<?php
require_once '../includes/db.php';
require_once '../includes/auth.php';

header('Content-Type: application/json');

if (!isLoggedIn()) {
    echo json_encode(['success' => false, 'error' => 'Login required']);
    exit;
}

$video_id = (int)($_POST['video_id'] ?? 0);
$comment_text = trim($_POST['comment'] ?? '');

if (!$video_id || empty($comment_text)) {
    echo json_encode(['success' => false, 'error' => 'Invalid data']);
    exit;
}

// Profanity Filter
$bad_words = ['damn', 'hell', 'crap', 'shit', 'fuck', 'ass', 'bitch']; // Basic list, user can expand
$is_flagged = false;
$filtered_text = $comment_text;

foreach ($bad_words as $word) {
    $pattern = '/\b' . preg_quote($word, '/') . '\b/i';
    if (preg_match($pattern, $comment_text)) {
        $is_flagged = true;
        $filtered_text = preg_replace($pattern, str_repeat('*', strlen($word)), $filtered_text);
    }
}

try {
    $stmt = $pdo->prepare("INSERT INTO comments (video_id, user_id, comment_text, is_reported) VALUES (?, ?, ?, ?)");
    if ($stmt->execute([$video_id, $_SESSION['user_id'], $filtered_text, $is_flagged ? 1 : 0])) {
        echo json_encode(['success' => true]);
    } else {
        echo json_encode(['success' => false, 'error' => 'Database error']);
    }
} catch (Exception $e) {
    echo json_encode(['success' => false, 'error' => $e->getMessage()]);
}
?>