$response['error'] = true;
$response['msg'] = 'Username or passeord wrong.';
echoRespnse(401, $response);
$app->stop();
}
} else {
$response['error'] = true;
$response['msg'] = 'Another user with the same email already exists in the database.';
echoRespnse(401, $response);
$app->stop();
}
});
$app->get('/user/:userid', 'authenticate', function ($userUID) use($app) {
sleep(2);
$response = array('request' => 'user');
$user_cookie = $app->getCookie('lq_user_id');
// The userid provided by the app url must be the same as the one stored inside the user's cookie
$db = new DbHandler();
if ($userUID !== $user_cookie) {
$user_session = isset($_COOKIE["BBC_session"]) ? $_COOKIE["BBC_session"] : '';
$db->logOut($user_session);
$response['error'] = true;
$response['msg'] = 'Cannot verify the user identity. Please log in.';
echoRespnse(401, $response);
$app->stop();
}
$user = array();
$user = $db->getUser($userUID);
if (!empty($user)) {
$response['error'] = false;
$response['user'] = $user;
echoRespnse(400, $response);
$app->stop();
});
$app->post('/user/:userid/profile', 'authenticate', function () use($app) {
sleep(2);
// check for required params
verify_required_params(array('username', 'email'));
// reading post params
$user = array('name' => $app->request()->post('username'), 'email' => $app->request()->post('email'), 'old_password' => $app->request()->post('old_password'), 'password' => $app->request()->post('password'), 'password_confirm' => $app->request()->post('password_confirm'));
// prepare the answer
$response = array('request' => 'profile');
// Sanitize data
$user['name'] = filter_var($user['name'], FILTER_SANITIZE_STRING);
$user['email'] = filter_var($user['email'], FILTER_SANITIZE_EMAIL);
$db = new DbHandler();
$userUID = $app->getCookie('lq_user_id');
// Try to update the user details
if ($db->updateUserProfile($userUID, $user['name'], $user['email'])) {
$response['error'] = false;
} else {
$response['error'] = true;
$response['msg'] = 'Impossible to update the user profile.';
echoRespnse(401, $response);
$app->stop();
}
// If the user sent a password, reset that as well
if (isset($user['old_password']) || isset($user['password']) || isset($user['password_confirm'])) {
verify_required_params(array('old_password', 'password', 'password_confirm'));
$user['old_password'] = filter_var($user['old_password'], FILTER_SANITIZE_STRING);
$user['password'] = filter_var($user['password'], FILTER_SANITIZE_STRING);
$user['password_confirm'] = filter_var($user['password_confirm'], FILTER_SANITIZE_STRING);
