<?php
session_start();
require_once 'database/db_config.php';

// Check if user has admin privileges
require_admin_privileges('login.php');

// Validate request
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
    http_response_code(400);
    echo json_encode(['error' => 'Invalid user ID']);
    exit();
}

$user_id = (int)$_GET['id'];

// Check if designation column exists
$has_designation = false;
$check_column = $conn->query("SHOW COLUMNS FROM users LIKE 'designation'");
if ($check_column->num_rows > 0) {
    $has_designation = true;
}

// Fetch user data with conditional fields
if ($has_designation) {
    // Include designation field if it exists
    $stmt = $conn->prepare("SELECT id, username, email, first_name, last_name, phone, bio, role, status, profile_image, designation, expertise, social_links FROM users WHERE id = ?");
} else {
    // Skip designation field if it doesn't exist
    $stmt = $conn->prepare("SELECT id, username, email, first_name, last_name, phone, bio, role, status, profile_image FROM users WHERE id = ?");
}

$stmt->bind_param("i", $user_id);
$stmt->execute();
$result = $stmt->get_result();

if ($result->num_rows === 0) {
    http_response_code(404);
    echo json_encode(['error' => 'User not found']);
    exit();
}

// Get user data and return as JSON
$user_data = $result->fetch_assoc();

// Sanitize output
$sanitized_data = [];
foreach ($user_data as $key => $value) {
    $sanitized_data[$key] = htmlspecialchars($value ?? '', ENT_QUOTES, 'UTF-8');
}

// Send response
header('Content-Type: application/json');
echo json_encode($sanitized_data);
exit();