'User not authenticated']); exit; } require_once 'db/config.php'; $request_body = file_get_contents('php://input'); $data = json_decode($request_body, true); if ($_SERVER['REQUEST_METHOD'] !== 'POST' || json_last_error() !== JSON_ERROR_NONE) { http_response_code(400); echo json_encode(['error' => 'Invalid request']); exit; } $project_id = filter_var($data['project_id'] ?? null, FILTER_VALIDATE_INT); $description = trim($data['description'] ?? ''); $duration = filter_var($data['duration'] ?? null, FILTER_VALIDATE_INT); $shot_type = trim($data['shot_type'] ?? ''); if (!$project_id || empty($description) || !$duration || empty($shot_type)) { http_response_code(400); echo json_encode(['error' => 'Invalid input. Required fields: project_id, description, duration, shot_type']); exit; } try { $pdo = db(); // Verify project ownership and status $stmt = $pdo->prepare("SELECT status FROM projects WHERE id = ? AND user_id = ?"); $stmt->execute([$project_id, $_SESSION['user_id']]); $project = $stmt->fetch(PDO::FETCH_ASSOC); if (!$project) { http_response_code(404); echo json_encode(['error' => 'Project not found or you do not have permission to access it.']); exit; } if ($project['status'] !== 'draft') { http_response_code(403); echo json_encode(['error' => 'Project is not in draft status, scenes cannot be added.']); exit; } // Insert new scene $stmt = $pdo->prepare("INSERT INTO scenes (project_id, user_id, description, duration, shot_type) VALUES (?, ?, ?, ?, ?)"); $stmt->execute([$project_id, $_SESSION['user_id'], $description, $duration, $shot_type]); $new_scene_id = $pdo->lastInsertId(); // Fetch the newly created scene $stmt = $pdo->prepare("SELECT * FROM scenes WHERE id = ?"); $stmt->execute([$new_scene_id]); $scene = $stmt->fetch(PDO::FETCH_ASSOC); http_response_code(201); echo json_encode($scene); } catch (PDOException $e) { http_response_code(500); // error_log("Database error: " . $e->getMessage()); // It's good practice to log the actual error echo json_encode(['error' => 'Database error.']); }