60 lines
1.8 KiB
PHP
60 lines
1.8 KiB
PHP
<?php
|
|
header('Content-Type: application/json');
|
|
require_once 'auth/session.php';
|
|
|
|
// Check for Bot token in headers
|
|
$headers = getallheaders();
|
|
$bot_token = null;
|
|
if (isset($headers['Authorization']) && preg_match('/Bot\s+(\S+)/', $headers['Authorization'], $matches)) {
|
|
$bot_token = $matches[1];
|
|
}
|
|
|
|
$user_id = null;
|
|
if ($bot_token) {
|
|
$stmt = db()->prepare("SELECT id FROM users WHERE bot_token = ? AND is_bot = TRUE");
|
|
$stmt->execute([$bot_token]);
|
|
$bot = $stmt->fetch();
|
|
if ($bot) {
|
|
$user_id = $bot['id'];
|
|
} else {
|
|
http_response_code(401);
|
|
echo json_encode(['success' => false, 'error' => 'Invalid Bot Token']);
|
|
exit;
|
|
}
|
|
} elseif (isset($_SESSION['user_id'])) {
|
|
$user_id = $_SESSION['user_id'];
|
|
} else {
|
|
http_response_code(401);
|
|
echo json_encode(['success' => false, 'error' => 'Unauthorized']);
|
|
exit;
|
|
}
|
|
|
|
$data = json_decode(file_get_contents('php://input'), true);
|
|
|
|
if (empty($content)) {
|
|
echo json_encode(['success' => false, 'error' => 'Empty content']);
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$stmt = db()->prepare("INSERT INTO messages (channel_id, user_id, content) VALUES (?, ?, ?)");
|
|
$stmt->execute([$channel_id, $user_id, $content]);
|
|
$last_id = db()->lastInsertId();
|
|
|
|
// Fetch message with username for the response
|
|
$stmt = db()->prepare("SELECT m.*, u.username FROM messages m JOIN users u ON m.user_id = u.id WHERE m.id = ?");
|
|
$stmt->execute([$last_id]);
|
|
$msg = $stmt->fetch();
|
|
|
|
echo json_encode([
|
|
'success' => true,
|
|
'message' => [
|
|
'username' => $msg['username'],
|
|
'content' => htmlspecialchars($msg['content']),
|
|
'time' => date('H:i', strtotime($msg['created_at']))
|
|
]
|
|
]);
|
|
} catch (Exception $e) {
|
|
echo json_encode(['success' => false, 'error' => $e->getMessage()]);
|
|
}
|