<?php
session_start();
header('Content-Type: application/json');

if (!isset($_SESSION['user_id'])) {
    echo json_encode(['success' => false, 'error' => 'Not logged in']);
    exit;
}

$pdo = new PDO('mysql:host=sql101.infinityfree.com;dbname=if0_39567875_nex', 'if0_39567875', 'PIvOR9WViHm');  // Update

$message = htmlspecialchars($_POST['message'] ?? '');
$attachmentPath = '';
$isImage = 0;

if (isset($_FILES['attachment']) && $_FILES['attachment']['error'] === 0) {
    $fileName = basename($_FILES['attachment']['name']);
    $targetPath = '../uploads/' . $fileName;
    if (move_uploaded_file($_FILES['attachment']['tmp_name'], $targetPath)) {
        $attachmentPath = 'uploads/' . $fileName;
        $mime = mime_content_type($targetPath);
        if (strpos($mime, 'image/') === 0) {
            $isImage = 1;
        }
    } else {
        echo json_encode(['success' => false, 'error' => 'Upload failed']);
        exit;
    }
}

$stmt = $pdo->prepare("INSERT INTO messages (user_id, message_text, attachment_path, is_image) VALUES (?, ?, ?, ?)");
$success = $stmt->execute([$_SESSION['user_id'], $message, $attachmentPath, $isImage]);

echo json_encode(['success' => $success]);