import os
import stat

# ==============================================================================
# DEPLOYMENT SCRIPT FOR BLACK-CLOVER (v6 - CSRF Protection Removed)
# ==============================================================================
# This script generates the complete file and folder structure for the
# Black-Clover project. CSRF functionality has been removed to resolve
# persistent validation errors as requested.
#
# WARNING: This version is less secure against Cross-Site Request Forgery
# and is only suitable for strictly local, trusted network environments.
#
# To run:
# 1. Save this file as 'deploy.py'.
# 2. Run from the command line: python deploy.py
# ==============================================================================

PROJECT_NAME = "black-clover"

def create_file(path, content):
    """Creates a file with the given content, ensuring the directory exists."""
    os.makedirs(os.path.dirname(path), exist_ok=True)
    with open(path, "w", encoding="utf-8") as f:
        f.write(content.strip())
    print(f"Created file: {path}")

# ==============================================================================
# --- FILE CONTENTS ---
# ==============================================================================

# --- Config (Outside Web Root) ---
config_php_content = r'''<?php
// ==============================================================================
// Black-Clover - Core Configuration
// ==============================================================================
// This file is NOT web accessible.

define('PROJECT_ROOT', dirname(__DIR__));
define('DB_PATH', PROJECT_ROOT . '/database/database.dat');
define('SESSION_TIMEOUT_SECONDS', 1800); // 30 minutes
define('KDF_OPS_LIMIT', SODIUM_CRYPTO_PWHASH_OPSLIMIT_INTERACTIVE);
define('KDF_MEM_LIMIT', SODIUM_CRYPTO_PWHASH_MEMLIMIT_INTERACTIVE);
error_reporting(E_ALL);
ini_set('display_errors', 1);
'''

# --- PHP Includes ---
bootstrap_php_content = r'''<?php
require_once dirname(__DIR__, 2) . '/config/config.php';

// --- ROBUST DYNAMIC BASE PATH CALCULATION ---
$script_name = str_replace('\\', '/', $_SERVER['SCRIPT_NAME']);
$public_pos = strpos($script_name, '/public/');
if ($public_pos !== false) {
    // We are in a subdirectory. The base path is everything up to and including /public
    $base_path = substr($script_name, 0, $public_pos + strlen('/public'));
} else {
    // If '/public' is not in the URL path, we assume we are running at the document root.
    $base_path = '';
}
define('BASE_PATH', rtrim($base_path, '/'));

if (!extension_loaded('sodium')) { die('The "sodium" PHP extension is required.'); }
function is_api_request() { return strpos($_SERVER['REQUEST_URI'], '/api/') !== false; }
function is_logged_in() { return isset($_SESSION['user_id']); }
function start_secure_session() { $p = ['lifetime' => 0, 'path' => '/', 'domain' => $_SERVER['HTTP_HOST'], 'secure' => isset($_SERVER['HTTPS']), 'httponly' => true, 'samesite' => 'Strict']; session_set_cookie_params($p); session_start(); }
start_secure_session();
function manage_session_security() { if (is_logged_in() && isset($_SESSION['last_activity']) && (time() - $_SESSION['last_activity']) > SESSION_TIMEOUT_SECONDS) { session_unset(); session_destroy(); start_secure_session(); if (is_api_request()) { header('Content-Type: application/json'); http_response_code(401); echo json_encode(['error' => 'Session expired due to inactivity.']); exit; } return; } if (is_logged_in()) { $_SESSION['last_activity'] = time(); } }
manage_session_security();
function get_db_connection() { static $pdo = null; if ($pdo === null) { try { $db_dir = dirname(DB_PATH); if (!is_dir($db_dir)) mkdir($db_dir, 0750, true); $pdo = new PDO('sqlite:' . DB_PATH); $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $pdo->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC); $pdo->exec('PRAGMA journal_mode = WAL;'); } catch (PDOException $e) { die("Database connection failed: " . $e->getMessage()); } } return $pdo; }
function is_setup_needed() { return !file_exists(DB_PATH) || filesize(DB_PATH) === 0; }
'''

header_php_content = r'''<?php
require_once __DIR__ . '/bootstrap.php';
$current_page = basename($_SERVER['PHP_SELF']);

// --- STATE-BASED ROUTING ---
if (is_setup_needed()) {
    if ($current_page !== 'setup.php' && !is_api_request()) {
        header('Location: ' . BASE_PATH . '/setup.php');
        exit;
    }
} 
else {
    $is_logged_in = is_logged_in();
    $auth_pages = ['login.php', 'recovery.php'];
    if (!$is_logged_in) {
        if (!in_array($current_page, $auth_pages)) {
            header('Location: ' . BASE_PATH . '/login.php');
            exit;
        }
    }
    else {
        if (in_array($current_page, ['login.php', 'setup.php', 'index.php'])) {
            header('Location: ' . BASE_PATH . '/dashboard.php');
            exit;
        }
    }
}

$csp_directives = [ "default-src 'self'", "script-src 'self' 'unsafe-inline' 'unsafe-eval' https://cdn.tailwindcss.com https://unpkg.com https://cdn.jsdelivr.net/npm/ https://cdnjs.cloudflare.com/", "style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ https://fonts.googleapis.com/", "font-src 'self' https://cdnjs.cloudflare.com/ https://fonts.gstatic.com/", "connect-src 'self'", "img-src 'self' data: blob:", "frame-ancestors 'none'", "object-src 'none'", "form-action 'self'", "base-uri 'self'" ];
header("Content-Security-Policy: " . implode('; ', $csp_directives));
header("X-Frame-Options: DENY"); header("X-Content-Type-Options: nosniff");
$page_titles = [ 'login.php' => 'Login', 'setup.php' => 'Initial Setup', 'dashboard.php' => 'Account Dashboard', 'user.php' => 'User Management', 'catagory-platform.php' => 'Manage Categories & Platforms', 'change-password.php' => 'Change Password', 'qrcode.php' => 'Scan QR Code', 'recovery.php' => 'Account Recovery' ];
$page_title = ($page_titles[$current_page] ?? 'Dashboard') . ' - Black-Clover';
$username = $_SESSION['username'] ?? '{Username}';
$nav_links = [ 'Scan QR' => ['link' => 'qrcode.php', 'icon' => 'fa-solid fa-qrcode'], 'Catagory-Platform' => ['link' => 'catagory-platform.php', 'icon' => 'fa-solid fa-tags'], 'Change Password' => ['link' => 'change-password.php', 'icon' => 'fa-solid fa-key'], 'Recover' => ['link' => 'recovery.php', 'icon' => 'fa-solid fa-shield-halved'], 'Add User' => ['link' => 'user.php', 'icon' => 'fa-solid fa-user-plus'] ];
?>
<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1.0"><meta name="base-path" content="<?= htmlspecialchars(BASE_PATH) ?>"><title><?= htmlspecialchars($page_title) ?></title>
    <script src="https://cdn.tailwindcss.com"></script><script src="https://unpkg.com/vue@3/dist/vue.global.js"></script>
    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.2.1/css/all.min.css" integrity="sha512-MV7K8+y+gLIBoVD59lQIYicR65iaqukzvf/nwasF0nqhPay5w/9lJmVM2hMDcnK1OnMGCdVK+iQrJ7lzPJQd1w==" crossorigin="anonymous" referrerpolicy="no-referrer" />
    <link rel="preconnect" href="https://fonts.googleapis.com"><link rel="preconnect" href="https://fonts.gstatic.com" crossorigin><link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet">
    <?php if ($current_page === 'dashboard.php'): ?>
        <script src="https://cdn.jsdelivr.net/npm/otpauth@9.1.4/dist/otpauth.umd.min.js"></script><script src="https://cdn.jsdelivr.net/npm/qrcodejs@1.0.0/qrcode.min.js"></script>
        <script src="https://cdnjs.cloudflare.com/ajax/libs/xlsx/0.18.5/xlsx.full.min.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/jspdf/2.5.1/jspdf.umd.min.js"></script><script src="https://cdnjs.cloudflare.com/ajax/libs/jspdf-autotable/3.5.28/jspdf.plugin.autotable.min.js"></script>
    <?php elseif ($current_page === 'qrcode.php'): ?><script src="https://cdn.jsdelivr.net/npm/jsqr@1.4.0/dist/jsQR.min.js"></script><?php endif; ?>
    <style> body { font-family: 'Inter', sans-serif; } [v-cloak] { display: none; } </style>
    <script>
    const BASE_PATH = document.querySelector('meta[name="base-path"]').getAttribute('content');
    async function apiFetch(url, options = {}) {
        const fullUrl = BASE_PATH + url;
        const defaultHeaders = { 'Content-Type': 'application/json', 'Accept': 'application/json' };
        options.headers = { ...defaultHeaders, ...options.headers };
        if (options.body && typeof options.body !== 'string') { options.body = JSON.stringify(options.body); }
        try {
            const response = await fetch(fullUrl, options);
            if (response.status === 401) { alert('Your session has expired. Redirecting to login.'); window.location.href = BASE_PATH + '/login.php'; return new Promise(() => {}); }
            const text = await response.text();
            const data = text ? JSON.parse(text) : {};
            if (!response.ok) { throw new Error(data.error || `Server responded with status: ${response.status}`); }
            return data;
        } catch (error) { if (error instanceof SyntaxError) { console.error("Invalid JSON response from server.", error); throw new Error("Received an invalid response from the server."); } console.error('Fetch Error:', error); throw error; }
    }
    </script>
</head>
<body class="bg-gray-900 text-gray-200">
<?php if (is_logged_in()): ?>
    <header class="fixed top-0 left-0 right-0 z-40 bg-gray-800/80 backdrop-blur-sm shadow-lg border-b border-gray-700">
        <div class="container mx-auto px-4 sm:px-6 lg:px-8"><nav class="flex items-center justify-between h-16">
            <div class="flex-shrink-0"><a href="<?= htmlspecialchars(BASE_PATH) ?>/dashboard.php" class="text-2xl font-bold text-white">Black-Clover</a></div>
            <div class="hidden md:flex items-center space-x-1 lg:space-x-2">
                <?php foreach($nav_links as $name => $details): ?>
                    <a href="<?= htmlspecialchars(BASE_PATH . '/' . $details['link']) ?>" 
                       class="flex items-center space-x-2 <?= ($current_page === $details['link']) ? 'bg-gray-700 text-white' : 'text-gray-300 hover:bg-gray-700 hover:text-white' ?> px-3 py-2 rounded-md text-sm font-medium transition-colors">
                        <i class="<?= $details['icon'] ?> w-4 text-center"></i>
                        <span><?= htmlspecialchars($name) ?></span>
                    </a>
                <?php endforeach; ?>
                <a href="#" class="flex items-center text-gray-300 hover:bg-gray-700 px-3 py-2 rounded-md text-sm font-medium space-x-2">
                    <i class="fa-solid fa-user w-4 text-center"></i>
                    <span><?= htmlspecialchars($username) ?></span>
                </a>
                <a href="<?= htmlspecialchars(BASE_PATH) ?>/api/logout_handler.php" class="flex items-center space-x-2 bg-red-600 hover:bg-red-700 text-white px-4 py-2 rounded-md text-sm font-bold">
                    <i class="fa-solid fa-right-from-bracket"></i>
                    <span>Log out</span>
                </a>
            </div>
            <div class="md:hidden"><button class="text-gray-300 hover:text-white"><svg class="h-6 w-6" fill="none" viewBox="0 0 24 24" stroke="currentColor"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M4 6h16M4 12h16m-7 6h7" /></svg></button></div>
        </nav></div>
    </header>
<?php endif; ?>
'''
footer_php_content = r'''
</body>
</html>
'''

# --- PHP API Handlers ---
cp_handler_php_content = r'''<?php
ini_set('display_errors', 0); // Do not display errors in API output
require_once '../includes/bootstrap.php';
header('Content-Type: application/json');
if (!is_logged_in()) { http_response_code(401); exit; }

$pdo = get_db_connection();

// *** THE FIX IS HERE: Correctly handle pluralization ***
function get_table_name($type) {
    if ($type === 'category') {
        return 'categories';
    }
    if ($type === 'platform') {
        return 'platforms';
    }
    return null;
}

try {
    switch ($_SERVER['REQUEST_METHOD']) {
        case 'GET':
            $categories = $pdo->query("SELECT * FROM categories ORDER BY name")->fetchAll();
            $platforms = $pdo->query("SELECT * FROM platforms ORDER BY name")->fetchAll();
            echo json_encode(['categories' => $categories, 'platforms' => $platforms]);
            break;
        case 'POST':
            $input = json_decode(file_get_contents('php://input'), true);
            $type = $input['type'] ?? '';
            $item = $input['item'] ?? null;
            $name = isset($item['name']) ? trim($item['name']) : '';
            $id = $item['id'] ?? null;

            if (!($table = get_table_name($type)) || empty($name)) {
                http_response_code(400); echo json_encode(['error' => 'Invalid input.']); exit;
            }

            if ($id) {
                $stmt = $pdo->prepare("UPDATE {$table} SET name = ? WHERE id = ?");
                $stmt->execute([$name, $id]);
            } else {
                $stmt = $pdo->prepare("INSERT INTO {$table} (name) VALUES (?)");
                $stmt->execute([$name]);
            }
            echo json_encode(['success' => true]);
            break;
        case 'DELETE':
            $input = json_decode(file_get_contents('php://input'), true);
            $type = $input['type'] ?? '';
            $id = $input['id'] ?? null;

            if (!($table = get_table_name($type)) || !$id) {
                http_response_code(400); echo json_encode(['error' => 'Invalid input.']); exit;
            }
            
            $stmt = $pdo->prepare("DELETE FROM {$table} WHERE id = ?");
            $stmt->execute([$id]);
            echo json_encode(['success' => $stmt->rowCount() > 0]);
            break;
        default: 
            http_response_code(405); 
            break;
    }
} catch (PDOException $e) {
    if ($e->getCode() == 23000) {
        http_response_code(409); // 409 Conflict
        echo json_encode(['error' => 'This name already exists. Please choose a different name.']);
    } else {
        error_log("CP Handler PDOException: " . $e->getMessage());
        http_response_code(500);
        echo json_encode(['error' => 'A database error occurred.']);
    }
} catch (Exception $e) {
    error_log("CP Handler Exception: " . $e->getMessage());
    http_response_code(500);
    echo json_encode(['error' => 'An internal server error occurred.']);
}
'''
setup_handler_php_content = r'''<?php
ini_set('display_errors', 0); // Do not display errors in API output
require_once '../includes/bootstrap.php';
header('Content-Type: application/json');
// ... (rest of the file is the same)
if (!is_setup_needed()) { http_response_code(403); echo json_encode(['error' => 'Setup has already been completed.']); exit; }
if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); exit; }
$input = json_decode(file_get_contents('php://input'), true);
$username = $input['username'] ?? '';
$password = $input['password'] ?? '';
if (empty($username) || empty($password) || strlen($password) < 8) { http_response_code(400); echo json_encode(['error' => 'Username and a password of at least 8 characters are required.']); exit; }
try {
    $pdo = get_db_connection();
    $pdo->exec("CREATE TABLE IF NOT EXISTS users (id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT UNIQUE NOT NULL, password_hash TEXT NOT NULL, kdf_salt BLOB NOT NULL, user_type TEXT NOT NULL DEFAULT 'admin', recovery_encrypted_mek BLOB, recovery_kdf_salt BLOB)");
    $pdo->exec("CREATE TABLE IF NOT EXISTS accounts (id INTEGER PRIMARY KEY AUTOINCREMENT, user_id INTEGER NOT NULL, encrypted_blob TEXT NOT NULL, FOREIGN KEY (user_id) REFERENCES users (id) ON DELETE CASCADE)");
    $pdo->exec("CREATE TABLE IF NOT EXISTS categories (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT UNIQUE NOT NULL)");
    $pdo->exec("CREATE TABLE IF NOT EXISTS platforms (id INTEGER PRIMARY KEY AUTOINCREMENT, name TEXT UNIQUE NOT NULL)");
    $password_hash = password_hash($password, PASSWORD_ARGON2ID);
    $kdf_salt = random_bytes(SODIUM_CRYPTO_PWHASH_SALTBYTES);
    $stmt = $pdo->prepare("INSERT INTO users (username, password_hash, kdf_salt, user_type) VALUES (?, ?, ?, 'admin')");
    $stmt->execute([$username, $password_hash, $kdf_salt]);
    $_SESSION['user_id'] = $pdo->lastInsertId();
    $_SESSION['username'] = $username;
    $_SESSION['user_type'] = 'admin';
    $_SESSION['last_activity'] = time();
    $mek = sodium_crypto_pwhash(SODIUM_CRYPTO_AEAD_AES256GCM_KEYBYTES, $password, $kdf_salt, KDF_OPS_LIMIT, KDF_MEM_LIMIT);
    $_SESSION['mek'] = $mek;
    sodium_memzero($password);
    sodium_memzero($mek);
    echo json_encode(['success' => true]);
} catch (Exception $e) {
    error_log("Setup Error: " . $e->getMessage()); // Log the actual error
    if (file_exists(DB_PATH)) unlink(DB_PATH);
    http_response_code(500);
    echo json_encode(['error' => 'An error occurred during setup.']);
}
'''

login_handler_php_content = r'''<?php
ini_set('display_errors', 0); // Do not display errors in API output
require_once '../includes/bootstrap.php';
header('Content-Type: application/json');
// ... (rest of the file is the same) ...
if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); exit; }
$input = json_decode(file_get_contents('php://input'), true);
$username = $input['username'] ?? '';
$password = $input['password'] ?? '';
if (empty($username) || empty($password)) { http_response_code(400); echo json_encode(['error' => 'Username and password are required.']); exit; }
try {
    $pdo = get_db_connection();
    $stmt = $pdo->prepare("SELECT * FROM users WHERE username = ?");
    $stmt->execute([$username]);
    $user = $stmt->fetch();
    if ($user && password_verify($password, $user['password_hash'])) {
        session_regenerate_id(true);
        $_SESSION['user_id'] = $user['id'];
        $_SESSION['username'] = $user['username'];
        $_SESSION['user_type'] = $user['user_type'];
        $_SESSION['last_activity'] = time();
        $mek = sodium_crypto_pwhash(SODIUM_CRYPTO_AEAD_AES256GCM_KEYBYTES, $password, $user['kdf_salt'], KDF_OPS_LIMIT, KDF_MEM_LIMIT);
        $_SESSION['mek'] = $mek;
        sodium_memzero($password);
        sodium_memzero($mek);
        echo json_encode(['success' => true]);
    } else {
        usleep(500000);
        http_response_code(401);
        echo json_encode(['error' => 'Wrong username or password.']);
    }
} catch (Exception $e) {
    error_log("Login Error: " . $e->getMessage());
    http_response_code(500);
    echo json_encode(['error' => 'An internal server error occurred.']);
}
'''

logout_handler_php_content = r'''<?php
require_once '../includes/bootstrap.php';
$_SESSION = [];
if (ini_get("session.use_cookies")) {
    $params = session_get_cookie_params();
    setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
session_destroy();
header("Location: " . BASE_PATH . "/login.php");
exit;
'''
data_handler_php_content = r'''<?php
require_once '../includes/bootstrap.php';
header('Content-Type: application/json');
if (!is_logged_in()) { http_response_code(401); echo json_encode(['error' => 'Authentication required.']); exit; }

$pdo = get_db_connection();
$user_id = $_SESSION['user_id'];
$mek = $_SESSION['mek'];

function encrypt_data($plaintext, $mek) {
    $nonce = random_bytes(SODIUM_CRYPTO_AEAD_AES256GCM_NPUBBYTES);
    $ciphertext = sodium_crypto_aead_aes256gcm_encrypt(json_encode($plaintext), '', $nonce, $mek);
    return json_encode(['nonce' => base64_encode($nonce), 'ciphertext' => base64_encode($ciphertext)]);
}
function decrypt_data($encrypted_blob, $mek) {
    $data = json_decode($encrypted_blob, true);
    if (!isset($data['nonce'], $data['ciphertext'])) return null;
    $nonce = base64_decode($data['nonce']);
    $ciphertext = base64_decode($data['ciphertext']);
    $decrypted = sodium_crypto_aead_aes256gcm_decrypt($ciphertext, '', $nonce, $mek);
    return $decrypted ? json_decode($decrypted, true) : null;
}

switch ($_SERVER['REQUEST_METHOD']) {
    case 'GET':
        $stmt = $pdo->prepare("SELECT * FROM accounts WHERE user_id = ?");
        $stmt->execute([$user_id]);
        $encrypted_accounts = $stmt->fetchAll();
        $decrypted_accounts = [];
        foreach ($encrypted_accounts as $enc_acc) {
            if ($decrypted_data = decrypt_data($enc_acc['encrypted_blob'], $mek)) {
                $decrypted_data['id'] = $enc_acc['id'];
                $decrypted_accounts[] = $decrypted_data;
            }
        }
        $categories = $pdo->query("SELECT * FROM categories ORDER BY name")->fetchAll();
        $platforms = $pdo->query("SELECT * FROM platforms ORDER BY name")->fetchAll();
        echo json_encode(['accounts' => $decrypted_accounts, 'categories' => $categories, 'platforms' => $platforms]);
        break;
    case 'POST':
        $input = json_decode(file_get_contents('php://input'), true);
        $id = $input['id'] ?? null;
        unset($input['id']);
        $encrypted_blob = encrypt_data($input, $mek);
        if ($id) {
            $stmt = $pdo->prepare("UPDATE accounts SET encrypted_blob = ? WHERE id = ? AND user_id = ?");
            $stmt->execute([$encrypted_blob, $id, $user_id]);
        } else {
            $stmt = $pdo->prepare("INSERT INTO accounts (user_id, encrypted_blob) VALUES (?, ?)");
            $stmt->execute([$user_id, $encrypted_blob]);
            $id = $pdo->lastInsertId();
        }
        echo json_encode(['success' => true, 'id' => $id]);
        break;
    case 'DELETE':
        $input = json_decode(file_get_contents('php://input'), true);
        if (!($id = $input['id'] ?? null)) { http_response_code(400); exit; }
        $stmt = $pdo->prepare("DELETE FROM accounts WHERE id = ? AND user_id = ?");
        $stmt->execute([$id, $user_id]);
        echo json_encode(['success' => $stmt->rowCount() > 0]);
        break;
    default:
        http_response_code(405);
        break;
}
sodium_memzero($mek);
'''

user_handler_php_content = r'''<?php
ini_set('display_errors', 0); // Do not display errors in API output
require_once '../includes/bootstrap.php';
header('Content-Type: application/json');
if (!is_logged_in() || $_SESSION['user_type'] !== 'admin') { http_response_code(403); exit; }
$pdo = get_db_connection();

try {
    switch ($_SERVER['REQUEST_METHOD']) {
        case 'GET':
            echo json_encode($pdo->query("SELECT id, username, user_type FROM users")->fetchAll());
            break;
        case 'POST':
            $input = json_decode(file_get_contents('php://input'), true);
            $id = $input['id'] ?? null;
            $username = trim($input['username'] ?? '');
            $password = $input['password'] ?? '';
            $user_type = $input['user_type'] ?? 'user';
            if (empty($username) || !in_array($user_type, ['user', 'admin'])) { http_response_code(400); exit; }
            if ($id) {
                if (!empty($password)) {
                    $stmt = $pdo->prepare("UPDATE users SET username = ?, password_hash = ?, user_type = ? WHERE id = ?");
                    $stmt->execute([$username, password_hash($password, PASSWORD_ARGON2ID), $user_type, $id]);
                } else {
                    $stmt = $pdo->prepare("UPDATE users SET username = ?, user_type = ? WHERE id = ?");
                    $stmt->execute([$username, $user_type, $id]);
                }
            } else {
                if (empty($password) || strlen($password) < 8) { http_response_code(400); exit; }
                $kdf_salt = random_bytes(SODIUM_CRYPTO_PWHASH_SALTBYTES);
                $stmt = $pdo->prepare("INSERT INTO users (username, password_hash, kdf_salt, user_type) VALUES (?, ?, ?, ?)");
                $stmt->execute([$username, password_hash($password, PASSWORD_ARGON2ID), $kdf_salt, $user_type]);
            }
            echo json_encode(['success' => true]);
            break;
        case 'DELETE':
            $input = json_decode(file_get_contents('php://input'), true);
            if (!($id = $input['id'] ?? null) || $id == $_SESSION['user_id']) { http_response_code(400); exit; }
            $stmt = $pdo->prepare("DELETE FROM users WHERE id = ?");
            $stmt->execute([$id]);
            echo json_encode(['success' => $stmt->rowCount() > 0]);
            break;
        default: http_response_code(405); break;
    }
} catch (Exception $e) {
    error_log("User Handler Error: " . $e->getMessage());
    http_response_code(500);
    echo json_encode(['error' => 'An internal server error occurred.']);
}
'''
data_handler_php_content = r'''<?php
ini_set('display_errors', 0); // Do not display errors in API output
require_once '../includes/bootstrap.php';
header('Content-Type: application/json');
if (!is_logged_in()) { http_response_code(401); echo json_encode(['error' => 'Authentication required.']); exit; }

$pdo = get_db_connection();
$user_id = $_SESSION['user_id'];
$mek = $_SESSION['mek'];

// ... (encryption/decryption functions remain the same) ...
function encrypt_data($plaintext, $mek) {
    $nonce = random_bytes(SODIUM_CRYPTO_AEAD_AES256GCM_NPUBBYTES);
    $ciphertext = sodium_crypto_aead_aes256gcm_encrypt(json_encode($plaintext), '', $nonce, $mek);
    return json_encode(['nonce' => base64_encode($nonce), 'ciphertext' => base64_encode($ciphertext)]);
}
function decrypt_data($encrypted_blob, $mek) {
    try {
        $data = json_decode($encrypted_blob, true, 512, JSON_THROW_ON_ERROR);
        if (!isset($data['nonce'], $data['ciphertext'])) return null;
        $nonce = base64_decode($data['nonce'], true);
        $ciphertext = base64_decode($data['ciphertext'], true);
        if ($nonce === false || $ciphertext === false) return null;
        $decrypted = sodium_crypto_aead_aes256gcm_decrypt($ciphertext, '', $nonce, $mek);
        return $decrypted ? json_decode($decrypted, true, 512, JSON_THROW_ON_ERROR) : null;
    } catch (Exception $e) {
        error_log("Decryption failed for user_id {$user_id}: " . $e->getMessage());
        return null; // Return null on any failure
    }
}

try {
    switch ($_SERVER['REQUEST_METHOD']) {
        case 'GET':
            $stmt = $pdo->prepare("SELECT * FROM accounts WHERE user_id = ?");
            $stmt->execute([$user_id]);
            $encrypted_accounts = $stmt->fetchAll();
            $decrypted_accounts = [];
            foreach ($encrypted_accounts as $enc_acc) {
                if ($decrypted_data = decrypt_data($enc_acc['encrypted_blob'], $mek)) {
                    $decrypted_data['id'] = $enc_acc['id'];
                    $decrypted_accounts[] = $decrypted_data;
                }
            }
            $categories = $pdo->query("SELECT * FROM categories ORDER BY name")->fetchAll();
            $platforms = $pdo->query("SELECT * FROM platforms ORDER BY name")->fetchAll();
            echo json_encode(['accounts' => $decrypted_accounts, 'categories' => $categories, 'platforms' => $platforms]);
            break;
        case 'POST':
            $input = json_decode(file_get_contents('php://input'), true);
            $id = $input['id'] ?? null;
            unset($input['id']);
            $encrypted_blob = encrypt_data($input, $mek);
            if ($id) {
                $stmt = $pdo->prepare("UPDATE accounts SET encrypted_blob = ? WHERE id = ? AND user_id = ?");
                $stmt->execute([$encrypted_blob, $id, $user_id]);
            } else {
                $stmt = $pdo->prepare("INSERT INTO accounts (user_id, encrypted_blob) VALUES (?, ?)");
                $stmt->execute([$user_id, $encrypted_blob]);
                $id = $pdo->lastInsertId();
            }
            echo json_encode(['success' => true, 'id' => $id]);
            break;
        case 'DELETE':
            $input = json_decode(file_get_contents('php://input'), true);
            if (!($id = $input['id'] ?? null)) { http_response_code(400); exit; }
            $stmt = $pdo->prepare("DELETE FROM accounts WHERE id = ? AND user_id = ?");
            $stmt->execute([$id, $user_id]);
            echo json_encode(['success' => $stmt->rowCount() > 0]);
            break;
        default:
            http_response_code(405);
            break;
    }
} catch(Exception $e) {
    error_log("Data handler error: " . $e->getMessage());
    http_response_code(500);
    echo json_encode(['error' => 'An internal server error occurred.']);
} finally {
    if (isset($mek)) {
        sodium_memzero($mek);
    }
}
'''
password_change_handler_php_content = r'''<?php
ini_set('display_errors', 0); // Do not display errors in API output
require_once '../includes/bootstrap.php';
header('Content-Type: application/json');
if (!is_logged_in()) { http_response_code(401); exit; }
if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); exit; }
$input = json_decode(file_get_contents('php://input'), true);
$oldPassword = $input['oldPassword'] ?? '';
$newPassword = $input['newPassword'] ?? '';
if (empty($oldPassword) || empty($newPassword) || strlen($newPassword) < 8) { http_response_code(400); echo json_encode(['error' => 'All fields required; new password must be 8+ characters.']); exit; }
try {
    $pdo = get_db_connection();
    $stmt = $pdo->prepare("SELECT password_hash, kdf_salt FROM users WHERE id = ?");
    $stmt->execute([$_SESSION['user_id']]);
    $user = $stmt->fetch();
    if (!$user || !password_verify($oldPassword, $user['password_hash'])) { http_response_code(401); echo json_encode(['error' => 'Incorrect old password.']); exit; }
    $stmt = $pdo->prepare("UPDATE users SET password_hash = ? WHERE id = ?");
    $stmt->execute([password_hash($newPassword, PASSWORD_ARGON2ID), $_SESSION['user_id']]);
    $_SESSION['mek'] = sodium_crypto_pwhash(SODIUM_CRYPTO_AEAD_AES256GCM_KEYBYTES, $newPassword, $user['kdf_salt'], KDF_OPS_LIMIT, KDF_MEM_LIMIT);
    sodium_memzero($oldPassword); sodium_memzero($newPassword);
    echo json_encode(['success' => true]);
} catch (Exception $e) { 
    error_log("Password Change Error: " . $e->getMessage());
    http_response_code(500); 
    echo json_encode(['error' => 'An internal server error occurred.']);
}
'''
recovery_handler_php_content = r'''<?php
ini_set('display_errors', 0); // Do not display errors in API output
require_once '../includes/bootstrap.php';
header('Content-Type: application/json');
if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); exit; }

$input = json_decode(file_get_contents('php://input'), true);
$action = $input['action'] ?? '';
$pdo = get_db_connection();

try {
    if ($action === 'generate_code') {
        if (!is_logged_in()) { http_response_code(401); exit; }
        $currentPassword = $input['currentPassword'] ?? '';
        $user_id = $_SESSION['user_id'];
        $stmt = $pdo->prepare("SELECT password_hash FROM users WHERE id = ?");
        $stmt->execute([$user_id]);
        $user = $stmt->fetch();
        if (!$user || !password_verify($currentPassword, $user['password_hash'])) { http_response_code(401); exit; }
        $recovery_code_formatted = implode('-', str_split(strtoupper(bin2hex(random_bytes(6))), 4));
        $recovery_kdf_salt = random_bytes(SODIUM_CRYPTO_PWHASH_SALTBYTES);
        $recovery_encryption_key = sodium_crypto_pwhash(SODIUM_CRYPTO_AEAD_AES256GCM_KEYBYTES, $recovery_code_formatted, $recovery_kdf_salt, KDF_OPS_LIMIT, KDF_MEM_LIMIT);
        $nonce = random_bytes(SODIUM_CRYPTO_AEAD_AES256GCM_NPUBBYTES);
        $encrypted_mek = sodium_crypto_aead_aes256gcm_encrypt($_SESSION['mek'], '', $nonce, $recovery_encryption_key);
        $recovery_blob = json_encode(['nonce' => base64_encode($nonce), 'ciphertext' => base64_encode($encrypted_mek)]);
        $updateStmt = $pdo->prepare("UPDATE users SET recovery_encrypted_mek = ?, recovery_kdf_salt = ? WHERE id = ?");
        $updateStmt->execute([$recovery_blob, $recovery_kdf_salt, $user_id]);
        echo json_encode(['success' => true, 'recoveryCode' => $recovery_code_formatted]);
        exit;
    }
    if ($action === 'verify_code') {
        $username = $input['username'] ?? ''; $recoveryCode = $input['recoveryCode'] ?? '';
        if (empty($username) || empty($recoveryCode)) { http_response_code(400); exit; }
        $stmt = $pdo->prepare("SELECT id, recovery_encrypted_mek, recovery_kdf_salt FROM users WHERE username = ?");
        $stmt->execute([$username]);
        $user = $stmt->fetch();
        if (!$user || empty($user['recovery_encrypted_mek'])) { http_response_code(401); exit; }
        $key = sodium_crypto_pwhash(SODIUM_CRYPTO_AEAD_AES256GCM_KEYBYTES, $recoveryCode, $user['recovery_kdf_salt'], KDF_OPS_LIMIT, KDF_MEM_LIMIT);
        $blob = json_decode($user['recovery_encrypted_mek'], true);
        if (sodium_crypto_aead_aes256gcm_decrypt(base64_decode($blob['ciphertext']), '', base64_decode($blob['nonce']), $key) === false) { http_response_code(401); exit; }
        $reset_token = bin2hex(random_bytes(32));
        $_SESSION['reset_token'] = $reset_token; $_SESSION['reset_user_id'] = $user['id']; $_SESSION['reset_expires'] = time() + 300;
        echo json_encode(['success' => true, 'token' => $reset_token]);
        exit;
    }
    if ($action === 'reset_password') {
        $token = $input['token'] ?? ''; $newPassword = $input['newPassword'] ?? '';
        if (empty($token) || empty($_SESSION['reset_token']) || !hash_equals($_SESSION['reset_token'], $token) || time() > $_SESSION['reset_expires']) { http_response_code(401); exit; }
        if (strlen($newPassword) < 8) { http_response_code(400); exit; }
        $stmt = $pdo->prepare("UPDATE users SET password_hash = ?, recovery_encrypted_mek = NULL, recovery_kdf_salt = NULL WHERE id = ?");
        $stmt->execute([password_hash($newPassword, PASSWORD_ARGON2ID), $_SESSION['reset_user_id']]);
        unset($_SESSION['reset_token'], $_SESSION['reset_user_id'], $_SESSION['reset_expires']);
        echo json_encode(['success' => true]);
        exit;
    }
    http_response_code(400);
} catch (Exception $e) {
    error_log("Recovery Handler Error: " . $e->getMessage());
    http_response_code(500);
    echo json_encode(['error' => 'An internal server error occurred.']);
}
'''

# --- PHP Page Files ---
index_php_content = r'''<?php
// This file acts as the main entry point.
// The gatekeeper logic in header.php will handle all necessary routing.
require_once __DIR__ . '/includes/header.php';
// If the script reaches this point, it means the user is authenticated,
// so we redirect them to the main application page.
header('Location: ' . BASE_PATH . '/dashboard.php');
exit;
'''
setup_php_content = r'''<?php require_once __DIR__ . '/includes/header.php'; ?>
<div id="setup-app" v-cloak class="flex flex-col items-center justify-center min-h-screen px-4">
    <h1 class="text-4xl font-bold text-white text-center mb-8 tracking-wider">Black-Clover</h1>
    <div class="w-full max-w-sm bg-gray-800 p-8 rounded-xl shadow-lg border border-gray-700">
        <h2 class="text-2xl font-bold text-white mb-6 text-center">Initial Setup</h2>
        <form @submit.prevent="handleSetup" class="space-y-6">
            <div><label for="username" class="block text-sm">Admin Username</label><input v-model="username" id="username" type="text" class="w-full bg-gray-700 rounded-md p-3" required></div>
            <div><label for="password" class="block text-sm">Password</label><input v-model="password" :type="inputTypes.password" @focus="showPassword('password')" @blur="hidePassword('password')" id="password" class="w-full bg-gray-700 rounded-md p-3" required></div>
            <div><label for="confirm-password" class="block text-sm">Confirm Password</label><input v-model="confirmPassword" :type="inputTypes.confirm" @focus="showPassword('confirm')" @blur="hidePassword('confirm')" id="confirm-password" class="w-full bg-gray-700 rounded-md p-3" required></div>
            <div v-if="message.text" :class="message.type === 'error' ? 'text-red-400' : 'text-green-400'" class="flex items-center space-x-2 text-sm p-3 border rounded-lg"><i class="fa-solid" :class="message.type === 'error' ? 'fa-circle-exclamation' : 'fa-check-circle'"></i><span>{{ message.text }}</span></div>
            <div><button type="submit" class="w-full flex items-center justify-center space-x-2 bg-blue-600 hover:bg-blue-700 text-white font-semibold py-3 px-4 rounded-lg" :disabled="isLoading"><i v-if="isLoading" class="fa-solid fa-spinner fa-spin"></i><span v-else>Create User and Vault</span></button></div>
        </form>
    </div>
</div>
<script>
    Vue.createApp({
        data: () => ({ username: '', password: '', confirmPassword: '', inputTypes: { password: 'password', confirm: 'password' }, isLoading: false, message: { text: null, type: null }, BASE_PATH: BASE_PATH }),
        methods: {
            showPassword(field) { this.inputTypes[field] = 'text'; },
            hidePassword(field) { this.inputTypes[field] = 'password'; },
            validatePasswords() { if (this.password && this.confirmPassword && this.password !== this.confirmPassword) { this.message = { text: 'Passwords do not match.', type: 'error' }; return false; } if (this.message.text === 'Passwords do not match.') { this.message.text = null; } return true; },
            async handleSetup() {
                if (!this.validatePasswords()) return; if (this.password.length < 8) { this.message = { text: 'Password must be at least 8 characters.', type: 'error' }; return; }
                this.message = { text: null, type: null }; this.isLoading = true;
                try {
                    await apiFetch('/api/setup_handler.php', { method: 'POST', body: { username: this.username, password: this.password } });
                    this.isLoading = false; this.message = { text: 'Setup complete! Redirecting...', type: 'success' };
                    setTimeout(() => {
                        window.location.href = this.BASE_PATH + '/dashboard.php'; // *** CORRECTED REDIRECT ***
                    }, 2000);
                } catch (error) { this.isLoading = false; this.message = { text: error.message || 'An error occurred.', type: 'error' }; }
            }
        }
    }).mount('#setup-app');
</script>
<?php require_once __DIR__ . '/includes/footer.php'; ?>
'''

login_php_content = r'''<?php require_once __DIR__ . '/includes/header.php'; ?>
<div id="login-app" v-cloak class="flex flex-col items-center justify-center min-h-screen px-4">
    <h1 class="text-4xl font-bold text-white text-center mb-8 tracking-wider">Black-Clover</h1>
    <div class="w-full max-w-sm bg-gray-800 p-8 rounded-xl shadow-lg border border-gray-700">
        <h2 class="text-2xl font-bold text-white mb-6 text-center">Admin Login</h2>
        <form @submit.prevent="handleLogin" class="space-y-6">
            <div><label for="username" class="block text-sm">Username</label><input v-model="username" id="username" type="text" class="w-full bg-gray-700 rounded-md p-3" required></div>
            <div><label for="password" class="block text-sm">Password</label><input v-model="password" :type="passwordFieldType" @focus="showPassword" @blur="hidePassword" id="password" class="w-full bg-gray-700 rounded-md p-3" required></div>
            <div v-if="errorMessage" class="flex items-center space-x-2 text-red-400 text-sm p-3 bg-red-900/50 border rounded-lg"><i class="fa-solid fa-circle-exclamation"></i><span>{{ errorMessage }}</span></div>
            <div v-if="successMessage" class="flex items-center space-x-2 text-green-400 text-sm p-3 bg-green-900/50 border rounded-lg"><i class="fa-solid fa-check-circle"></i><span>{{ successMessage }}</span></div>
            <div><button type="submit" class="w-full flex items-center justify-center space-x-2 bg-blue-600 hover:bg-blue-700 text-white font-semibold py-3 px-4 rounded-lg" :disabled="isLoading"><i v-if="isLoading" class="fa-solid fa-spinner fa-spin"></i><span v-else>Login</span></button></div>
        </form>
        <div class="text-center mt-6"><a :href="BASE_PATH + '/recovery.php'" class="text-sm text-blue-400 hover:underline">Forgot password?</a></div>
    </div>
</div>
<script>
    Vue.createApp({
        data: () => ({ username: '', password: '', passwordFieldType: 'password', isLoading: false, errorMessage: null, successMessage: null, BASE_PATH: BASE_PATH }),
        methods: {
            showPassword() { this.passwordFieldType = 'text'; },
            hidePassword() { this.passwordFieldType = 'password'; },
            async handleLogin() {
                this.errorMessage = null; this.successMessage = null; this.isLoading = true;
                try {
                    await apiFetch('/api/login_handler.php', { method: 'POST', body: { username: this.username, password: this.password } });
                    this.successMessage = 'Login successful! Redirecting...';
                    setTimeout(() => {
                        window.location.href = this.BASE_PATH + '/dashboard.php'; // *** CORRECTED REDIRECT ***
                    }, 1500);
                } catch (error) {
                    this.errorMessage = error.message || 'An unknown error occurred.';
                    this.isLoading = false;
                }
            }
        }
    }).mount('#login-app');
</script>
<?php require_once __DIR__ . '/includes/footer.php'; ?>
'''

dashboard_php_content = r'''<?php require_once __DIR__ . '/includes/header.php'; ?>
<main class="pt-24">
    <div class="container mx-auto px-4 sm:px-6 lg:px-8 py-8">
        <section id="vue-app" v-cloak class="mb-16">
            <h1 class="text-3xl font-bold text-white text-center">Account Credentials</h1>
            
            <!-- *** IMPROVED COUNTERS ADDED HERE *** -->
            <div class="text-lg font-medium text-gray-400 text-center mb-8 space-x-4">
                <span>
                    Total Accounts: <span class="font-bold text-white">{{ accounts.length }}</span>
                </span>
                <span v-if="accounts.length !== fullFilteredAccounts.length">
                    | Search Results: <span class="font-bold text-white">{{ fullFilteredAccounts.length }}</span>
                </span>
            </div>

            <div class="grid grid-cols-1 sm:grid-cols-2 md:grid-cols-3 lg:flex lg:flex-wrap gap-4 mb-4">
                <input type="text" v-model="globalSearch" placeholder="Search anything..." class="bg-gray-700 border border-gray-600 text-white rounded-lg p-2 focus:ring-blue-500 focus:border-blue-500 lg:flex-grow">
                <select v-model="categoryFilter" class="bg-gray-700 border border-gray-600 text-white rounded-lg p-2"><option value="">All Categories</option><option v-for="c in uniqueCategories" :key="c" :value="c">{{ c }}</option></select>
                <select v-model="platformFilter" class="bg-gray-700 border border-gray-600 text-white rounded-lg p-2"><option value="">All Platforms</option><option v-for="p in uniquePlatforms" :key="p" :value="p">{{ p }}</option></select>
                
                <!-- *** "ALL" OPTION ADDED HERE *** -->
                <select v-model="pageSize" class="bg-gray-700 border border-gray-600 text-white rounded-lg p-2">
                    <option value="10">Show 10</option>
                    <option value="20">Show 20</option>
                    <option value="50">Show 50</option>
                    <option value="100">Show 100</option>
                    <option value="9999">Show All</option>
                </select>

                <button @click="addAccount()" class="flex items-center justify-center space-x-2 bg-blue-600 hover:bg-blue-700 text-white font-semibold py-2 px-4 rounded-lg"><i class="fa-solid fa-plus"></i><span>Add</span></button>
                <div class="relative"><button @click="showExportMenu = !showExportMenu" class="w-full flex items-center justify-center space-x-2 bg-gray-600 hover:bg-gray-500 text-white font-semibold py-2 px-4 rounded-lg"><i class="fa-solid fa-download"></i><span>Export</span><i class="fa-solid fa-chevron-down ml-2 text-xs"></i></button><div v-show="showExportMenu" @click.away="showExportMenu = false" class="absolute right-0 mt-2 w-48 bg-gray-700 rounded-md shadow-lg z-20"><a href="#" @click.prevent="exportToCSV(fullFilteredAccounts)" class="block px-4 py-2 text-sm hover:bg-gray-600">as CSV</a><a href="#" @click.prevent="exportToJSON(fullFilteredAccounts)" class="block px-4 py-2 text-sm hover:bg-gray-600">as JSON</a><a href="#" @click.prevent="exportToXLSX(fullFilteredAccounts)" class="block px-4 py-2 text-sm hover:bg-gray-600">as Excel</a><a href="#" @click.prevent="exportToPDF(fullFilteredAccounts)" class="block px-4 py-2 text-sm hover:bg-gray-600">as PDF</a></div></div>
            </div>
            <div class="overflow-x-auto relative shadow-md sm:rounded-lg border border-gray-700 h-[600px]"><table class="w-full min-w-[1800px] text-sm text-left text-gray-400">
                <thead class="text-xs text-gray-300 uppercase bg-gray-700" style="position: sticky; top: 0; z-index: 10;">
                    <tr><th class="p-2 w-32"><input v-model="columnFilters.category" class="w-full bg-gray-600 p-1 rounded border-gray-500" placeholder="Filter..."></th><th class="p-2 w-32"><input v-model="columnFilters.platform" class="w-full bg-gray-600 p-1 rounded" placeholder="Filter..."></th><th class="p-2 w-48"><input v-model="columnFilters.mail" class="w-full bg-gray-600 p-1 rounded" placeholder="Filter..."></th><th class="p-2 w-48"><input v-model="columnFilters.description" class="w-full bg-gray-600 p-1 rounded" placeholder="Filter..."></th><th class="p-2 w-32"><input v-model="columnFilters.username" class="w-full bg-gray-600 p-1 rounded" placeholder="Filter..."></th><th class="p-2 w-48"></th><th class="p-2 w-24"></th><th class="p-2 w-40"></th><th class="p-2 w-48"></th><th class="p-2 w-40"></th><th class="p-2 w-64"></th><th class="p-2 w-48"></th></tr>
                    <tr><th @click="sortBy('category')" class="p-2 w-32 cursor-pointer">Category</th><th @click="sortBy('platform')" class="p-2 w-32 cursor-pointer">Platform</th><th @click="sortBy('mail')" class="p-2 w-48 cursor-pointer">Mail</th><th @click="sortBy('description')" class="p-2 w-48 cursor-pointer">Description</th><th @click="sortBy('username')" class="p-2 w-32 cursor-pointer">Username</th><th class="p-2 w-48">Password</th><th class="p-2 w-24">2F</th><th class="p-2 w-40">Backup</th><th class="p-2 w-48">Rec. Mail</th><th class="p-2 w-40">Rec. Phone</th><th class="p-2 w-64">TOTP</th><th class="p-2 w-48">Actions</th></tr>
                </thead>
                <tbody>
                    <tr v-for="a in paginatedAccounts" :key="a.id" class="bg-gray-800 border-b border-gray-700 hover:bg-gray-600">
                        <td class="px-2 py-4">{{ a.category }}</td><td class="px-2 py-4">{{ a.platform }}</td><td class="px-2 py-4">{{ a.mail }}</td><td class="px-2 py-4">{{ a.description }}</td><td class="px-2 py-4">{{ a.username }}</td>
                        <td class="px-2 py-4"><div class="flex items-center space-x-2"><span class="font-mono" v-if="!a.isPasswordVisible">**********</span><span class="font-mono" v-else>{{ a.password }}</span><button @click="togglePasswordVisibility(a)" class="text-gray-400 hover:text-white" :title="a.isPasswordVisible ? 'Hide' : 'Show'"><i :class="a.isPasswordVisible ? 'fa-eye-slash' : 'fa-eye'" class="fa-solid"></i><span v-if="a.isPasswordVisible">({{a.passwordVisibilityTimer}})</span></button><button @click="copyToClipboard($event.currentTarget, a.password)" class="text-gray-400 hover:text-white" title="Copy"><i class="fa-regular fa-copy"></i></button></div></td>
                        <td class="px-2 py-4"><span :class="a.two_factor_status === 'on' ? 'bg-green-900 text-green-300' : 'bg-red-900 text-red-300'" class="text-xs font-medium px-2.5 py-0.5 rounded">{{ a.two_factor_status.toUpperCase() }}</span></td>
                        <td class="px-2 py-4 font-mono">{{ a.backup_code }}</td><td class="px-2 py-4">{{ a.rec_mail }}</td><td class="px-2 py-4">{{ a.recovery_phone }}</td>
                        <td class="px-2 py-4"><div v-if="a.totp" class="flex items-center space-x-3"><div class="relative w-8 h-8 flex-shrink-0"><svg viewBox="0 0 36 36" class="w-full h-full"><circle cx="18" cy="18" r="16" fill="none" class="stroke-current text-gray-600" stroke-width="3"></circle><circle cx="18" cy="18" r="16" fill="none" class="stroke-current text-blue-500" stroke-width="3" :stroke-dasharray="100" :stroke-dashoffset="100 - (a.remainingTime / a.period * 100)"></circle></svg><div class="absolute inset-0 flex items-center justify-center text-xs">{{ a.remainingTime }}</div></div><span class="font-mono text-lg">{{ a.currentOtp }}</span><button @click="copyToClipboard($event.currentTarget, a.currentOtp)" class="text-gray-400 hover:text-white" title="Copy"><i class="fa-regular fa-copy"></i></button><button @click="openQrModal(a.totp)" title="Show QR" class="text-gray-400 hover:text-white"><i class="fa-solid fa-qrcode fa-lg"></i></button></div><span v-else class="text-gray-500">N/A</span></td>
                        <td class="px-2 py-4"><div class="flex items-center space-x-2"><button @click="editAccount(a)" class="text-blue-400 hover:text-blue-300"><i class="fa-solid fa-pen-to-square"></i></button><button @click="requestDelete(a)" class="text-red-400 hover:text-red-300"><i class="fa-solid fa-trash"></i></button></div></td>
                    </tr>
                </tbody>
            </table></div>
            
            <!-- All modals remain the same, so they are omitted for brevity -->
            <transition enter-active-class="ease-out duration-300" enter-from-class="opacity-0" enter-to-class="opacity-100" leave-active-class="ease-in duration-200" leave-from-class="opacity-100" leave-to-class="opacity-0"><div v-if="showQrModal" class="fixed inset-0 z-50 flex items-center justify-center bg-black/70 p-4" @click.self="closeQrModal"><transition enter-active-class="ease-out duration-300" enter-from-class="opacity-0 scale-95" enter-to-class="opacity-100 scale-100" leave-active-class="ease-in duration-200" leave-from-class="opacity-100 scale-100" leave-to-class="opacity-0 scale-95"><div v-if="showQrModal" class="w-full max-w-sm rounded-xl bg-gray-800 p-6"><h3 class="text-xl font-bold mb-4">Scan TOTP QR Code</h3><div ref="qrcodeContainer" class="p-4 bg-white rounded-lg flex justify-center w-full aspect-square"></div><div class="mt-6 flex justify-end"><button @click="closeQrModal" class="px-6 py-2 bg-blue-600 rounded-lg">Close</button></div></div></transition></div></transition>
            <transition enter-active-class="ease-out duration-300" enter-from-class="opacity-0" enter-to-class="opacity-100" leave-active-class="ease-in duration-200" leave-from-class="opacity-100" leave-to-class="opacity-0"><div v-if="showAccountForm" class="fixed inset-0 z-50 flex items-center justify-center bg-black/70 p-4" @click.self="closeAccountForm"><transition enter-active-class="ease-out duration-300" enter-from-class="opacity-0 scale-95" enter-to-class="opacity-100 scale-100" leave-active-class="ease-in duration-200" leave-from-class="opacity-100 scale-100" leave-to-class="opacity-0 scale-95"><div v-if="showAccountForm" class="relative w-full max-w-2xl rounded-xl bg-gray-800 flex flex-col max-h-[90vh]"><div class="flex-shrink-0 p-6 border-b"><h3 class="text-xl font-bold">{{ isEditMode ? 'Edit Account' : 'Add Account' }}</h3></div><div class="flex-grow overflow-y-auto p-6 grid grid-cols-1 md:grid-cols-2 gap-4" v-if="accountInForm"><div><label class="block text-sm">Category</label><select v-model="accountInForm.category" class="w-full bg-gray-700 rounded-md p-2"><option v-for="c in allCategories" :key="c.id" :value="c.name">{{ c.name }}</option></select></div><div><label class="block text-sm">Platform</label><select v-model="accountInForm.platform" class="w-full bg-gray-700 rounded-md p-2"><option v-for="p in allPlatforms" :key="p.id" :value="p.name">{{ p.name }}</option></select></div><div><label class="block text-sm">Mail</label><input type="email" v-model="accountInForm.mail" class="w-full bg-gray-700 rounded-md p-2"></div><div><label class="block text-sm">Username</label><input type="text" v-model="accountInForm.username" class="w-full bg-gray-700 rounded-md p-2"></div><div><label class="block text-sm">Password</label><input type="text" v-model="accountInForm.password" class="w-full bg-gray-700 rounded-md p-2"></div><div><label class="block text-sm">2F Status</label><select v-model="accountInForm.two_factor_status" class="w-full bg-gray-700 rounded-md p-2"><option value="on">On</option><option value="off">Off</option></select></div><div><label class="block text-sm">Recovery Mail</label><input type="email" v-model="accountInForm.rec_mail" class="w-full bg-gray-700 rounded-md p-2"></div><div><label class="block text-sm">Recovery Phone</label><input type="text" v-model="accountInForm.recovery_phone" class="w-full bg-gray-700 rounded-md p-2"></div><div class="md:col-span-2"><label class="block text-sm">Description</label><textarea v-model="accountInForm.description" rows="2" class="w-full bg-gray-700 rounded-md p-2"></textarea></div><div class="md:col-span-2"><label class="block text-sm">Backup Code</label><textarea v-model="accountInForm.backup_code" rows="2" class="w-full bg-gray-700 rounded-md p-2"></textarea></div><div class="md:col-span-2"><label class="block text-sm">TOTP URI</label><input type="text" v-model="accountInForm.totp" class="w-full bg-gray-700 rounded-md p-2" placeholder="otpauth://totp/..."></div></div><div class="flex-shrink-0 p-6 flex justify-end border-t space-x-2"><button @click="closeAccountForm" class="px-4 py-2 bg-gray-600 rounded-lg">Cancel</button><button @click="saveAccount" class="px-4 py-2 bg-blue-600 rounded-lg">{{ isEditMode ? 'Save' : 'Add' }}</button></div></div></transition></div></transition>
            <transition enter-active-class="ease-out duration-300" enter-from-class="opacity-0" enter-to-class="opacity-100" leave-active-class="ease-in duration-200" leave-from-class="opacity-100" leave-to-class="opacity-0"><div v-if="showConfirmModal" class="fixed inset-0 z-[60] flex items-center justify-center bg-black/80 p-4" @click.self="closeConfirmModal"><transition enter-active-class="ease-out duration-300" enter-from-class="opacity-0 scale-95" enter-to-class="opacity-100 scale-100" leave-active-class="ease-in duration-200" leave-from-class="opacity-100 scale-100" leave-to-class="opacity-0 scale-95"><div v-if="showConfirmModal" class="w-full max-w-md rounded-xl bg-gray-800 p-6"><h3 class="text-xl font-bold mb-2">Are you sure?</h3><p class="text-gray-400 text-sm mb-6">{{ confirmMessage }}</p><div class="mt-8 flex justify-end space-x-3"><button @click="closeConfirmModal" class="px-6 py-2 bg-gray-600 rounded-lg">Cancel</button><button @click="handleConfirm" class="px-6 py-2 bg-red-600 rounded-lg">Confirm</button></div></div></transition></div></transition>
        </section>
    </div>
</main>
<script>
    const exportHeaders = ["category", "platform", "mail", "description", "username", "password", "two_factor_status", "backup_code", "rec_mail", "recovery_phone", "totp"];
    function copyToClipboard(button, text) { navigator.clipboard.writeText(text).then(() => { const icon = button.querySelector('i'); const originalIcon = icon.className; button.disabled = true; icon.className = 'fa-solid fa-check text-green-400'; setTimeout(() => { icon.className = originalIcon; button.disabled = false; }, 1500); }); }
    function exportToCSV(data) { const csv = [ exportHeaders.join(','), ...data.map(row => exportHeaders.map(f => JSON.stringify(row[f])).join(',')) ].join('\r\n'); const blob = new Blob([csv], { type: 'text/csv;charset=utf-8;' }); const link = document.createElement("a"); link.href = URL.createObjectURL(blob); link.setAttribute("download", "accounts.csv"); link.click(); }
    function exportToJSON(data) { const link = document.createElement("a"); link.href = `data:text/json;charset=utf-8,${encodeURIComponent(JSON.stringify(data, null, 2))}`; link.download = "accounts.json"; link.click(); }
    function exportToXLSX(data) { const ws = XLSX.utils.json_to_sheet(data); const wb = XLSX.utils.book_new(); XLSX.utils.book_append_sheet(wb, ws, "Accounts"); XLSX.writeFile(wb, "accounts.xlsx"); }
    function exportToPDF(data) { const { jsPDF } = window.jspdf; const doc = new jsPDF(); doc.autoTable({ head: [exportHeaders], body: data.map(row => exportHeaders.map(h => row[h])), startY: 20 }); doc.text("Account Data", 14, 15); doc.save("accounts.pdf"); }
    Vue.createApp({
        data: () => ({ accounts: [], allCategories: [], allPlatforms: [], globalSearch: '', categoryFilter: '', platformFilter: '', pageSize: 10, sortKey: '', sortDirection: 'asc', columnFilters: { category: '', platform: '', mail: '', description: '', username: '' }, showExportMenu: false, showQrModal: false, showAccountForm: false, showConfirmModal: false, isEditMode: false, accountInForm: null, qrInstance: null, confirmMessage: '', confirmCallback: null }),
        computed: {
            uniqueCategories() { return [...new Set(this.accounts.map(i => i.category))]; },
            uniquePlatforms() { return [...new Set(this.accounts.map(i => i.platform))]; },
            fullFilteredAccounts() { let d = [...this.accounts]; if (this.sortKey) d.sort((a,b) => (this.sortDirection === 'asc' ? String(a[this.sortKey]).localeCompare(String(b[this.sortKey])) : String(b[this.sortKey]).localeCompare(String(a[this.sortKey])))); const g = this.globalSearch.toLowerCase(); return d.filter(i => (g === '' || Object.values(i).some(v=>String(v).toLowerCase().includes(g))) && (this.categoryFilter === '' || i.category === this.categoryFilter) && (this.platformFilter === '' || i.platform === this.platformFilter) && (Object.keys(this.columnFilters).every(k => this.columnFilters[k] === '' || String(i[k]).toLowerCase().includes(this.columnFilters[k].toLowerCase())))); },
            
            // *** RENAMED COMPUTED PROPERTY ***
            paginatedAccounts() { 
                return this.fullFilteredAccounts.slice(0, this.pageSize); 
            }
        },
        methods: {
            exportToCSV, exportToJSON, exportToXLSX, exportToPDF, copyToClipboard,
            sortBy(key) { if (this.sortKey === key) this.sortDirection = this.sortDirection === 'asc' ? 'desc' : 'asc'; else { this.sortKey = key; this.sortDirection = 'asc'; } },
            updateTotps() { this.accounts.forEach(a => { if (a.totpInstance) { a.remainingTime = a.period - (Math.floor(Date.now() / 1000) % a.period); if (a.remainingTime === a.period) a.currentOtp = a.totpInstance.generate(); } }); },
            togglePasswordVisibility(a) { clearTimeout(a.passwordTimeoutId); clearInterval(a.passwordIntervalId); a.isPasswordVisible = !a.isPasswordVisible; if (a.isPasswordVisible) { a.passwordVisibilityTimer = 30; a.passwordIntervalId = setInterval(()=>a.passwordVisibilityTimer--, 1000); a.passwordTimeoutId = setTimeout(() => { a.isPasswordVisible = false; clearInterval(a.passwordIntervalId); }, 30000); } },
            openQrModal(uri) { if (!uri) return; this.showQrModal = true; this.$nextTick(() => { const c = this.$refs.qrcodeContainer; if(c) { c.innerHTML = ''; new QRCode(c, { text: uri, width: 256, height: 256 }); } }); },
            addAccount() { this.isEditMode = false; this.accountInForm = { id: null, category: this.allCategories[0]?.name || '', platform: this.allPlatforms[0]?.name || '', mail: '', description: '', username: '', password: '', two_factor_status: 'off', backup_code: '', rec_mail: '', recovery_phone: '', totp: '' }; this.showAccountForm = true; },
            editAccount(a) { this.isEditMode = true; this.accountInForm = JSON.parse(JSON.stringify(a)); this.showAccountForm = true; },
            saveAccount() { this.openConfirmModal(this.isEditMode ? 'Save changes?' : 'Add account?', async () => { try { await apiFetch('/api/data_handler.php', { method: 'POST', body: this.accountInForm }); this.fetchData(); this.closeAccountForm(); } catch (e) { alert(`Error: ${e.message}`); } }); },
            requestDelete(a) { this.openConfirmModal(`Delete "${a.platform} - ${a.mail}"?`, async () => { try { await apiFetch('/api/data_handler.php', { method: 'DELETE', body: { id: a.id } }); this.fetchData(); } catch (e) { alert(`Error: ${e.message}`); } }); },
            openConfirmModal(m, cb) { this.confirmMessage = m; this.confirmCallback = cb; this.showConfirmModal = true; },
            handleConfirm() { if (this.confirmCallback) this.confirmCallback(); this.closeConfirmModal(); },
            closeQrModal() { this.showQrModal = false; }, closeAccountForm() { this.showAccountForm = false; }, closeConfirmModal() { this.showConfirmModal = false; },
            async fetchData() { try { const d = await apiFetch('/api/data_handler.php'); this.accounts = d.accounts.map(acc => { let i=null, p=30; if (acc.totp) try { i = OTPAuth.URI.parse(acc.totp); p = i.period; } catch(e){} return { ...acc, totpInstance: i, period: p, currentOtp: i ? i.generate() : null, remainingTime: p, isPasswordVisible: false, passwordVisibilityTimer: 0 }; }); this.allCategories = d.categories; this.allPlatforms = d.platforms; } catch (e) { alert(`Failed to load data: ${e.message}`); } }
        },
        mounted() { this.fetchData(); setInterval(this.updateTotps, 1000); }
    }).mount('#vue-app');
</script>
<?php require_once __DIR__ . '/includes/footer.php'; ?>
'''

user_php_content = r'''<?php require_once __DIR__ . '/includes/header.php'; ?>
<main class="pt-24">
    <div id="vue-app" v-cloak class="container mx-auto px-4 sm:px-6 lg:px-8 py-8">
        <h1 class="text-3xl font-bold text-white mb-8 text-center">User Management</h1>
        <div class="flex justify-between items-center mb-4 gap-4">
            <input type="text" v-model="userSearch" placeholder="Search users..." class="bg-gray-700 border border-gray-600 text-white rounded-lg p-2 focus:ring-blue-500 focus:border-blue-500 w-full max-w-xs">
            <button @click="addUser" class="flex-shrink-0 flex items-center justify-center space-x-2 bg-blue-600 hover:bg-blue-700 text-white font-semibold py-2 px-4 rounded-lg transition-colors"><i class="fa-solid fa-user-plus"></i><span>Add User</span></button>
        </div>
        <div class="overflow-x-auto relative shadow-md sm:rounded-lg border border-gray-700">
            <table class="w-full text-sm text-left text-gray-400">
                <thead class="text-xs text-gray-300 uppercase bg-gray-700">
                    <tr><th class="px-6 py-3">Username</th><th class="px-6 py-3">User Type</th><th class="px-6 py-3 text-right">Actions</th></tr>
                </thead>
                <tbody>
                    <tr v-for="user in filteredUsers" :key="user.id" class="bg-gray-800 border-b border-gray-700 hover:bg-gray-600">
                        <td class="px-6 py-4 font-medium text-white">{{ user.username }}</td>
                        <td class="px-6 py-4"><span :class="user.user_type === 'admin' ? 'bg-purple-900 text-purple-300' : 'bg-gray-600 text-gray-300'" class="text-xs font-medium px-2.5 py-0.5 rounded-full">{{ user.user_type }}</span></td>
                        <td class="px-6 py-4">
                            <div class="flex items-center justify-end space-x-2">
                                <button @click="editUser(user)" class="flex items-center space-x-2 text-blue-400 hover:text-blue-300 font-semibold py-1 px-3 rounded-md transition-colors bg-blue-900/50 hover:bg-blue-900/80"><i class="fa-solid fa-pen-to-square"></i><span>Edit</span></button>
                                <button @click="requestDelete(user)" class="flex items-center space-x-2 text-red-400 hover:text-red-300 font-semibold py-1 px-3 rounded-md transition-colors bg-red-900/50 hover:bg-red-900/80"><i class="fa-solid fa-trash"></i><span>Delete</span></button>
                            </div>
                        </td>
                    </tr>
                </tbody>
            </table>
        </div>
        <div v-if="showUserModal || showConfirmModal" class="fixed inset-0 z-50 flex items-center justify-center bg-black/70 p-4" @click.self="closeModals">
            <div v-if="showUserModal" class="w-full max-w-md rounded-xl bg-gray-800 border border-gray-700 shadow-2xl p-6">
                <h3 class="text-xl font-bold text-white mb-4">{{ modalTitle }}</h3>
                <form @submit.prevent="saveUser" class="space-y-4">
                    <div><label class="block text-sm">Username</label><input type="text" v-model="userInForm.username" class="w-full bg-gray-700 rounded-md p-2" required></div>
                    <div><label class="block text-sm">Password</label><input type="password" v-model="userInForm.password" class="w-full bg-gray-700 rounded-md p-2" :placeholder="isEditMode ? '(Leave blank)' : ''" :required="!isEditMode"></div>
                    <div><label class="block text-sm">User Type</label><select v-model="userInForm.user_type" class="w-full bg-gray-700 rounded-md p-2"><option value="user">User</option><option value="admin">Admin</option></select></div>
                    <div class="pt-4 flex justify-end space-x-3">
                        <button type="button" @click="closeUserModal" class="px-6 py-2 bg-gray-600 rounded-lg">Cancel</button>
                        <button type="submit" class="px-6 py-2 bg-blue-600 rounded-lg">{{ isEditMode ? 'Save' : 'Add' }}</button>
                    </div>
                </form>
            </div>
            <div v-if="showConfirmModal" class="w-full max-w-md rounded-xl bg-gray-800 border border-gray-700 shadow-2xl p-6">
                <h3 class="text-xl font-bold text-white mb-2">Are you sure?</h3><p class="text-gray-400 text-sm mb-6">{{ confirmMessage }}</p>
                <div class="mt-8 flex justify-end space-x-3"><button @click="closeConfirmModal" class="px-6 py-2 bg-gray-600 rounded-lg">Cancel</button><button @click="handleConfirm" class="px-6 py-2 bg-red-600 rounded-lg">Confirm</button></div>
            </div>
        </div>
    </div>
</main>
<script>
    Vue.createApp({
        data: () => ({ users: [], userSearch: '', showUserModal: false, isEditMode: false, userInForm: null, showConfirmModal: false, confirmMessage: '', confirmCallback: null }),
        computed: {
            filteredUsers() { const s = this.userSearch.toLowerCase(); return this.users.filter(u => u.username.toLowerCase().includes(s) || u.user_type.toLowerCase().includes(s)); },
            modalTitle() { return this.isEditMode ? 'Edit User' : 'Add New User'; }
        },
        methods: {
            async fetchUsers() { try { this.users = await apiFetch('/api/user_handler.php'); } catch (e) { alert(`Error: ${e.message}`); } },
            addUser() { this.isEditMode = false; this.userInForm = { id: null, username: '', password: '', user_type: 'user' }; this.showUserModal = true; },
            editUser(user) { this.isEditMode = true; this.userInForm = { ...user, password: '' }; this.showUserModal = true; },
            closeModals() { this.showUserModal = false; this.showConfirmModal = false; },
            closeUserModal() { this.showUserModal = false; },
            closeConfirmModal() { this.showConfirmModal = false; },
            async saveUser() {
                if (!this.userInForm.username || (!this.isEditMode && !this.userInForm.password)) { alert('All fields are required.'); return; }
                try { await apiFetch('/api/user_handler.php', { method: 'POST', body: this.userInForm }); this.fetchUsers(); this.closeUserModal(); } catch (e) { alert(`Error: ${e.message}`); }
            },
            requestDelete(user) { this.openConfirmModal(`Permanently delete user "${user.username}"?`, async () => { try { await apiFetch('/api/user_handler.php', { method: 'DELETE', body: { id: user.id } }); this.fetchUsers(); } catch (e) { alert(`Error: ${e.message}`); } }); },
            openConfirmModal(message, callback) { this.confirmMessage = message; this.confirmCallback = callback; this.showConfirmModal = true; },
            handleConfirm() { if (this.confirmCallback) this.confirmCallback(); this.closeConfirmModal(); }
        },
        mounted() { this.fetchUsers(); }
    }).mount('#vue-app');
</script>
<?php require_once __DIR__ . '/includes/footer.php'; ?>
'''

catagory_platform_php_content = r'''<?php require_once __DIR__ . '/includes/header.php'; ?>
<main class="pt-24">
    <div id="vue-app" v-cloak class="container mx-auto px-4 sm:px-6 lg:px-8 py-8">
        <h1 class="text-3xl font-bold text-white mb-8 text-center">Manage Categories & Platforms</h1>
        <div class="grid grid-cols-1 md:grid-cols-2 gap-12">
            <section>
                <h2 class="text-2xl font-semibold text-white mb-4">Categories</h2>
                <div class="flex justify-between items-center mb-4 gap-4">
                    <input type="text" v-model="categorySearch" placeholder="Search..." class="bg-gray-700 border border-gray-600 text-white rounded-lg p-2 w-full max-w-xs">
                    <button @click="addItem('category')" class="flex-shrink-0 flex items-center justify-center space-x-2 bg-blue-600 hover:bg-blue-700 text-white font-semibold py-2 px-4 rounded-lg"><i class="fa-solid fa-plus"></i><span>Add</span></button>
                </div>
                <div class="overflow-x-auto relative shadow-md sm:rounded-lg border border-gray-700">
                    <table class="w-full text-sm text-left text-gray-400">
                        <thead><tr><th class="px-6 py-3">Name</th><th class="px-6 py-3 text-right">Actions</th></tr></thead>
                        <tbody><tr v-for="c in filteredCategories" :key="c.id" class="bg-gray-800 border-b border-gray-700 hover:bg-gray-600"><td class="px-6 py-4">{{ c.name }}</td><td class="px-6 py-4 text-right"><button @click="editItem('category', c)" class="text-blue-400 px-2"><i class="fa-solid fa-pen-to-square"></i></button><button @click="requestDelete('category', c)" class="text-red-400 px-2"><i class="fa-solid fa-trash"></i></button></td></tr></tbody>
                    </table>
                </div>
            </section>
            <section>
                <h2 class="text-2xl font-semibold text-white mb-4">Platforms</h2>
                <div class="flex justify-between items-center mb-4 gap-4">
                     <input type="text" v-model="platformSearch" placeholder="Search..." class="bg-gray-700 border border-gray-600 text-white rounded-lg p-2 w-full max-w-xs">
                    <button @click="addItem('platform')" class="flex-shrink-0 flex items-center justify-center space-x-2 bg-blue-600 hover:bg-blue-700 text-white font-semibold py-2 px-4 rounded-lg"><i class="fa-solid fa-plus"></i><span>Add</span></button>
                </div>
                 <div class="overflow-x-auto relative shadow-md sm:rounded-lg border border-gray-700">
                    <table class="w-full text-sm text-left text-gray-400">
                        <thead><tr><th class="px-6 py-3">Name</th><th class="px-6 py-3 text-right">Actions</th></tr></thead>
                        <tbody><tr v-for="p in filteredPlatforms" :key="p.id" class="bg-gray-800 border-b border-gray-700 hover:bg-gray-600"><td class="px-6 py-4">{{ p.name }}</td><td class="px-6 py-4 text-right"><button @click="editItem('platform', p)" class="text-blue-400 px-2"><i class="fa-solid fa-pen-to-square"></i></button><button @click="requestDelete('platform', p)" class="text-red-400 px-2"><i class="fa-solid fa-trash"></i></button></td></tr></tbody>
                    </table>
                </div>
            </section>
        </div>
        <div v-if="showFormModal || showConfirmModal" class="fixed inset-0 z-50 flex items-center justify-center bg-black/70 p-4" @click.self="closeModals">
            <div v-if="showFormModal" class="w-full max-w-md rounded-xl bg-gray-800 border border-gray-700 shadow-2xl p-6">
                <h3 class="text-xl font-bold text-white mb-4">{{ formTitle }}</h3>
                <form @submit.prevent="saveItem">
                    <div><label class="block text-sm">{{ formLabel }}</label><input type="text" v-model="currentItem.name" class="w-full bg-gray-700 rounded-md p-2" required></div>
                    <div class="mt-8 flex justify-end space-x-3"><button type="button" @click="closeFormModal" class="px-6 py-2 bg-gray-600 rounded-lg">Cancel</button><button type="submit" class="px-6 py-2 bg-blue-600 rounded-lg">{{ isEditMode ? 'Save' : 'Add' }}</button></div>
                </form>
            </div>
            <div v-if="showConfirmModal" class="w-full max-w-md rounded-xl bg-gray-800 border-gray-700 shadow-2xl p-6">
                <h3 class="text-xl font-bold text-white mb-2">Are you sure?</h3><p class="text-gray-400 text-sm mb-6">{{ confirmMessage }}</p>
                <div class="mt-8 flex justify-end space-x-3"><button @click="closeConfirmModal" class="px-6 py-2 bg-gray-600 rounded-lg">Cancel</button><button @click="handleConfirm" class="px-6 py-2 bg-red-600 rounded-lg">Confirm</button></div>
            </div>
        </div>
    </div>
</main>
<script>
    Vue.createApp({
        data: () => ({ categories: [], platforms: [], categorySearch: '', platformSearch: '', showFormModal: false, isEditMode: false, modalType: '', currentItem: null, showConfirmModal: false, confirmMessage: '', confirmCallback: null }),
        computed: {
            filteredCategories() { const s = this.categorySearch.toLowerCase(); return this.categories.filter(c => c.name.toLowerCase().includes(s)); },
            filteredPlatforms() { const s = this.platformSearch.toLowerCase(); return this.platforms.filter(p => p.name.toLowerCase().includes(s)); },
            formTitle() { return `${this.isEditMode ? 'Edit' : 'Add New'} ${this.modalType.charAt(0).toUpperCase() + this.modalType.slice(1)}`; },
            formLabel() { return `${this.modalType.charAt(0).toUpperCase() + this.modalType.slice(1)} Name`; }
        },
        methods: {
            async fetchData() { try { const d = await apiFetch('/api/cp_handler.php'); this.categories = d.categories; this.platforms = d.platforms; } catch (e) { alert(`Error: ${e.message}`); } },
            addItem(type) { this.isEditMode = false; this.modalType = type; this.currentItem = { id: null, name: '' }; this.showFormModal = true; },
            editItem(type, item) { this.isEditMode = true; this.modalType = type; this.currentItem = { ...item }; this.showFormModal = true; },
            closeModals() { this.showFormModal = false; this.showConfirmModal = false; },
            closeFormModal() { this.showFormModal = false; },
            closeConfirmModal() { this.showConfirmModal = false; },
            async saveItem() { if (!this.currentItem || !this.currentItem.name.trim()) { alert('Name cannot be empty.'); return; } try { await apiFetch('/api/cp_handler.php', { method: 'POST', body: { type: this.modalType, item: this.currentItem } }); this.fetchData(); this.closeFormModal(); } catch (e) { alert(`Error: ${e.message}`); } },
            requestDelete(type, item) { this.openConfirmModal(`Permanently delete ${type} "${item.name}"?`, async () => { try { await apiFetch('/api/cp_handler.php', { method: 'DELETE', body: { type: type, id: item.id } }); this.fetchData(); } catch (e) { alert(`Error: ${e.message}`); } }); },
            openConfirmModal(message, callback) { this.confirmMessage = message; this.confirmCallback = callback; this.showConfirmModal = true; },
            handleConfirm() { if (this.confirmCallback) this.confirmCallback(); this.closeConfirmModal(); }
        },
        mounted() { this.fetchData(); }
    }).mount('#vue-app');
</script>
<?php require_once __DIR__ . '/includes/footer.php'; ?>
'''

change_password_php_content = r'''<?php require_once __DIR__ . '/includes/header.php'; ?>
<main class="pt-24">
    <div id="vue-app" v-cloak class="container mx-auto px-4 sm:px-6 lg:px-8 py-8">
        <div class="max-w-md mx-auto bg-gray-800 p-8 rounded-xl shadow-lg border border-gray-700">
            <h1 class="text-3xl font-bold text-white mb-6 text-center">Change Your Password</h1>
            <form @submit.prevent="handleChangePassword" class="space-y-6">
                <div><label for="old-password" class="block text-sm">Old Password</label><input v-model="oldPassword" :type="inputTypes.old" @focus="showPassword('old')" @blur="hidePassword('old')" id="old-password" class="w-full bg-gray-700 rounded-md p-3" required></div>
                <div><label for="new-password" class="block text-sm">New Password</label><input v-model="newPassword" :type="inputTypes.new" @focus="showPassword('new')" @blur="hidePassword('new')" id="new-password" class="w-full bg-gray-700 rounded-md p-3" required></div>
                <div><label for="confirm-password" class="block text-sm">Confirm New Password</label><input v-model="confirmPassword" :type="inputTypes.confirm" @focus="showPassword('confirm')" @blur="hidePassword('confirm')" id="confirm-password" class="w-full bg-gray-700 rounded-md p-3" required></div>
                <div v-if="message.text" :class="message.type === 'error' ? 'text-red-400' : 'text-green-400'" class="flex items-center space-x-2 text-sm"><i class="fa-solid" :class="message.type === 'error' ? 'fa-circle-exclamation' : 'fa-check-circle'"></i><span>{{ message.text }}</span></div>
                <div><button type="submit" class="w-full flex items-center justify-center space-x-2 bg-blue-600 hover:bg-blue-700 text-white font-semibold py-3 px-4 rounded-lg" :disabled="isLoading || passwordMismatchError"><i v-if="isLoading" class="fa-solid fa-spinner fa-spin"></i><span v-else>Change Password</span></button></div>
            </form>
        </div>
    </div>
</main>
<script>
    Vue.createApp({
        data: () => ({ oldPassword: '', newPassword: '', confirmPassword: '', isLoading: false, message: { text: null, type: null }, inputTypes: { old: 'password', new: 'password', confirm: 'password' } }),
        computed: { passwordMismatchError() { return this.newPassword && this.confirmPassword && this.newPassword !== this.confirmPassword; } },
        methods: {
            showPassword(f) { this.inputTypes[f] = 'text'; }, hidePassword(f) { this.inputTypes[f] = 'password'; },
            validatePasswords() { if (this.passwordMismatchError) this.message = { text: 'The new passwords do not match.', type: 'error' }; else if (this.message.text === 'The new passwords do not match.') this.message = { text: null, type: null }; },
            async handleChangePassword() {
                this.validatePasswords(); if (this.passwordMismatchError) return;
                if (!this.oldPassword || !this.newPassword) { this.message = { text: 'Please fill in all fields.', type: 'error' }; return; }
                if (this.newPassword.length < 8) { this.message = { text: 'New password must be at least 8 characters.', type: 'error' }; return; }
                this.isLoading = true; this.message = { text: null, type: null };
                try {
                    await apiFetch('/api/password_change_handler.php', { method: 'POST', body: { oldPassword: this.oldPassword, newPassword: this.newPassword } });
                    this.message = { text: 'Password changed successfully!', type: 'success' }; this.oldPassword = ''; this.newPassword = ''; this.confirmPassword = '';
                } catch (e) { this.message = { text: e.message, type: 'error' }; } finally { this.isLoading = false; }
            }
        },
        watch: { newPassword() { this.validatePasswords(); }, confirmPassword() { this.validatePasswords(); } }
    }).mount('#vue-app');
</script>
<?php require_once __DIR__ . '/includes/footer.php'; ?>
'''

qrcode_php_content = r'''<?php require_once __DIR__ . '/includes/header.php'; ?>
<main class="pt-24">
    <div class="container mx-auto px-4 sm:px-6 lg:px-8 py-8">
        <div class="max-w-2xl mx-auto">
            <h1 class="text-3xl font-bold text-white mb-6 text-center">Scan QR Code</h1>
            <label for="qr-input-file" id="drop-zone" class="relative flex flex-col items-center justify-center w-full h-64 border-2 border-dashed rounded-lg cursor-pointer bg-gray-800 border-gray-600 hover:border-gray-500 hover:bg-gray-700 transition-colors">
                <div id="drop-zone-prompt" class="flex flex-col items-center justify-center pt-5 pb-6 text-center">
                    <i class="fa-solid fa-qrcode text-8xl text-gray-700 mb-4"></i>
                    <p class="mb-2 text-lg text-gray-400"><span class="font-semibold">Click to upload</span> or drag and drop</p>
                    <p class="text-sm text-gray-500">You can also paste an image from your clipboard</p>
                </div>
                <img id="image-preview" src="" class="hidden h-full w-full object-contain rounded-lg p-2" alt="Image preview"/>
                <input id="qr-input-file" type="file" class="hidden" accept="image/*" />
            </label>
            <div class="mt-4 flex flex-col sm:flex-row space-y-2 sm:space-y-0 sm:space-x-4">
                <button id="paste-button" class="w-full flex items-center justify-center space-x-2 bg-blue-600 hover:bg-blue-700 text-white font-semibold py-3 px-4 rounded-lg transition-colors"><i class="fa-solid fa-paste"></i><span>Paste from Clipboard</span></button>
                <button id="scan-button" disabled class="w-full flex items-center justify-center space-x-2 bg-gray-600 text-gray-400 font-semibold py-3 px-4 rounded-lg cursor-not-allowed"><i class="fa-solid fa-magnifying-glass"></i><span>Scan</span></button>
                <button id="clear-button" class="hidden flex-shrink-0 items-center justify-center space-x-2 bg-red-600 hover:bg-red-700 text-white font-semibold py-3 px-4 rounded-lg"><i class="fa-solid fa-xmark"></i><span>Clear</span></button>
            </div>
            <div class="mt-6">
                <label for="result-text" class="block text-sm font-medium text-gray-300 mb-2">Scanned Result:</label>
                <div class="relative">
                    <textarea id="result-text" rows="4" readonly class="block w-full p-3 pr-12 bg-gray-700 border border-gray-600 rounded-lg text-gray-200 font-mono" placeholder="QR code data will appear here..."></textarea>
                    <button id="copy-button" title="Copy to clipboard" class="absolute top-3 right-3 text-gray-400 hover:text-white"><i class="fa-regular fa-copy fa-lg"></i></button>
                </div>
            </div>
        </div>
        <canvas id="qr-canvas" class="hidden"></canvas>
    </div>
</main>
<script>
    document.addEventListener('DOMContentLoaded', () => {
        const dropZone = document.getElementById('drop-zone'), dropZonePrompt = document.getElementById('drop-zone-prompt'), imagePreview = document.getElementById('image-preview'), fileInput = document.getElementById('qr-input-file'), scanButton = document.getElementById('scan-button'), clearButton = document.getElementById('clear-button'), pasteButton = document.getElementById('paste-button'), resultText = document.getElementById('result-text'), copyButton = document.getElementById('copy-button'), canvas = document.getElementById('qr-canvas'), ctx = canvas.getContext('2d');
        let imageFile = null;
        const resetUI = () => { imageFile = null; fileInput.value = ''; imagePreview.classList.add('hidden'); imagePreview.src = ''; dropZonePrompt.classList.remove('hidden'); scanButton.disabled = true; scanButton.className = "w-full flex items-center justify-center space-x-2 bg-gray-600 text-gray-400 font-semibold py-3 px-4 rounded-lg cursor-not-allowed"; clearButton.classList.add('hidden'); resultText.value = ''; };
        const handleFile = file => { if (!file || !file.type.startsWith('image/')) { alert('Please select an image file.'); return; } imageFile = file; const reader = new FileReader(); reader.onload = e => { imagePreview.src = e.target.result; imagePreview.classList.remove('hidden'); dropZonePrompt.classList.add('hidden'); }; reader.readAsDataURL(file); scanButton.disabled = false; scanButton.className = "w-full flex items-center justify-center space-x-2 bg-blue-600 hover:bg-blue-700 text-white font-semibold py-3 px-4 rounded-lg"; clearButton.classList.remove('hidden'); resultText.value = ''; };
        const scanImage = () => { if (!imageFile) return; resultText.value = 'Scanning...'; const image = new Image(); image.onload = () => { canvas.width = image.width; canvas.height = image.height; ctx.drawImage(image, 0, 0, image.width, image.height); const imageData = ctx.getImageData(0, 0, image.width, image.height); const code = jsQR(imageData.data, imageData.width, imageData.height, { inversionAttempts: 'dontInvert' }); resultText.value = code ? code.data : 'Error: No QR code found.'; }; image.src = URL.createObjectURL(imageFile); };
        const pasteFromClipboard = async () => { try { const items = await navigator.clipboard.read(); for (const item of items) { const imageType = item.types.find(t => t.startsWith('image/')); if (imageType) { const blob = await item.getType(imageType); handleFile(new File([blob], "clipboard.png", { type: blob.type })); return; } } alert('No image found on clipboard.'); } catch (err) { console.error('Paste error:', err); alert('Could not paste from clipboard. Check permissions.'); } };
        const copyResult = () => { if (!resultText.value) return; navigator.clipboard.writeText(resultText.value).then(() => { const icon = copyButton.querySelector('i'); const orig = icon.className; icon.className = 'fa-solid fa-check text-green-400 fa-lg'; setTimeout(() => icon.className = orig, 1500); }); };
        dropZone.addEventListener('dragover', e => { e.preventDefault(); dropZone.classList.add('drag-over'); });
        dropZone.addEventListener('dragleave', e => { e.preventDefault(); dropZone.classList.remove('drag-over'); });
        dropZone.addEventListener('drop', e => { e.preventDefault(); dropZone.classList.remove('drag-over'); handleFile(e.dataTransfer.files[0]); });
        fileInput.addEventListener('change', e => handleFile(e.target.files[0]));
        document.addEventListener('paste', e => { const file = Array.from(e.clipboardData.items).find(i => i.type.includes('image'))?.getAsFile(); if (file) handleFile(file); });
        pasteButton.addEventListener('click', pasteFromClipboard); scanButton.addEventListener('click', scanImage); clearButton.addEventListener('click', resetUI); copyButton.addEventListener('click', copyResult);
    });
</script>
<?php require_once __DIR__ . '/includes/footer.php'; ?>
'''

# --- Root index.php for redirection ---
root_index_php_content = r'''<?php
// This file redirects requests from the project root to the public directory.
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
header('Location: ' . $uri . '/public/');
exit;
'''

recovery_php_content = r'''<?php require_once __DIR__ . '/includes/header.php'; ?>
<main class="pt-24">
    <div id="vue-app" v-cloak class="container mx-auto px-4 sm:px-6 lg:px-8 py-8">
        <div class="max-w-md mx-auto bg-gray-800 p-8 rounded-xl shadow-lg border border-gray-700">
            <h1 class="text-3xl font-bold text-white mb-6 text-center">Account Recovery</h1>
            <div v-if="currentStep === 1">
                <form @submit.prevent="verifyCode" class="space-y-6">
                    <div v-if="isLoggedIn">
                        <button type="button" @click="openGenerateModal" class="w-full flex items-center justify-center space-x-2 bg-gray-600 hover:bg-gray-500 text-white font-semibold py-3 px-4 rounded-lg"><i class="fa-solid fa-shield-halved"></i><span>Generate New Recovery Code</span></button>
                        <div class="relative flex items-center text-gray-400 my-4"><div class="flex-grow border-t border-gray-600"></div><span class="flex-shrink mx-4 text-sm">OR</span><div class="flex-grow border-t border-gray-600"></div></div>
                    </div>
                    <div><label for="username" class="block text-sm">Username</label><input v-model="username" id="username" class="w-full bg-gray-700 rounded-md p-3" required></div>
                    <div><label for="recovery-code" class="block text-sm">Recovery Code</label><input v-model="recoveryCode" id="recovery-code" class="w-full bg-gray-700 rounded-md p-3" placeholder="XXXX-XXXX-XXXX" required></div>
                    <div v-if="message.text" class="text-red-400 text-sm">{{ message.text }}</div>
                    <div><button type="submit" class="w-full flex items-center justify-center space-x-2 bg-blue-600 hover:bg-blue-700 text-white font-semibold py-3 px-4 rounded-lg" :disabled="isLoading || !recoveryCode.trim() || !username.trim()"><i v-if="isLoading" class="fa-solid fa-spinner fa-spin"></i><span v-else>Recover Account</span></button></div>
                </form>
            </div>
            <div v-if="currentStep === 2">
                <div class="text-center mb-6"><p class="text-green-400">Recovery code accepted. Set a new password.</p></div>
                <form @submit.prevent="setNewPassword" class="space-y-6">
                    <div><label class="block text-sm">New Password</label><input v-model="newPassword" :type="inputTypes.new" @focus="showPassword('new')" @blur="hidePassword('new')" class="w-full bg-gray-700 rounded-md p-3" required></div>
                    <div><label class="block text-sm">Confirm New Password</label><input v-model="confirmPassword" :type="inputTypes.confirm" @focus="showPassword('confirm')" @blur="hidePassword('confirm')" class="w-full bg-gray-700 rounded-md p-3" required></div>
                    <div v-if="message.text" :class="message.type === 'error' ? 'text-red-400' : 'text-green-400'" class="flex items-center space-x-2 text-sm"><i class="fa-solid" :class="message.type === 'error' ? 'fa-circle-exclamation' : 'fa-check-circle'"></i><span>{{ message.text }}</span></div>
                    <div><button type="submit" class="w-full flex items-center justify-center space-x-2 bg-blue-600 hover:bg-blue-700 text-white font-semibold py-3 px-4 rounded-lg" :disabled="isLoading || passwordMismatchError"><i v-if="isLoading" class="fa-solid fa-spinner fa-spin"></i><span v-else>Set New Password</span></button></div>
                </form>
            </div>
        </div>
        <div v-if="showGenerateModal" class="fixed inset-0 z-50 flex items-center justify-center bg-black/70 p-4" @click.self="closeGenerateModal">
            <div class="w-full max-w-md rounded-xl bg-gray-800 border border-gray-700 shadow-2xl p-6">
                <div v-if="modalStep === 1">
                    <h3 class="text-xl font-bold text-white mb-2">Verify Identity</h3><p class="text-gray-400 text-sm mb-6">Enter current password to generate a new recovery code.</p>
                    <form @submit.prevent="verifyPasswordAndGenerate">
                        <label class="block text-sm">Current Password</label><input v-model="currentPassword" type="password" class="w-full bg-gray-700 rounded-md p-2" required>
                        <div v-if="passwordError" class="text-red-400 text-sm mt-2">{{ passwordError }}</div>
                        <div class="mt-8 flex justify-end space-x-3"><button type="button" @click="closeGenerateModal" class="px-6 py-2 bg-gray-600 rounded-lg">Cancel</button><button type="submit" class="px-6 py-2 bg-blue-600 rounded-lg">Verify</button></div>
                    </form>
                </div>
                <div v-if="modalStep === 2">
                    <h3 class="text-xl font-bold text-white mb-2">New Recovery Code</h3>
                    <div class="mt-4 p-4 bg-red-900/50 border border-red-700 rounded-lg text-red-300 text-sm"><p class="font-bold"><i class="fa-solid fa-triangle-exclamation mr-2"></i>Store this in a safe place.</p><p>If you lose this and your password, data is lost forever.</p></div>
                    <div class="relative my-6"><pre class="w-full text-center text-2xl font-mono tracking-widest bg-gray-900 p-4 rounded-lg text-white">{{ generatedCode }}</pre><button @click="copyCode($event.currentTarget)" title="Copy" class="absolute top-1/2 -translate-y-1/2 right-3 text-gray-400 hover:text-white"><i class="fa-regular fa-copy fa-lg"></i></button></div>
                    <div class="flex space-x-4"><button @click="downloadCode" class="w-full flex items-center justify-center space-x-2 bg-gray-600 hover:bg-gray-500 py-2 rounded-lg"><i class="fa-solid fa-download"></i><span>Download</span></button><button @click="printCode" class="w-full flex items-center justify-center space-x-2 bg-gray-600 hover:bg-gray-500 py-2 rounded-lg"><i class="fa-solid fa-print"></i><span>Print</span></button></div>
                    <div class="mt-8 flex justify-end"><button @click="closeGenerateModal" class="px-6 py-2 bg-blue-600 rounded-lg">Done</button></div>
                </div>
            </div>
        </div>
        <div id="printable-area" class="hidden"><h1>Black-Clover - Account Recovery Code</h1><hr><p><strong>IMPORTANT:</strong> Store this code in a safe place. If you lose this and your password, your data will be permanently lost.</p><p>Your new recovery code is:</p><pre style="font-size:24px;font-family:monospace;background:#f0f0f0;padding:10px;border:1px solid #ccc;">{{ generatedCode }}</pre></div>
    </div>
</main>
<script>
    Vue.createApp({
        data: () => ({ isLoggedIn: <?= is_logged_in() ? 'true' : 'false' ?>, currentStep: 1, recoveryCode: '', username: '', newPassword: '', confirmPassword: '', isLoading: false, message: { text: null, type: null }, inputTypes: { new: 'password', confirm: 'password' }, showGenerateModal: false, modalStep: 1, currentPassword: '', passwordError: '', generatedCode: null, recoveryToken: null, BASE_PATH: BASE_PATH }),
        computed: { passwordMismatchError() { return this.newPassword && this.confirmPassword && this.newPassword !== this.confirmPassword; } },
        methods: {
            async verifyCode() {
                this.isLoading = true; this.message = { text: null, type: null };
                try {
                    const res = await apiFetch('/api/recovery_handler.php', { method: 'POST', body: { action: 'verify_code', username: this.username, recoveryCode: this.recoveryCode } });
                    this.recoveryToken = res.token; this.currentStep = 2;
                } catch (e) { this.message = { text: e.message, type: 'error' }; } finally { this.isLoading = false; }
            },
            async setNewPassword() {
                if (this.passwordMismatchError || this.newPassword.length < 8) { this.message = { text: this.passwordMismatchError ? 'Passwords do not match.' : 'Password must be 8+ characters.', type: 'error' }; return; }
                this.isLoading = true; this.message = { text: null, type: null };
                try {
                    await apiFetch('/api/recovery_handler.php', { method: 'POST', body: { action: 'reset_password', token: this.recoveryToken, newPassword: this.newPassword } });
                    this.message = { text: 'Password reset! Redirecting to login...', type: 'success' };
                    setTimeout(() => {
                        window.location.href = this.BASE_PATH + '/login.php'; // *** CORRECTED REDIRECT ***
                    }, 2000);
                } catch (e) { this.message = { text: e.message, type: 'error' }; } finally { this.isLoading = false; }
            },
            showPassword(f) { this.inputTypes[f] = 'text'; }, hidePassword(f) { this.inputTypes[f] = 'password'; },
            openGenerateModal() { this.modalStep = 1; this.currentPassword = ''; this.passwordError = ''; this.generatedCode = null; this.showGenerateModal = true; },
            closeGenerateModal() { this.showGenerateModal = false; },
            async verifyPasswordAndGenerate() {
                this.passwordError = ''; if (!this.currentPassword) { this.passwordError = 'Password cannot be empty.'; return; }
                try { const res = await apiFetch('/api/recovery_handler.php', { method: 'POST', body: { action: 'generate_code', currentPassword: this.currentPassword } }); this.generatedCode = res.recoveryCode; this.modalStep = 2; } catch (e) { this.passwordError = e.message; }
            },
            copyCode(button) { navigator.clipboard.writeText(this.generatedCode).then(() => { const icon = button.querySelector('i'); const orig = icon.className; button.disabled = true; icon.className = 'fa-solid fa-check text-green-400 fa-lg'; setTimeout(() => { icon.className = orig; button.disabled = false; }, 1500); }); },
            downloadCode() { const content = `Black-Clover - Account Recovery Code\n\nIMPORTANT: Store this in a safe place.\n\n${this.generatedCode}`; const blob = new Blob([content], { type: 'text/plain;charset=utf-8' }); const link = document.createElement("a"); link.href = URL.createObjectURL(blob); link.download = "black-clover-recovery-code.txt"; link.click(); URL.revokeObjectURL(link.href); },
            printCode() { window.print(); }
        }
    }).mount('#vue-app');
</script>
<?php require_once __DIR__ . '/includes/footer.php'; ?>
'''
# ==============================================================================
# --- MAIN EXECUTION ---
# ==============================================================================
def main():
    """Main function to create the project structure."""
    print("Starting Black-Clover project generation...")
    os.makedirs(PROJECT_NAME, exist_ok=True)

    create_file(os.path.join(PROJECT_NAME, "config/config.php"), config_php_content)
    
    public_dirs = ["public/api", "public/includes"]
    for d in public_dirs:
        os.makedirs(os.path.join(PROJECT_NAME, d), exist_ok=True)
        
    create_file(os.path.join(PROJECT_NAME, "public/index.php"), index_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/setup.php"), setup_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/login.php"), login_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/dashboard.php"), dashboard_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/user.php"), user_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/catagory-platform.php"), catagory_platform_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/change-password.php"), change_password_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/qrcode.php"), qrcode_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/recovery.php"), recovery_php_content)

    create_file(os.path.join(PROJECT_NAME, "public/includes/bootstrap.php"), bootstrap_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/includes/header.php"), header_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/includes/footer.php"), footer_php_content)
    create_file(os.path.join(PROJECT_NAME, "index.php"), root_index_php_content)
    
    create_file(os.path.join(PROJECT_NAME, "public/api/setup_handler.php"), setup_handler_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/api/login_handler.php"), login_handler_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/api/logout_handler.php"), logout_handler_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/api/data_handler.php"), data_handler_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/api/user_handler.php"), user_handler_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/api/cp_handler.php"), cp_handler_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/api/password_change_handler.php"), password_change_handler_php_content)
    create_file(os.path.join(PROJECT_NAME, "public/api/recovery_handler.php"), recovery_handler_php_content)

    db_dir = os.path.join(PROJECT_NAME, "database")
    os.makedirs(db_dir, exist_ok=True)
    try:
        os.chmod(db_dir, stat.S_IRWXU | stat.S_IRWXG | stat.S_IROTH | stat.S_IXOTH)
        print(f"Set permissions for directory: {db_dir}")
    except Exception as e:
        print(f"Warning: Could not set permissions for {db_dir}. Please ensure your web server can write to this directory. Error: {e}")

    print("\nProject generation complete!")
    print(f"Project created in: ./{PROJECT_NAME}/")
    print("\nNext Steps:")
    print(f"1. Delete any old '{PROJECT_NAME}' directory and its database.")
    print(f"2. Point your local web server to the new '{PROJECT_NAME}/public' directory.")
    print("3. Ensure local SSL (HTTPS) is enabled for your site.")
    print("4. Open your site in a browser to begin the fresh setup.")

if __name__ == "__main__":
    main()