-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathUsers.controller.php
More file actions
148 lines (124 loc) · 3.34 KB
/
Users.controller.php
File metadata and controls
148 lines (124 loc) · 3.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
<?php
/**
* A users API endpoint controller.
* Written by Bradley Gill
* altered effect (http://alteredeffect.com)
* bradgill@gmail.com
*/
class Users extends Controller {
/**
* Return your user data.
* Ex: GET users/
* Ex: GET users/[yourid]
*/
public function get( $chunks ) {
global $database, $userid;
if ( $userid == null ) {
Controller::error(401, 'Please login.');
}
$id = array_shift( $chunks );
if ( isEmpty( $id ) ) {
// Could return a list of users here.
$id = $userid;
}
if ($userid == null || $id != $userid ) {
Controller::error(401, 'Can only retrieve your own user info.');
}
$um = new UserManager( $database );
$u = $um->get( $id );
return $u;
}
/**
* Update your user data. Either whatever data is passed, or just a certain field.
* Ex: PUT users/
* Ex: PUT users/[yourid]/
* Ex: PUT users/[fieldname]/
* Ex: PUT users/[yourid]/[fieldname]/
*/
public function put( $chunks ) {
global $database, $userid, $config;
if ( $userid == null ) {
Controller::error(401, 'Please login.');
}
$id = array_shift( $chunks );
if ( isEmpty( $id ) ) {
$id = $userid;
}
if (!isAnInt( $id ) ) {
$field = $id;
$id = $userid;
} else {
$field = array_shift( $chunks );
}
if ($userid == null || $id != $userid ) {
Controller::error(401, 'Can only update your own user info.');
}
$data = Controller::getData('put');
// Check for field;
if ( !isEmpty( $field ) ) {
if ( !array_key_exists( $field, $data ) )
Controller::error( 406, 'You need to pass in a data for field `'.$field.'`');
$fields = array( $field=>$data[$field] ); // Only update one
} else $fields = $data;
$um = new UserManager( $database );
$u = $um->updateUser( $id, $fields );
if ( $u !== false ) {
return "Updated.";
} else {
return "Could not update user.";
}
}
/**
* Add a user. Expects a username and password in the POST array.
* Ex: POST users/
*/
public function post( $chunks ) {
global $database, $userid;
$data = Controller::getData('post');
$in = array();
$e = get( $data, 'email' );
if ( isEmpty( $e ) )
Controller::error( 406, 'Field \'email\' required.');
$in['email'] = $e;
$e = get( $data, 'password' );
if ( isEmpty( $e ) )
Controller::error( 406, 'Field \'password\' required.');
$in['password'] = $e;
$um = new UserManager( $database );
$u = $um->createUser( $in['email'], $in['password'] );
if ( $u === false ) {
Controller::error( 400, 'Could not create user');
} else
return 'User created.';
}
/**
* Deletes your user.
* Ex: DELETE users/
* Ex: DELETE /users/[yourid]/
*/
public function delete( $chunks ) {
global $database,$config,$userid;
if ( $userid == null ) {
Controller::error(401, 'Please login.');
}
$id = array_shift( $chunks );
if ( isEmpty( $id ) ) {
$id = $userid;
}
if ($userid == null || $id != $userid ) {
Controller::error(401, 'Can only delete your own user info.');
}
$data = Controller::getData('delete');
$in = array();
$q = 'DELETE FROM `'.$config['database']['tables']['users'].'` WHERE `id`=:key';
$in['key'] = $id;
try {
$stmt = $database->prepare( $q );
$stmt->execute( $in );
} catch (PDOException $e) {
Controller::error(400,'Bad query');
}
return $stmt->errorCode() == 0;
}
}
?>