<?php
if (session_status() === PHP_SESSION_NONE) { session_start(); }
header('Content-Type: application/json');
try {
    $role = $_SESSION['user_role'] ?? '';
    if (!in_array($role, ['chairman_ceo','super_admin','admin'])) {
        echo json_encode(['success'=>false,'error'=>'unauthorized']); exit;
    }
    $raw = file_get_contents('php://input');
    $data = json_decode($raw, true);
    $b64 = $data['pdf_base64'] ?? '';
    if (!$b64) { echo json_encode(['success'=>false,'error'=>'missing_data']); exit; }
    $bin = base64_decode($b64, true);
    if ($bin === false) { echo json_encode(['success'=>false,'error'=>'decode_failed']); exit; }
    if (strlen($bin) > 15 * 1024 * 1024) { echo json_encode(['success'=>false,'error'=>'too_large']); exit; }
    $tmpDir = __DIR__ . '/tmp/letters';
    if (!is_dir($tmpDir)) { @mkdir(__DIR__ . '/tmp', 0775, true); @mkdir($tmpDir, 0775, true); }
    // simple cleanup: remove files older than 3 hours
    foreach (@scandir($tmpDir) ?: [] as $f) {
        if ($f === '.' || $f === '..') continue;
        $p = $tmpDir . '/' . $f;
        if (is_file($p) && @filemtime($p) < time() - 3*3600) { @unlink($p); }
    }
    $name = 'letter_' . uniqid() . '.pdf';
    $path = $tmpDir . '/' . $name;
    if (file_put_contents($path, $bin) === false) { echo json_encode(['success'=>false,'error'=>'write_failed']); exit; }
    // Build public URL (assumes this file lives under web root /Aibenproperties/)
    $base = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on' ? 'https' : 'http') . '://' . ($_SERVER['HTTP_HOST'] ?? 'localhost');
    $basePath = rtrim(dirname($_SERVER['SCRIPT_NAME']), '/\\');
    $url = $base . $basePath . '/tmp/letters/' . $name;
    echo json_encode(['success'=>true,'url'=>$url]);
} catch (Throwable $e) {
    echo json_encode(['success'=>false,'error'=>'server_error']);
}
?>