38451-vm/api/chat.php

<?php
session_start();
require_once __DIR__ . '/../db/config.php';

$action = $_GET['action'] ?? '';

if ($action === 'send_message') {
    $message = $_POST['message'] ?? '';
    if (!$message) exit(json_encode(['success' => false]));

    $user_id = $_SESSION['user_id'] ?? 0;
    $sender = 'user';
    $ip = $_SERVER['REMOTE_ADDR'];

    $stmt = db()->prepare("INSERT INTO messages (user_id, sender, message, ip_address) VALUES (?, ?, ?, ?)");
    $stmt->execute([$user_id, $sender, $message, $ip]);
    echo json_encode(['success' => true]);
    exit;
}

if ($action === 'get_messages') {
    $user_id = $_SESSION['user_id'] ?? 0;
    // For simplicity, we get all messages for this user session or UID
    // If not logged in, we could use session_id or IP, but let's stick to user_id or all recent for the session
    $stmt = db()->prepare("SELECT * FROM messages WHERE user_id = ? OR (user_id = 0 AND ip_address = ?) ORDER BY created_at ASC");
    $stmt->execute([$user_id, $_SERVER['REMOTE_ADDR']]);
    $messages = $stmt->fetchAll();
    echo json_encode($messages);
    exit;
}

if ($action === 'admin_send') {
    $message = $_POST['message'] ?? '';
    $user_id = $_POST['user_id'] ?? 0;
    $target_ip = $_POST['ip_address'] ?? '';
    
    if (!$message) exit(json_encode(['success' => false]));

    $admin_id = $_SESSION['user_id'] ?? 1; // Default to admin
    $sender = 'admin';

    $stmt = db()->prepare("INSERT INTO messages (user_id, admin_id, sender, message, ip_address) VALUES (?, ?, ?, ?, ?)");
    $stmt->execute([$user_id, $admin_id, $sender, $message, $target_ip]);
    echo json_encode(['success' => true]);
    exit;
}

if ($action === 'admin_get_all') {
    // Get distinct users/IPs who have messaged
    $stmt = db()->query("SELECT m.*, u.username, u.uid FROM messages m LEFT JOIN users u ON m.user_id = u.id WHERE m.id IN (SELECT MAX(id) FROM messages GROUP BY user_id, ip_address) ORDER BY created_at DESC");
    echo json_encode($stmt->fetchAll());
    exit;
}