assetmgt/api/v1/post/profile.php

<?php
defined($security_key) or exit;

//------------------------------------------
// users
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname_users);

//CONTENT FROM API (POST)
$post_content = json_decode(decode_payload($input),true);
$owner_user = 0;

//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($post_content['reset'])? 'reset' : '';  // change command to reset

//GET EXISTING USER DATA
if ($id != ''){
//Define Query
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
$stmt->execute([$id]);
$user_data = $stmt->fetch();
$owner_user = (($user_data['username'] == $username)? 1 : 0);


    if ($command != 'reset' && $owner_user === 1 && $post_content['language']){
        $sql = 'UPDATE users SET language = ? WHERE id = ? ';
        $stmt = $pdo->prepare($sql);
        $stmt->execute([$post_content['language'],$id]);
    }

    if ($command == 'reset' && $owner_user === 1){
        //STEP 1- create resetkey
        $headers = array('alg'=>'HS256','typ'=>'JWT');
        $payload = array('username'=>$user_data['username'], 'exp'=>(time() + 1800));
        $resetkey = generate_jwt($headers, $payload);
        //STEP 2- Store resetkey
        $sql = 'UPDATE users SET resetkey = ? WHERE id = ? ';
        $stmt = $pdo->prepare($sql);
        $stmt->execute([$resetkey,$id]);
        //STEP 3 - Send to user
        include_once './assets/mail/email_template_reset.php';
        send_mail($user_data['username'],$subject,$message,'','');
    }
}