<?php
session_start();
header('Content-Type: application/json');

require_once __DIR__ . '/../classes/DB.php';
require_once __DIR__ . '/../classes/User.php';
require_once __DIR__ . '/../classes/Image.php';
require_once __DIR__ . '/../classes/Tag.php';

$user = User::fromSession();
if (!$user) {
    echo json_encode(["ok" => false, "error" => "Not logged in"]);
    exit;
}

if (User::isBanned($user)) {
    echo json_encode(["ok" => false, "error" => "User banned"]);
    exit;
}

$db = DB::get();

/* DAILY LIMIT CHECK */
$today = date('Y-m-d');
if ($user->last_upload_date !== $today) {
    $db->prepare("UPDATE users SET uploads_today = 0, last_upload_date = ? WHERE id = ?")
       ->execute([$today, $user->id]);
    $user->uploads_today = 0;
}

$remaining = 3 - $user->uploads_today;
if ($remaining <= 0) {
    echo json_encode(["ok" => false, "error" => "Daily limit reached"]);
    exit;
}

/* VALIDATE INPUT */
if (!isset($_FILES['images']) || !isset($_POST['tags'])) {
    echo json_encode(["ok" => false, "error" => "Missing files or tags"]);
    exit;
}

$files = $_FILES['images'];
$tags  = $_POST['tags'];

$count = count($files['name']);
if ($count !== count($tags)) {
    echo json_encode(["ok" => false, "error" => "Tag count mismatch"]);
    exit;
}

if ($count > $remaining) {
    echo json_encode(["ok" => false, "error" => "Too many uploads"]);
    exit;
}

$uploaded_ids = [];

for ($i = 0; $i < $count; $i++) {

    $tmp  = $files['tmp_name'][$i];
    $name = $files['name'][$i];
    $tag  = trim($tags[$i]);

    if ($tag === "") {
        echo json_encode(["ok" => false, "error" => "Tag required for each image"]);
        exit;
    }

    $md5 = md5_file($tmp);
    if (Image::existsByMd5($md5)) {
        echo json_encode(["ok" => false, "error" => "Duplicate image detected"]);
        exit;
    }

    /* EXIF */
    $exif = @exif_read_data($tmp);
    $exif_json = $exif ? json_encode($exif) : null;

    /* MOVE FILE */
    $newName = uniqid("img_") . "_" . basename($name);
    $path = __DIR__ . "/../uploads/" . $newName;
    move_uploaded_file($tmp, $path);

    /* DB INSERT */
    $imageId = Image::create([
        "owner_user_id"   => $user->id,
        "src"             => "/uploads/" . $newName,
        "md5_hash"        => $md5,
        "original_tag"    => $tag,
        "hidden_username" => isset($_POST['hide_username']) ? 1 : 0,
        "exif_json"       => $exif_json
    ]);

    Tag::addOriginal($imageId, $tag);

    $uploaded_ids[] = $imageId;
}

/* UPDATE USER COUNTER */
$db->prepare("UPDATE users SET uploads_today = uploads_today + ? WHERE id = ?")
   ->execute([$count, $user->id]);

echo json_encode([
    "ok" => true,
    "uploaded" => $uploaded_ids
]);