<?php
require_once __DIR__ . '/db.php';
require_once __DIR__ . '/helpers.php';
if ($_SERVER['REQUEST_METHOD'] !== 'POST') jsonResponse(['success' => false, 'message' => 'Method not allowed.'], 405);
$session = requireAuth($pdo);
$userId = (int)$session['user_id'];
ensureUserSessionClean($pdo, $userId);
$data = getJsonInput();
$latitude = isset($data['latitude']) ? (float)$data['latitude'] : null;
$longitude = isset($data['longitude']) ? (float)$data['longitude'] : null;
$accuracy = isset($data['accuracy_meters']) ? (float)$data['accuracy_meters'] : null;
$deviceInfo = trim((string)($data['device_info'] ?? ''));
$ipAddress = $_SERVER['REMOTE_ADDR'] ?? null;
if ($latitude === null || $longitude === null) jsonResponse(['success' => false, 'message' => 'Latitude and longitude are required.'], 422);
$open = getOpenWorkSessionForUser($pdo, $userId);
if ($open) jsonResponse(['success' => false, 'message' => 'You already have an open work session.', 'work_session_id' => (int)$open['id'], 'clock_in_time' => $open['clock_in_time']], 409);
$worksite = getPrimaryWorksite($pdo, $userId);
if (!$worksite) jsonResponse(['success' => false, 'message' => 'No active primary worksite assigned.'], 404);
$distance = haversineDistanceMeters($latitude, $longitude, (float)$worksite['latitude'], (float)$worksite['longitude']);
$allowed = (float)($worksite['allowed_radius_meters'] ?? 0);
$inside = $allowed <= 0 ? true : $distance <= $allowed;
$status = $inside ? 'ON_SITE' : 'OUTSIDE_RADIUS';
if ((int)($worksite['strict_geofence'] ?? 0) === 1 && !$inside) jsonResponse(['success' => false, 'message' => 'Clock-in rejected. You are outside the allowed worksite radius.', 'distance_meters' => round($distance, 2), 'allowed_radius_meters' => (int)$allowed], 403);
$hasSessionDate = apiColumnExists($pdo, 'work_sessions', 'session_date');
$columns = ['user_id','worksite_id','clock_in_time','clock_in_latitude','clock_in_longitude','clock_in_accuracy_meters','clock_in_distance_meters','clock_in_ip_address','clock_in_device_info','clock_in_status','session_status'];
$values = [':user_id',':worksite_id','NOW()',':latitude',':longitude',':accuracy_meters',':distance_meters',':ip_address',':device_info',':clock_in_status',"'OPEN'"];
$params = ['user_id'=>$userId,'worksite_id'=>$worksite['id'],'latitude'=>$latitude,'longitude'=>$longitude,'accuracy_meters'=>$accuracy,'distance_meters'=>round($distance,2),'ip_address'=>$ipAddress,'device_info'=>$deviceInfo,'clock_in_status'=>$status];
if ($hasSessionDate) { array_splice($columns, 2, 0, 'session_date'); array_splice($values, 2, 0, 'CURDATE()'); }
$stmt = $pdo->prepare('INSERT INTO work_sessions (' . implode(',', $columns) . ') VALUES (' . implode(',', $values) . ')');
$stmt->execute($params);
jsonResponse(['success'=>true,'message'=>'Clock-in successful.','work_session_id'=>(int)$pdo->lastInsertId(),'distance_meters'=>round($distance,2),'clock_in_status'=>$status]);