admin/38443-vm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
38443-vm/api_v1_badges.php
Flatlogic Bot d0cead395d ReleaseV08+Badges
2026-02-20 15:04:34 +00:00

106 lines
3.9 KiB
PHP
Raw Blame History

<?php
header('Content-Type: application/json');
require_once 'auth/session.php';
require_once 'includes/permissions.php';
requireLogin();
$user_id = $_SESSION['user_id'];
$data = json_decode(file_get_contents('php://input'), true) ?? $_POST;
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
$server_id = $_GET['server_id'] ?? 0;
if (!$server_id) {
echo json_encode(['success' => false, 'error' => 'Missing server_id']);
exit;
}
// Verify user is in server
$stmt = db()->prepare("SELECT * FROM server_members WHERE server_id = ? AND user_id = ?");
$stmt->execute([$server_id, $user_id]);
if (!$stmt->fetch()) {
echo json_encode(['success' => false, 'error' => 'Access denied']);
exit;
}
$stmt = db()->prepare("SELECT * FROM server_badges WHERE server_id = ? ORDER BY created_at DESC");
$stmt->execute([$server_id]);
$badges = $stmt->fetchAll();
echo json_encode([
'success' => true,
'badges' => $badges
]);
exit;
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$action = $data['action'] ?? '';
$server_id = $data['server_id'] ?? 0;
// Permissions check
$stmt = db()->prepare("SELECT owner_id FROM servers WHERE id = ?");
$stmt->execute([$server_id]);
$server = $stmt->fetch();
$is_owner = ($server && $server['owner_id'] == $user_id);
$can_manage = Permissions::hasPermission($user_id, $server_id, Permissions::MANAGE_SERVER) || Permissions::hasPermission($user_id, $server_id, Permissions::ADMINISTRATOR);
if (!$is_owner && !$can_manage) {
echo json_encode(['success' => false, 'error' => 'Unauthorized']);
exit;
}
if ($action === 'create') {
$name = $data['name'] ?? 'New Badge';
$image_url = $data['image_url'] ?? '';
if (empty($image_url)) {
echo json_encode(['success' => false, 'error' => 'Image requise']);
exit;
}
$stmt = db()->prepare("INSERT INTO server_badges (server_id, name, image_url) VALUES (?, ?, ?)");
$stmt->execute([$server_id, $name, $image_url]);
echo json_encode(['success' => true, 'badge_id' => db()->lastInsertId()]);
} elseif ($action === 'update') {
$badge_id = $data['id'] ?? 0;
$name = $data['name'] ?? '';
$image_url = $data['image_url'] ?? '';
$stmt = db()->prepare("UPDATE server_badges SET name = ?, image_url = ? WHERE id = ? AND server_id = ?");
$stmt->execute([$name, $image_url, $badge_id, $server_id]);
echo json_encode(['success' => true]);
} elseif ($action === 'delete') {
$badge_id = $data['id'] ?? 0;
$stmt = db()->prepare("DELETE FROM server_badges WHERE id = ? AND server_id = ?");
$stmt->execute([$badge_id, $server_id]);
echo json_encode(['success' => true]);
} elseif ($action === 'set_user_badges') {
$target_user_id = $data['user_id'] ?? 0;
$badge_ids = $data['badge_ids'] ?? [];
$db = db();
$db->beginTransaction();
try {
$stmt = $db->prepare("DELETE FROM member_badges WHERE user_id = ? AND server_id = ?");
$stmt->execute([$target_user_id, $server_id]);
if (!empty($badge_ids)) {
$stmt = $db->prepare("INSERT INTO member_badges (server_id, user_id, badge_id) VALUES (?, ?, ?)");
foreach ($badge_ids as $bid) {
$check = $db->prepare("SELECT id FROM server_badges WHERE id = ? AND server_id = ?");
$check->execute([$bid, $server_id]);
if ($check->fetch()) {
$stmt->execute([$server_id, $target_user_id, $bid]);
}
}
}
$db->commit();
echo json_encode(['success' => true]);
} catch (Exception $e) {
$db->rollBack();
echo json_encode(['success' => false, 'error' => $e->getMessage()]);
}
}
exit;
}
Reference in New Issue View Git Blame Copy Permalink