wallos/endpoints/user/save_user.php
2024-02-19 09:24:15 +01:00

172 lines
7.1 KiB
PHP

<?php
require_once '../../includes/connect_endpoint.php';
require_once '../../includes/inputvalidation.php';
session_start();
function update_exchange_rate($db) {
$query = "SELECT api_key FROM fixer";
$result = $db->query($query);
if ($result) {
$row = $result->fetchArray(SQLITE3_ASSOC);
if ($row) {
$apiKey = $row['api_key'];
$codes = "";
$query = "SELECT id, name, symbol, code FROM currencies";
$result = $db->query($query);
while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
$codes .= $row['code'].",";
}
$codes = rtrim($codes, ',');
$query = "SELECT u.main_currency, c.code FROM user u LEFT JOIN currencies c ON u.main_currency = c.id WHERE u.id = 1";
$stmt = $db->prepare($query);
$result = $stmt->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
$mainCurrencyCode = $row['code'];
$mainCurrencyId = $row['main_currency'];
$api_url = "http://data.fixer.io/api/latest?access_key=". $apiKey . "&base=EUR&symbols=" . $codes;
$response = file_get_contents($api_url);
$apiData = json_decode($response, true);
$mainCurrencyToEUR = $apiData['rates'][$mainCurrencyCode];
if ($apiData !== null && isset($apiData['rates'])) {
foreach ($apiData['rates'] as $currencyCode => $rate) {
if ($currencyCode === $mainCurrencyCode) {
$exchangeRate = 1.0;
} else {
$exchangeRate = $rate / $mainCurrencyToEUR;
}
$updateQuery = "UPDATE currencies SET rate = :rate WHERE code = :code";
$updateStmt = $db->prepare($updateQuery);
$updateStmt->bindParam(':rate', $exchangeRate, SQLITE3_TEXT);
$updateStmt->bindParam(':code', $currencyCode, SQLITE3_TEXT);
$updateResult = $updateStmt->execute();
}
$currentDate = new DateTime();
$formattedDate = $currentDate->format('Y-m-d');
$deleteQuery = "DELETE FROM last_exchange_update";
$deleteStmt = $db->prepare($deleteQuery);
$deleteResult = $deleteStmt->execute();
$query = "INSERT INTO last_exchange_update (date) VALUES (:formattedDate)";
$stmt = $db->prepare($query);
$stmt->bindParam(':formattedDate', $formattedDate, SQLITE3_TEXT);
$result = $stmt->execute();
$db->close();
}
}
}
}
$query = "SELECT main_currency FROM user WHERE id = 1";
$stmt = $db->prepare($query);
$result = $stmt->execute();
$row = $result->fetchArray(SQLITE3_ASSOC);
$mainCurrencyId = $row['main_currency'];
if (isset($_SESSION['username']) && isset($_POST['username']) && isset($_POST['email']) && isset($_POST['avatar'])) {
$oldUsername = $_SESSION['username'];
$username = validate($_POST['username']);
$email = validate($_POST['email']);
$avatar = $_POST['avatar'];
$main_currency = $_POST['main_currency'];
$language = $_POST['language'];
if (isset($_POST['password']) && $_POST['password'] != "") {
$password = $_POST['password'];
if (isset($_POST['confirm_password'])) {
$confirm = $_POST['confirm_password'];
if ($password != $confirm) {
$response = [
"success" => false,
"errorMessage" => translate('passwords_dont_match', $i18n)
];
echo json_encode($response);
exit();
}
} else {
$response = [
"success" => false,
"errorMessage" => translate('passwords_dont_match', $i18n)
];
echo json_encode($response);
exit();
}
}
if (isset($_POST['password']) && $_POST['password'] != "") {
$sql = "UPDATE user SET avatar = :avatar, username = :username, email = :email, password = :password, main_currency = :main_currency, language = :language WHERE id = 1";
} else {
$sql = "UPDATE user SET avatar = :avatar, username = :username, email = :email, main_currency = :main_currency, language = :language WHERE id = 1";
}
$stmt = $db->prepare($sql);
$stmt->bindParam(':avatar', $avatar, SQLITE3_TEXT);
$stmt->bindParam(':username', $username, SQLITE3_TEXT);
$stmt->bindParam(':email', $email, SQLITE3_TEXT);
$stmt->bindParam(':main_currency', $main_currency, SQLITE3_INTEGER);
$stmt->bindParam(':language', $language, SQLITE3_TEXT);
if (isset($_POST['password']) && $_POST['password'] != "") {
$hashedPassword = password_hash($password, PASSWORD_DEFAULT);
$stmt->bindParam(':password', $hashedPassword, SQLITE3_TEXT);
}
$result = $stmt->execute();
if ($result) {
$cookieExpire = time() + (30 * 24 * 60 * 60);
$oldLanguage = isset($_COOKIE['language']) ? $_COOKIE['language'] : "en";
$root = str_replace('/endpoints/user', '', dirname($_SERVER['PHP_SELF']));
$root = $root == '' ? '/' : $root;
setcookie('language', $language, $cookieExpire, $root);
if ($username != $oldUsername) {
$_SESSION['username'] = $username;
if (isset($_COOKIE['wallos_login'])) {
$cookie = explode('|', $_COOKIE['wallos_login'], 2) ;
$token = $cookie[1];
$cookieValue = $username . "|" . $token . "|" . $main_currency;
}
}
$_SESSION['avatar'] = $avatar;
$_SESSION['main_currency'] = $main_currency;
if ($main_currency != $mainCurrencyId) {
update_exchange_rate($db);
}
$reload = $oldLanguage != $language;
$response = [
"success" => true,
"message" => translate('user_details_saved', $i18n),
"reload" => $reload
];
echo json_encode($response);
} else {
$response = [
"success" => false,
"errorMessage" => translate('error_updating_user_data', $i18n)
];
echo json_encode($response);
}
exit();
} else {
$response = [
"success" => false,
"errorMessage" => translate('fill_all_fields', $i18n)
];
echo json_encode($response);
exit();
}
?>