setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); if ($_SERVER['REQUEST_METHOD'] === 'GET') { $limit = isset($_GET['limit']) ? (int)$_GET['limit'] : 50; $limit = min(max(1, $limit), 100); try { $stmt = $db->query("SELECT username, message, created_at, signature, is_encrypted FROM messages ORDER BY created_at DESC LIMIT $limit"); $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); echo json_encode(['messages' => $messages]); } catch (Exception $e) { error_log("API Error: " . $e->getMessage()); http_response_code(500); echo json_encode(['error' => 'Server error', 'details' => $e->getMessage()]); } exit; } if ($_SERVER['REQUEST_METHOD'] !== 'POST') { http_response_code(405); die(json_encode(['error' => 'Method not allowed'])); } $input = json_decode(file_get_contents('php://input'), true); if (!$input) { http_response_code(400); die(json_encode(['error' => 'Invalid JSON'])); } $username = filter_var($input['username'] ?? '', FILTER_SANITIZE_STRING); $message = $input['message'] ?? ''; $signature = $input['signature'] ?? ''; $is_encrypted = !empty($input['encrypted']) ? 1 : 0; if (!$username || !$message) { http_response_code(400); die(json_encode(['error' => 'Missing required fields'])); } try { $stmt = $db->prepare('INSERT INTO messages (username, message, signature, is_encrypted) VALUES (?, ?, ?, ?)'); $stmt->execute([$username, $message, $signature, $is_encrypted]); echo json_encode(['success' => true]); } catch (Exception $e) { http_response_code(500); echo json_encode(['error' => 'Server error']); }