79 lines
3.0 KiB
PHP
79 lines
3.0 KiB
PHP
<?php
|
|
session_start();
|
|
require_once __DIR__ . '/../db/config.php';
|
|
|
|
$action = $_GET['action'] ?? '';
|
|
|
|
if ($action === 'upload_image' || (isset($_POST['action']) && $_POST['action'] === 'upload_image')) {
|
|
if (!isset($_FILES['file'])) {
|
|
echo json_encode(['success' => false, 'error' => 'No file uploaded']);
|
|
exit;
|
|
}
|
|
|
|
$file = $_FILES['file'];
|
|
$ext = pathinfo($file['name'], PATHINFO_EXTENSION);
|
|
$allowed = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
|
|
|
|
if (!in_array(strtolower($ext), $allowed)) {
|
|
echo json_encode(['success' => false, 'error' => 'Invalid file type']);
|
|
exit;
|
|
}
|
|
|
|
$filename = time() . '_' . uniqid() . '.' . $ext;
|
|
$targetDir = __DIR__ . '/../assets/images/chat/';
|
|
if (!is_dir($targetDir)) {
|
|
mkdir($targetDir, 0777, true);
|
|
}
|
|
|
|
$targetPath = $targetDir . $filename;
|
|
if (move_uploaded_file($file['tmp_name'], $targetPath)) {
|
|
$imageUrl = '/assets/images/chat/' . $filename;
|
|
$user_id = $_SESSION['user_id'] ?? 0;
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
|
|
$message = '<img src="' . $imageUrl . '" class="img-fluid rounded cursor-pointer" onclick="window.open(\'' . $imageUrl . '\')">';
|
|
|
|
$stmt = db()->prepare("INSERT INTO messages (user_id, sender, message, ip_address) VALUES (?, ?, ?, ?)");
|
|
$stmt->execute([$user_id, 'user', $message, $ip]);
|
|
|
|
echo json_encode(['success' => true, 'url' => $imageUrl]);
|
|
} else {
|
|
echo json_encode(['success' => false, 'error' => 'Failed to move uploaded file']);
|
|
}
|
|
exit;
|
|
}
|
|
|
|
if ($action === 'get_messages') {
|
|
$user_id = $_SESSION['user_id'] ?? 0;
|
|
// For simplicity, we get all messages for this user session or UID
|
|
// If not logged in, we could use session_id or IP, but let's stick to user_id or all recent for the session
|
|
$stmt = db()->prepare("SELECT * FROM messages WHERE user_id = ? OR (user_id = 0 AND ip_address = ?) ORDER BY created_at ASC");
|
|
$stmt->execute([$user_id, $_SERVER['REMOTE_ADDR']]);
|
|
$messages = $stmt->fetchAll();
|
|
echo json_encode($messages);
|
|
exit;
|
|
}
|
|
|
|
if ($action === 'admin_send') {
|
|
$message = $_POST['message'] ?? '';
|
|
$user_id = $_POST['user_id'] ?? 0;
|
|
$target_ip = $_POST['ip_address'] ?? '';
|
|
|
|
if (!$message) exit(json_encode(['success' => false]));
|
|
|
|
$admin_id = $_SESSION['user_id'] ?? 1; // Default to admin
|
|
$sender = 'admin';
|
|
|
|
$stmt = db()->prepare("INSERT INTO messages (user_id, admin_id, sender, message, ip_address) VALUES (?, ?, ?, ?, ?)");
|
|
$stmt->execute([$user_id, $admin_id, $sender, $message, $target_ip]);
|
|
echo json_encode(['success' => true]);
|
|
exit;
|
|
}
|
|
|
|
if ($action === 'admin_get_all') {
|
|
// Get distinct users/IPs who have messaged
|
|
$stmt = db()->query("SELECT m.*, u.username, u.uid FROM messages m LEFT JOIN users u ON m.user_id = u.id WHERE m.id IN (SELECT MAX(id) FROM messages GROUP BY user_id, ip_address) ORDER BY created_at DESC");
|
|
echo json_encode($stmt->fetchAll());
|
|
exit;
|
|
}
|