Files
chat/api/account.php
T
2026-06-08 15:44:15 -04:00

64 lines
3.1 KiB
PHP

<?php
define('CYBERCHAT_API', true);
require_once __DIR__ . '/../bootstrap.php';
require_once ROOT_DIR . '/lib/mailer.php';
sendCorsHeaders();
$user = authRequired();
$action = $_POST['action'] ?? $_GET['action'] ?? 'profile';
switch ($action) {
case 'profile':
jsonResponse(['user' => userPublicPayload($user)]);
case 'request_email_verification':
$email = strtolower(trim((string)($_POST['email'] ?? '')));
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) jsonResponse(['error' => 'Enter a valid email'], 400);
$stmt = getDB()->prepare("SELECT id FROM users WHERE email=? AND id!=?");
$stmt->execute([$email, $user['id']]);
if ($stmt->fetchColumn()) jsonResponse(['error' => 'That email is already in use'], 409);
try {
sendVerificationEmail($user, $email);
} catch (Throwable $e) {
jsonResponse(['error' => 'Verification email could not be sent: ' . $e->getMessage()], 503);
}
jsonResponse(['success' => true, 'message' => 'Verification email sent']);
case 'verify_email':
$token = trim((string)($_POST['token'] ?? $_GET['token'] ?? ''));
$code = trim((string)($_POST['code'] ?? ''));
if (!consumeEmailVerification($user, $token, $code)) {
jsonResponse(['error' => 'Invalid or expired verification code'], 400);
}
$fresh = userById((int)$user['id']);
if (!empty($fresh['stripe_customer_id'])) {
try {
require_once ROOT_DIR . '/lib/stripe.php';
stripeRequest('POST', 'customers/' . rawurlencode($fresh['stripe_customer_id']), ['email' => $fresh['email']]);
} catch (Throwable $e) {
error_log('Stripe email update failed: ' . $e->getMessage());
}
}
jsonResponse(['success' => true, 'user' => userPublicPayload($fresh)]);
case 'set_color':
if (!featureValue($user, 'username_color', false)) jsonResponse(['error' => 'Your plan does not include custom colors'], 403);
$color = trim((string)($_POST['color'] ?? ''));
if (!preg_match('/^#[0-9a-fA-F]{6}$/', $color)) jsonResponse(['error' => 'Invalid color'], 400);
getDB()->beginTransaction();
getDB()->prepare("UPDATE users SET color=? WHERE id=?")->execute([$color, $user['id']]);
getDB()->prepare("UPDATE messages SET color=? WHERE user_id=?")->execute([$color, $user['id']]);
getDB()->commit();
jsonResponse(['success' => true, 'user' => userPublicPayload(userById((int)$user['id']))]);
case 'set_2fa':
if (!featureValue($user, 'email_2fa', false)) jsonResponse(['error' => 'Your plan does not include email 2FA'], 403);
if (empty($user['email_verified_at'])) jsonResponse(['error' => 'Verify an email first'], 400);
$enabled = filter_var($_POST['enabled'] ?? false, FILTER_VALIDATE_BOOLEAN) ? 1 : 0;
getDB()->prepare("UPDATE users SET two_factor_enabled=? WHERE id=?")->execute([$enabled, $user['id']]);
jsonResponse(['success' => true, 'user' => userPublicPayload(userById((int)$user['id']))]);
default:
jsonResponse(['error' => 'Unknown action'], 400);
}