payfrit-api/api/hub/messages/edit.php

<?php
/**
 * POST /api/hub/messages/edit.php
 *
 * Edit a message. Only the original sender can edit.
 *
 * Body:
 *   MessageID      int     REQUIRED
 *   SenderAddress  string  REQUIRED  must match original sender
 *   Content        string  REQUIRED  new content
 *
 * Response: { OK: true, Message: { ... } }
 */

require_once __DIR__ . '/../../helpers.php';

if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
    jsonResponse(['OK' => false, 'ERROR' => 'method_not_allowed'], 405);
}

$body = readJsonBody();

$messageId = (int) ($body['MessageID'] ?? 0);
$senderAddress = trim($body['SenderAddress'] ?? '');
$content = trim($body['Content'] ?? '');

if ($messageId <= 0) jsonResponse(['OK' => false, 'ERROR' => 'message_id_required']);
if ($senderAddress === '') jsonResponse(['OK' => false, 'ERROR' => 'sender_address_required']);
if ($content === '') jsonResponse(['OK' => false, 'ERROR' => 'content_required']);

// Verify message exists and belongs to sender
$msg = queryOne(
    "SELECT * FROM Hub_Messages WHERE ID = ? AND IsDeleted = 0",
    [$messageId]
);
if (!$msg) jsonResponse(['OK' => false, 'ERROR' => 'message_not_found']);
if ($msg['SenderAddress'] !== $senderAddress) {
    jsonResponse(['OK' => false, 'ERROR' => 'not_message_owner']);
}

queryTimed(
    "UPDATE Hub_Messages SET Content = ?, IsEdited = 1 WHERE ID = ?",
    [$content, $messageId]
);

$updated = queryOne("SELECT * FROM Hub_Messages WHERE ID = ?", [$messageId]);

jsonResponse([
    'OK' => true,
    'Message' => [
        'ID'            => (int) $updated['ID'],
        'ChannelID'     => (int) $updated['ChannelID'],
        'SenderAddress' => $updated['SenderAddress'],
        'Content'       => $updated['Content'],
        'ParentID'      => $updated['ParentID'] ? (int) $updated['ParentID'] : null,
        'IsEdited'      => true,
        'IsDeleted'     => false,
        'CreatedAt'     => toISO8601($updated['CreatedAt']),
        'UpdatedAt'     => toISO8601($updated['UpdatedAt']),
    ],
]);