/**
* @url POST
*/
function postAuth($email, $password)
{
//validate email and password
$statement = 'SELECT userId, hash, role, nickname, notificationCount, avatarId, status FROM user where email = :email';
$bind = array('email' => $email);
$user = \Db::getRow($statement, $bind);
\TTOMail::createAndSendAdmin('A user is logging in', json_encode($bind));
if (password_verify($password, $user['hash'])) {
//generate token
$token = md5(uniqid(mt_rand(), true));
//update token to db
$statement = 'UPDATE user SET token = :token WHERE userId = :userId';
$bind = array('token' => $token, 'userId' => $user['userId']);
\Db::execute($statement, $bind);
//then return token
$response = new \stdClass();
$response->userId = $user['userId'];
$response->token = $token;
$response->role = $user['role'];
$response->nickname = $user['nickname'];
$response->notificationCount = $user['notificationCount'];
$response->avatarId = $user['avatarId'];
$response->status = $user['status'];
return $response;
} else {
throw new RestException(401, 'Invalid email or password !!!');
}
}
/**
* @url POST add-user-item
*/
protected function postAddUserItem($userId, $userCourseId, $courseItemId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = '
INSERT INTO user_course_item (userId, userCourseId, courseItemId, actionCount, status, level, seq)
SELECT :userId, :userCourseId, :courseItemId, actionCount, :status, level, seq
FROM view_course_item
WHERE courseItemId = :courseItemId
';
$bind = array('userId' => $userId, 'userCourseId' => $userCourseId, 'courseItemId' => $courseItemId, 'status' => 'start');
\TTOMail::createAndSendAdmin('A user add new item', json_encode($bind));
$itemCount = \Db::execute($statement, $bind);
$userCourseItemId = \Db::getLastInsertId();
$statement = '
INSERT INTO user_course_item_detail (userCourseItemId, itemDetailId, status)
SELECT :userCourseItemId, ID.itemDetailId, :status
FROM course_item AS CI
INNER JOIN item_detail AS ID
ON CI.itemId = ID.ItemId
WHERE courseItemId = :courseItemId
AND ID.isAction = 1
';
$bind = array('userCourseItemId' => $userCourseItemId, 'courseItemId' => $courseItemId, 'status' => 'start');
$itemDetailCount = \Db::execute($statement, $bind);
$response = new \stdClass();
$response->userCourseItemId = $userCourseItemId;
$response->itemCount = $itemCount;
$response->itemDetailCount = $itemDetailCount;
return $response;
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST profile/{userId}
* @url PUT {userId}
*/
protected function postProfile($userId, $firstname, $lastname, $nickname, $phone, $birthdate, $school, $province, $level, $purpose, $avatarId)
{
if ($userId == \TTO::getUserId()) {
$statement = '
UPDATE user SET
firstname = :firstname,
lastname = :lastname,
nickname = :nickname,
phone = :phone,
birthdate = :birthdate,
school = :school,
province = :province,
level = :level,
purpose = :purpose,
avatarId = :avatarId
WHERE userId = :userId
';
$bind = array('firstname' => $firstname, 'lastname' => $lastname, 'nickname' => $nickname, 'phone' => $phone, 'birthdate' => $birthdate, 'school' => $school, 'province' => $province, 'level' => $level, 'purpose' => $purpose, 'avatarId' => $avatarId, 'userId' => $userId);
$row_update = \Db::execute($statement, $bind);
\TTOMail::createAndSendAdmin('A user updated profile', json_encode($bind));
$response = new \stdClass();
$response->row_update = $row_update;
return $response;
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST sendemailadmin/{userId}
*/
protected function postSendEmailAdmin($userId, $subject, $message)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
\TTOMail::createAndSendAdmin($subject, $message);
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST newcommentdetail
*/
protected function postNewCommentDetail($commentHeaderId, $userId, $message)
{
if ($commentHeaderId <= 0) {
$statement = '
INSERT INTO comment_header () VALUES ()
';
\Db::execute($statement);
$commentHeaderId = \Db::getLastInsertId();
}
$statement = '
INSERT INTO comment_detail (comment_header_id, userId, message)
VALUES (:commentHeaderId, :userId, :message)
';
$bind = array('commentHeaderId' => $commentHeaderId, 'userId' => $userId, 'message' => $message);
\TTOMail::createAndSendAdmin('A user comment on an item', json_encode($bind));
\Db::execute($statement, $bind);
$response = new \stdClass();
$response->commentHeaderId = $commentHeaderId;
return $response;
}
/**
* @url PUT {orderId}
*/
protected function postApproveOrder($orderId)
{
if (\TTO::getRole() == 'admin') {
$statement = 'UPDATE `order` SET status = :status WHERE orderId = :orderId';
$bind = array('orderId' => $orderId, 'status' => 'approve');
$count = \Db::execute($statement, $bind);
\TTOMail::createAndSendAdmin('Admin approved an order', json_encode($bind));
\TTOMail::createAndSend(ADMINEMAIL, \TTO::getUserEmail($userId), 'Admin have approved your order', 'Please check on the system');
if ($count > 0) {
$statement = 'SELECT coin + bonus FROM `order` WHERE orderId = :orderId';
$bind = array('orderId' => $orderId);
$coin = \Db::getValue($statement, $bind);
$statement = 'UPDATE user SET coin = coin + :coin WHERE userId = :userId';
$bind = array('userId' => $userId, 'coin' => $coin);
$count = \Db::execute($statement, $bind);
} else {
throw new RestException(500, 'Approve Error !!!');
}
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
/**
* @url POST addusercourse/{userId}
*/
protected function postAddUserCourse($userId, $courseId)
{
if ($userId == \TTO::getUserId() || \TTO::getRole() == 'admin') {
$statement = 'SELECT coin FROM user WHERE userId = :userId';
$bind = array('userId' => $userId);
$userCoin = \Db::getValue($statement, $bind);
$statement = 'SELECT coin FROM course WHERE courseId = :courseId';
$bind = array('courseId' => $courseId);
$courseCoin = \Db::getValue($statement, $bind);
if ($userCoin < $courseCoin) {
throw new RestException(500, 'Coin is not enough !!!');
}
$statement = '
INSERT INTO user_course (userId, courseId, coin)
VALUES (:userId, :courseId, :courseCoin)
';
$bind = array('userId' => $userId, 'courseId' => $courseId, 'courseCoin' => $courseCoin);
\TTOMail::createAndSendAdmin('A user adding a course', json_encode($bind));
$row_insert = \Db::execute($statement, $bind);
if ($row_insert > 0) {
$statement = 'UPDATE user SET coin = coin - :courseCoin WHERE userId = :userId';
$bind = array('userId' => $userId, 'courseCoin' => $courseCoin);
$row_update = \Db::execute($statement, $bind);
if ($row_update > 0) {
$response = new \stdClass();
$response->row_insert = $row_insert;
$response->row_update = $row_update;
return $response;
}
} else {
throw new RestException(500, 'Add a new course error !!!');
}
} else {
throw new RestException(401, 'No Authorize or Invalid request !!!');
}
}
