<?php
// /oldugk/admin/modules/contact_messages/process_message.php

// 1. Load Konfigurasi Utama & Mulai Session
$project_root_pm = dirname(dirname(dirname(__DIR__))); // Mundur 3 level ke /oldugk/

// Ini akan memuat $pdo dari db_connect.php (sesuai view.php Anda)
if (file_exists($project_root_pm . '/includes/db_connect.php')) {
    require_once $project_root_pm . '/includes/db_connect.php';
} else {
    http_response_code(500);
    header('Content-Type: application/json');
    echo json_encode(['success' => false, 'message' => 'Kesalahan konfigurasi server (PM_DBC).']);
    error_log("CRITICAL FAILURE: db_connect.php not found from process_message.php.");
    exit;
}

// Ini akan memuat fungsi seperti validate_csrf_token, esc_html (sesuai view.php Anda)
if (file_exists($project_root_pm . '/admin/includes/functions.php')) {
    require_once $project_root_pm . '/admin/includes/functions.php';
} else {
    http_response_code(500);
    header('Content-Type: application/json');
    echo json_encode(['success' => false, 'message' => 'Kesalahan konfigurasi server (PM_FUNC).']);
    error_log("CRITICAL FAILURE: admin/includes/functions.php not found from process_message.php.");
    exit;
}


// Pastikan session sudah dimulai jika functions.php tidak menanganinya
if (session_status() == PHP_SESSION_NONE) {
    session_start();
}

// -----------------------------------------------------------------------------
// DEBUGGING: Log data POST yang diterima
error_log("process_message.php - Received DATA: " . print_r($_REQUEST, true)); // Gunakan $_REQUEST untuk debug GET & POST
// -----------------------------------------------------------------------------

// Default response
$response = ['success' => false, 'message' => 'Aksi tidak valid atau gagal.'];
http_response_code(400); // Bad Request by default

// Tentukan sumber data (GET atau POST)
// Meskipun idealnya semua aksi modifikasi adalah POST, view.php Anda menggunakan GET untuk beberapa.
$request_data = $_SERVER['REQUEST_METHOD'] === 'POST' ? $_POST : $_GET;


// Validasi CSRF Token (harus ada di $request_data)
// Pastikan fungsi validate_csrf_token() ada dari functions.php
if (!function_exists('validate_csrf_token') || !isset($request_data['csrf_token']) || !validate_csrf_token($request_data['csrf_token'])) {
    http_response_code(403); // Forbidden
    $response = ['success' => false, 'message' => 'Validasi keamanan gagal (CSRF). Segarkan halaman dan coba lagi.'];
    $received_token = $request_data['csrf_token'] ?? 'Tidak ada token diterima';
    $session_token = $_SESSION['csrf_token'] ?? 'Tidak ada token di session';
    error_log("process_message.php - CSRF Validation Failed. Received: $received_token, Session: $session_token");
    header('Content-Type: application/json');
    echo json_encode($response);
    exit;
}

// Ambil action dan ID
$action = isset($request_data['action']) ? trim(strip_tags($request_data['action'])) : null;
// message_id bisa dari POST (form add_note) atau 'id' dari GET (link aksi)
$message_id = isset($request_data['message_id']) ? (int)$request_data['message_id'] : (isset($request_data['id']) ? (int)$request_data['id'] : 0);


if (empty($action)) {
    $response['message'] = 'Parameter "action" tidak boleh kosong.';
    header('Content-Type: application/json');
    echo json_encode($response);
    exit;
}
if ($message_id <= 0 && $action !== 'some_global_action_without_id') { // kecuali ada aksi global
    $response['message'] = 'Parameter "message_id" atau "id" tidak valid.';
    header('Content-Type: application/json');
    echo json_encode($response);
    exit;
}


// Pastikan $pdo tersedia
global $pdo;
if (!isset($pdo)) {
    http_response_code(500);
    $response = ['success' => false, 'message' => 'Kesalahan koneksi database (PM002).'];
    error_log("process_message.php - PDO object not available.");
    header('Content-Type: application/json');
    echo json_encode($response);
    exit;
}

try {
    switch ($action) {
        case 'mark_read': // Dari view.php: action=mark_read
            $stmt = $pdo->prepare("UPDATE portal_contact_messages SET is_read = 1, read_at = NOW() WHERE id = :id");
            $stmt->bindParam(':id', $message_id, PDO::PARAM_INT);
            $stmt->execute();
            if ($stmt->rowCount() > 0) {
                http_response_code(200);
                $response = ['success' => true, 'message' => 'Pesan ditandai sudah dibaca.'];
            } else {
                // Cek apakah memang sudah dibaca atau tidak ada
                $checkStmt = $pdo->prepare("SELECT is_read FROM portal_contact_messages WHERE id = :id");
                $checkStmt->bindParam(':id', $message_id, PDO::PARAM_INT);
                $checkStmt->execute();
                $msgExists = $checkStmt->fetch();
                if ($msgExists && $msgExists['is_read'] == 1) {
                    http_response_code(200); // Tetap OK jika sudah dibaca
                    $response = ['success' => true, 'message' => 'Pesan sudah ditandai dibaca sebelumnya.'];
                } else if (!$msgExists) {
                    http_response_code(404);
                    $response = ['success' => false, 'message' => 'Pesan tidak ditemukan.'];
                } else {
                    $response = ['success' => false, 'message' => 'Gagal menandai pesan atau status tidak berubah.'];
                }
            }
            break;

        case 'mark_unread': // Dari view.php: action=mark_unread
            $stmt = $pdo->prepare("UPDATE portal_contact_messages SET is_read = 0, read_at = NULL WHERE id = :id");
            $stmt->bindParam(':id', $message_id, PDO::PARAM_INT);
            $stmt->execute();
            if ($stmt->rowCount() > 0) {
                http_response_code(200);
                $response = ['success' => true, 'message' => 'Pesan ditandai belum dibaca.'];
            } else {
                $checkStmt = $pdo->prepare("SELECT is_read FROM portal_contact_messages WHERE id = :id");
                $checkStmt->bindParam(':id', $message_id, PDO::PARAM_INT);
                $checkStmt->execute();
                $msgExists = $checkStmt->fetch();
                if ($msgExists && $msgExists['is_read'] == 0) {
                    http_response_code(200);
                    $response = ['success' => true, 'message' => 'Pesan sudah ditandai belum dibaca sebelumnya.'];
                } else if (!$msgExists) {
                    http_response_code(404);
                    $response = ['success' => false, 'message' => 'Pesan tidak ditemukan.'];
                } else {
                    $response = ['success' => false, 'message' => 'Gagal menandai pesan atau status tidak berubah.'];
                }
            }
            break;
        
        case 'archive': // Dari view.php: action=archive
            $stmt = $pdo->prepare("UPDATE portal_contact_messages SET is_archived = 1, archived_at = NOW() WHERE id = :id");
            $stmt->bindParam(':id', $message_id, PDO::PARAM_INT);
            $stmt->execute();
            if ($stmt->rowCount() > 0) {
                http_response_code(200);
                $response = ['success' => true, 'message' => 'Pesan berhasil diarsipkan.'];
            } else {
                 $response = ['success' => false, 'message' => 'Pesan sudah diarsipkan atau tidak ditemukan.'];
            }
            break;

        case 'unarchive': // Dari view.php: action=unarchive
            $stmt = $pdo->prepare("UPDATE portal_contact_messages SET is_archived = 0, archived_at = NULL WHERE id = :id");
            $stmt->bindParam(':id', $message_id, PDO::PARAM_INT);
            $stmt->execute();
            if ($stmt->rowCount() > 0) {
                http_response_code(200);
                $response = ['success' => true, 'message' => 'Pengarsipan pesan dibatalkan.'];
            } else {
                $response = ['success' => false, 'message' => 'Pesan tidak diarsipkan atau tidak ditemukan.'];
            }
            break;

        case 'delete': // Dari view.php: action=delete
            $stmt = $pdo->prepare("DELETE FROM portal_contact_messages WHERE id = :id");
            $stmt->bindParam(':id', $message_id, PDO::PARAM_INT);
            $stmt->execute();
            if ($stmt->rowCount() > 0) {
                http_response_code(200);
                $response = ['success' => true, 'message' => 'Pesan berhasil dihapus permanen.'];
            } else {
                 $response = ['success' => false, 'message' => 'Pesan tidak ditemukan untuk dihapus.'];
            }
            break;

        case 'add_note': // Dari view.php (Modal Form): action=add_note
            // Aksi ini HARUS POST
            if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
                 http_response_code(405); // Method Not Allowed
                 $response = ['success' => false, 'message' => 'Metode tidak diizinkan untuk aksi tambah catatan. Hanya POST.'];
                 break; // Keluar dari switch
            }
            // message_id sudah diambil di atas dari $_POST['message_id']
            $note_content = isset($_POST['note_content']) ? trim($_POST['note_content']) : '';

            if (empty($note_content)) {
                $response = ['success' => false, 'message' => 'Isi catatan tidak boleh kosong.', 'errors' => ['note_content' => 'Isi catatan wajib diisi.']];
                break;
            }

            // Ambil catatan lama, tambahkan yang baru
            $stmt_get_notes = $pdo->prepare("SELECT notes FROM portal_contact_messages WHERE id = :id");
            $stmt_get_notes->bindParam(':id', $message_id, PDO::PARAM_INT);
            $stmt_get_notes->execute();
            $current_notes_data = $stmt_get_notes->fetch();
            
            if (!$current_notes_data) {
                http_response_code(404);
                $response = ['success' => false, 'message' => 'Pesan tidak ditemukan untuk ditambahkan catatan.'];
                break;
            }

            $current_notes = $current_notes_data['notes']; // Bisa NULL
            $user_info = isset($_SESSION['nama_lengkap']) ? $_SESSION['nama_lengkap'] : (isset($_SESSION['username']) ? $_SESSION['username'] : 'Admin');
            $new_note_entry = "[" . date('d M Y H:i') . " - " . esc_html($user_info) . "]:\n" . $note_content; // esc_html untuk user_info jika mengandung char aneh
            
            $updated_notes = $current_notes ? $current_notes . "\n\n---\n\n" . $new_note_entry : $new_note_entry;

            $stmt_update_notes = $pdo->prepare("UPDATE portal_contact_messages SET notes = :notes WHERE id = :id");
            $stmt_update_notes->bindParam(':notes', $updated_notes, PDO::PARAM_STR);
            $stmt_update_notes->bindParam(':id', $message_id, PDO::PARAM_INT);
            
            if ($stmt_update_notes->execute()) {
                http_response_code(200);
                $response = ['success' => true, 'message' => 'Catatan berhasil ditambahkan.'];
            } else {
                $response = ['success' => false, 'message' => 'Gagal menyimpan catatan ke database.'];
                error_log("process_message.php - Failed to update notes for message ID $message_id. PDO error: " . print_r($stmt_update_notes->errorInfo(), true));
            }
            break;
            
        default:
            // Pesan error ini yang Anda lihat sebelumnya
            $response = ['success' => false, 'message' => 'Aksi "' . esc_html($action) . '" tidak dikenal atau tidak valid.'];
            break;
    }
} catch (\PDOException $e) {
    error_log("Process Message Error: " . $e->getMessage() . " for action: $action, id: $message_id. SQL: " . ($stmt ? $stmt->queryString : 'N/A'));
    http_response_code(500); // Internal Server Error
    $response = ['success' => false, 'message' => 'Terjadi kesalahan pada server saat memproses permintaan.'];
} catch (\Exception $e) {
    error_log("General Exception in Process Message: " . $e->getMessage() . " for action: $action, id: $message_id");
    http_response_code(500);
    $response = ['success' => false, 'message' => 'Terjadi kesalahan umum pada server.'];
}

// Selalu generate CSRF token baru untuk dikirim balik jika klien Anda membutuhkannya
// $response['new_csrf_token'] = generate_csrf_token(); // Jika diperlukan

header('Content-Type: application/json');
echo json_encode($response);
exit;
?>