<?php
    
require_once './Includes/auth.php';
    require_once 
'./Includes/rbac.php';
    
redirect_if_not_logged_in();

    if (!
can_create_requests()) {
        die(
'<div class="alert alert-error">Access Denied</div>');
    }

    if (
$_SERVER['REQUEST_METHOD'] === 'POST') {
        
$workflow_id intval($_POST['workflow_id']);
        
$user_id get_current_user_id();
        
$dateInserted date('Y-m-d H:i:s');
        
        
// get first state
        
$state_sql "SELECT pk_state FROM workflowManager_State 
                    WHERE fk_Workflow_transitionsThrough = 
$workflow_id 
                    ORDER BY stateNumber ASC LIMIT 1"
;
        
$state_result mysqli_query($conn$state_sql);
        
$state_row mysqli_fetch_assoc($state_result);
        
$state_id $state_row['pk_state'];
        
        
// insert request
        
$req_sql "INSERT INTO workflowManager_Request 
                    (fk_Workflow_triggers, fk_State_progressesThrough, fk_User_submittedBy, dateInserted)
                    VALUES (
$workflow_id$state_id$user_id, '$dateInserted')";
        
mysqli_query($conn$req_sql);
        
        
// return the request id of the current query and save it in the $request_id variable
        
$request_id mysqli_insert_id($conn);
        
        
// insert data fields
        
foreach ($_POST as $key => $value) {
            if (
strpos($key'field_') === 0) {
                
$field_id str_replace('field_'''$key);
                
$escaped_value mysqli_real_escape_string($conn$value);
                
$data_sql "INSERT INTO workflowManager_Data 
                            (fk_Request_contains, fk_Field_define, value)
                            VALUES (
$request_id$field_id, '$escaped_value')";
                
mysqli_query($conn$data_sql);
            }
        }
        
        echo 
"<div class='alert alert-success'>Request submitted successfully!</div>";
    }

    
$workflows_sql "SELECT pk_workflow, title FROM workflowManager_Workflow";
    
$workflows_result mysqli_query($conn$workflows_sql);
?>

<h2>Submit New Request</h2>
<form method="POST" id="request-form">
    <div class="form-group">
        <label for="workflow">Workflow:</label>
        <select name="workflow_id" id="select-workflow" required>
            <optgroup label="-- Select Workflow --"></optgroup>
            <?php while ($wf mysqli_fetch_assoc($workflows_result)): ?>
                <option value="<?= $wf['pk_workflow'?>">
                    <?= htmlspecialchars($wf['title']) ?></option>
            <?php endwhile; ?>
        </select>
    </div>
    <div id="workflow-fields-container" class="workflow-fields"></div>
    
    <button type="submit" class="btn">Submit Request</button>
</form>

<script>
document.getElementById('select-workflow').addEventListener('change', function() {
    const workflowId = this.value;
    const container = document.getElementById('workflow-fields-container');
    container.innerHTML = '';

    if (workflowId) {
        fetch(`Ajax/get_fields.php?workflow_id=${workflowId}`)
            .then(response => response.text())
            .then(html => {
                container.innerHTML = html;
            });
    }
});
</script>