<?php
require_once('conn.php');

// Check login status
checkLogin("信息管理");

// Initialize all variables to avoid undefined warnings
$id = isset($_POST['id']) ? $_POST['id'] : '';
$product_name = isset($_POST['ProductName']) ? htmlspecialcharsFix($_POST['ProductName']) : '';
$product_img = isset($_POST['ProductImg']) ? htmlspecialcharsFix($_POST['ProductImg']) : '';
$unit = isset($_POST['unit']) ? htmlspecialcharsFix($_POST['unit']) : '';
$moq = isset($_POST['moq']) ? htmlspecialcharsFix($_POST['moq']) : '';
$category_id = isset($_POST['category_id']) ? intval($_POST['category_id']) : 0;
$nosale = isset($_POST['nosale']) ? $_POST['nosale'] : array();
$num = isset($_POST['num']) ? $_POST['num'] : array();
$price = isset($_POST['price']) ? $_POST['price'] : array();
$note = isset($_POST['note']) ? htmlspecialcharsFix($_POST['note']) : '';
$tips = isset($_POST['tips']) ? htmlspecialcharsFix($_POST['tips']) : '';
$keys = isset($_POST['keys']) ? $_POST['keys'] : '';
$page = isset($_POST['page']) ? $_POST['page'] : 1;

// Redirect URL
$redirect_url = "products.php?Keys=" . $keys . "&Page=" . $page;
if ($category_id) {
    $redirect_url .= "&category_id=" . $category_id;
}

// Determine if this is an edit or a new record
$is_edit = (!empty($id) && is_numeric($id));

// Process nosale array into comma-separated string
$nosale_str = '';
if (is_array($nosale) && !empty($nosale)) {
    $nosale_clean = array_map('intval', $nosale); // Ensure all values are integers
    $nosale_str = implode(',', $nosale_clean);
}

// Validate form data (add your validation here)
if (empty($product_name)) {
    // You could add error handling here
    header("Location: " . $redirect_url);
    exit();
}

if ($is_edit) {
    // Update existing product
    $sql = "UPDATE products SET 
            ProductName = '" . mysqli_real_escape_string($conn, $product_name) . "',
            ProductImg = '" . mysqli_real_escape_string($conn, $product_img) . "',
            Addtime = NOW(),
            moq = '" . mysqli_real_escape_string($conn, $moq) . "',
            unit = '" . mysqli_real_escape_string($conn, $unit) . "',
            nosale = '" . $nosale_str . "',
            note = '" . mysqli_real_escape_string($conn, $note) . "',
            tips = '" . mysqli_real_escape_string($conn, $tips) . "',
            category_id = " . $category_id . "
            WHERE id = " . (int)$id;
    mysqli_query($conn, $sql);
    
    // Handle price updates
    mysqli_query($conn, "DELETE FROM price WHERE productId = " . (int)$id . " AND AreaId = 0");
    
    if (is_array($num) && is_array($price)) {
        foreach ($num as $key => $num_value) {
            if (isset($price[$key])) { // Only process if we have both num and price
                $num_value = empty($num_value) ? 0 : (float)$num_value;
                $price_value = empty($price[$key]) ? 0 : (float)$price[$key];
                $sql = "INSERT INTO price (productId, AreaId, num, price) VALUES 
                        (" . (int)$id . ", 0, " . $num_value . ", '" . $price_value . "')";
                mysqli_query($conn, $sql);
            }
        }
    }
} else {
    // Insert new product
    $sql = "INSERT INTO products (ProductName, ProductImg, Addtime, moq, unit, nosale, note, tips, category_id) 
            VALUES (
                '" . mysqli_real_escape_string($conn, $product_name) . "',
                '" . mysqli_real_escape_string($conn, $product_img) . "',
                NOW(),
                '" . mysqli_real_escape_string($conn, $moq) . "',
                '" . mysqli_real_escape_string($conn, $unit) . "',
                '" . $nosale_str . "',
                '" . mysqli_real_escape_string($conn, $note) . "',
                '" . mysqli_real_escape_string($conn, $tips) . "',
                " . $category_id . "
            )";
    mysqli_query($conn, $sql);
    $id = mysqli_insert_id($conn);
    
    // Handle price insertions
    if (is_array($num) && is_array($price)) {
        foreach ($num as $key => $num_value) {
            if (isset($price[$key])) { // Only process if we have both num and price
                $num_value = empty($num_value) ? 0 : (float)$num_value;
                $price_value = empty($price[$key]) ? 0 : (float)$price[$key];
                $sql = "INSERT INTO price (productId, AreaId, num, price) VALUES 
                        (" . (int)$id . ", 0, " . $num_value . ", '" . $price_value . "')";
                mysqli_query($conn, $sql);
            }
        }
    }
}

// Redirect after save
mysqli_close($conn);
header("Location: " . $redirect_url);
exit();