<?php
require_once 'auth/session.php';
requireLogin();

if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $server_id = $_POST['server_id'] ?? 0;
    $name = $_POST['name'] ?? '';
    $type = $_POST['type'] ?? 'text';
    $user_id = $_SESSION['user_id'];
    
    // Check if user is owner of the server or has permissions (simplified check for now: user must be a member)
    $stmt = db()->prepare("SELECT 1 FROM server_members WHERE server_id = ? AND user_id = ?");
    $stmt->execute([$server_id, $user_id]);
    
    if ($stmt->fetch() && $name) {
        try {
            // Basic sanitization for channel name
            $name = strtolower(preg_replace('/[^a-zA-Z0-3\-]/', '-', $name));
            
            $stmt = db()->prepare("INSERT INTO channels (server_id, name, type) VALUES (?, ?, ?)");
            $stmt->execute([$server_id, $name, $type]);
            $channel_id = db()->lastInsertId();
            
            header('Location: index.php?server_id=' . $server_id . '&channel_id=' . $channel_id);
            exit;
        } catch (Exception $e) {
            die("Error creating channel: " . $e->getMessage());
        }
    }
}
header('Location: index.php');