admin/38443-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38443-vm/api_v1_channels.php
Flatlogic Bot 1e73419ffb v6
2026-02-15 11:24:55 +00:00

87 lines
3.4 KiB
PHP
Raw Blame History

<?php
header('Content-Type: application/json');
require_once 'auth/session.php';
requireLogin();
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$server_id = $_GET['server_id'] ?? 0;
if (!$server_id) {
echo json_encode([]);
exit;
}
$stmt = db()->prepare("SELECT * FROM channels WHERE server_id = ?");
$stmt->execute([$server_id]);
echo json_encode($stmt->fetchAll());
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $_POST['action'] ?? 'create';
$server_id = $_POST['server_id'] ?? 0;
$user_id = $_SESSION['user_id'];
if ($action === 'update') {
$channel_id = $_POST['channel_id'] ?? 0;
$name = $_POST['name'] ?? '';
$allow_file_sharing = isset($_POST['allow_file_sharing']) ? 1 : 0;
$theme_color = $_POST['theme_color'] ?? null;
if ($theme_color === '') $theme_color = null;
// Check if user is owner of the server
$stmt = db()->prepare("SELECT s.owner_id FROM servers s JOIN channels c ON s.id = c.server_id WHERE c.id = ?");
$stmt->execute([$channel_id]);
$server = $stmt->fetch();
if ($server && $server['owner_id'] == $user_id) {
$name = strtolower(preg_replace('/[^a-zA-Z0-9\-]/', '-', $name));
$stmt = db()->prepare("UPDATE channels SET name = ?, allow_file_sharing = ?, theme_color = ? WHERE id = ?");
$stmt->execute([$name, $allow_file_sharing, $theme_color, $channel_id]);
}
header('Location: index.php?server_id=' . $server_id . '&channel_id=' . $channel_id);
exit;
}
if ($action === 'delete') {
$channel_id = $_POST['channel_id'] ?? 0;
// Check if user is owner
$stmt = db()->prepare("SELECT s.owner_id, s.id as server_id FROM servers s JOIN channels c ON s.id = c.server_id WHERE c.id = ?");
$stmt->execute([$channel_id]);
$server = $stmt->fetch();
if ($server && $server['owner_id'] == $user_id) {
$stmt = db()->prepare("DELETE FROM channels WHERE id = ?");
$stmt->execute([$channel_id]);
}
header('Location: index.php?server_id=' . ($server['server_id'] ?? ''));
exit;
}
$name = $_POST['name'] ?? '';
$type = $_POST['type'] ?? 'text';
$user_id = $_SESSION['user_id'];
// Check if user is member of the server
$stmt = db()->prepare("SELECT 1 FROM server_members WHERE server_id = ? AND user_id = ?");
$stmt->execute([$server_id, $user_id]);
if ($stmt->fetch() && $name) {
try {
// Basic sanitization for channel name
$name = strtolower(preg_replace('/[^a-zA-Z0-9\-]/', '-', $name));
$allow_file_sharing = isset($_POST['allow_file_sharing']) ? 1 : 0;
$theme_color = $_POST['theme_color'] ?? null;
if ($theme_color === '') $theme_color = null;
$stmt = db()->prepare("INSERT INTO channels (server_id, name, type, allow_file_sharing, theme_color) VALUES (?, ?, ?, ?, ?)");
$stmt->execute([$server_id, $name, $type, $allow_file_sharing, $theme_color]);
$channel_id = db()->lastInsertId();
header('Location: index.php?server_id=' . $server_id . '&channel_id=' . $channel_id);
exit;
} catch (Exception $e) {
die("Error creating channel: " . $e->getMessage());
}
}
}
header('Location: index.php');
Reference in New Issue View Git Blame Copy Permalink