32 lines
1.2 KiB
PHP
32 lines
1.2 KiB
PHP
<?php
|
|
require_once 'auth/session.php';
|
|
requireLogin();
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$server_id = $_POST['server_id'] ?? 0;
|
|
$name = $_POST['name'] ?? '';
|
|
$type = $_POST['type'] ?? 'text';
|
|
$user_id = $_SESSION['user_id'];
|
|
|
|
// Check if user is owner of the server or has permissions (simplified check for now: user must be a member)
|
|
$stmt = db()->prepare("SELECT 1 FROM server_members WHERE server_id = ? AND user_id = ?");
|
|
$stmt->execute([$server_id, $user_id]);
|
|
|
|
if ($stmt->fetch() && $name) {
|
|
try {
|
|
// Basic sanitization for channel name
|
|
$name = strtolower(preg_replace('/[^a-zA-Z0-3\-]/', '-', $name));
|
|
|
|
$stmt = db()->prepare("INSERT INTO channels (server_id, name, type) VALUES (?, ?, ?)");
|
|
$stmt->execute([$server_id, $name, $type]);
|
|
$channel_id = db()->lastInsertId();
|
|
|
|
header('Location: index.php?server_id=' . $server_id . '&channel_id=' . $channel_id);
|
|
exit;
|
|
} catch (Exception $e) {
|
|
die("Error creating channel: " . $e->getMessage());
|
|
}
|
|
}
|
|
}
|
|
header('Location: index.php');
|