<?php
ob_start();
require('../session.php');

$postID    = $_POST['postID'];
$full_name = trim($_POST['full_name']);
$email     = trim($_POST['email']);
$no_hp     = trim($_POST['no_hp']);
$re_pass   = trim($_POST['pass']);
$kode      = date('YmdHis'); // perbaikan format (huruf kecil ydm jadi YmdHis)

$tipe_gambar = ['image/jpg', 'image/jpeg', 'image/bmp', 'image/png', 'image/x-png'];
$gbr         = $_FILES['image']['name'];
$ukuran      = $_FILES['image']['size'];
$tipe        = $_FILES['image']['type'];
$error       = $_FILES['image']['error'];

$upload_dir = "../../upload/";
$newname    = "";

if (!empty($gbr) && $error === 0) {
    $explode  = explode('.', $gbr);
    $extensi  = strtolower(end($explode));
    $newname  = 'avatar_' . $users . '_' . $kode . '.' . $extensi;

    if (in_array(strtolower($tipe), $tipe_gambar)) {
        move_uploaded_file($_FILES['image']['tmp_name'], $upload_dir . $newname);
    } else {
        header('Location: ' . $urlweb . '/e_user.php?notif=3'); // notif=3 → tipe gambar tidak valid
        exit();
    }
}

// 🧩 Jika password tidak diubah
if (empty($re_pass)) {
    if (!empty($newname)) {
        $query = mysqli_query($conn, "
            UPDATE tb_user 
            SET image='$newname', full_name='$full_name', no_hp='$no_hp', email='$email'
            WHERE cuid='$postID'
        ") or die(mysqli_error($conn));
    } else {
        $query = mysqli_query($conn, "
            UPDATE tb_user 
            SET full_name='$full_name', no_hp='$no_hp', email='$email'
            WHERE cuid='$postID'
        ") or die(mysqli_error($conn));
    }

    header('Location: ' . $urlweb . '/e_user.php?notif=1'); // notif=1 → update berhasil
    exit();
}

// 🔐 Jika password diubah
if (!empty($re_pass)) {
    $pass = password_hash($re_pass, PASSWORD_DEFAULT);

    if (!empty($newname)) {
        mysqli_query($conn, "
            UPDATE tb_user 
            SET image='$newname', pass='$pass', full_name='$full_name', no_hp='$no_hp', email='$email'
            WHERE cuid='$postID'
        ") or die(mysqli_error($conn));
    } else {
        mysqli_query($conn, "
            UPDATE tb_user 
            SET pass='$pass', full_name='$full_name', no_hp='$no_hp', email='$email'
            WHERE cuid='$postID'
        ") or die(mysqli_error($conn));
    }

    // 🔥 LOGOUT PAKSA SETELAH GANTI PASSWORD
    session_unset();
    session_destroy();

    header("Location: /kerbau/index.php");
exit;
}

?>