Initial commit

api/v1/post/profile.php

@@ -0,0 +1,46 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// users
+//------------------------------------------
+//Connect to DB
+$pdo = dbConnect($dbname_users);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode(decode_payload($input),true);
+$owner_user = 0;
+
+//SET PARAMETERS FOR QUERY
+$id = $post_content['id'] ?? ''; //check for rowID
+$command = ($post_content['reset'])? 'reset' : '';  // change command to reset
+
+//GET EXISTING USER DATA
+if ($id != ''){
+//Define Query
+$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
+$stmt->execute([$id]);
+$user_data = $stmt->fetch();
+$owner_user = (($user_data['username'] == $username)? 1 : 0);
+
+
+    if ($command != 'reset' && $owner_user === 1 && $post_content['language']){
+        $sql = 'UPDATE users SET language = ? WHERE id = ? ';
+        $stmt = $pdo->prepare($sql);
+        $stmt->execute([$post_content['language'],$id]);
+    }
+
+    if ($command == 'reset' && $owner_user === 1){
+        //STEP 1- create resetkey
+        $headers = array('alg'=>'HS256','typ'=>'JWT');
+        $payload = array('username'=>$user_data['username'], 'exp'=>(time() + 1800));
+        $resetkey = generate_jwt($headers, $payload);
+        //STEP 2- Store resetkey
+        $sql = 'UPDATE users SET resetkey = ? WHERE id = ? ';
+        $stmt = $pdo->prepare($sql);
+        $stmt->execute([$resetkey,$id]);
+        //STEP 3 - Send to user
+        include_once './assets/mail/email_template_reset.php';
+        send_mail($user_data['username'],$subject,$message,'','');
+    }
+}