php
require_once 'includes/auth.php';
require_once 'includes/functions.php';
include 'db/db.php';

if($_SESSION['role'] !== 'distributor'){
    header("Location: login.php");
    exit();
}

$distributor_id = $_SESSION['user_id'];

/* =========================
   VALIDATION
========================= */
if(
    empty($_POST['name']) ||
    empty($_POST['mobile']) ||
    empty($_POST['password'])
){
    die("All required fields must be filled.");
}

$name = mysqli_real_escape_string($conn,$_POST['name']);
$mobile = mysqli_real_escape_string($conn,$_POST['mobile']);
$email = mysqli_real_escape_string($conn,$_POST['email']);
$address = mysqli_real_escape_string($conn,$_POST['address']);
$pan_number = mysqli_real_escape_string($conn,$_POST['pan_number']);
$aadhar_number = mysqli_real_escape_string($conn,$_POST['aadhar_number']);
$gst_number = mysqli_real_escape_string($conn,$_POST['gst_number']);
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);

/* =========================
   DUPLICATE CHECK
========================= */
$check = mysqli_query($conn,"
    SELECT id FROM users 
    WHERE mobile='$mobile'
");

if(mysqli_num_rows($check) > 0){
    die("Mobile already exists.");
}

/* =========================
   GENERATE RETAILOR ID
   (30000–39999)
========================= */
$new_id = generateUserId($conn,'retailor');

/* =========================
   INSERT RETAILOR
========================= */
mysqli_query($conn,"
INSERT INTO users
(
    user_id,
    name,
    mobile,
    email,
    address,
    pan_number,
    aadhar_number,
    gst_number,
    password,
    role,
    parent_id,
    status,
    approval_status,
    kyc_status,
    created_at
)
VALUES
(
    '$new_id',
    '$name',
    '$mobile',
    '$email',
    '$address',
    '$pan_number',
    '$aadhar_number',
    '$gst_number',
    '$password',
    'retailor',
    '$distributor_id',
    1,
    'Pending',
    'Pending',
    NOW()
)
");

header("Location: dashboards/distributor_dashboard.php?created=1");
exit();