<?php
session_start();

// ======= CONFIG =======
$host = 'localhost';
$db   = 'fantasy_ai';
$user = 'root';
$pass = '';
$charset = 'utf8mb4';

$options = [
  PDO::ATTR_ERRMODE            => PDO::ERRMODE_EXCEPTION,
  PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
];
$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
try {
  $pdo = new PDO($dsn, $user, $pass, $options);
} catch (Exception $e) {
  die("DB Connection failed: " . $e->getMessage());
}

// ======= DB TABLES SETUP =======
$pdo->exec("
CREATE TABLE IF NOT EXISTS users (
  uid INT AUTO_INCREMENT PRIMARY KEY,
  username VARCHAR(50) UNIQUE,
  password VARCHAR(255),
  is_admin TINYINT(1) DEFAULT 0,
  badges VARCHAR(255) DEFAULT '',
  created_at DATETIME DEFAULT CURRENT_TIMESTAMP
);
");

$pdo->exec("
CREATE TABLE IF NOT EXISTS predictions (
  id INT AUTO_INCREMENT PRIMARY KEY,
  uid INT,
  prediction VARCHAR(10),
  actual VARCHAR(10),
  confidence INT,
  created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
  FOREIGN KEY (uid) REFERENCES users(uid) ON DELETE CASCADE
);
");

$pdo->exec("
CREATE TABLE IF NOT EXISTS stats (
  uid INT PRIMARY KEY,
  wins INT DEFAULT 0,
  losses INT DEFAULT 0,
  FOREIGN KEY (uid) REFERENCES users(uid) ON DELETE CASCADE
);
");

// ======= UTIL FUNCTIONS =======
function is_logged_in() {
  return isset($_SESSION['uid']);
}

function is_admin() {
  return isset($_SESSION['is_admin']) && $_SESSION['is_admin'] == 1;
}

function redirect($url) {
  header("Location: $url");
  exit;
}

function hash_password($pass) {
  return password_hash($pass, PASSWORD_DEFAULT);
}

function verify_password($pass, $hash) {
  return password_verify($pass, $hash);
}

// ======= AUTH HANDLER =======
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['action'])) {
  $action = $_POST['action'];

  if ($action === 'register') {
    $username = trim($_POST['username'] ?? '');
    $password = $_POST['password'] ?? '';

    if (!$username || !$password) {
      echo json_encode(['status' => 'error', 'msg' => 'Fill username and password']);
      exit;
    }

    $stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
    $stmt->execute([$username]);
    if ($stmt->fetch()) {
      echo json_encode(['status' => 'error', 'msg' => 'Username taken']);
      exit;
    }

    $hash = hash_password($password);
    $stmt = $pdo->prepare("INSERT INTO users (username, password) VALUES (?, ?)");
    $stmt->execute([$username, $hash]);
    echo json_encode(['status' => 'success', 'msg' => 'Registered!']);
    exit;
  }

  if ($action === 'login') {
    $username = trim($_POST['username'] ?? '');
    $password = $_POST['password'] ?? '';

    if (!$username || !$password) {
      echo json_encode(['status' => 'error', 'msg' => 'Fill username and password']);
      exit;
    }

    $stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
    $stmt->execute([$username]);
    $user = $stmt->fetch();

    if (!$user || !verify_password($password, $user['password'])) {
      echo json_encode(['status' => 'error', 'msg' => 'Wrong creds']);
      exit;
    }

    $_SESSION['uid'] = $user['uid'];
    $_SESSION['username'] = $user['username'];
    $_SESSION['is_admin'] = $user['is_admin'];
    echo json_encode(['status' => 'success', 'msg' => 'Logged in']);
    exit;
  }

  if ($action === 'logout') {
    session_destroy();
    echo json_encode(['status' => 'success', 'msg' => 'Logged out']);
    exit;
  }

  // User must be logged in for below
  if (!is_logged_in()) {
    echo json_encode(['status' => 'error', 'msg' => 'Not logged in']);
    exit;
  }

  $uid = $_SESSION['uid'];

  // Save Prediction
  if ($action === 'save_prediction') {
    $prediction = $_POST['prediction'] ?? '';
    $actual = $_POST['actual'] ?? '';
    $confidence = (int)($_POST['confidence'] ?? 0);

    if (!$prediction || !$actual) {
      echo json_encode(['status' => 'error', 'msg' => 'Missing prediction or actual']);
      exit;
    }

    $stmt = $pdo->prepare("INSERT INTO predictions (uid, prediction, actual, confidence) VALUES (?, ?, ?, ?)");
    $stmt->execute([$uid, $prediction, $actual, $confidence]);

    echo json_encode(['status' => 'success']);
    exit;
  }

  // Save Stats
  if ($action === 'save_stats') {
    $wins = (int)($_POST['wins'] ?? 0);
    $losses = (int)($_POST['losses'] ?? 0);

    $stmt = $pdo->prepare("REPLACE INTO stats (uid, wins, losses) VALUES (?, ?, ?)");
    $stmt->execute([$uid, $wins, $losses]);

    echo json_encode(['status' => 'success']);
    exit;
  }

  // Get Leaderboard
  if ($action === 'get_leaderboard') {
    $stmt = $pdo->query("SELECT u.username, s.wins, s.losses FROM stats s JOIN users u ON s.uid = u.uid ORDER BY s.wins DESC LIMIT 10");
    echo json_encode($stmt->fetchAll());
    exit;
  }

  // Export user data
  if ($action === 'export_user') {
    $stmt1 = $pdo->prepare("SELECT * FROM stats WHERE uid = ?");
    $stmt1->execute([$uid]);
    $stats = $stmt1->fetch();

    $stmt2 = $pdo->prepare("SELECT * FROM predictions WHERE uid = ?");
    $stmt2->execute([$uid]);
    $predictions = $stmt2->fetchAll();

    echo json_encode(['stats' => $stats, 'predictions' => $predictions]);
    exit;
  }

  // Import user data
  if ($action === 'import_user') {
    $data = json_decode($_POST['data'], true);
    if (!$data || !isset($data['stats'], $data['predictions'])) {
      echo json_encode(['status' => 'error', 'msg' => 'Invalid data']);
      exit;
    }

    $stmt = $pdo->prepare("REPLACE INTO stats (uid, wins, losses) VALUES (?, ?, ?)");
    $stmt->execute([$uid, $data['stats']['wins'], $data['stats']['losses']]);

    foreach ($data['predictions'] as $p) {
      $stmt = $pdo->prepare("INSERT INTO predictions (uid, prediction, actual, confidence, created_at) VALUES (?, ?, ?, ?, ?)");
      $stmt->execute([$uid, $p['prediction'], $p['actual'], $p['confidence'], $p['created_at']]);
    }

    echo json_encode(['status' => 'success', 'msg' => 'Imported']);
    exit;
  }

  // Admin Only: Get user by username
  if ($action === 'admin_get_user' && is_admin()) {
    $searchUser = $_POST['search'] ?? '';
    $stmt = $pdo->prepare("SELECT uid, username, badges FROM users WHERE username LIKE ?");
    $stmt->execute(["%$searchUser%"]);
    $users = $stmt->fetchAll();

    echo json_encode($users);
    exit;
  }

  // Admin Only: Delete user by uid
  if ($action === 'admin_delete_user' && is_admin()) {
    $delUid = (int)($_POST['uid'] ?? 0);
    if ($delUid) {
      $stmt = $pdo->prepare("DELETE FROM users WHERE uid = ?");
      $stmt->execute([$delUid]);
      echo json_encode(['status' => 'success', 'msg' => 'User deleted']);
      exit;
    }
    echo json_encode(['status' => 'error', 'msg' => 'Invalid user']);
    exit;
  }
}

// ======= IF NOT LOGGED IN SHOW LOGIN/REGISTER =======
if (!is_logged_in()):
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>FantasyGem AI Login 💎</title>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<style>
  body { background:#0f0f1a; color:#fff; font-family:sans-serif; display:flex; flex-direction:column; align-items:center; justify-content:center; height:100vh; margin:0; }
  input, button { padding:10px; margin:5px; border-radius:5px; border:none; }
  button { background:#00ff88; color:#000; font-weight:bold; cursor:pointer; }
  #msg { color:#f00; margin-top:10px; }
</style>
</head>
<body>
  <h1>FantasyGem AI Login 💎</h1>

  <div>
    <input id="username" placeholder="Username" /><br/>
    <input id="password" type="password" placeholder="Password" /><br/>
    <button onclick="login()">Login</button>
    <button onclick="showRegister()">Register</button>
  </div>

  <div id="registerForm" style="display:none;">
    <h2>Register New Account</h2>
    <input id="regUsername" placeholder="Username" /><br/>
    <input id="regPassword" type="password" placeholder="Password" /><br/>
    <button onclick="register()">Register</button>
    <button onclick="showLogin()">Cancel</button>
  </div>

  <p id="msg"></p>

<script>
function login() {
  const username = document.getElementById('username').value.trim();
  const password = document.getElementById('password').value;
  fetch('', {
    method: 'POST',
    body: new URLSearchParams({action:'login', username, password})
  }).then(r => r.json()).then(j => {
    if(j.status === 'success') location.reload();
    else showMsg(j.msg);
  });
}

function register() {
  const username = document.getElementById('regUsername').value.trim();
  const password = document.getElementById('regPassword').value;
  fetch('', {
    method: 'POST',
    body: new URLSearchParams({action:'register', username, password})
  }).then(r => r.json()).then(j => {
    if(j.status === 'success') {
      showMsg('Registered! Please login.');
      showLogin();
    } else {
      showMsg(j.msg);
    }
  });
}

function showRegister() {
  document.getElementById('registerForm').style.display = 'block';
}

function showLogin() {
  document.getElementById('registerForm').style.display = 'none';
}

function showMsg(msg) {
  document.getElementById('msg').textContent = msg;
}
</script>
</body>
</html>
<?php
exit;
endif;

// ======= MAIN APP FOR LOGGED USERS =======

?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<title>FantasyGem AI Dashboard 💎</title>
<meta name="viewport" content="width=device-width, initial-scale=1" />
<script src="https://cdn.tailwindcss.com"></script>
<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
<style>
  body { background:#0f0f1a; color:#fff; font-family:'Segoe UI', sans-serif; }
  .glass { background: rgba(255,255,255,0.04); border:1px solid rgba(0,255,136,0.1); border-radius:1rem; backdrop-filter: blur(10px); padding:1.2rem; margin-bottom:1rem; }
  .glow { text-shadow: 0 0 5px #00ff88; }
  .tab { display:none; }
  .active { display:block; }
  .flex { display:flex; }
  .space-x-4 > * + * { margin-left:1rem; }
  button { cursor:pointer; }
  .input-text { background:#111; border:none; color:#0f0; padding:0.3rem 0.5rem; border-radius:0.3rem; }
  .badge { background:#0f0; color:#000; padding:2px 6px; border-radius:4px; font-weight:bold; font-size:0.75rem; }
</style>
</head>
<body class="p-4">

<div class="flex justify-between items-center mb-4">
  <h1 class="text-3xl font-bold glow">FantasyGem AI 🚀</h1>
  <div>
    <span class="mr-4">Hello, <strong><?=htmlspecialchars($_SESSION['username'])?></strong> <?=is_admin() ? '(Admin)' : ''?></span>
    <button onclick="logout()" class="bg-red-600 px-3 py-1 rounded">Logout</button>
  </div>
</div>

<div class="flex space-x-4 mb-4">
  <button class="tab-btn px-4 py-2 bg-green-600 rounded" onclick="showTab('dash')">Dashboard</button>
  <button class="tab-btn px-4 py-2 bg-cyan-600 rounded" onclick="showTab('history')">History</button>
  <button class="tab-btn px-4 py-2 bg-yellow-600 rounded" onclick="showTab('leader')">Leaderboard</button>
  <button class="tab-btn px-4 py-2 bg-purple-600 rounded" onclick="showTab('export')">Export/Import</button>
  <?php if(is_admin()): ?>
  <button class="tab-btn px-4 py-2 bg-red-600 rounded" onclick="showTab('admin')">Admin Panel</button>
  <?php endif; ?>
</div>

<div id="dash" class="tab active glass">
  <h2 class="text-2xl font-bold glow">Prediction Dashboard</h2>
  <p id="predictionResult" class="text-green-400 text-xl font-bold">Predicting...</p>
  <p id="confidenceLine" class="text-sm text-gray-300">Confidence: --%</p>
  <canvas id="chart" height="120" class="mt-4"></canvas>
</div>

<div id="history" class="tab glass">
  <h2 class="text-lg font-bold text-cyan-300">Prediction History 📜</h2>
  <div id="historyList" class="text-sm mt-2 space-y-1"></div>
</div>

<div id="leader" class="tab glass">
  <h2 class="text-lg font-bold text-yellow-300">PvP Leaderboard 🏆</h2>
  <div id="leaderboard" class="text-sm mt-2 space-y-1"></div>
</div>

<div id="export" class="tab glass">
  <h2 class="text-lg font-bold text-purple-300">Export / Import 🧬</h2>
  <button class="bg-green-700 px-3 py-1 rounded" onclick="exportData()">⬇ Export Data</button><br/>
  <input type="file" id="importFile" class="mt-2 mb-2" />
  <button class="bg-red-700 px-3 py-1 rounded" onclick="importData()">⬆ Import Data</button>
  <pre id="exportOutput" class="text-xs mt-4 bg-black p-2 rounded"></pre>
</div>

<?php if(is_admin()): ?>
<div id="admin" class="tab glass">
  <h2 class="text-lg font-bold text-red-400">Admin Panel 🛠️</h2>
  <input type="text" id="searchUser" placeholder="Search user by username" class="input-text" />
  <button onclick="adminSearch()" class="bg-red-600 px-2 py-1 rounded">Search</button>
  <div id="adminResults" class="text-xs mt-2 bg-black p-2 rounded max-h-48 overflow-y-auto"></div>
</div>
<?php endif; ?>

<script src="https://cdn.jsdelivr.net/npm/chart.js"></script>
<script>
let stats = { w: 0, l: 0 };
let streak = 0;
let lastPrediction = null;

function showTab(id) {
  document.querySelectorAll('.tab').forEach(t => t.classList.remove('active'));
  document.getElementById(id).classList.add('active');
}

async function fetchHistoryAndPredict() {
  try {
    const res = await fetch('https://draw.ar-lottery01.com/WinGo/WinGo_30S/GetHistoryIssuePage.json');
    const json = await res.json();
    const list = json?.data?.list?.slice(0, 10) || [];

    function toBigSmall(num) { return num >= 5 ? 'BIG' : 'SMALL'; }
    const results = list.map(i => toBigSmall(parseInt(i.number)));

    // Markov Chain AI Prediction
    function mmlBrain(history) {
      if (history.length < 2) return { prediction: 'BIG', confidence: 50 };
      const t = { BIG: { BIG: 0, SMALL: 0 }, SMALL: { BIG: 0, SMALL: 0 } };
      for(let i=0; i < history.length - 1; i++) t[history[i]][history[i+1]]++;
      const last = history[0], big = t[last].BIG, small = t[last].SMALL;
      const total = big + small || 1;
      return {
        prediction: big >= small ? 'BIG' : 'SMALL',
        confidence: Math.round((Math.max(big, small)/total)*100)
      };
    }

    const {prediction, confidence} = mmlBrain(results);
    lastPrediction = prediction;
    const actual = results[1];

    document.getElementById('predictionResult').textContent = '🔮 ' + prediction;
    document.getElementById('confidenceLine').textContent = 'Confidence: ' + confidence + '%';

    await savePrediction(prediction, actual, confidence);
    updateStats(actual === prediction);
    renderChart(results);
    renderHistory(list);
  } catch(e) {
    console.error('API Fetch fail 💀', e);
  }
}

async function savePrediction(pred, actual, conf) {
  const fd = new FormData();
  fd.append('action', 'save_prediction');
  fd.append('prediction', pred);
  fd.append('actual', actual);
  fd.append('confidence', conf);
  await fetch('', { method: 'POST', body: fd });
}

async function updateStats(correct) {
  if (correct) {
    stats.w++;
    streak++;
  } else {
    stats.l++;
    streak = 0;
  }

  const fd = new FormData();
  fd.append('action', 'save_stats');
  fd.append('wins', stats.w);
  fd.append('losses', stats.l);
  await fetch('', { method: 'POST', body: fd });
}

function renderChart(data) {
  const ctx = document.getElementById('chart').getContext('2d');
  const chartData = data.map(x => x === 'BIG' ? 1 : 0);
  if (window.myChart) {
    myChart.data.datasets[0].data = chartData;
    myChart.update();
  } else {
    window.myChart = new Chart(ctx, {
      type: 'line',
      data: {
        labels: data.map((_, i) => '#' + (i + 1)),
        datasets: [{
          data: chartData,
          label: 'Trend',
          borderColor: '#00ff88',
          fill: true,
          backgroundColor: 'rgba(0,255,136,0.1)',
          tension: 0.3
        }]
      },
      options: {
        scales: {
          y: {
            min: 0, max: 1,
            ticks: {
              callback: v => v === 1 ? 'BIG' : 'SMALL',
              color: '#00ff88'
            },
            grid: { color: 'rgba(0,255,136,0.05)' }
          },
          x: {
            ticks: { color: '#00ff88' },
            grid: { color: 'rgba(0,255,136,0.05)' }
          }
        },
        plugins: { legend: { display: false } }
      }
    });
  }
}

function renderHistory(list) {
  const el = document.getElementById('historyList');
  el.innerHTML = '';
  list.forEach(item => {
    const val = parseInt(item.number);
    const bs = val >= 5 ? 'BIG' : 'SMALL';
    el.innerHTML += `
      <div class="flex justify-between border-b border-gray-700/30 py-1">
        <span>${item.issueNumber}</span>
        <span class="${bs === 'BIG' ? 'text-green-400' : 'text-pink-400'}">${bs} (${val})</span>
      </div>
    `;
  });
}

async function loadLeaderboard() {
  const fd = new FormData();
  fd.append('action', 'get_leaderboard');
  const res = await fetch('', { method: 'POST', body: fd });
  const json = await res.json();
  const board = document.getElementById('leaderboard');
  board.innerHTML = '';
  json.forEach((row, i) => {
    board.innerHTML += `<div class="flex justify-between"><span>#${i+1} ${row.username}</span><span class="text-yellow-300">${row.wins}W / ${row.losses}L</span></div>`;
  });
}

async function exportData() {
  const fd = new FormData();
  fd.append('action', 'export_user');
  const res = await fetch('', { method: 'POST', body: fd });
  const json = await res.json();
  const blob = new Blob([JSON.stringify(json, null, 2)], {type: 'application/json'});
  const url = URL.createObjectURL(blob);
  const a = document.createElement('a');
  a.href = url;
  a.download = `fantasy_${encodeURIComponent('<?= $_SESSION['username']?>')}.json`;
  a.click();
  document.getElementById('exportOutput').textContent = JSON.stringify(json, null, 2);
}

async function importData() {
  const file = document.getElementById('importFile').files[0];
  if (!file) return alert('Select a file 💀');
  const reader = new FileReader();
  reader.onload = async () => {
    const fd = new FormData();
    fd.append('action', 'import_user');
    fd.append('data', reader.result);
    const res = await fetch('', { method: 'POST', body: fd });
    const json = await res.json();
    alert(json.status === 'success' ? 'Imported ✅' : 'Import failed');
  };
  reader.readAsText(file);
}

async function logout() {
  const fd = new FormData();
  fd.append('action', 'logout');
  await fetch('', { method: 'POST', body: fd });
  location.reload();
}

// Admin panel functions
async function adminSearch() {
  const search = document.getElementById('searchUser').value.trim();
  if (!search) return alert('Type username to search 💀');
  const fd = new FormData();
  fd.append('action', 'admin_get_user');
  fd.append('search', search);
  const res = await fetch('', { method: 'POST', body: fd });
  const users = await res.json();
  const el = document.getElementById('adminResults');
  if(users.length === 0) el.textContent = 'No users found';
  else {
    el.innerHTML = '';
    users.forEach(u => {
      el.innerHTML += `<div class="flex justify-between border-b border-gray-700/30 py-1">
        <span>${u.username} (UID: ${u.uid})</span>
        <button onclick="adminDelete(${u.uid})" class="bg-red-700 px-1 rounded text-xs">Delete</button>
      </div>`;
    });
  }
}

async function adminDelete(uid) {
  if(!confirm('Delete this user?')) return;
  const fd = new FormData();
  fd.append('action', 'admin_delete_user');
  fd.append('uid', uid);
  const res = await fetch('', { method: 'POST', body: fd });
  const json = await res.json();
  alert(json.msg);
  adminSearch();
}

// Init
fetchHistoryAndPredict();
loadLeaderboard();
setInterval(fetchHistoryAndPredict, 30000);

</script>
</body>
</html>