|
|
<?php |
|
|
|
|
|
session_start(); |
|
|
header('Content-Type: application/json'); |
|
|
|
|
|
|
|
|
$host = '127.0.0.1'; |
|
|
$dbname = 'jmdb'; |
|
|
$username = 'root'; |
|
|
$password = 'YourStrongPassword123'; |
|
|
|
|
|
try { |
|
|
$pdo = new PDO("mysql:host=$host;dbname=$dbname", $username, $password); |
|
|
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); |
|
|
} catch(PDOException $e) { |
|
|
echo json_encode(['success' => false, 'message' => 'Database connection failed']); |
|
|
exit; |
|
|
} |
|
|
|
|
|
if (!isset($_SESSION['user_id'])) { |
|
|
echo json_encode(['success' => false, 'message' => 'Not authenticated']); |
|
|
exit; |
|
|
} |
|
|
|
|
|
$user_id = $_SESSION['user_id']; |
|
|
$action = $_POST['action'] ?? ''; |
|
|
|
|
|
switch($action) { |
|
|
case 'get_profile': |
|
|
getProfile($pdo, $user_id); |
|
|
break; |
|
|
case 'update_profile': |
|
|
updateProfile($pdo, $user_id); |
|
|
break; |
|
|
case 'change_password': |
|
|
changePassword($pdo, $user_id); |
|
|
break; |
|
|
case 'get_activity': |
|
|
getActivity($pdo, $user_id); |
|
|
break; |
|
|
default: |
|
|
echo json_encode(['success' => false, 'message' => 'Invalid action']); |
|
|
} |
|
|
|
|
|
function getProfile($pdo, $user_id) { |
|
|
$stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?"); |
|
|
$stmt->execute([$user_id]); |
|
|
$user = $stmt->fetch(PDO::FETCH_ASSOC); |
|
|
|
|
|
if ($user) { |
|
|
unset($user['password_hash']); |
|
|
echo json_encode(['success' => true, 'profile' => $user]); |
|
|
} else { |
|
|
echo json_encode(['success' => false, 'message' => 'User not found']); |
|
|
} |
|
|
} |
|
|
|
|
|
function updateProfile($pdo, $user_id) { |
|
|
$allowed_fields = ['first_name', 'last_name', 'email', 'phone_number', 'country_code']; |
|
|
$updates = []; |
|
|
$params = []; |
|
|
|
|
|
foreach ($allowed_fields as $field) { |
|
|
if (isset($_POST[$field]) && $_POST[$field] !== '') { |
|
|
$updates[] = "$field = ?"; |
|
|
$params[] = $_POST[$field]; |
|
|
} |
|
|
} |
|
|
|
|
|
if (empty($updates)) { |
|
|
echo json_encode(['success' => false, 'message' => 'No valid fields to update']); |
|
|
return; |
|
|
} |
|
|
|
|
|
$params[] = $user_id; |
|
|
$sql = "UPDATE users SET " . implode(', ', $updates) . ", last_updated = CURRENT_TIMESTAMP WHERE id = ?"; |
|
|
|
|
|
try { |
|
|
$stmt = $pdo->prepare($sql); |
|
|
$stmt->execute($params); |
|
|
|
|
|
|
|
|
logActivity($pdo, $user_id, 'profile_update', 'Updated profile information'); |
|
|
|
|
|
echo json_encode(['success' => true, 'message' => 'Profile updated successfully']); |
|
|
} catch (PDOException $e) { |
|
|
echo json_encode(['success' => false, 'message' => 'Update failed: ' . $e->getMessage()]); |
|
|
} |
|
|
} |
|
|
|
|
|
function changePassword($pdo, $user_id) { |
|
|
if (!isset($_POST['current_password']) || !isset($_POST['new_password']) || !isset($_POST['confirm_password'])) { |
|
|
echo json_encode(['success' => false, 'message' => 'All password fields are required']); |
|
|
return; |
|
|
} |
|
|
|
|
|
$current_password = $_POST['current_password']; |
|
|
$new_password = $_POST['new_password']; |
|
|
$confirm_password = $_POST['confirm_password']; |
|
|
|
|
|
if ($new_password !== $confirm_password) { |
|
|
echo json_encode(['success' => false, 'message' => 'New passwords do not match']); |
|
|
return; |
|
|
} |
|
|
|
|
|
if (strlen($new_password) < 6) { |
|
|
echo json_encode(['success' => false, 'message' => 'Password must be at least 6 characters long']); |
|
|
return; |
|
|
} |
|
|
|
|
|
|
|
|
$stmt = $pdo->prepare("SELECT password_hash FROM users WHERE id = ?"); |
|
|
$stmt->execute([$user_id]); |
|
|
$user = $stmt->fetch(PDO::FETCH_ASSOC); |
|
|
|
|
|
if (!$user || !password_verify($current_password, $user['password_hash'])) { |
|
|
echo json_encode(['success' => false, 'message' => 'Current password is incorrect']); |
|
|
return; |
|
|
} |
|
|
|
|
|
|
|
|
$new_password_hash = password_hash($new_password, PASSWORD_DEFAULT); |
|
|
$stmt = $pdo->prepare("UPDATE users SET password_hash = ?, last_updated = CURRENT_TIMESTAMP WHERE id = ?"); |
|
|
$stmt->execute([$new_password_hash, $user_id]); |
|
|
|
|
|
|
|
|
logActivity($pdo, $user_id, 'password_change', 'Changed account password'); |
|
|
|
|
|
echo json_encode(['success' => true, 'message' => 'Password updated successfully']); |
|
|
} |
|
|
|
|
|
function getActivity($pdo, $user_id) { |
|
|
$stmt = $pdo->prepare("SELECT activity_type, description, timestamp FROM user_activity WHERE user_id = ? ORDER BY timestamp DESC LIMIT 50"); |
|
|
$stmt->execute([$user_id]); |
|
|
$activities = $stmt->fetchAll(PDO::FETCH_ASSOC); |
|
|
|
|
|
echo json_encode(['success' => true, 'activities' => $activities]); |
|
|
} |
|
|
|
|
|
function logActivity($pdo, $user_id, $type, $description) { |
|
|
$ip_address = $_SERVER['REMOTE_ADDR']; |
|
|
$stmt = $pdo->prepare("INSERT INTO user_activity (user_id, activity_type, description, ip_address) VALUES (?, ?, ?, ?)"); |
|
|
$stmt->execute([$user_id, $type, $description, $ip_address]); |
|
|
} |
|
|
?> |
