$response['error'] = true; $response['msg'] = 'Username or passeord wrong.'; echoRespnse(401, $response); $app->stop(); } } else { $response['error'] = true; $response['msg'] = 'Another user with the same email already exists in the database.'; echoRespnse(401, $response); $app->stop(); } }); $app->get('/user/:userid', 'authenticate', function ($userUID) use($app) { sleep(2); $response = array('request' => 'user'); $user_cookie = $app->getCookie('lq_user_id'); // The userid provided by the app url must be the same as the one stored inside the user's cookie $db = new DbHandler(); if ($userUID !== $user_cookie) { $user_session = isset($_COOKIE["BBC_session"]) ? $_COOKIE["BBC_session"] : ''; $db->logOut($user_session); $response['error'] = true; $response['msg'] = 'Cannot verify the user identity. Please log in.'; echoRespnse(401, $response); $app->stop(); } $user = array(); $user = $db->getUser($userUID); if (!empty($user)) { $response['error'] = false; $response['user'] = $user;
echoRespnse(400, $response); $app->stop(); }); $app->post('/user/:userid/profile', 'authenticate', function () use($app) { sleep(2); // check for required params verify_required_params(array('username', 'email')); // reading post params $user = array('name' => $app->request()->post('username'), 'email' => $app->request()->post('email'), 'old_password' => $app->request()->post('old_password'), 'password' => $app->request()->post('password'), 'password_confirm' => $app->request()->post('password_confirm')); // prepare the answer $response = array('request' => 'profile'); // Sanitize data $user['name'] = filter_var($user['name'], FILTER_SANITIZE_STRING); $user['email'] = filter_var($user['email'], FILTER_SANITIZE_EMAIL); $db = new DbHandler(); $userUID = $app->getCookie('lq_user_id'); // Try to update the user details if ($db->updateUserProfile($userUID, $user['name'], $user['email'])) { $response['error'] = false; } else { $response['error'] = true; $response['msg'] = 'Impossible to update the user profile.'; echoRespnse(401, $response); $app->stop(); } // If the user sent a password, reset that as well if (isset($user['old_password']) || isset($user['password']) || isset($user['password_confirm'])) { verify_required_params(array('old_password', 'password', 'password_confirm')); $user['old_password'] = filter_var($user['old_password'], FILTER_SANITIZE_STRING); $user['password'] = filter_var($user['password'], FILTER_SANITIZE_STRING); $user['password_confirm'] = filter_var($user['password_confirm'], FILTER_SANITIZE_STRING);