109 lines
4.5 KiB
PHP
109 lines
4.5 KiB
PHP
<?php
|
|
|
|
use api\classes\API_users;
|
|
|
|
session_start();
|
|
require_once $_SERVER['DOCUMENT_ROOT'] . '/api/classes/API_users.php';
|
|
|
|
$API_users = new API_users();
|
|
|
|
if ($API_users->request_method === 'GET') {
|
|
#echo json_encode($api->getAllUsers());
|
|
|
|
|
|
} elseif ($API_users->request_method === 'POST') {
|
|
# create a new user
|
|
$API_users->checkPermissions('admin-access-admins', 'RW');
|
|
|
|
$requiredFields = [
|
|
'user_group_uuid' => ['type' => 'uuid'],
|
|
'user_email' => ['type' => 'email'],
|
|
'user_first_name' => ['type' => 'string'],
|
|
'user_last_name' => ['type' => 'string'],
|
|
'user_full_name' => ['type' => 'string'], # Does not need to be posted, set later
|
|
'user_status' => ['type' => 'enum', 'values' => ['inactive', 'banned', 'pending']],
|
|
'user_password' => ['type' => 'string'], # Does not need to be posted, set later
|
|
'user_pref_language' => ['type' => 'enum', 'values' => ['en', 'nl']],
|
|
'user_password_reset_token' => ['type' => 'string'], # Does not need to be posted, set later
|
|
'user_password_reset_expires' => ['type' => 'int'], # Does not need to be posted, set later
|
|
];
|
|
|
|
$optionalFields = [
|
|
'user_phone_number' => ['type' => 'string']
|
|
];
|
|
|
|
# The user will need to verify their email, the password field cannot be NULL so set a random password for now till the user resets it on when verifying there email
|
|
$random_string = substr(str_shuffle(str_repeat('abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01', 64)), 0, rand(50, 64));
|
|
$user_password = password_hash($random_string, PASSWORD_BCRYPT, ["cost" => 12]);
|
|
|
|
$API_users->postedData['user_password'] = $user_password;
|
|
$API_users->postedData['user_full_name'] = trim($API_users->postedData['user_first_name'] . ' ' . $API_users->postedData['user_last_name']);
|
|
$API_users->postedData['user_pref_language'] = $API_users->postedData['user_pref_language'] ?? 'en';
|
|
|
|
# Password reset token that will be sent to the newly created user
|
|
$API_users->postedData['user_password_reset_token'] = bin2hex(random_bytes(32));
|
|
$API_users->postedData['user_password_reset_expires'] = time() + 86400;
|
|
|
|
$API_users->validateData($requiredFields, $optionalFields);
|
|
$API_users->createUser();
|
|
|
|
} elseif ($API_users->request_method === 'PUT') {
|
|
# Edit a user
|
|
if (isset($API_users->postedData['user_profile_change'])) { # If the user is changing their own profile
|
|
$API_users->postedData['user_uuid'] = $_SESSION['user']['user_uuid']; # Make sure the user being changed is always its own user_uuid
|
|
|
|
$requiredFields = [
|
|
'user_uuid' => ['type' => 'uuid'],
|
|
'user_email' => ['type' => 'email'],
|
|
'user_first_name' => ['type' => 'string'],
|
|
'user_last_name' => ['type' => 'string'],
|
|
'user_full_name' => ['type' => 'string'],
|
|
'user_pref_language' => ['type' => 'enum', 'values' => ['en', 'nl']],
|
|
];
|
|
|
|
$optionalFields = [
|
|
'user_phone_number' => ['type' => 'string']
|
|
];
|
|
|
|
} else {
|
|
$API_users->checkPermissions('admin-access-admins', 'RW');
|
|
|
|
$requiredFields = [
|
|
'user_uuid' => ['type' => 'uuid'],
|
|
'user_group_uuid' => ['type' => 'uuid'],
|
|
'user_email' => ['type' => 'email'],
|
|
'user_first_name' => ['type' => 'string'],
|
|
'user_last_name' => ['type' => 'string'],
|
|
'user_full_name' => ['type' => 'string'],
|
|
'user_status' => ['type' => 'enum', 'values' => ['active', 'inactive', 'banned', 'pending']],
|
|
'user_pref_language' => ['type' => 'enum', 'values' => ['en', 'nl']],
|
|
];
|
|
|
|
$optionalFields = [
|
|
'user_phone_number' => ['type' => 'string'],
|
|
'user_stompable' => ['type' => 'boolean']
|
|
];
|
|
|
|
$API_users->postedData['user_stompable'] = (bool)$API_users->postedData['user_stompable'];
|
|
}
|
|
|
|
$API_users->postedData['user_full_name'] = trim($API_users->postedData['user_first_name'] . ' ' . $API_users->postedData['user_last_name']);
|
|
$API_users->postedData['user_pref_language'] = $API_users->postedData['user_pref_language'] ?? 'en';
|
|
|
|
$API_users->validateData($requiredFields, $optionalFields);
|
|
|
|
$API_users->updateUser();
|
|
|
|
} elseif ($API_users->request_method === 'DELETE') {
|
|
|
|
$API_users->return_url = false;
|
|
|
|
$API_users->checkPermissions('admin-access-admins', 'RW');
|
|
$requiredFields = [
|
|
'user_uuid' => ['type' => 'uuid'],
|
|
];
|
|
|
|
$API_users->validateData($requiredFields);
|
|
|
|
$API_users->deleteUser();
|
|
} |