// Constants
const MAX_LOGIN_ATTEMPTS = 5;
const LOCKOUT_TIME = 5 * 60 * 1000; // 5 minutes in milliseconds

// Get DOM elements
const loginForm = document.getElementById('loginForm');
const usernameInput = document.getElementById('username');
const passwordInput = document.getElementById('password');
const errorMessage = document.getElementById('errorMessage');
const togglePasswordBtn = document.querySelector('.toggle-password');

// Initialize login attempts
let loginAttempts = parseInt(localStorage.getItem('loginAttempts') || '0');
let lastAttemptTime = parseInt(localStorage.getItem('lastAttemptTime') || '0');

// Get redirect URL from query parameters
function getRedirectUrl() {
    const params = new URLSearchParams(window.location.search);
    return params.get('redirect') || 'admin.html';
}

// Check if user is already logged in
function checkLoginStatus() {
    if (localStorage.getItem('adminLoggedIn') === 'true') {
        window.location.href = getRedirectUrl();
    }
}

// Check if user is locked out
function isLockedOut() {
    if (loginAttempts >= MAX_LOGIN_ATTEMPTS) {
        const timeSinceLastAttempt = Date.now() - lastAttemptTime;
        if (timeSinceLastAttempt < LOCKOUT_TIME) {
            const remainingTime = Math.ceil((LOCKOUT_TIME - timeSinceLastAttempt) / 1000 / 60);
            errorMessage.textContent = `Too many failed attempts. Please try again in ${remainingTime} minutes.`;
            return true;
        } else {
            // Reset attempts after lockout period
            resetAttempts();
        }
    }
    return false;
}

// Reset login attempts
function resetAttempts() {
    loginAttempts = 0;
    localStorage.setItem('loginAttempts', '0');
    localStorage.removeItem('lastAttemptTime');
}

// Handle login form submission
loginForm.addEventListener('submit', async (e) => {
    e.preventDefault();

    // Clear previous error
    errorMessage.textContent = '';

    // Check for lockout
    if (isLockedOut()) {
        return;
    }

    const username = usernameInput.value.trim();
    const password = passwordInput.value;

    // Basic validation
    if (!username || !password) {
        errorMessage.textContent = 'Please enter both username and password';
        return;
    }

    try {
        // In a real application, this would be an API call to verify credentials
        if (username === 'admin' && password === 'AdminMuhafiz') {
            // Successful login
            localStorage.setItem('adminLoggedIn', 'true');
            resetAttempts();
            
            // Redirect to the intended page
            window.location.href = getRedirectUrl();
        } else {
            // Failed login
            loginAttempts++;
            lastAttemptTime = Date.now();
            localStorage.setItem('loginAttempts', loginAttempts.toString());
            localStorage.setItem('lastAttemptTime', lastAttemptTime.toString());

            if (loginAttempts >= MAX_LOGIN_ATTEMPTS) {
                errorMessage.textContent = 'Too many failed attempts. Please try again in 5 minutes.';
            } else {
                const remainingAttempts = MAX_LOGIN_ATTEMPTS - loginAttempts;
                errorMessage.textContent = `Invalid username or password. ${remainingAttempts} attempts remaining.`;
            }
        }
    } catch (error) {
        errorMessage.textContent = 'An error occurred. Please try again.';
        console.error('Login error:', error);
    }
});

// Toggle password visibility
togglePasswordBtn.addEventListener('click', () => {
    const type = passwordInput.type === 'password' ? 'text' : 'password';
    passwordInput.type = type;
    togglePasswordBtn.innerHTML = `<i class="fas fa-eye${type === 'password' ? '' : '-slash'}"></i>`;
});

// Check login status on page load
document.addEventListener('DOMContentLoaded', checkLoginStatus);

// Clear error message when user starts typing
usernameInput.addEventListener('input', () => errorMessage.textContent = '');
passwordInput.addEventListener('input', () => errorMessage.textContent = '');