<?php
// File: /admin/competition_handler.php
session_start();
require_once __DIR__ . '/../db.php';

// Security: Only admins can access this script
if (!isset($_SESSION['user_id']) || $_SESSION['role'] !== 'admin') {
    die("Access Denied.");
}

// --- HANDLE ADD/EDIT COMPETITION ---
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    if (isset($_POST['add_competition']) || isset($_POST['edit_competition'])) {
        $title = filter_var($_POST['title'], FILTER_SANITIZE_STRING);
        $description = filter_var($_POST['description'], FILTER_SANITIZE_STRING);
        $rules = filter_var($_POST['rules'], FILTER_SANITIZE_STRING);
        $start_date = $_POST['start_date'];
        $end_date = $_POST['end_date'];

        if (isset($_POST['add_competition'])) {
            $stmt = $conn->prepare("INSERT INTO competitions (title, description, rules, start_date, end_date) VALUES (?, ?, ?, ?, ?)");
            $stmt->bind_param("sssss", $title, $description, $rules, $start_date, $end_date);
        } elseif (isset($_POST['edit_competition'])) {
            $id = filter_var($_POST['competition_id'], FILTER_SANITIZE_NUMBER_INT);
            $stmt = $conn->prepare("UPDATE competitions SET title=?, description=?, rules=?, start_date=?, end_date=? WHERE id=?");
            $stmt->bind_param("sssssi", $title, $description, $rules, $start_date, $end_date, $id);
        }
        
        if ($stmt->execute()) {
            header("Location: competitions.php?status=success");
        } else {
            header("Location: competitions.php?status=error");
        }
        $stmt->close();
        exit();
    }

    // --- HANDLE DELETE COMPETITION ---
    if (isset($_POST['delete_competition'])) {
        $id = filter_var($_POST['competition_id'], FILTER_SANITIZE_NUMBER_INT);
        $stmt = $conn->prepare("DELETE FROM competitions WHERE id=?");
        $stmt->bind_param("i", $id);
        
        if ($stmt->execute()) {
            header("Location: competitions.php?status=deleted");
        } else {
            header("Location: competitions.php?status=error");
        }
        $stmt->close();
        exit();
    }
}

// Fallback redirect
header("Location: competitions.php");
exit();
?>