1f81d98c52
Complete port of all 163 API endpoints from Lucee/CFML to PHP 8.3. Shared helpers in api/helpers.php (DB, auth, request/response, security). PDO prepared statements throughout. Same JSON response shapes as CFML.
32 lines
1.5 KiB
PHP
32 lines
1.5 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../helpers.php';
|
|
runAuth();
|
|
|
|
try {
|
|
$data = readJsonBody();
|
|
$tabID = (int) ($data['TabID'] ?? 0);
|
|
$ownerUserID = (int) ($data['OwnerUserID'] ?? 0);
|
|
$targetUserID = (int) ($data['TargetUserID'] ?? 0);
|
|
|
|
if ($tabID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_TabID']);
|
|
if ($ownerUserID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_OwnerUserID']);
|
|
if ($targetUserID === 0) apiAbort(['OK' => false, 'ERROR' => 'missing_TargetUserID']);
|
|
|
|
$qTab = queryOne("SELECT OwnerUserID, StatusID FROM Tabs WHERE ID = ? LIMIT 1", [$tabID]);
|
|
if (!$qTab) apiAbort(['OK' => false, 'ERROR' => 'tab_not_found']);
|
|
if ((int) $qTab['StatusID'] !== 1) apiAbort(['OK' => false, 'ERROR' => 'tab_not_open']);
|
|
if ((int) $qTab['OwnerUserID'] !== $ownerUserID) apiAbort(['OK' => false, 'ERROR' => 'not_owner']);
|
|
if ($targetUserID === $ownerUserID) apiAbort(['OK' => false, 'ERROR' => 'cannot_remove_self']);
|
|
|
|
// Reject pending orders from this member
|
|
queryTimed("UPDATE TabOrders SET ApprovalStatus = 'rejected' WHERE TabID = ? AND UserID = ? AND ApprovalStatus = 'pending'",
|
|
[$tabID, $targetUserID]);
|
|
|
|
queryTimed("UPDATE TabMembers SET StatusID = 2, LeftOn = NOW() WHERE TabID = ? AND UserID = ? AND StatusID = 1",
|
|
[$tabID, $targetUserID]);
|
|
|
|
jsonResponse(['OK' => true]);
|
|
|
|
} catch (Exception $e) {
|
|
jsonResponse(['OK' => false, 'ERROR' => 'server_error', 'MESSAGE' => $e->getMessage()]);
|
|
}
|