false, 'error' => 'Missing data']); exit; } if (!Permissions::canSendInChannel($user_id, $channel_id)) { echo json_encode(['success' => false, 'error' => 'You do not have permission to create threads in this channel.']); exit; } $tag_ids = $_POST['tag_ids'] ?? []; if (is_string($tag_ids)) { $tag_ids = array_filter(explode(',', $tag_ids)); } try { db()->beginTransaction(); $stmt = db()->prepare("INSERT INTO forum_threads (channel_id, user_id, title) VALUES (?, ?, ?)"); $stmt->execute([$channel_id, $user_id, $title]); $thread_id = db()->lastInsertId(); if (!empty($tag_ids)) { $stmtTag = db()->prepare("INSERT INTO thread_tags (thread_id, tag_id) VALUES (?, ?)"); foreach ($tag_ids as $tag_id) { if ($tag_id) $stmtTag->execute([$thread_id, $tag_id]); } } db()->commit(); echo json_encode(['success' => true, 'thread_id' => $thread_id]); } catch (Exception $e) { db()->rollBack(); echo json_encode(['success' => false, 'error' => $e->getMessage()]); } exit; } if ($_SERVER['REQUEST_METHOD'] === 'PATCH' || $_SERVER['REQUEST_METHOD'] === 'DELETE' || (isset($_GET['action']) && in_array($_GET['action'], ['solve', 'pin', 'unpin', 'lock', 'unlock', 'delete']))) { $data = json_decode(file_get_contents('php://input'), true) ?? $_POST; $thread_id = $data['thread_id'] ?? $_GET['thread_id'] ?? 0; $message_id = $data['message_id'] ?? null; $action = $_GET['action'] ?? $data['action'] ?? 'solve'; if ($_SERVER['REQUEST_METHOD'] === 'DELETE') { $action = 'delete'; } $user_id = $_SESSION['user_id']; if (!$thread_id) { echo json_encode(['success' => false, 'error' => 'Missing thread_id']); exit; } // Verify permission (thread owner or admin) $stmt = db()->prepare("SELECT t.*, c.server_id FROM forum_threads t JOIN channels c ON t.channel_id = c.id WHERE t.id = ?"); $stmt->execute([$thread_id]); $thread = $stmt->fetch(); if (!$thread) { echo json_encode(['success' => false, 'error' => 'Thread not found']); exit; } $stmtServer = db()->prepare("SELECT owner_id FROM servers WHERE id = ?"); $stmtServer->execute([$thread['server_id']]); $server = $stmtServer->fetch(); $is_admin = Permissions::hasPermission($user_id, $thread['server_id'], Permissions::ADMINISTRATOR) || Permissions::hasPermission($user_id, $thread['server_id'], Permissions::MANAGE_SERVER) || Permissions::hasPermission($user_id, $thread['server_id'], Permissions::MANAGE_MESSAGES) || $server['owner_id'] == $user_id; if ($thread['user_id'] != $user_id && !$is_admin) { echo json_encode(['success' => false, 'error' => 'Unauthorized']); exit; } try { if ($action === 'solve') { $stmt = db()->prepare("UPDATE forum_threads SET solution_message_id = ? WHERE id = ?"); $stmt->execute([$message_id, $thread_id]); } elseif ($action === 'pin') { $stmt = db()->prepare("UPDATE forum_threads SET is_pinned = 1 WHERE id = ?"); $stmt->execute([$thread_id]); } elseif ($action === 'unpin') { $stmt = db()->prepare("UPDATE forum_threads SET is_pinned = 0 WHERE id = ?"); $stmt->execute([$thread_id]); } elseif ($action === 'lock') { $stmt = db()->prepare("UPDATE forum_threads SET is_locked = 1 WHERE id = ?"); $stmt->execute([$thread_id]); } elseif ($action === 'unlock') { $stmt = db()->prepare("UPDATE forum_threads SET is_locked = 0 WHERE id = ?"); $stmt->execute([$thread_id]); } elseif ($action === 'delete') { db()->beginTransaction(); // Delete associated tags $stmt = db()->prepare("DELETE FROM thread_tags WHERE thread_id = ?"); $stmt->execute([$thread_id]); // Delete associated messages $stmt = db()->prepare("DELETE FROM messages WHERE thread_id = ?"); $stmt->execute([$thread_id]); // Delete thread $stmt = db()->prepare("DELETE FROM forum_threads WHERE id = ?"); $stmt->execute([$thread_id]); db()->commit(); } echo json_encode(['success' => true]); } catch (Exception $e) { echo json_encode(['success' => false, 'error' => $e->getMessage()]); } exit; }