83 lines
3.1 KiB
PHP
83 lines
3.1 KiB
PHP
<?php
|
|
header('Content-Type: application/json');
|
|
require_once 'auth/session.php';
|
|
requireLogin();
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
|
$server_id = $_GET['server_id'] ?? 0;
|
|
if (!$server_id) {
|
|
echo json_encode([]);
|
|
exit;
|
|
}
|
|
$stmt = db()->prepare("SELECT * FROM channels WHERE server_id = ?");
|
|
$stmt->execute([$server_id]);
|
|
echo json_encode($stmt->fetchAll());
|
|
exit;
|
|
}
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$action = $_POST['action'] ?? 'create';
|
|
$server_id = $_POST['server_id'] ?? 0;
|
|
$user_id = $_SESSION['user_id'];
|
|
|
|
if ($action === 'update') {
|
|
$channel_id = $_POST['channel_id'] ?? 0;
|
|
$name = $_POST['name'] ?? '';
|
|
$allow_file_sharing = isset($_POST['allow_file_sharing']) ? 1 : 0;
|
|
|
|
// Check if user is owner of the server
|
|
$stmt = db()->prepare("SELECT s.owner_id FROM servers s JOIN channels c ON s.id = c.server_id WHERE c.id = ?");
|
|
$stmt->execute([$channel_id]);
|
|
$server = $stmt->fetch();
|
|
|
|
if ($server && $server['owner_id'] == $user_id) {
|
|
$name = strtolower(preg_replace('/[^a-zA-Z0-9\-]/', '-', $name));
|
|
$stmt = db()->prepare("UPDATE channels SET name = ?, allow_file_sharing = ? WHERE id = ?");
|
|
$stmt->execute([$name, $allow_file_sharing, $channel_id]);
|
|
}
|
|
header('Location: index.php?server_id=' . $server_id . '&channel_id=' . $channel_id);
|
|
exit;
|
|
}
|
|
|
|
if ($action === 'delete') {
|
|
$channel_id = $_POST['channel_id'] ?? 0;
|
|
// Check if user is owner
|
|
$stmt = db()->prepare("SELECT s.owner_id, s.id as server_id FROM servers s JOIN channels c ON s.id = c.server_id WHERE c.id = ?");
|
|
$stmt->execute([$channel_id]);
|
|
$server = $stmt->fetch();
|
|
|
|
if ($server && $server['owner_id'] == $user_id) {
|
|
$stmt = db()->prepare("DELETE FROM channels WHERE id = ?");
|
|
$stmt->execute([$channel_id]);
|
|
}
|
|
header('Location: index.php?server_id=' . ($server['server_id'] ?? ''));
|
|
exit;
|
|
}
|
|
|
|
$name = $_POST['name'] ?? '';
|
|
$type = $_POST['type'] ?? 'text';
|
|
$user_id = $_SESSION['user_id'];
|
|
|
|
// Check if user is member of the server
|
|
$stmt = db()->prepare("SELECT 1 FROM server_members WHERE server_id = ? AND user_id = ?");
|
|
$stmt->execute([$server_id, $user_id]);
|
|
|
|
if ($stmt->fetch() && $name) {
|
|
try {
|
|
// Basic sanitization for channel name
|
|
$name = strtolower(preg_replace('/[^a-zA-Z0-9\-]/', '-', $name));
|
|
$allow_file_sharing = isset($_POST['allow_file_sharing']) ? 1 : 0;
|
|
|
|
$stmt = db()->prepare("INSERT INTO channels (server_id, name, type, allow_file_sharing) VALUES (?, ?, ?, ?)");
|
|
$stmt->execute([$server_id, $name, $type, $allow_file_sharing]);
|
|
$channel_id = db()->lastInsertId();
|
|
|
|
header('Location: index.php?server_id=' . $server_id . '&channel_id=' . $channel_id);
|
|
exit;
|
|
} catch (Exception $e) {
|
|
die("Error creating channel: " . $e->getMessage());
|
|
}
|
|
}
|
|
}
|
|
header('Location: index.php');
|