false, 'error' => 'No file uploaded']); exit; } $file = $_FILES['file']; $ext = pathinfo($file['name'], PATHINFO_EXTENSION); $allowed = ['jpg', 'jpeg', 'png', 'gif', 'webp']; if (!in_array(strtolower($ext), $allowed)) { echo json_encode(['success' => false, 'error' => 'Invalid file type']); exit; } $filename = time() . '_' . uniqid() . '.' . $ext; $targetDir = __DIR__ . '/../assets/images/chat/'; if (!is_dir($targetDir)) { mkdir($targetDir, 0777, true); } $targetPath = $targetDir . $filename; if (move_uploaded_file($file['tmp_name'], $targetPath)) { $imageUrl = '/assets/images/chat/' . $filename; $user_id = $_SESSION['user_id'] ?? 0; $ip = $_SERVER['REMOTE_ADDR']; $message = ''; $stmt = db()->prepare("INSERT INTO messages (user_id, sender, message, ip_address) VALUES (?, ?, ?, ?)"); $stmt->execute([$user_id, 'user', $message, $ip]); echo json_encode(['success' => true, 'url' => $imageUrl]); } else { echo json_encode(['success' => false, 'error' => 'Failed to move uploaded file']); } exit; } if ($action === 'get_messages') { $user_id = $_SESSION['user_id'] ?? 0; // For simplicity, we get all messages for this user session or UID // If not logged in, we could use session_id or IP, but let's stick to user_id or all recent for the session $stmt = db()->prepare("SELECT * FROM messages WHERE user_id = ? OR (user_id = 0 AND ip_address = ?) ORDER BY created_at ASC"); $stmt->execute([$user_id, $_SERVER['REMOTE_ADDR']]); $messages = $stmt->fetchAll(); echo json_encode($messages); exit; } if ($action === 'admin_send') { $message = $_POST['message'] ?? ''; $user_id = $_POST['user_id'] ?? 0; $target_ip = $_POST['ip_address'] ?? ''; if (!$message) exit(json_encode(['success' => false])); $admin_id = $_SESSION['user_id'] ?? 1; // Default to admin $sender = 'admin'; $stmt = db()->prepare("INSERT INTO messages (user_id, admin_id, sender, message, ip_address) VALUES (?, ?, ?, ?, ?)"); $stmt->execute([$user_id, $admin_id, $sender, $message, $target_ip]); echo json_encode(['success' => true]); exit; } if ($action === 'admin_get_all') { // Get distinct users/IPs who have messaged $stmt = db()->query("SELECT m.*, u.username, u.uid FROM messages m LEFT JOIN users u ON m.user_id = u.id WHERE m.id IN (SELECT MAX(id) FROM messages GROUP BY user_id, ip_address) ORDER BY created_at DESC"); echo json_encode($stmt->fetchAll()); exit; }