| <?php |
| |
| session_start(); |
| header('Content-Type: application/json'); |
|
|
| |
| $host = '127.0.0.1'; |
| $dbname = 'jmdb'; |
| $username = 'root'; |
| $password = 'YourStrongPassword123'; |
|
|
| try { |
| $pdo = new PDO("mysql:host=$host;dbname=$dbname", $username, $password); |
| $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); |
| } catch(PDOException $e) { |
| echo json_encode(['success' => false, 'message' => 'Database connection failed']); |
| exit; |
| } |
|
|
| if (!isset($_SESSION['user_id'])) { |
| echo json_encode(['success' => false, 'message' => 'Not authenticated']); |
| exit; |
| } |
|
|
| $user_id = $_SESSION['user_id']; |
| $action = $_POST['action'] ?? ''; |
|
|
| switch($action) { |
| case 'get_profile': |
| getProfile($pdo, $user_id); |
| break; |
| case 'update_profile': |
| updateProfile($pdo, $user_id); |
| break; |
| case 'change_password': |
| changePassword($pdo, $user_id); |
| break; |
| case 'get_activity': |
| getActivity($pdo, $user_id); |
| break; |
| default: |
| echo json_encode(['success' => false, 'message' => 'Invalid action']); |
| } |
|
|
| function getProfile($pdo, $user_id) { |
| $stmt = $pdo->prepare("SELECT * FROM users WHERE id = ?"); |
| $stmt->execute([$user_id]); |
| $user = $stmt->fetch(PDO::FETCH_ASSOC); |
| |
| if ($user) { |
| unset($user['password_hash']); |
| echo json_encode(['success' => true, 'profile' => $user]); |
| } else { |
| echo json_encode(['success' => false, 'message' => 'User not found']); |
| } |
| } |
|
|
| function updateProfile($pdo, $user_id) { |
| $allowed_fields = ['first_name', 'last_name', 'email', 'phone_number', 'country_code']; |
| $updates = []; |
| $params = []; |
| |
| foreach ($allowed_fields as $field) { |
| if (isset($_POST[$field]) && $_POST[$field] !== '') { |
| $updates[] = "$field = ?"; |
| $params[] = $_POST[$field]; |
| } |
| } |
| |
| if (empty($updates)) { |
| echo json_encode(['success' => false, 'message' => 'No valid fields to update']); |
| return; |
| } |
| |
| $params[] = $user_id; |
| $sql = "UPDATE users SET " . implode(', ', $updates) . ", last_updated = CURRENT_TIMESTAMP WHERE id = ?"; |
| |
| try { |
| $stmt = $pdo->prepare($sql); |
| $stmt->execute($params); |
| |
| |
| logActivity($pdo, $user_id, 'profile_update', 'Updated profile information'); |
| |
| echo json_encode(['success' => true, 'message' => 'Profile updated successfully']); |
| } catch (PDOException $e) { |
| echo json_encode(['success' => false, 'message' => 'Update failed: ' . $e->getMessage()]); |
| } |
| } |
|
|
| function changePassword($pdo, $user_id) { |
| if (!isset($_POST['current_password']) || !isset($_POST['new_password']) || !isset($_POST['confirm_password'])) { |
| echo json_encode(['success' => false, 'message' => 'All password fields are required']); |
| return; |
| } |
| |
| $current_password = $_POST['current_password']; |
| $new_password = $_POST['new_password']; |
| $confirm_password = $_POST['confirm_password']; |
| |
| if ($new_password !== $confirm_password) { |
| echo json_encode(['success' => false, 'message' => 'New passwords do not match']); |
| return; |
| } |
| |
| if (strlen($new_password) < 6) { |
| echo json_encode(['success' => false, 'message' => 'Password must be at least 6 characters long']); |
| return; |
| } |
| |
| |
| $stmt = $pdo->prepare("SELECT password_hash FROM users WHERE id = ?"); |
| $stmt->execute([$user_id]); |
| $user = $stmt->fetch(PDO::FETCH_ASSOC); |
| |
| if (!$user || !password_verify($current_password, $user['password_hash'])) { |
| echo json_encode(['success' => false, 'message' => 'Current password is incorrect']); |
| return; |
| } |
| |
| |
| $new_password_hash = password_hash($new_password, PASSWORD_DEFAULT); |
| $stmt = $pdo->prepare("UPDATE users SET password_hash = ?, last_updated = CURRENT_TIMESTAMP WHERE id = ?"); |
| $stmt->execute([$new_password_hash, $user_id]); |
| |
| |
| logActivity($pdo, $user_id, 'password_change', 'Changed account password'); |
| |
| echo json_encode(['success' => true, 'message' => 'Password updated successfully']); |
| } |
|
|
| function getActivity($pdo, $user_id) { |
| $stmt = $pdo->prepare("SELECT activity_type, description, timestamp FROM user_activity WHERE user_id = ? ORDER BY timestamp DESC LIMIT 50"); |
| $stmt->execute([$user_id]); |
| $activities = $stmt->fetchAll(PDO::FETCH_ASSOC); |
| |
| echo json_encode(['success' => true, 'activities' => $activities]); |
| } |
|
|
| function logActivity($pdo, $user_id, $type, $description) { |
| $ip_address = $_SERVER['REMOTE_ADDR']; |
| $stmt = $pdo->prepare("INSERT INTO user_activity (user_id, activity_type, description, ip_address) VALUES (?, ?, ?, ?)"); |
| $stmt->execute([$user_id, $type, $description, $ip_address]); |
| } |
| ?> |
