prepare("SELECT * FROM channels WHERE server_id = ?"); $stmt->execute([$server_id]); echo json_encode($stmt->fetchAll()); exit; } if ($_SERVER['REQUEST_METHOD'] === 'POST') { // Handle JSON input $json = json_decode(file_get_contents('php://input'), true); if ($json) { $action = $json['action'] ?? ''; if ($action === 'reorder') { $server_id = $json['server_id'] ?? 0; $orders = $json['orders'] ?? []; // Array of {id, position, category_id} $user_id = $_SESSION['user_id']; if (Permissions::hasPermission($user_id, $server_id, Permissions::MANAGE_CHANNELS)) { $stmt = db()->prepare("UPDATE channels SET position = ?, category_id = ? WHERE id = ? AND server_id = ?"); foreach ($orders as $o) { $stmt->execute([$o['position'], $o['category_id'] ?: null, $o['id'], $server_id]); } echo json_encode(['success' => true]); } else { echo json_encode(['success' => false, 'error' => 'Permission denied']); } exit; } } $action = $_POST['action'] ?? 'create'; $server_id = $_POST['server_id'] ?? 0; $user_id = $_SESSION['user_id']; if ($action === 'update') { $channel_id = $_POST['channel_id'] ?? 0; $name = $_POST['name'] ?? ''; $type = $_POST['type'] ?? 'chat'; $status = $_POST['status'] ?? null; $allow_file_sharing = isset($_POST['allow_file_sharing']) ? 1 : 0; $message_limit = !empty($_POST['message_limit']) ? (int)$_POST['message_limit'] : null; $icon = $_POST['icon'] ?? null; if ($icon === '') $icon = null; $category_id = !empty($_POST['category_id']) ? (int)$_POST['category_id'] : null; // Check if user has permission to manage channels $stmt = db()->prepare("SELECT server_id FROM channels WHERE id = ?"); $stmt->execute([$channel_id]); $chan = $stmt->fetch(); if ($chan && Permissions::hasPermission($user_id, $chan['server_id'], Permissions::MANAGE_CHANNELS)) { $name = strtolower(preg_replace('/[^a-zA-Z0-9\-]/', '-', $name)); $stmt = db()->prepare("UPDATE channels SET name = ?, type = ?, status = ?, allow_file_sharing = ?, message_limit = ?, icon = ?, category_id = ? WHERE id = ?"); $stmt->execute([$name, $type, $status, $allow_file_sharing, $message_limit, $icon, $category_id, $channel_id]); } header('Location: index.php?server_id=' . $server_id . '&channel_id=' . $channel_id); exit; } if ($action === 'delete') { $channel_id = $_POST['channel_id'] ?? 0; $stmt = db()->prepare("SELECT server_id FROM channels WHERE id = ?"); $stmt->execute([$channel_id]); $chan = $stmt->fetch(); if ($chan && Permissions::hasPermission($user_id, $chan['server_id'], Permissions::MANAGE_CHANNELS)) { $stmt = db()->prepare("DELETE FROM channels WHERE id = ?"); $stmt->execute([$channel_id]); } header('Location: index.php?server_id=' . ($chan['server_id'] ?? '')); exit; } $name = $_POST['name'] ?? ''; $type = $_POST['type'] ?? 'text'; $user_id = $_SESSION['user_id']; // Check if user has permission to manage channels if (Permissions::hasPermission($user_id, $server_id, Permissions::MANAGE_CHANNELS) && $name) { try { // Basic sanitization for channel name $name = strtolower(preg_replace('/[^a-zA-Z0-9\-]/', '-', $name)); $allow_file_sharing = isset($_POST['allow_file_sharing']) ? 1 : 0; $message_limit = !empty($_POST['message_limit']) ? (int)$_POST['message_limit'] : null; $icon = $_POST['icon'] ?? null; if ($icon === '') $icon = null; $category_id = !empty($_POST['category_id']) ? (int)$_POST['category_id'] : null; $stmt = db()->prepare("INSERT INTO channels (server_id, name, type, allow_file_sharing, message_limit, icon, category_id) VALUES (?, ?, ?, ?, ?, ?, ?)"); $stmt->execute([$server_id, $name, $type, $allow_file_sharing, $message_limit, $icon, $category_id]); $channel_id = db()->lastInsertId(); header('Location: index.php?server_id=' . $server_id . '&channel_id=' . $channel_id); exit; } catch (Exception $e) { die("Error creating channel: " . $e->getMessage()); } } } header('Location: index.php');