<?php
// File: /admin/ucf_team_handler.php
require_once '../session_init.php';
require_once '../db.php';

// Security check
if (!isset($_SESSION['user_id']) || $_SESSION['role'] !== 'admin') {
    die("Access Denied");
}

$upload_dir = "../uploads/team/";
if (!is_dir($upload_dir)) mkdir($upload_dir, 0777, true);

// --- ADD NEW MEMBER ---
if (isset($_POST['add'])) {
    $name = trim($_POST['name']);
    $role_level = trim($_POST['role_level']);
    $designation = trim($_POST['designation']);
    $description = trim($_POST['description']);
    $photo_path = '';

    if (!empty($_FILES['photo']['name'])) {
        $filename = time() . '_' . basename($_FILES['photo']['name']);
        $target_path = $upload_dir . $filename;
        if (move_uploaded_file($_FILES['photo']['tmp_name'], $target_path)) {
            $photo_path = '/uploads/team/' . $filename;
        }
    }

    $stmt = $conn->prepare("INSERT INTO ucf_team (name, role_level, designation, description, photo_path) VALUES (?, ?, ?, ?, ?)");
    $stmt->bind_param("sssss", $name, $role_level, $designation, $description, $photo_path);
    $stmt->execute();
    $stmt->close();

    header("Location: ucf_team_manage.php?status=added");
    exit();
}

// --- UPDATE MEMBER ---
if (isset($_POST['update'])) {
    $id = (int)$_POST['id'];
    $name = trim($_POST['name']);
    $role_level = trim($_POST['role_level']);
    $designation = trim($_POST['designation']);
    $description = trim($_POST['description']);

    $photo_sql = '';
    if (!empty($_FILES['photo']['name'])) {
        $filename = time() . '_' . basename($_FILES['photo']['name']);
        $target_path = $upload_dir . $filename;
        if (move_uploaded_file($_FILES['photo']['tmp_name'], $target_path)) {
            $photo_path = '/uploads/team/' . $filename;
            $photo_sql = ", photo_path='$photo_path'";
        }
    }

    $sql = "UPDATE ucf_team SET name=?, role_level=?, designation=?, description=? $photo_sql WHERE id=?";
    $stmt = $conn->prepare($sql);
    $stmt->bind_param("ssssi", $name, $role_level, $designation, $description, $id);
    $stmt->execute();
    $stmt->close();

    header("Location: ucf_team_manage.php?status=updated");
    exit();
}

// --- DELETE MEMBER ---
if (isset($_GET['delete'])) {
    $id = (int)$_GET['delete'];
    $conn->query("DELETE FROM ucf_team WHERE id=$id");
    header("Location: ucf_team_manage.php?status=deleted");
    exit();
}

header("Location: ucf_team_manage.php");
exit();
?>