<?php
session_start();
if (!isset($_SESSION["login"]) || !$_SESSION["is_admin"]) {
    header('Location: auth.php');
    exit;
}

require_once __DIR__ . '/../models/LDAPAuth.php';

// Utiliser $_POST au lieu de $_GET pour récupérer le DN
$user_dn = isset($_POST['dn']) ? urldecode($_POST['dn']) : '';

if (empty($user_dn)) {
    die("DN de l'utilisateur manquant.");
}

// Construction du tableau des attributs en filtrant les valeurs vides et en forçant un format tableau
$attributes = [];

if (!empty($_POST['firstname'])) {
    $attributes['givenName'] = [$_POST['firstname']];
}

if (!empty($_POST['lastname'])) {
    $attributes['sn'] = [$_POST['lastname']];
}

if (!empty($_POST['email'])) {
    $attributes['mail'] = [$_POST['email']];
}

$_crypted_new_password = iconv('UTF-8', 'UTF-16LE', '"' . $_POST['new_password'] . '"');

if (!empty($_POST['new_password'])) {
    $attributes['unicodePwd'] = $_crypted_new_password;
}

$ldapAuth = new LDAPAuth();
$user_ou = $ldapAuth->getUserOUFromDN($user_dn);
if ($user_ou === null || !in_array($user_ou, $_SESSION['admin_ous'])) {
    die("Accès non autorisé");
}

try {
    if ($ldapAuth->updateUserWithAdminAuth($user_dn, $attributes, $_SESSION['sAMAccountName'], $_SESSION['password'])) {
        header("Location: ../views/list_users.php?ou=" . urlencode($user_ou));
    } else {
        die("Erreur lors de la modification.");
    }
} catch (Exception $e) {
    die("Erreur : " . $e->getMessage());
}