1f81d98c52
Complete port of all 163 API endpoints from Lucee/CFML to PHP 8.3. Shared helpers in api/helpers.php (DB, auth, request/response, security). PDO prepared statements throughout. Same JSON response shapes as CFML.
97 lines
2.8 KiB
PHP
97 lines
2.8 KiB
PHP
<?php
|
|
require_once __DIR__ . '/../helpers.php';
|
|
runAuth();
|
|
|
|
/*
|
|
User Profile API
|
|
GET: Returns current user's profile info
|
|
POST: Updates profile (firstName, lastName)
|
|
*/
|
|
|
|
global $userId;
|
|
|
|
if ($userId <= 0) {
|
|
apiAbort(['OK' => false, 'ERROR' => 'not_logged_in', 'MESSAGE' => 'Authentication required']);
|
|
}
|
|
|
|
// GET — return profile
|
|
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
|
|
$user = queryOne(
|
|
"SELECT ID, FirstName, LastName, EmailAddress, ContactNumber, ImageExtension, Balance
|
|
FROM Users WHERE ID = ? LIMIT 1",
|
|
[$userId]
|
|
);
|
|
|
|
if (!$user) {
|
|
apiAbort(['OK' => false, 'ERROR' => 'user_not_found', 'MESSAGE' => 'User not found']);
|
|
}
|
|
|
|
$avatarUrl = '';
|
|
if (!empty(trim($user['ImageExtension'] ?? ''))) {
|
|
$avatarUrl = baseUrl() . '/uploads/users/' . $user['ID'] . '.' . $user['ImageExtension'] . '?t=' . time();
|
|
}
|
|
|
|
jsonResponse([
|
|
'OK' => true,
|
|
'USER' => [
|
|
'UserID' => (int) $user['ID'],
|
|
'FirstName' => $user['FirstName'] ?? '',
|
|
'LastName' => $user['LastName'] ?? '',
|
|
'Email' => $user['EmailAddress'] ?? '',
|
|
'Phone' => $user['ContactNumber'] ?? '',
|
|
'AvatarUrl' => $avatarUrl,
|
|
'Balance' => (float) ($user['Balance'] ?? 0),
|
|
],
|
|
]);
|
|
}
|
|
|
|
// POST — update profile
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$data = readJsonBody();
|
|
|
|
$sets = [];
|
|
$params = [];
|
|
|
|
if (isset($data['firstName'])) {
|
|
$sets[] = 'FirstName = ?';
|
|
$params[] = $data['firstName'];
|
|
}
|
|
if (isset($data['lastName'])) {
|
|
$sets[] = 'LastName = ?';
|
|
$params[] = $data['lastName'];
|
|
}
|
|
|
|
if (empty($sets)) {
|
|
apiAbort(['OK' => false, 'ERROR' => 'no_changes', 'MESSAGE' => 'No fields to update']);
|
|
}
|
|
|
|
$params[] = $userId;
|
|
queryTimed("UPDATE Users SET " . implode(', ', $sets) . " WHERE ID = ?", $params);
|
|
|
|
// Return updated profile
|
|
$user = queryOne(
|
|
"SELECT ID, FirstName, LastName, EmailAddress, ContactNumber, ImageExtension
|
|
FROM Users WHERE ID = ? LIMIT 1",
|
|
[$userId]
|
|
);
|
|
|
|
$avatarUrl = '';
|
|
if (!empty(trim($user['ImageExtension'] ?? ''))) {
|
|
$avatarUrl = baseUrl() . '/uploads/users/' . $user['ID'] . '.' . $user['ImageExtension'] . '?t=' . time();
|
|
}
|
|
|
|
jsonResponse([
|
|
'OK' => true,
|
|
'MESSAGE' => 'Profile updated',
|
|
'USER' => [
|
|
'UserID' => (int) $user['ID'],
|
|
'FirstName' => $user['FirstName'] ?? '',
|
|
'LastName' => $user['LastName'] ?? '',
|
|
'Email' => $user['EmailAddress'] ?? '',
|
|
'Phone' => $user['ContactNumber'] ?? '',
|
|
'AvatarUrl' => $avatarUrl,
|
|
],
|
|
]);
|
|
}
|
|
|
|
apiAbort(['OK' => false, 'ERROR' => 'bad_method', 'MESSAGE' => 'Use GET or POST']);
|