prepare("SELECT * FROM channels WHERE server_id = ?"); $stmt->execute([$server_id]); echo json_encode($stmt->fetchAll()); exit; } if ($_SERVER['REQUEST_METHOD'] === 'POST') { $action = $_POST['action'] ?? 'create'; $server_id = $_POST['server_id'] ?? 0; $user_id = $_SESSION['user_id']; if ($action === 'update') { $channel_id = $_POST['channel_id'] ?? 0; $name = $_POST['name'] ?? ''; $type = $_POST['type'] ?? 'chat'; $status = $_POST['status'] ?? null; $allow_file_sharing = isset($_POST['allow_file_sharing']) ? 1 : 0; $message_limit = !empty($_POST['message_limit']) ? (int)$_POST['message_limit'] : null; $theme_color = $_POST['theme_color'] ?? null; if ($theme_color === '') $theme_color = null; // Check if user has permission to manage channels $stmt = db()->prepare("SELECT server_id FROM channels WHERE id = ?"); $stmt->execute([$channel_id]); $chan = $stmt->fetch(); if ($chan && Permissions::hasPermission($user_id, $chan['server_id'], Permissions::MANAGE_CHANNELS)) { $name = strtolower(preg_replace('/[^a-zA-Z0-9\-]/', '-', $name)); $stmt = db()->prepare("UPDATE channels SET name = ?, type = ?, status = ?, allow_file_sharing = ?, theme_color = ?, message_limit = ? WHERE id = ?"); $stmt->execute([$name, $type, $status, $allow_file_sharing, $theme_color, $message_limit, $channel_id]); } header('Location: index.php?server_id=' . $server_id . '&channel_id=' . $channel_id); exit; } if ($action === 'delete') { $channel_id = $_POST['channel_id'] ?? 0; $stmt = db()->prepare("SELECT server_id FROM channels WHERE id = ?"); $stmt->execute([$channel_id]); $chan = $stmt->fetch(); if ($chan && Permissions::hasPermission($user_id, $chan['server_id'], Permissions::MANAGE_CHANNELS)) { $stmt = db()->prepare("DELETE FROM channels WHERE id = ?"); $stmt->execute([$channel_id]); } header('Location: index.php?server_id=' . ($chan['server_id'] ?? '')); exit; } $name = $_POST['name'] ?? ''; $type = $_POST['type'] ?? 'text'; $user_id = $_SESSION['user_id']; // Check if user has permission to manage channels if (Permissions::hasPermission($user_id, $server_id, Permissions::MANAGE_CHANNELS) && $name) { try { // Basic sanitization for channel name $name = strtolower(preg_replace('/[^a-zA-Z0-9\-]/', '-', $name)); $allow_file_sharing = isset($_POST['allow_file_sharing']) ? 1 : 0; $message_limit = !empty($_POST['message_limit']) ? (int)$_POST['message_limit'] : null; $theme_color = $_POST['theme_color'] ?? null; if ($theme_color === '') $theme_color = null; $stmt = db()->prepare("INSERT INTO channels (server_id, name, type, allow_file_sharing, theme_color, message_limit) VALUES (?, ?, ?, ?, ?, ?)"); $stmt->execute([$server_id, $name, $type, $allow_file_sharing, $theme_color, $message_limit]); $channel_id = db()->lastInsertId(); header('Location: index.php?server_id=' . $server_id . '&channel_id=' . $channel_id); exit; } catch (Exception $e) { die("Error creating channel: " . $e->getMessage()); } } } header('Location: index.php');