<?php
session_start();
require_once dirname(__DIR__) . '/public_html/sites/config/config.php';
require_once 'view_non_tech.php';    // contains getNonTechApplicationHtml
require_once 'view_tech.php';        // contains getTechSummaryHtml
require_once 'view_scientist.php';   // contains getScientistSummaryHtml

if (!isset($_SESSION['admin_logged_in']) || !in_array($_SESSION['admin_role'], ['superadmin', 'manager', 'reviewer'])) {
    header("Location: admin_dashboard.php");
    // echo $_SESSION['admin_role'];

    exit;
}

// 1) basic session checks
if (
    empty($_SESSION['admin_id']) || empty($_SESSION['session_token'])
) {
    header("Location: admin_login.php");
    exit;
}

// 2) pull the token (and role) from the database
$stmt = $conn->prepare("SELECT session_token FROM admin_users WHERE id = ?");
$stmt->bind_param("i", $_SESSION['admin_id']);
$stmt->execute();
$result = $stmt->get_result()->fetch_assoc();
$stmt->close();

// 3) if the DB token is gone or doesn’t match the session’s, force logout
if (
    ! $result || $result['session_token'] !== $_SESSION['session_token']
) {
    session_unset();
    session_destroy();
    header("Location: admin_login.php?error=" . urlencode("Your session has expired."));
    exit;
}


$application_id = $_GET['application_id'] ?? 0;
$type = $_GET['type'] ?? '';

if (!$application_id || !$type) {
    die("<div style='color:#a00;text-align:center;margin-top:50px;'>Invalid parameters.</div>");
}

if ($type == 'non-tech') {
    echo getNonTechApplicationHtml($application_id);
} elseif ($type == 'tech') {
    echo getTechSummaryHtml($application_id);
} elseif ($type == 'scientist') {
    echo getScientistSummaryHtml($application_id);
} else {
    echo "<div style='color:#a00;text-align:center;margin-top:50px;'>Unknown application type.</div>";
}