require_once '../autoload.php';
$user = Auth::user();
if (count($_GET) === 0 or !(isset($_GET['name']) && isset($_GET['description']))) {
// header("Location: ".$config['app_link']);
} else {
$name = $_GET['name'];
$description = $_GET['description'];
$password = $_GET['password'];
if (stristr($description, "<") or stristr($description, "/>")) {
fail("< and > are disallowed for security reasons.");
}
if (stristr($name, "<") or stristr($name, "/>")) {
fail("< and > are disallowed for security reasons.");
}
$clean_name = strtolower(str_replace(" ", "-", preg_replace("/[^0-9a-zA-Z ]/", "", $name)));
if (strlen($clean_name) > 30) {
fail("Room name is too long.");
}
if (strlen($clean_name) < 3) {
fail("Room name is too short.");
}
$dbManager = new DatabaseManager();
if ($dbManager->getRoom($clean_name)) {
fail("A room by that name already exists.");
}
if (count($rooms = $dbManager->getRoomsOwnedBy($user->id())) > 0) {
fail("There is currently a limit of one room per account. You can see or delete your room <a href=\"javascript:joinRoom('" . $rooms[0]->id . "')\">here</a>.");
}
$dbManager->makeRoom($clean_name, $name, $description, $user->id(), $password);
echo $_GET['callback'] . "(" . json_encode(array('success' => true, 'room_id' => $clean_name)) . ")";
}
