<?php
require_once '../includes/db.php';
require_once '../includes/auth.php';

header('Content-Type: application/json');

if (!isLoggedIn()) {
    echo json_encode(['success' => false, 'error' => 'Login required']);
    exit;
}

$comment_id = (int)($_POST['comment_id'] ?? 0);
if (!$comment_id) {
    echo json_encode(['success' => false, 'error' => 'Invalid data']);
    exit;
}

try {
    // Check ownership or moderator status
    $stmt = $pdo->prepare("SELECT user_id FROM comments WHERE id = ?");
    $stmt->execute([$comment_id]);
    $comment = $stmt->fetch();

    if (!$comment) {
        echo json_encode(['success' => false, 'error' => 'Comment not found']);
        exit;
    }

    if ($comment['user_id'] != $_SESSION['user_id'] && !isModerator()) {
        echo json_encode(['success' => false, 'error' => 'Unauthorized']);
        exit;
    }

    $pdo->prepare("DELETE FROM comments WHERE id = ?")->execute([$comment_id]);
    logEvent('comment', "Comment deleted: ID $comment_id by user " . $_SESSION['username']);
    echo json_encode(['success' => true]);
} catch (Exception $e) {
    echo json_encode(['success' => false, 'error' => 'DB error']);
}
?>