public function put_array($array)
{
if ($this->access < 1) {
return "Not authorized to make any updates : guest account";
}
$user = new User();
if (!empty($array["id"])) {
$user = apiDB::getUser($array["id"]);
if ($_SERVER['PHP_AUTH_USER'] != $user->email && $this->access <= 1) {
return "Not authorized to update User " . $user->id;
}
} else {
if (!empty($array["email"])) {
$user = apiDB::getUserByEmail($array["email"]);
if ($_SERVER['PHP_AUTH_USER'] != $user->email && $this->access <= 1) {
return "Not authorized to update User " . $user->id;
}
}
}
$user->email = empty($array["email"]) ? $user->email : $array["email"];
$user->password = empty($array["password"]) ? $user->password : $array["password"];
if ($this->access > 1) {
$user->access = empty($array["access"]) ? $user->access : $array["access"];
// not sure if this is still a security flaw...
}
if (empty($user->id)) {
return apiDB::addUser($user);
} else {
return apiDB::updateUser($user->id, $user);
}
}
public function put_array($array)
{
if ($this->access < 1) {
return "Not authorized to make any updates : guest account";
}
$user = new User();
if (!empty($array["id"])) {
$user = apiDB::getUser($array["id"]);
if ($_SERVER['PHP_AUTH_USER'] != $user->email && $this->access <= 1) {
return "Not authorized to update User " . $user->id;
}
} else {
if (!empty($array["email"])) {
$user = apiDB::getUserByEmail($array["email"]);
if ($_SERVER['PHP_AUTH_USER'] != $user->email && $this->access <= 1) {
return "Not authorized to update User " . $user->id;
}
}
}
$user->email = empty($array["email"]) ? $user->email : $array["email"];
$user->password = empty($array["password"]) ? $user->password : $array["password"];
$user->verified = empty($array["verified"]) ? $user->verified : $array["verified"];
$user->firstname = empty($array["firstname"]) ? $user->firstname : $array["firstname"];
$user->lastname = empty($array["lastname"]) ? $user->lastname : $array["lastname"];
$user->postal = empty($array["postal"]) ? $user->postal : $array["postal"];
$user->phone = empty($array["phone"]) ? $user->phone : $array["phone"];
$user->sub_summary = isset($array["sub_summary"]) ? $array["sub_summary"] : $user->sub_summary;
$user->sub_stats = isset($array["sub_stats"]) ? $array["sub_stats"] : $user->sub_stats;
$user->sub_gwadi = isset($array["sub_gwadi"]) ? $array["sub_gwadi"] : $user->sub_gwadi;
if ($this->access > 1) {
$user->access = empty($array["access"]) ? $user->access : $array["access"];
// not sure if this is still a security flaw...
}
if (empty($user->id)) {
return apiDB::addUser($user);
} else {
return apiDB::updateUser($user->id, $user);
}
}
