setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); } catch(PDOException $e) { echo json_encode(['success' => false, 'message' => 'Database connection failed']); exit; } if (!isset($_SESSION['user_id'])) { echo json_encode(['success' => false, 'message' => 'Not authenticated']); exit; } $user_id = $_SESSION['user_id']; $action = $_POST['action'] ?? ''; switch($action) { case 'get_profile': getProfile($pdo, $user_id); break; case 'update_profile': updateProfile($pdo, $user_id); break; case 'change_password': changePassword($pdo, $user_id); break; case 'get_activity': getActivity($pdo, $user_id); break; default: echo json_encode(['success' => false, 'message' => 'Invalid action']); } function getProfile($pdo, $user_id) { $stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?"); $stmt->execute([$user_id]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if ($user) { unset($user['password_hash']); echo json_encode(['success' => true, 'profile' => $user]); } else { echo json_encode(['success' => false, 'message' => 'User not found']); } } function updateProfile($pdo, $user_id) { $allowed_fields = ['first_name', 'last_name', 'email', 'phone_number', 'country_code']; $updates = []; $params = []; foreach ($allowed_fields as $field) { if (isset($_POST[$field]) && $_POST[$field] !== '') { $updates[] = "$field = ?"; $params[] = $_POST[$field]; } } if (empty($updates)) { echo json_encode(['success' => false, 'message' => 'No valid fields to update']); return; } $params[] = $user_id; $sql = "UPDATE users SET " . implode(', ', $updates) . ", last_updated = CURRENT_TIMESTAMP WHERE id = ?"; try { $stmt = $pdo->prepare($sql); $stmt->execute($params); // Log the activity logActivity($pdo, $user_id, 'profile_update', 'Updated profile information'); echo json_encode(['success' => true, 'message' => 'Profile updated successfully']); } catch (PDOException $e) { echo json_encode(['success' => false, 'message' => 'Update failed: ' . $e->getMessage()]); } } function changePassword($pdo, $user_id) { if (!isset($_POST['current_password']) || !isset($_POST['new_password']) || !isset($_POST['confirm_password'])) { echo json_encode(['success' => false, 'message' => 'All password fields are required']); return; } $current_password = $_POST['current_password']; $new_password = $_POST['new_password']; $confirm_password = $_POST['confirm_password']; if ($new_password !== $confirm_password) { echo json_encode(['success' => false, 'message' => 'New passwords do not match']); return; } if (strlen($new_password) < 6) { echo json_encode(['success' => false, 'message' => 'Password must be at least 6 characters long']); return; } // Get current password hash $stmt = $pdo->prepare("SELECT password_hash FROM users WHERE id = ?"); $stmt->execute([$user_id]); $user = $stmt->fetch(PDO::FETCH_ASSOC); if (!$user || !password_verify($current_password, $user['password_hash'])) { echo json_encode(['success' => false, 'message' => 'Current password is incorrect']); return; } // Update password $new_password_hash = password_hash($new_password, PASSWORD_DEFAULT); $stmt = $pdo->prepare("UPDATE users SET password_hash = ?, last_updated = CURRENT_TIMESTAMP WHERE id = ?"); $stmt->execute([$new_password_hash, $user_id]); // Log the activity logActivity($pdo, $user_id, 'password_change', 'Changed account password'); echo json_encode(['success' => true, 'message' => 'Password updated successfully']); } function getActivity($pdo, $user_id) { $stmt = $pdo->prepare("SELECT activity_type, description, timestamp FROM user_activity WHERE user_id = ? ORDER BY timestamp DESC LIMIT 50"); $stmt->execute([$user_id]); $activities = $stmt->fetchAll(PDO::FETCH_ASSOC); echo json_encode(['success' => true, 'activities' => $activities]); } function logActivity($pdo, $user_id, $type, $description) { $ip_address = $_SERVER['REMOTE_ADDR']; $stmt = $pdo->prepare("INSERT INTO user_activity (user_id, activity_type, description, ip_address) VALUES (?, ?, ?, ?)"); $stmt->execute([$user_id, $type, $description, $ip_address]); } ?>