-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathprocess_join_request.php
More file actions
71 lines (60 loc) · 2.53 KB
/
Copy pathprocess_join_request.php
File metadata and controls
71 lines (60 loc) · 2.53 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
<?php
session_start();
include 'config.php';
if (!isset($_SESSION['user_id'])) {
echo json_encode(["status" => "error", "message" => "You are not logged in."]);
exit();
}
$request_id = isset($_POST['request_id']) ? intval($_POST['request_id']) : null;
$group_id = isset($_POST['group_id']) ? intval($_POST['group_id']) : null;
$action = $_POST['action'] ?? null;
$user_id = $_SESSION['user_id'];
if (!$request_id || !$group_id || !$action) {
echo json_encode(["status" => "error", "message" => "Invalid request."]);
exit();
}
// Check permissions
$role_check_stmt = $conn->prepare("
SELECT gm.role, cp.can_manage_join_requests
FROM group_members gm
LEFT JOIN coadmin_permissions cp
ON gm.user_id = cp.user_id AND gm.group_id = cp.group_id
WHERE gm.user_id = ? AND gm.group_id = ?
");
$role_check_stmt->bind_param("ii", $user_id, $group_id);
$role_check_stmt->execute();
$role_check_stmt->bind_result($user_role, $can_manage_join_requests);
$role_check_stmt->fetch();
$role_check_stmt->close();
if ($user_role !== 'Admin' && !$can_manage_join_requests) {
echo json_encode(["status" => "error", "message" => "You are not authorized to process join requests."]);
exit();
}
try {
if ($action === 'approve') {
$conn->begin_transaction();
$approve_stmt = $conn->prepare("UPDATE join_requests SET status = 'approved' WHERE request_id = ?");
$approve_stmt->bind_param("i", $request_id);
$approve_stmt->execute();
$add_stmt = $conn->prepare("
INSERT INTO group_members (user_id, group_id, role)
SELECT user_id, group_id, 'Member' FROM join_requests WHERE request_id = ?
");
$add_stmt->bind_param("i", $request_id);
$add_stmt->execute();
$update_members_stmt = $conn->prepare("UPDATE groups SET current_members = current_members + 1 WHERE group_id = ?");
$update_members_stmt->bind_param("i", $group_id);
$update_members_stmt->execute();
$conn->commit();
echo json_encode(["status" => "success", "message" => "Join request approved!"]);
} elseif ($action === 'reject') {
$reject_stmt = $conn->prepare("UPDATE join_requests SET status = 'rejected' WHERE request_id = ?");
$reject_stmt->bind_param("i", $request_id);
$reject_stmt->execute();
echo json_encode(["status" => "success", "message" => "Join request rejected!"]);
}
} catch (Exception $e) {
$conn->rollback();
echo json_encode(["status" => "error", "message" => "An error occurred. Please try again."]);
}
?>