include_once "../../common/dbconfig.php";
include_once "../../common/database.php";
include_once "../../common/handleresponse.php";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// image, access_token, oldpass, newpass
$ret = array();
$access_token = $_POST["access_token"];
$oldpass = $_POST["oldpass"];
$newpass = $_POST["newpass"];
if (Validation::includeBlank($access_token, $oldpass, $newpass)) {
HandleResponse::badRequest("Parameters are blank");
} else {
if (Validation::isMatchPassword($oldpass, $newpass)) {
HandleResponse::badRequest("Old password and new password are same");
} else {
if (!Validation::isValidPassword($newpass)) {
HandleResponse::badRequest("Invalid user firstname");
} else {
$conn = null;
try {
$db = new DBConnection();
$conn = $db->getConnection();
mysqli_query($conn, "set autocommit = 0");
mysqli_query($conn, "begin");
$user_id = getUserIdFromToken($conn, $access_token);
if ($user_id == null) {
$ret = HandleResponse::badRequestReturn("Invalid Accesstoken");
} else {
if (checkPassword($conn, $user_id, $oldpass)) {
// Change password
$ret = updatePassword($conn, $user_id, $newpass);
if ($_SERVER["REQUEST_METHOD"] == "POST") {
// TODO : Request Validation by UA
$ret = array();
// email, password, firstname, lastname, birthday (required)
$email = $_POST["email"];
$password = $_POST["password"];
$firstname = $_POST["firstname"];
$lastname = $_POST["lastname"];
$birthday = $_POST["birthday"];
if (Validation::includeBlank($email, $password, $firstname, $lastname, $birthday)) {
HandleResponse::badRequest("Parameters are blank");
} else {
if (!Validation::isValidEmail($email)) {
HandleResponse::badRequest("Email is invalid");
} else {
if (!Validation::isValidPassword($password)) {
HandleResponse::badRequest("Password should be over 6!");
} else {
if (!Validation::isValidTime($birthday)) {
HandleResponse::badRequest("Birthday style is wrong!");
} else {
$conn = null;
try {
$db = new DBConnection();
$conn = $db->getConnection();
mysqli_query($conn, "set autocommit = 0");
mysqli_query($conn, "begin");
if (isExistUser($conn, $email)) {
$ret = HandleResponse::badRequestReturn("This email is already exist");
} else {
$ret = createUser($conn, $email, $password, $firstname, $lastname, $birthday);
