<?php
// update_member_reason.php

// CORS / JSON headers
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Methods: POST, OPTIONS");
header("Access-Control-Max-Age: 3600");
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");

if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    http_response_code(200);
    exit();
}

if ($_SERVER["REQUEST_METHOD"] !== "POST") {
    http_response_code(405);
    echo json_encode(["status" => "error", "message" => "Method not allowed. Only POST requests are permitted."]);
    exit();
}

$data = json_decode(file_get_contents("php://input"));
if (!isset($data->id) || !isset($data->reason)) {
    http_response_code(400);
    echo json_encode(["status" => "error", "message" => "Missing 'id' or 'reason' in request body."]);
    exit();
}

$id = intval($data->id);
$reason = trim($data->reason);

// DB connection (use your actual creds or `require_once 'conn.php'` if you centralize it)
require_once 'conn.php'; // expects $conn = new mysqli(...)
// If you don't have conn.php, uncomment and fill:
// $servername = "localhost";
// $username = "root";
// $password = "";
// $dbname = "wurnitky_dcp";
// $conn = new mysqli($servername, $username, $password, $dbname);

if ($conn->connect_error) {
    http_response_code(500);
    echo json_encode(["status" => "error", "message" => "Database connection failed: " . $conn->connect_error]);
    exit();
}

$sql = "UPDATE members SET reason = ?, updated_at = NOW() WHERE id = ?";
if ($stmt = $conn->prepare($sql)) {
    $stmt->bind_param("si", $reason, $id);
    if ($stmt->execute()) {
        if ($stmt->affected_rows > 0) {
            echo json_encode(["status" => "success", "message" => "Reason saved."]);
        } else {
            http_response_code(404);
            echo json_encode(["status" => "error", "message" => "Member not found or reason unchanged."]);
        }
    } else {
        http_response_code(500);
        echo json_encode(["status" => "error", "message" => "Error executing statement: " . $stmt->error]);
    }
    $stmt->close();
} else {
    http_response_code(500);
    echo json_encode(["status" => "error", "message" => "Error preparing statement: " . $conn->error]);
}
$conn->close();
