<?php
session_start();
header('Content-Type: application/json');

require_once 'db/config.php';

// User must be logged in
if (!isset($_SESSION['user_id'])) {
    echo json_encode(['error' => 'Authentication required']);
    http_response_code(401);
    exit;
}

// Server ID must be provided
if (!isset($_GET['server_id'])) {
    echo json_encode(['error' => 'Server ID is missing']);
    http_response_code(400);
    exit;
}

$user_id = $_SESSION['user_id'];
$server_id = (int)$_GET['server_id'];

try {
    $pdo = db();

    // Security check: Ensure the user is a member of the server
    $stmt = $pdo->prepare("SELECT 1 FROM server_members WHERE server_id = :server_id AND user_id = :user_id");
    $stmt->execute(['server_id' => $server_id, 'user_id' => $user_id]);
    if ($stmt->fetchColumn() === false) {
        echo json_encode(['error' => 'Access denied']);
        http_response_code(403);
        exit;
    }

    // Fetch server details
    $stmt = $pdo->prepare("SELECT name FROM servers WHERE id = :server_id");
    $stmt->execute(['server_id' => $server_id]);
    $server = $stmt->fetch(PDO::FETCH_ASSOC);

    // Fetch channels for the server
    $stmt = $pdo->prepare("SELECT id, name FROM channels WHERE server_id = :server_id ORDER BY name ASC");
    $stmt->execute(['server_id' => $server_id]);
    $channels = $stmt->fetchAll(PDO::FETCH_ASSOC);

    echo json_encode([
        'server' => $server,
        'channels' => $channels
    ]);

} catch (PDOException $e) {
    echo json_encode(['error' => 'Database error']);
    http_response_code(500);
    // In a real app, you would log the error message, not expose it.
}