false, 'ERROR' => 'unauthorized', 'MESSAGE' => 'Authentication required']); } $data = readJsonBody(); $firstName = trim($data['firstName'] ?? ''); $lastName = trim($data['lastName'] ?? ''); $email = strtolower(trim($data['email'] ?? '')); if (empty($firstName)) { apiAbort(['OK' => false, 'ERROR' => 'missing_first_name', 'MESSAGE' => 'First name is required']); } if (empty($lastName)) { apiAbort(['OK' => false, 'ERROR' => 'missing_last_name', 'MESSAGE' => 'Last name is required']); } if (empty($email) || !filter_var($email, FILTER_VALIDATE_EMAIL)) { apiAbort(['OK' => false, 'ERROR' => 'invalid_email', 'MESSAGE' => 'Please enter a valid email address']); } // Check if email is already used by another verified account $emailCheck = queryOne( "SELECT ID FROM Users WHERE EmailAddress = ? AND IsEmailVerified = 1 AND ID != ? LIMIT 1", [$email, $userId] ); if ($emailCheck) { apiAbort(['OK' => false, 'ERROR' => 'email_exists', 'MESSAGE' => 'This email is already associated with another account']); } // Get user UUID for email confirmation link $userRow = queryOne("SELECT UUID FROM Users WHERE ID = ?", [$userId]); // Update profile and mark as verified/active queryTimed( "UPDATE Users SET FirstName = ?, LastName = ?, EmailAddress = ?, IsEmailVerified = 0, IsContactVerified = 1, IsActive = 1 WHERE ID = ?", [$firstName, $lastName, $email, $userId] ); // Send confirmation email (non-blocking) $emailSent = false; $confirmLink = baseUrl() . '/confirm_email.cfm?UUID=' . ($userRow['UUID'] ?? ''); // TODO: Email sending integration // For now, profile is saved without sending email $message = $emailSent ? 'Profile updated. Please check your email to confirm your address.' : 'Profile updated.'; jsonResponse(['OK' => true, 'MESSAGE' => $message]);