<?php
session_start();
header('Content-Type: application/json; charset=utf-8');
require_once '../../config/database.php';

// Check admin authentication
if (!isset($_SESSION['user_id']) || $_SESSION['role'] !== 'admin') {
    echo json_encode(['success' => false, 'message' => 'غير مصرح']);
    exit;
}

$input = file_get_contents('php://input');
$data = json_decode($input, true);

if (!isset($data['id']) || !isset($data['notes'])) {
    echo json_encode(['success' => false, 'message' => 'بيانات غير كاملة']);
    exit;
}

try {
    $database = new Database();
    $conn = $database->getConnection();
    
    $stmt = $conn->prepare("UPDATE skin_quiz_results SET admin_notes = ? WHERE id = ?");
    $stmt->execute([$data['notes'], $data['id']]);
    
    echo json_encode(['success' => true, 'message' => 'تم حفظ الملاحظات بنجاح']);
} catch (Exception $e) {
    echo json_encode(['success' => false, 'message' => $e->getMessage()]);
}
?>