jweb/ac1/src/api/settings_handler.php

<?php
session_start();
include_once '../../db.php';

if(!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] !== true) {
    header('Location: ../../index.php');
    exit;
}

$database = new Database();
$db = $database->getConnection();

$user_id = $_SESSION['user_id'];

if($_POST) {
    try {
        // Update general settings
        if(isset($_POST['dark_mode']) || isset($_POST['language']) || isset($_POST['currency']) || isset($_POST['auto_logout'])) {
            $dark_mode = isset($_POST['dark_mode']) ? 1 : 0;
            $language = $_POST['language'] ?? 'en';
            $currency = $_POST['currency'] ?? 'KES';
            $auto_logout = isset($_POST['auto_logout']) ? 1 : 0;

            $query = "INSERT INTO user_settings (user_id, dark_mode, language, currency, auto_logout) 
                      VALUES (?, ?, ?, ?, ?)
                      ON DUPLICATE KEY UPDATE 
                      dark_mode = VALUES(dark_mode), 
                      language = VALUES(language), 
                      currency = VALUES(currency), 
                      auto_logout = VALUES(auto_logout)";
            
            $stmt = $db->prepare($query);
            $stmt->execute([$user_id, $dark_mode, $language, $currency, $auto_logout]);

            $_SESSION['success'] = "Settings updated successfully!";
        }

        // Handle password change
        if(isset($_POST['current_password']) && isset($_POST['new_password'])) {
            $current_password = $_POST['current_password'];
            $new_password = $_POST['new_password'];

            // Verify current password
            $query = "SELECT password_hash FROM users WHERE id = ?";
            $stmt = $db->prepare($query);
            $stmt->execute([$user_id]);
            $user = $stmt->fetch(PDO::FETCH_ASSOC);

            if(password_verify($current_password, $user['password_hash'])) {
                $new_password_hash = password_hash($new_password, PASSWORD_BCRYPT);
                
                $query = "UPDATE users SET password_hash = ? WHERE id = ?";
                $stmt = $db->prepare($query);
                $stmt->execute([$new_password_hash, $user_id]);

                $_SESSION['success'] = "Password updated successfully!";
            } else {
                $_SESSION['error'] = "Current password is incorrect!";
            }
        }

    } catch(PDOException $exception) {
        $_SESSION['error'] = "Error updating settings: " . $exception->getMessage();
    }

    header("Location: ../pages/settings.php");
    exit();
}

// Get user settings
function getUserSettings($db, $user_id) {
    $query = "SELECT * FROM user_settings WHERE user_id = ?";
    $stmt = $db->prepare($query);
    $stmt->execute([$user_id]);
    return $stmt->fetch(PDO::FETCH_ASSOC) ?: [];
}
?>