56 lines
1.6 KiB
PHP
56 lines
1.6 KiB
PHP
<?php
|
|
session_start();
|
|
header('Content-Type: application/json');
|
|
|
|
require_once 'db/config.php';
|
|
|
|
// User must be logged in
|
|
if (!isset($_SESSION['user_id'])) {
|
|
echo json_encode(['error' => 'Authentication required']);
|
|
http_response_code(401);
|
|
exit;
|
|
}
|
|
|
|
// Server ID must be provided
|
|
if (!isset($_GET['server_id'])) {
|
|
echo json_encode(['error' => 'Server ID is missing']);
|
|
http_response_code(400);
|
|
exit;
|
|
}
|
|
|
|
$user_id = $_SESSION['user_id'];
|
|
$server_id = (int)$_GET['server_id'];
|
|
|
|
try {
|
|
$pdo = db();
|
|
|
|
// Security check: Ensure the user is a member of the server
|
|
$stmt = $pdo->prepare("SELECT 1 FROM server_members WHERE server_id = :server_id AND user_id = :user_id");
|
|
$stmt->execute(['server_id' => $server_id, 'user_id' => $user_id]);
|
|
if ($stmt->fetchColumn() === false) {
|
|
echo json_encode(['error' => 'Access denied']);
|
|
http_response_code(403);
|
|
exit;
|
|
}
|
|
|
|
// Fetch server details
|
|
$stmt = $pdo->prepare("SELECT name FROM servers WHERE id = :server_id");
|
|
$stmt->execute(['server_id' => $server_id]);
|
|
$server = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
// Fetch channels for the server
|
|
$stmt = $pdo->prepare("SELECT id, name FROM channels WHERE server_id = :server_id ORDER BY name ASC");
|
|
$stmt->execute(['server_id' => $server_id]);
|
|
$channels = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
echo json_encode([
|
|
'server' => $server,
|
|
'channels' => $channels
|
|
]);
|
|
|
|
} catch (PDOException $e) {
|
|
echo json_encode(['error' => 'Database error']);
|
|
http_response_code(500);
|
|
// In a real app, you would log the error message, not expose it.
|
|
}
|