<?php
// ios_member_search_api.php - iOS 會員名字搜尋專用 API

session_start();

// 安全設定
ini_set('display_errors', 0);
ini_set('log_errors', 1);
ini_set('error_log', 'ios_api_errors.log');

// CORS 和 JSON 響應設定
header('Content-Type: application/json; charset=utf-8');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: POST, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, Authorization, X-Requested-With');

// 處理 OPTIONS 預檢請求
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit();
}

// 錯誤處理函數
function sendErrorResponse($message, $code = 400, $logMessage = null) {
    if ($logMessage) {
        error_log($logMessage);
    }
    
    http_response_code($code);
    echo json_encode([
        'success' => false,
        'message' => $message,
        'names' => [],
        'timestamp' => date('c')
    ]);
    exit;
}

// 成功響應函數
function sendSuccessResponse($names, $message = 'Success') {
    echo json_encode([
        'success' => true,
        'message' => $message,
        'names' => $names,
        'count' => count($names),
        'timestamp' => date('c')
    ]);
    exit;
}

// 驗證請求方法
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    sendErrorResponse('僅支援 POST 請求', 405);
}

// 身份驗證檢查
if (!isset($_SESSION['username']) || empty($_SESSION['username'])) {
    sendErrorResponse('未經授權存取，請重新登入', 401, 'Unauthorized access attempt from IP: ' . ($_SERVER['REMOTE_ADDR'] ?? 'unknown'));
}

// 驗證必要的擴展和檔案
if (!extension_loaded('mysqli')) {
    sendErrorResponse('伺服器配置錯誤', 500, 'MySQLi extension not loaded');
}

if (!file_exists('dbconnect.php')) {
    sendErrorResponse('資料庫連線檔案缺失', 500, 'dbconnect.php not found');
}

// 載入資料庫連接
try {
    require_once('dbconnect.php');
} catch (Exception $e) {
    sendErrorResponse('資料庫連線失敗', 500, 'Error including dbconnect.php: ' . $e->getMessage());
}

// 驗證資料庫連接
if (!isset($conn) || !$conn || mysqli_connect_error()) {
    sendErrorResponse('資料庫連線失敗', 500, 'Database connection failed: ' . (mysqli_connect_error() ?: 'Unknown error'));
}

/**
 * iOS 會員搜尋 API 類別
 */
class iOSMemberSearchAPI {
    private $conn;
    private $currentUser;
    
    public function __construct($connection) {
        $this->conn = $connection;
        $this->currentUser = $_SESSION['username'] ?? null;
        $this->validateTables();
    }
    
    /**
     * 驗證必要的資料表
     */
    private function validateTables() {
        $result = mysqli_query($this->conn, "SHOW TABLES LIKE 'Member'");
        if (!$result || mysqli_num_rows($result) === 0) {
            sendErrorResponse("資料庫表缺失: Member", 500, "Required table 'Member' does not exist");
        }
        mysqli_free_result($result);
    }
    
    /**
     * 搜尋會員名字（模糊查詢）
     */
    public function searchMemberNames($searchTerm) {
        try {
            // 清理搜尋詞
            $searchTerm = trim($searchTerm);
            
            // 如果搜尋詞為空，返回所有會員
            if (empty($searchTerm)) {
                return $this->getAllMembers();
            }
            
            // 限制搜尋詞長度
            if (strlen($searchTerm) > 50) {
                sendErrorResponse('搜尋詞過長', 400);
            }
            
            // 準備 SQL 查詢
            $sql = "SELECT DISTINCT `name` FROM `Member` WHERE `name` LIKE ? ORDER BY `name` ASC LIMIT 50";
            $stmt = mysqli_prepare($this->conn, $sql);
            
            if (!$stmt) {
                error_log("Member search statement preparation failed: " . mysqli_error($this->conn));
                return [];
            }
            
            // 綁定參數 - 使用模糊查詢（前後都加 %）
            $param = "%{$searchTerm}%";
            mysqli_stmt_bind_param($stmt, 's', $param);
            
            // 執行查詢
            if (!mysqli_stmt_execute($stmt)) {
                error_log("Member search query failed: " . mysqli_stmt_error($stmt));
                mysqli_stmt_close($stmt);
                return [];
            }
            
            // 獲取結果
            $result = mysqli_stmt_get_result($stmt);
            $names = [];
            
            while ($row = mysqli_fetch_assoc($result)) {
                if (!empty($row['name'])) {
                    $names[] = $row['name'];
                }
            }
            
            mysqli_free_result($result);
            mysqli_stmt_close($stmt);
            
            return $names;
            
        } catch (Exception $e) {
            error_log("Search member names error: " . $e->getMessage());
            return [];
        }
    }
    
    /**
     * 獲取所有會員（按姓名排序，不限制數量）
     */
    public function getAllMembers() {
        try {
            // 返回所有會員，按姓名排序，不設限制
            $sql = "SELECT DISTINCT `name` 
                    FROM `Member` 
                    WHERE `name` IS NOT NULL AND `name` != '' 
                    ORDER BY `name` ASC";
            
            $result = mysqli_query($this->conn, $sql);
            
            if (!$result) {
                error_log("Get all members query failed: " . mysqli_error($this->conn));
                return [];
            }
            
            $names = [];
            while ($row = mysqli_fetch_assoc($result)) {
                if (!empty($row['name'])) {
                    $names[] = $row['name'];
                }
            }
            
            mysqli_free_result($result);
            
            return $names;
            
        } catch (Exception $e) {
            error_log("Get all members error: " . $e->getMessage());
            return [];
        }
    }
    
    /**
     * 記錄 API 使用日誌
     */
    public function logAPIUsage($action, $searchTerm, $resultCount) {
        try {
            $logFile = 'ios_api_log.txt';
            $currentDate = date('Y-m-d');
            $currentTime = date('H:i:s');
            $ipAddress = $_SERVER['REMOTE_ADDR'] ?? 'unknown';
            $userAgent = $_SERVER['HTTP_USER_AGENT'] ?? '';
            
            $searchTermLog = empty($searchTerm) ? 'all_members' : "search_term:{$searchTerm}";
            
            $logEntry = implode(',', [
                $this->currentUser,
                $currentDate,
                $currentTime,
                'iOS_Member_Search_API',
                $action,
                $searchTermLog,
                "results:{$resultCount}",
                $ipAddress,
                $userAgent
            ]) . PHP_EOL;
            
            file_put_contents($logFile, $logEntry, FILE_APPEND | LOCK_EX);
        } catch (Exception $e) {
            error_log("Error logging API usage: " . $e->getMessage());
        }
    }
}

// 主要處理邏輯
try {
    // 解析請求
    $input = json_decode(file_get_contents('php://input'), true);
    
    if (json_last_error() !== JSON_ERROR_NONE) {
        sendErrorResponse('無效的 JSON 格式', 400, 'Invalid JSON in request');
    }
    
    // 驗證請求參數
    $action = $input['action'] ?? '';
    $searchTerm = $input['search_term'] ?? '';
    
    if ($action !== 'search_names') {
        sendErrorResponse('無效的操作類型', 400, 'Invalid action: ' . $action);
    }
    
    // 建立 API 實例
    $api = new iOSMemberSearchAPI($conn);
    
    // 執行搜尋（不再排除空搜尋詞）
    $names = $api->searchMemberNames($searchTerm);
    
    // 記錄 API 使用
    $api->logAPIUsage($action, $searchTerm, count($names));
    
    // 發送成功響應
    if (empty($searchTerm)) {
        $message = count($names) > 0 ? 
            '顯示所有 ' . count($names) . ' 位會員' : 
            '沒有找到會員資料';
    } else {
        $message = count($names) > 0 ? 
            '找到 ' . count($names) . ' 個會員名字' : 
            '沒有找到符合的會員名字';
    }
    
    sendSuccessResponse($names, $message);
    
} catch (Exception $e) {
    error_log("iOS Member Search API Error: " . $e->getMessage());
    sendErrorResponse('伺服器內部錯誤', 500, 'Exception in main logic: ' . $e->getMessage());
} finally {
    // 清理資料庫連接
    if (isset($conn) && $conn) {
        mysqli_close($conn);
    }
}
?>