203 lines
5.4 KiB
PHP
203 lines
5.4 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
require_once __DIR__ . '/admin_bootstrap.php';
|
|
|
|
$admin = admin_require_auth();
|
|
$adminId = (int)($admin['user_id'] ?? 0);
|
|
|
|
header('Content-Type: application/json');
|
|
header('Access-Control-Allow-Origin: *');
|
|
header('Access-Control-Allow-Methods: POST, OPTIONS');
|
|
header('Access-Control-Allow-Headers: Content-Type');
|
|
|
|
// Handle preflight
|
|
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
|
|
exit(0);
|
|
}
|
|
|
|
// Funkcja do zwracania błędów
|
|
function returnError($message, $code = 400) {
|
|
http_response_code($code);
|
|
echo json_encode([
|
|
'success' => false,
|
|
'error' => $message
|
|
], JSON_UNESCAPED_UNICODE);
|
|
exit;
|
|
}
|
|
|
|
// Funkcja do zwracania sukcesu
|
|
function returnSuccess($message, $data = null) {
|
|
echo json_encode([
|
|
'success' => true,
|
|
'message' => $message,
|
|
'data' => $data
|
|
], JSON_UNESCAPED_UNICODE);
|
|
exit;
|
|
}
|
|
|
|
try {
|
|
$pdo = admin_get_pdo();
|
|
} catch (PDOException $e) {
|
|
returnError('Błąd połączenia z bazą danych: ' . $e->getMessage(), 500);
|
|
}
|
|
|
|
// Pobieranie danych z POST
|
|
$input = json_decode(file_get_contents('php://input'), true);
|
|
|
|
if (!$input) {
|
|
returnError('Nieprawidłowe dane wejściowe');
|
|
}
|
|
|
|
$userId = isset($input['user_id']) ? (int)$input['user_id'] : 0;
|
|
|
|
if ($userId <= 0) {
|
|
returnError('Nieprawidłowe ID użytkownika');
|
|
}
|
|
|
|
// Sprawdzenie czy użytkownik istnieje
|
|
$stmt = $pdo->prepare("SELECT id, username, email, role FROM users WHERE id = ?");
|
|
$stmt->execute([$userId]);
|
|
$existingUser = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if (!$existingUser) {
|
|
returnError('Użytkownik nie istnieje', 404);
|
|
}
|
|
|
|
if ((int)$existingUser['id'] === $adminId) {
|
|
returnError('Nie możesz zarządzać swoim kontem w tym widoku', 403);
|
|
}
|
|
|
|
if (strtolower((string)($existingUser['role'] ?? 'user')) === 'admin') {
|
|
returnError('Nie można zarządzać kontami administratorów w tym widoku', 403);
|
|
}
|
|
|
|
// Przygotowanie danych do aktualizacji
|
|
$updates = [];
|
|
$params = [];
|
|
|
|
// Username
|
|
if (isset($input['username']) && $input['username'] !== '') {
|
|
$username = trim($input['username']);
|
|
if (strlen($username) < 3) {
|
|
returnError('Username musi mieć minimum 3 znaki');
|
|
}
|
|
// Sprawdzenie unikalności username
|
|
$stmt = $pdo->prepare("SELECT id FROM users WHERE username = ? AND id != ?");
|
|
$stmt->execute([$username, $userId]);
|
|
if ($stmt->fetch()) {
|
|
returnError('Username jest już zajęty');
|
|
}
|
|
$updates[] = "username = ?";
|
|
$params[] = $username;
|
|
}
|
|
|
|
// Email
|
|
if (isset($input['email']) && $input['email'] !== '') {
|
|
$email = trim($input['email']);
|
|
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
|
|
returnError('Nieprawidłowy adres email');
|
|
}
|
|
// Sprawdzenie unikalności email
|
|
$stmt = $pdo->prepare("SELECT id FROM users WHERE email = ? AND id != ?");
|
|
$stmt->execute([$email, $userId]);
|
|
if ($stmt->fetch()) {
|
|
returnError('Email jest już zajęty');
|
|
}
|
|
$updates[] = "email = ?";
|
|
$params[] = $email;
|
|
}
|
|
|
|
// First name
|
|
if (isset($input['first_name'])) {
|
|
$updates[] = "first_name = ?";
|
|
$params[] = trim($input['first_name']);
|
|
}
|
|
|
|
// Last name
|
|
if (isset($input['last_name'])) {
|
|
$updates[] = "last_name = ?";
|
|
$params[] = trim($input['last_name']);
|
|
}
|
|
|
|
// Role
|
|
if (isset($input['role']) && $input['role'] !== '') {
|
|
$allowedRoles = ['user', 'admin', 'moderator'];
|
|
if (!in_array($input['role'], $allowedRoles)) {
|
|
returnError('Nieprawidłowa rola');
|
|
}
|
|
$updates[] = "role = ?";
|
|
$params[] = $input['role'];
|
|
}
|
|
|
|
// Email verified
|
|
if (isset($input['email_verified'])) {
|
|
$updates[] = "email_verified = ?";
|
|
$params[] = (int)$input['email_verified'];
|
|
}
|
|
|
|
// Account suspended
|
|
if (isset($input['account_suspended'])) {
|
|
$updates[] = "account_suspended = ?";
|
|
$params[] = (int)$input['account_suspended'];
|
|
}
|
|
|
|
// Disabled
|
|
if (isset($input['disabled'])) {
|
|
$disabledValue = (int)$input['disabled'];
|
|
$updates[] = "disabled = ?";
|
|
$params[] = $disabledValue;
|
|
|
|
if (!isset($input['account_suspended'])) {
|
|
$updates[] = "account_suspended = ?";
|
|
$params[] = $disabledValue === 1 ? 1 : 0;
|
|
}
|
|
}
|
|
|
|
// Newsletter enabled
|
|
if (isset($input['newsletter_enabled'])) {
|
|
$updates[] = "newsletter_enabled = ?";
|
|
$params[] = (int)$input['newsletter_enabled'];
|
|
}
|
|
|
|
// Jeśli nie ma żadnych aktualizacji
|
|
if (empty($updates)) {
|
|
returnError('Brak danych do aktualizacji');
|
|
}
|
|
|
|
// Dodanie user_id do params
|
|
$params[] = $userId;
|
|
|
|
// Wykonanie aktualizacji
|
|
try {
|
|
$sql = "UPDATE users SET " . implode(', ', $updates) . " WHERE id = ?";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute($params);
|
|
|
|
// Pobranie zaktualizowanych danych
|
|
$stmt = $pdo->prepare("
|
|
SELECT
|
|
u.id,
|
|
u.username,
|
|
u.email,
|
|
u.first_name,
|
|
u.last_name,
|
|
u.role,
|
|
u.email_verified,
|
|
u.account_suspended,
|
|
u.disabled,
|
|
u.created_at
|
|
FROM users u
|
|
WHERE u.id = ?
|
|
");
|
|
$stmt->execute([$userId]);
|
|
$updatedUser = $stmt->fetch(PDO::FETCH_ASSOC);
|
|
|
|
returnSuccess('Użytkownik został zaktualizowany pomyślnie', $updatedUser);
|
|
|
|
} catch (PDOException $e) {
|
|
returnError('Błąd podczas aktualizacji użytkownika: ' . $e->getMessage(), 500);
|
|
}
|
|
?>
|
|
|