<?php
header('Content-Type: application/json');
require_once 'auth/session.php';
requireLogin();

if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    $server_id = $_GET['server_id'] ?? 0;
    if (!$server_id) {
        echo json_encode([]);
        exit;
    }
    $stmt = db()->prepare("SELECT * FROM channels WHERE server_id = ?");
    $stmt->execute([$server_id]);
    echo json_encode($stmt->fetchAll());
    exit;
}

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $action = $_POST['action'] ?? 'create';
    $server_id = $_POST['server_id'] ?? 0;
    $user_id = $_SESSION['user_id'];

    if ($action === 'update') {
        $channel_id = $_POST['channel_id'] ?? 0;
        $name = $_POST['name'] ?? '';
        $allow_file_sharing = isset($_POST['allow_file_sharing']) ? 1 : 0;

        // Check if user is owner of the server
        $stmt = db()->prepare("SELECT s.owner_id FROM servers s JOIN channels c ON s.id = c.server_id WHERE c.id = ?");
        $stmt->execute([$channel_id]);
        $server = $stmt->fetch();

        if ($server && $server['owner_id'] == $user_id) {
            $name = strtolower(preg_replace('/[^a-zA-Z0-9\-]/', '-', $name));
            $stmt = db()->prepare("UPDATE channels SET name = ?, allow_file_sharing = ? WHERE id = ?");
            $stmt->execute([$name, $allow_file_sharing, $channel_id]);
        }
        header('Location: index.php?server_id=' . $server_id . '&channel_id=' . $channel_id);
        exit;
    }

    if ($action === 'delete') {
        $channel_id = $_POST['channel_id'] ?? 0;
        // Check if user is owner
        $stmt = db()->prepare("SELECT s.owner_id, s.id as server_id FROM servers s JOIN channels c ON s.id = c.server_id WHERE c.id = ?");
        $stmt->execute([$channel_id]);
        $server = $stmt->fetch();

        if ($server && $server['owner_id'] == $user_id) {
            $stmt = db()->prepare("DELETE FROM channels WHERE id = ?");
            $stmt->execute([$channel_id]);
        }
        header('Location: index.php?server_id=' . ($server['server_id'] ?? ''));
        exit;
    }

    $name = $_POST['name'] ?? '';
    $type = $_POST['type'] ?? 'text';
    $user_id = $_SESSION['user_id'];
    
    // Check if user is member of the server
    $stmt = db()->prepare("SELECT 1 FROM server_members WHERE server_id = ? AND user_id = ?");
    $stmt->execute([$server_id, $user_id]);
    
    if ($stmt->fetch() && $name) {
        try {
            // Basic sanitization for channel name
            $name = strtolower(preg_replace('/[^a-zA-Z0-9\-]/', '-', $name));
            $allow_file_sharing = isset($_POST['allow_file_sharing']) ? 1 : 0;
            
            $stmt = db()->prepare("INSERT INTO channels (server_id, name, type, allow_file_sharing) VALUES (?, ?, ?, ?)");
            $stmt->execute([$server_id, $name, $type, $allow_file_sharing]);
            $channel_id = db()->lastInsertId();
            
            header('Location: index.php?server_id=' . $server_id . '&channel_id=' . $channel_id);
            exit;
        } catch (Exception $e) {
            die("Error creating channel: " . $e->getMessage());
        }
    }
}
header('Location: index.php');