<?php
session_start();
include "koneksi.php";

if (!isset($_SESSION['user_id'])) {
    echo json_encode(['success' => false, 'message' => 'Not logged in']);
    exit;
}

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    $user_id = $_SESSION['user_id'];
    $amount = intval($_POST['amount']);
    $bank_method = $_POST['bank_method'];
    
    // Validasi
    if ($amount <= 0 || $amount > 1000000) {
        echo json_encode(['success' => false, 'message' => 'Invalid amount']);
        exit;
    }
    
    // Update balance di database
    $sql = "UPDATE users SET balance = balance + ? WHERE id = ?";
    $stmt = mysqli_prepare($conn, $sql);
    mysqli_stmt_bind_param($stmt, "ii", $amount, $user_id);
    
    if (mysqli_stmt_execute($stmt)) {
        // Get new balance
        $sql2 = "SELECT balance FROM users WHERE id = ?";
        $stmt2 = mysqli_prepare($conn, $sql2);
        mysqli_stmt_bind_param($stmt2, "i", $user_id);
        mysqli_stmt_execute($stmt2);
        $result = mysqli_stmt_get_result($stmt2);
        $user = mysqli_fetch_assoc($result);
        
        // Update session
        $_SESSION['balance'] = $user['balance'];
        
        // Log transaction
        $log_sql = "INSERT INTO transactions (user_id, type, amount, description) 
                   VALUES (?, 'topup', ?, 'Top up via $bank_method')";
        $log_stmt = mysqli_prepare($conn, $log_sql);
        mysqli_stmt_bind_param($log_stmt, "ii", $user_id, $amount);
        mysqli_stmt_execute($log_stmt);
        
        echo json_encode([
            'success' => true,
            'new_balance' => $user['balance'],
            'message' => 'Top up successful'
        ]);
    } else {
        echo json_encode(['success' => false, 'message' => 'Database error']);
    }
}
?>