update-user

1. <?php
2. // include '../config/header.php';
3. include '../../config/koneksi.php';
4.  
5. $response = ['success' => false, 'message' => ''];
6. $errors = [];
7.  
8. try {
9.   $data = json_decode(file_get_contents('php://input'), true);
10.   if (!$data) {
11.     $data = $_POST;
12.   }
13.  
14.   //* name validation
15.   if (empty($data['name'])) {
16.     $errors[] = 'Name cannot be empty!';
17.     $response['message'] = 'Name cannot be empty!';
18.   } elseif (strlen(trim($data['name'])) < 8) {
19.     $errors[] = 'Name at least 8 characters!';
20.     $response['message'] = 'Name at least 8 characters!';
21.   } else if (strlen(trim($data['name'])) > 100) {
22.     $errors[] = 'Name cannot be more than 100 characters!';
23.     $response['message'] = 'Name cannot be more than 100 characters!';
24.   } else {
25.     $data['name'] = htmlspecialchars($data['name'], ENT_QUOTES, 'UTF-8');
26.   }
27.  
28.   //* email validation
29.   if (empty($data['email'])) {
30.     $errors[] = 'Email cannot be empty!';
31.     $response['message'] = 'Email cannot be empty!';
32.   } elseif (!filter_var($data['email'], FILTER_VALIDATE_EMAIL)) {
33.     $errors[] = 'Invalid email format!';
34.     $response['message'] = 'Invalid email format';
35.   } else {
36.     $data['email'] = filter_var($data['email'], FILTER_VALIDATE_EMAIL);
37.   }
38.  
39.   //* password validation
40.   if (empty($data['password'])) {
41.     $errors[] = 'Password cannot be empty!';
42.     $response['message'] = 'Password cannot be empty!';
43.   } elseif (strlen($data['password']) < 8) {
44.     $errors[] = 'Password at least 8 characters!';
45.     $response['message'] = 'Password at least 8 characters!';
46.   } elseif (!preg_match('/[A-Z]/', $data['password'])) {
47.     $errors[] = 'Password must contain at least 1 uppercase letter!';
48.     $response['message'] = 'Password must contain at least 1 uppercase letter!';
49.   } elseif (!preg_match('/[a-z]/', $data['password'])) {
50.     $errors[] = 'Password must contain at least 1 lowercase letter!';
51.     $response['message'] = 'Password must contain at least 1 lowercase letter!';
52.   } elseif (!preg_match('/[0-9]/', $data['password'])) {
53.     $errors[] = 'Password must contain at least 1 number!';
54.     $response['message'] = 'Password must contain at least 1 number!';
55.   } elseif (!preg_match('/[@$!%*#?&]/', $data['password'])) {
56.     $errors[] = 'Password must contain at least 1 special character!';
57.     $response['message'] = 'Password must contain at least 1 special character!';
58.   } else {
59.     $data['password'] = htmlspecialchars($data['password'], ENT_QUOTES, 'UTF-8');
60.   }
61.  
62.   //* address validation
63.   if (empty($data['address'])) {
64.     $errors[] = 'Address cannot be empty!';
65.     $response['message'] = 'Address cannot be empty!';
66.   } else {
67.     $data['address'] = htmlspecialchars($data['address'], ENT_QUOTES, 'UTF-8');
68.   }
69.  
70.   //* phone validation
71.   if (empty($data['phone'])) {
72.     $errors[] = 'Phone cannot be empty!';
73.     $response['message'] = 'Phone cannot be empty!';
74.   } else {
75.     $data['phone'] = htmlspecialchars($data['phone'], ENT_QUOTES, 'UTF-8');
76.   }
77.  
78.   //* role validation
79.   if (empty($data['role'])) {
80.     $errors[] = 'Role cannot be empty!';
81.     $response['message'] = 'Role cannot be empty!';
82.   } else {
83.     $data['role'] = htmlspecialchars($data['role'], ENT_QUOTES, 'UTF-8');
84.   }
85.  
86.   if (!isset($_GET['id']) || empty($_GET['id'])) {
87.     echo "<p>Invalid user id...</p>";
88.     exit;
89.   } else {
90.     $id = $_GET['id'];
91.     $checkUser = "SELECT * FROM users WHERE id = :id";
92.     $stmtCheckUser = $conn->prepare($checkUser);
93.     $stmtCheckUser->bindParam(':id', $id);
94.     $stmtCheckUser->execute();
95.     $user = $stmt->fetch(PDO::FETCH_ASSOC);
96.  
97.     if (!$user) {
98.       echo "<p>User no found...</p>";
99.       exit;
100.     } else {
101.       //* photo
102.       $old_photo = $data['photo'];
103.       $new_photo = $old_photo;
104.  
105.       if (!empty($_FILES['photo']['name'])) {
106.         $target_dir = "uploads/";
107.         if (!is_dir($target_dir)) mkdir($target_dir, 0777, true);
108.  
109.         $file_ext = pathinfo($_FILES['photo']['name'], PATHINFO_EXTENSION);
110.         $filename = uniqid() . '.' . $file_ext;
111.         $target_file = $target_dir . $filename;
112.  
113.         $allowed = ['jpg', 'jpeg', 'png', 'gif'];
114.         if (in_array(strtolower($file_ext), $allowed)) {
115.           if (move_uploaded_file($_FILES['photo']['tmp_name'], $target_file)) {
116.             if ($old_photo && file_exists($old_photo)) unlink($old_photo);
117.             $new_photo = $target_file;
118.           } else {
119.             $errors = "Failed to upload photo!";
120.             $response['message'] = 'Failed to upload photo!';
121.           }
122.         } else {
123.           $errors = "Invalid photo format!";
124.           $response['message'] = 'Invalid photo format!';
125.         }
126.       }
127.  
128.       //* if no errors then process to database
129.       if (empty($errors)) {
130.         $hashedPassword = password_hash($data['password'], PASSWORD_BCRYPT);
131.  
132.         $sql = "UPDATE users SET name = :name, email = :email, password = :password, address = :address, phone = :phone, role = :role, photo = :photo WHERE id = :id";
133.         $stmt = $conn->prepare($sql);
134.  
135.         $stmt->bindParam(':name', $data['name']);
136.         $stmt->bindParam(':email', $data['email']);
137.         $stmt->bindParam(':password', $hashedPassword);
138.         $stmt->bindParam(':address', $data['address']);
139.         $stmt->bindParam(':phone', $data['phone']);
140.         $stmt->bindParam(':role', $data['role']);
141.         $stmt->bindParam(':photo', $new_photo);
142.         $stmt->bindParam(':id', $data['id']);
143.         $stmt->execute();
144.  
145.         $token = bin2hex(random_bytes(16));
146.  
147.         $rowCount = $stmt->rowCount();
148.         if ($rowCount > 0) {
149.           $lastId = $conn->lastInsertId();
150.           $response = [
151.             'success' => true,
152.             'message' => 'Registration successful!',
153.             'id' => $lastId,
154.             'name' => $data['name'],
155.             'email' => $data['email'],
156.             'address' => $data['address'],
157.             'phone' => $data['phone'],
158.             'photo' => $new_photo,
159.             'role' => $data['role'],
160.             'token' => $token,
161.           ];
162.         } else {
163.           $response = [
164.             'success' => false,
165.             'message' => 'Registration failed!',
166.             'id' => '',
167.             'name' => '',
168.             'email' => '',
169.             'address' => '',
170.             'phone' => '',
171.             'photo' => '',
172.             'role' => '',
173.             'token' => '',
174.           ];
175.         }
176.       } else {
177.         $response = [
178.           'success' => false,
179.           'message' => implode(', ', $errors),
180.         ];
181.       }
182.     }
183.   }
184. } catch (PDOException $e) {
185.   $response['message'] = $e->getMessage();
186. } finally {
187.   $conn = null;
188. }
189. //* only for development purpose
190. echo json_encode($response);
191.