<?php
include_once 'db_connect.php';
include_once 'check_allowed_ip.php';

$clientIP = $_SERVER['REMOTE_ADDR'];

if (!isAllowedIP($clientIP, $allowedSubnets)) {
    http_response_code(403); // Set response code to 403
    header('Content-Type: application/json');
    echo json_encode([
        'status' => 'error',
        'message' => 'Access denied: Your IP is not authorized to delete records.'
    ]);
    exit;
}

$id = $_GET['id'];

// Fetch the anime name and year before deleting
$stmt = $conn->prepare("SELECT name, `year` FROM anime_list WHERE id = :id");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();
$anime = $stmt->fetch(PDO::FETCH_ASSOC);

if (!$anime) {
    echo 'No anime found with id ' . htmlspecialchars($id);
    exit;
}

$anime_name = $anime['name'];
$anime_year = $anime['year'];

// Delete the record
$stmt = $conn->prepare("DELETE FROM anime_list WHERE id = :id");
$stmt->bindParam(':id', $id, PDO::PARAM_INT);
$stmt->execute();

// Log the action
// $action_time = new DateTime('now', new DateTimeZone('GMT+5'));
// $action_time_formatted = $action_time->format('Y-m-d H:i:s');
// $ip_address = $_SERVER['REMOTE_ADDR'];
// $action_type = 'deleting';

// $log_stmt = $conn->prepare("INSERT INTO action_logs (action_time, ip_address, anime_name, action_type, `year`) VALUES (:action_time, :ip_address, :anime_name, :action_type, :anime_year)");
// $log_stmt->bindParam(':action_time', $action_time_formatted);
// $log_stmt->bindParam(':ip_address', $ip_address);
// $log_stmt->bindParam(':anime_name', $anime_name);
// $log_stmt->bindParam(':action_type', $action_type);
// $log_stmt->bindParam(':anime_year', $anime_year, PDO::PARAM_INT);
// $log_stmt->execute();
?>