|
1 | 1 | <?php |
2 | 2 |
|
| 3 | +require_once '../model/Activator.php'; |
3 | 4 | require_once '../model/Config.php'; |
4 | 5 | require_once '../model/DB.php'; |
5 | 6 | require_once '../model/Location.php'; |
|
268 | 269 | exit(); |
269 | 270 | } |
270 | 271 |
|
| 272 | + $activator = new Activator(); |
| 273 | + $activator->setAccountID($query_id); |
| 274 | + $activator->generateActivator(); |
| 275 | + |
| 276 | + $query_activator = $activator->getActivator(); |
| 277 | + $query = $writeDB->prepare("INSERT INTO `activators` (account_id, activator) VALUES (:id, :a)"); |
| 278 | + $query->bindParam(":id", $query_id, PDO::PARAM_STR); |
| 279 | + $query->bindParam(":a", $query_activator, PDO::PARAM_STR); |
| 280 | + $query->execute(); |
| 281 | + |
| 282 | + $row_count = $query->rowCount(); |
| 283 | + if ($row_count === 0) { |
| 284 | + $response = new Response(); |
| 285 | + $response->setHttpStatusCode(500); |
| 286 | + $response->setSuccess(false); |
| 287 | + $response->addMessage("Error: database error during user creation."); |
| 288 | + $response->send(); |
| 289 | + exit(); |
| 290 | + } |
| 291 | + |
| 292 | + $activator->setID($writeDB->lastInsertId()); |
| 293 | + $verify_url = $activator->getBaseURL() . "dashboard/?id={$activator->getID()}&a={$activator->getAccountID()}&c={$activator->getActivator()}"; |
| 294 | + |
271 | 295 | $response_data = []; |
272 | 296 | $response_data['id'] = $query_id; |
273 | 297 | $response_data['name'] = $query_name; |
274 | 298 | $response_data['authorisedContact'] = $query_contact; |
275 | 299 | $response_data['contactPhone'] = $query_phone; |
276 | 300 | $response_data['contactEmail'] = $query_email; |
277 | 301 |
|
278 | | - include('register_mail.php'); |
| 302 | + $success = Config::Mailer([ |
| 303 | + "type" => "register", |
| 304 | + "email" => $query_email, |
| 305 | + "account_id" => $query_id, |
| 306 | + "contact_name" => $query_contact, |
| 307 | + "contact_phone" => $query_phone, |
| 308 | + "business_name" => $query_name, |
| 309 | + "business_address" => $location->address()->getStreetAddress(), |
| 310 | + "shortname" => $query_shortname, |
| 311 | + "verify_url" => $verify_url |
| 312 | + ]); |
| 313 | + |
| 314 | + if (!$success) { |
| 315 | + $response = new Response(); |
| 316 | + $response->setHttpStatusCode(500); |
| 317 | + $response->setSuccess(false); |
| 318 | + $response->addMessage("Error: mailing error during user creation."); |
| 319 | + $response->send(); |
| 320 | + exit(); |
| 321 | + } |
279 | 322 |
|
280 | 323 | $response = new Response(); |
281 | 324 | $response->setHttpStatusCode(201); |
|
332 | 375 | $query->bindParam(':id', $query_id, PDO::PARAM_STR); |
333 | 376 | $query->execute(); |
334 | 377 |
|
335 | | - $row_count = $query->rowCount(); |
336 | | - if ($row_count === 0) { |
337 | | - $response = new Response(); |
338 | | - $response->setHttpStatusCode(404); |
339 | | - $response->setSuccess(false); |
340 | | - $response->addMessage("Error: venue account not found."); |
341 | | - $response->send(); |
342 | | - Config::RegisterAPIAccess($query_id, "account"); |
343 | | - exit(); |
344 | | - } |
345 | | - |
| 378 | + $row_count = $query->rowCount(); |
| 379 | + if ($row_count === 0) { |
346 | 380 | $response = new Response(); |
347 | | - $response->setHttpStatusCode(200); |
348 | | - $response->setSuccess(true); |
349 | | - $response->addMessage("Logo successfully updated."); |
| 381 | + $response->setHttpStatusCode(404); |
| 382 | + $response->setSuccess(false); |
| 383 | + $response->addMessage("Error: venue account not found."); |
350 | 384 | $response->send(); |
351 | 385 | Config::RegisterAPIAccess($query_id, "account"); |
352 | 386 | exit(); |
| 387 | + } |
353 | 388 |
|
| 389 | + $response = new Response(); |
| 390 | + $response->setHttpStatusCode(200); |
| 391 | + $response->setSuccess(true); |
| 392 | + $response->addMessage("Logo successfully updated."); |
| 393 | + $response->send(); |
| 394 | + Config::RegisterAPIAccess($query_id, "account"); |
| 395 | + exit(); |
354 | 396 | } elseif ($_SERVER['REQUEST_METHOD'] === 'PATCH') { |
355 | 397 |
|
356 | 398 | if (!isset($_GET['id'])) { |
|
362 | 404 | exit(); |
363 | 405 | } |
364 | 406 |
|
| 407 | + if (isset($_GET['a'], $_GET['c'])) { //Account activation or Forgot password |
| 408 | + |
| 409 | + $activator = new Activator(); |
| 410 | + $activator->setID(intval($_GET['a'])); |
| 411 | + $activator->setAccountID(intval($_GET['id'])); |
| 412 | + $activator->setActivator($_GET['c']); |
| 413 | + |
| 414 | + $query_id = $activator->getID(); |
| 415 | + $query_aid = $activator->getAccountID(); |
| 416 | + $query_code = $activator->getActivator(); |
| 417 | + |
| 418 | + $query = $writeDB->prepare("SELECT is_active FROM accounts WHERE id=:id"); |
| 419 | + $query->bindParam(":id", $query_aid, PDO::PARAM_STR); |
| 420 | + $query->execute(); |
| 421 | + |
| 422 | + $row_count = $query->rowCount(); |
| 423 | + if ($row_count === 0) { |
| 424 | + $response = new Response(); |
| 425 | + $response->setHttpStatusCode(404); |
| 426 | + $response->setSuccess(false); |
| 427 | + $response->addMessage("Error: account not found."); |
| 428 | + $response->send(); |
| 429 | + exit(); |
| 430 | + } |
| 431 | + |
| 432 | + $raw_post_data = file_get_contents('php://input'); |
| 433 | + |
| 434 | + if (!$json_data = json_decode($raw_post_data)) { |
| 435 | + $response = new Response(); |
| 436 | + $response->setHttpStatusCode(400); |
| 437 | + $response->setSuccess(false); |
| 438 | + $response->addMessage("Error: request body is not valid JSON."); |
| 439 | + $response->send(); |
| 440 | + exit(); |
| 441 | + } |
| 442 | + |
| 443 | + if ($query->fetch(PDO::FETCH_ASSOC)['is_active']) { //Forgot password |
| 444 | + if (!isset($json_data->password)) { |
| 445 | + $response = new Response(); |
| 446 | + $response->setHttpStatusCode(400); |
| 447 | + $response->setSuccess(false); |
| 448 | + $response->addMessage("Error: new password not provided."); |
| 449 | + $response->send(); |
| 450 | + exit(); |
| 451 | + } |
| 452 | + |
| 453 | + $passwordHash = password_hash($json_data->password, PASSWORD_DEFAULT); |
| 454 | + $query = $writeDB->prepare("UPDATE accounts SET auth=:pw WHERE id=:id"); |
| 455 | + $query->bindParam(":pw", $passwordHash, PDO::PARAM_STR); |
| 456 | + $query->bindParam(":id", $query_aid, PDO::PARAM_STR); |
| 457 | + $query->execute(); |
| 458 | + |
| 459 | + $row_count = $query->rowCount(); |
| 460 | + if ($row_count === 0) { |
| 461 | + $response = new Response(); |
| 462 | + $response->setHttpStatusCode(400); |
| 463 | + $response->setSuccess(false); |
| 464 | + $response->addMessage("Error: password update failed."); |
| 465 | + $response->send(); |
| 466 | + exit(); |
| 467 | + } |
| 468 | + } else { //New account activation |
| 469 | + $query = $writeDB->prepare("DELETE FROM activators WHERE id=:a AND account_id=:id AND activator=:c"); |
| 470 | + $query->bindParam(":a", $query_id, PDO::PARAM_STR); |
| 471 | + $query->bindParam(":id", $query_aid, PDO::PARAM_STR); |
| 472 | + $query->bindParam(":c", $query_code, PDO::PARAM_STR); |
| 473 | + $query->execute(); |
| 474 | + |
| 475 | + $row_count = $query->rowCount(); |
| 476 | + if ($row_count === 0) { |
| 477 | + $response = new Response(); |
| 478 | + $response->setHttpStatusCode(404); |
| 479 | + $response->setSuccess(false); |
| 480 | + $response->addMessage("Error: matching account activator not found."); |
| 481 | + $response->send(); |
| 482 | + exit(); |
| 483 | + } |
| 484 | + |
| 485 | + $query = $writeDB->prepare("UPDATE accounts SET is_active=1 WHERE id=:id"); |
| 486 | + $query->bindParam(":id", $query_aid, PDO::PARAM_STR); |
| 487 | + $query->execute(); |
| 488 | + |
| 489 | + $row_count = $query->rowCount(); |
| 490 | + if ($row_count === 0) { |
| 491 | + $response = new Response(); |
| 492 | + $response->setHttpStatusCode(404); |
| 493 | + $response->setSuccess(false); |
| 494 | + $response->addMessage("Error: account activation unsuccessful, contact administrator."); |
| 495 | + $response->send(); |
| 496 | + exit(); |
| 497 | + } |
| 498 | + |
| 499 | + $response = new Response(); |
| 500 | + $response->setHttpStatusCode(200); |
| 501 | + $response->setSuccess(false); |
| 502 | + $response->setData(['activator' => true]); |
| 503 | + $response->send(); |
| 504 | + exit(); |
| 505 | + } |
| 506 | + } |
| 507 | + |
365 | 508 | include('authenticate.php'); |
366 | 509 |
|
367 | 510 | if ($_SERVER['CONTENT_TYPE'] === 'application/json') { |
|
540 | 683 | $response->send(); |
541 | 684 | exit(); |
542 | 685 | } |
543 | | - |
544 | 686 | } elseif ($_SERVER['REQUEST_METHOD'] === 'DELETE') { |
545 | | - |
| 687 | + |
546 | 688 | if (!isset($_GET['id'])) { |
547 | 689 | $response = new Response(); |
548 | 690 | $response->setHttpStatusCode(400); |
|
561 | 703 | $query->bindParam(':id', $query_id, PDO::PARAM_STR); |
562 | 704 | $query->execute(); |
563 | 705 |
|
| 706 | + $row_count = $query->rowCount(); |
| 707 | + if ($row_count === 0) { |
| 708 | + $response = new Response(); |
| 709 | + $response->setHttpStatusCode(404); |
| 710 | + $response->setSuccess(false); |
| 711 | + $response->addMessage("Error: account not found."); |
| 712 | + $response->send(); |
| 713 | + exit(); |
| 714 | + } |
| 715 | + |
564 | 716 | $response = new Response(); |
565 | 717 | $response->setHttpStatusCode(200); |
566 | 718 | $response->setSuccess(true); |
567 | 719 | $response->addMessage("Account successfully deleted."); |
568 | 720 | $response->send(); |
569 | 721 | exit(); |
570 | | - |
571 | 722 | } else { |
572 | 723 | $response = new Response(); |
573 | 724 | $response->setHttpStatusCode(405); |
|
0 commit comments