sub, discount, ship, vat, grand, currency }
 }
*/

function val($v, $d = null) { return isset($v) ? $v : $d; }
function clean_text($s) { return trim((string)$s); }
function qtyfmt(float $q): string { return number_format($q, 3, '.', ''); } // voor DECIMAL(12,3)

$in = json_decode(file_get_contents('php://input'), true) ?: $_POST;

$email   = clean_text($in['email'] ?? '');
$name    = clean_text($in['name'] ?? '');
$phone   = clean_text($in['phone'] ?? '');
$company = clean_text($in['company'] ?? '');
$vat     = clean_text($in['vat'] ?? '');
$address = clean_text($in['address'] ?? '');
$post    = clean_text($in['postcode'] ?? '');
$city    = clean_text($in['city'] ?? '');
$country = strtoupper(clean_text($in['country'] ?? 'BE'));
$notes   = clean_text($in['notes'] ?? '');
$pm      = ($in['payment'] ?? 'stripe') === 'sepa' ? 'sepa' : 'stripe';
$items   = is_array($in['items'] ?? null) ? $in['items'] : [];
$tot     = is_array($in['totals'] ?? null) ? $in['totals'] : [];

if (!filter_var($email, FILTER_VALIDATE_EMAIL)) json_err('E-mailadres ongeldig', 422);
if (!$name || !$address || !$post || !$city) json_err('Adres onvolledig', 422);
if (!$items) json_err('Geen items', 422);

$db = pdo();
$db->beginTransaction();

try {
  // 1) User aanmaken/zekerstellen + profiel updaten (stored procedures uit je DB)
  $db->exec("SET @uid=NULL");
  $q = $db->prepare("CALL sp_ensure_user(:e,:n,@uid)");
  $q->execute([':e' => $email, ':n' => $name]);
  $uid = (int)($db->query("SELECT @uid AS uid")->fetch()['uid'] ?? 0);

  $up = $db->prepare("CALL sp_upsert_profile(:e,:n,:ph,:co,:vat,:ad,:pc,:ci,:ct)");
  $up->execute([
    ':e'  => $email, ':n' => $name, ':ph' => $phone, ':co' => $company, ':vat' => $vat,
    ':ad' => $address, ':pc' => $post, ':ci' => $city, ':ct' => $country
  ]);

  // 2) Ordernummer
  $number = 'TT' . date('YmdHis') . random_int(100, 999);

  // 3) Order opslaan
  $currency = strtoupper((string)($tot['currency'] ?? 'EUR'));
  $grand    = (float)($tot['grand'] ?? 0);

  $st = $db->prepare(
    "INSERT INTO orders (user_id, number, status, ordered_at, currency, total_gross, total_net, notes)
     VALUES (:uid,:num,:st,NOW(),:cur,:gross,NULL,:notes)"
  );
  $st->execute([
    ':uid'   => $uid,
    ':num'   => $number,
    ':st'    => ($pm === 'sepa' ? 'awaiting_payment' : 'pending'),
    ':cur'   => $currency,
    ':gross' => money($grand),
    ':notes' => $notes
  ]);
  $orderId = (int)$db->lastInsertId();

  // 4) Orderregels
  $ins = $db->prepare(
    "INSERT INTO order_items (order_id, sku, title, qty, unit_price, line_total, meta)
     VALUES (:oid,:sku,:title,:qty,:price,:line,:meta)"
  );

  foreach ($items as $it) {
    $qtyRaw = (float)($it['qty'] ?? 1);
    $qty    = max(0.001, $qtyRaw);
    $price  = (float)($it['price'] ?? 0);
    $line   = $qty * $price;

    $ins->execute([
      ':oid'   => $orderId,
      ':sku'   => clean_text($it['sku'] ?? ''),
      ':title' => clean_text($it['name'] ?? $it['title'] ?? 'Product'),
      ':qty'   => qtyfmt($qty),
      ':price' => money($price),
      ':line'  => money($line),
      ':meta'  => json_encode($it['meta'] ?? new stdClass(), JSON_UNESCAPED_UNICODE)
    ]);
  }

  // 5) Factuur alvast klaarzetten (open) – webhook kan later definitief maken
  $invNo = 'INV' . substr($number, 2);
  $db->exec("SET @iid=NULL");
  $iv = $db->prepare(
    "CALL sp_upsert_invoice(:email,:inv,'open',NOW(),NULL,:tot,:due,:cur,NULL,:ord,@iid)"
  );
  $iv->execute([
    ':email' => $email,
    ':inv'   => $invNo,
    ':tot'   => money($grand),
    ':due'   => money($grand),
    ':cur'   => $currency,
    ':ord'   => $number
  ]);

  $db->commit();

  // --- SEPA/offline route ---
  if ($pm === 'sepa') {
    json_ok([
      'ok'           => true,
      'mode'         => 'sepa',
      'order_number' => $number,
      'sepa' => [
        'iban'       => 'BE63377065491508',
        'name'       => APP_NAME,
        'amount'     => money($grand),
        'remittance' => $number
      ]
    ]);
  }

  // --- Stripe Checkout route ---
  $autoload = __DIR__ . '/vendor/autoload.php';
  if (!file_exists($autoload)) {
    // Vriendelijke fout als stripe-php (composer) nog niet is geïnstalleerd
    json_err('Stripe library ontbreekt (vendor/autoload.php). Installeer stripe-php via Composer.', 500, [
      'hint' => 'composer require stripe/stripe-php'
    ]);
  }
  require_once $autoload;

  \Stripe\Stripe::setApiKey(STRIPE_SECRET);

  $line_items = [];
  foreach ($items as $it) {
    $qtyItem = (int)max(1, (float)($it['qty'] ?? 1));
    $priceC  = (int)round(100 * (float)($it['price'] ?? 0));
    $nameP   = $it['name'] ?? $it['title'] ?? 'Product';

    $line_items[] = [
      'quantity'   => $qtyItem,
      'price_data' => [
        'currency'     => strtolower($currency),
        'unit_amount'  => $priceC,
        'product_data' => [
          'name'     => $nameP,
          'metadata' => ['sku' => $it['sku'] ?? '']
        ],
      ],
    ];
  }

  // Verzendkosten als los item (indien > 0)
  $ship = (float)($tot['ship'] ?? 0);
  if ($ship > 0) {
    $line_items[] = [
      'quantity'   => 1,
      'price_data' => [
        'currency'    => strtolower($currency),
        'unit_amount' => (int)round(100 * $ship),
        'product_data'=> ['name' => 'Verzending']
      ]
    ];
  }

  // NB: Kortingen via Stripe-coupon vooraf aanmaken en via discounts[] koppelen
  // In deze implementatie is de loyaliteitskorting al in de front-end/totals verwerkt.

  $origin  = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' ? 'https' : 'http')
           . '://' . $_SERVER['HTTP_HOST'];

  $session = \Stripe\Checkout\Session::create([
    'mode'           => 'payment',
    'customer_email' => $email,
    'metadata'       => ['order_number' => $number, 'user_id' => $uid],
    'line_items'     => $line_items,
    'success_url'    => $origin . '/thanks.html?order=' . rawurlencode($number),
    'cancel_url'     => $origin . '/checkout.html?canceled=1',
  ]);

  // Status naar processing tot webhook bevestigt
  $upd = $db->prepare("UPDATE orders SET status='processing' WHERE id=:id");
  $upd->execute([':id' => $orderId]);

  json_ok([
    'ok'           => true,
    'mode'         => 'stripe',
    'url'          => $session->url,
    'order_number' => $number
  ]);

} catch (Throwable $e) {
  if ($db->inTransaction()) $db->rollBack();
  json_err('Opslaan mislukt', 500, ['detail' => $e->getMessage()]);
}
<script>
async function postJSON(url, data) {
  const r = await fetch(url, {method:'POST', headers:{'Content-Type':'application/json'}, body: JSON.stringify(data)});
  return r.json();
}
async function fetchShipping(country, subtotal) {
  const r = await fetch(`/api/shipping.php?country=${encodeURIComponent(country)}&subtotal=${encodeURIComponent(subtotal)}`);
  return r.json();
}
async function validateCoupon(code, subtotal) {
  const fd = new URLSearchParams({code, subtotal:String(subtotal)});
  const r = await fetch('/api/coupons/validate.php',{method:'POST',body:fd});
  return r.json();
}
function getCartItems(){ return (window.cartItems||[]).map(i=>({sku:i.sku,title:i.title,qty:+i.qty,unit_price:+i.unit_price,tax_rate:i.tax_rate??0.21})); }
function subtotal(items){ return items.reduce((s,i)=>s+(+i.qty*(+i.unit_price||0)),0); }

(async function initCheckout(){
  const f = document.querySelector('#checkoutForm'); if(!f) return;

  // Live coupon
  const couponEl = f.querySelector('#coupon');
  const countryEl = f.querySelector('#b_country');
  async function refreshTotals(){
    const items = getCartItems(); const sub = subtotal(items);
    const ship = await fetchShipping((countryEl?.value||'BE'), sub);
    let disc = 0;
    if(couponEl?.value){
      const c = await validateCoupon(couponEl.value, sub);
      if(c.ok) disc = +c.amount;
    }
    // Toon waar jij het wilt:
    const total = (sub - disc + (ship.price||0)); 
    const out = f.querySelector('#orderTotal'); if(out) out.textContent = total.toFixed(2)+' €';
  }
  couponEl?.addEventListener('change', refreshTotals);
  countryEl?.addEventListener('change', refreshTotals);
  refreshTotals();

  // Submit → order opslaan → checkout starten
  f.addEventListener('submit', async (e)=>{
    e.preventDefault();
    const items = getCartItems();
    const payload = {
      currency: 'EUR',
      shipping_country: countryEl?.value || 'BE',
      shipping_method: 'standard',
      coupon_code: couponEl?.value || '',
      notes: f.querySelector('#notes')?.value || '',
      customer: {
        email:  f.querySelector('#email').value.trim(),
        name:   f.querySelector('#name').value.trim(),
        phone:  f.querySelector('#phone')?.value || '',
        company:f.querySelector('#company')?.value || '',
        vat:    f.querySelector('#vat')?.value || ''
      },
      billingAddress: {
        address: f.querySelector('#b_addr').value, postcode: f.querySelector('#b_zip').value,
        city: f.querySelector('#b_city').value, country: f.querySelector('#b_country').value
      },
      shippingAddress: { // zelfde als billing; pas aan als je aparte velden hebt
        address: f.querySelector('#b_addr').value, postcode: f.querySelector('#b_zip').value,
        city: f.querySelector('#b_city').value, country: f.querySelector('#b_country').value
      },
      items
    };
    const order = await postJSON('/api/store-order.php', payload);
    if(!order.ok) throw new Error(order.error||'server_error');

    const ck = await postJSON('/api/create-checkout.php', {order_id: order.order_id});
    if(!ck.ok) throw new Error(ck.error||'server_error');

    location.href = ck.checkout; // naar /client/#pay?order=...
  });
})();
</script>