hnu202326010101
/
mailbox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'develop'
${ noResults }
mailbox/backend_2/admin/api/users.php

83 lines
5.3 KiB
Raw Permalink Blame History

<?php
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type');
if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') { http_response_code(204); exit; }
require_once __DIR__ . '/../../utils/Database.php';
require_once __DIR__ . '/../../utils/Helper.php';
$db = Database::getInstance();
$method = $_SERVER['REQUEST_METHOD'];
if ($method === 'GET') {
$page = isset($_GET['page']) ? max(1, (int)$_GET['page']) : 1;
$perPage = isset($_GET['perPage']) ? min(100, max(1, (int)$_GET['perPage'])) : 10;
$offset = ($page - 1) * $perPage;
$search = isset($_GET['search']) ? trim($_GET['search']) : '';
$params = [];
$where = "WHERE is_deleted = 0";
if ($search !== '') {
$where .= " AND (username LIKE ? OR email LIKE ?)";
$params[] = '%' . $search . '%';
$params[] = '%' . $search . '%';
}
$totalRow = $db->fetchOne("SELECT COUNT(*) AS cnt FROM user $where", $params);
$users = $db->fetchAll("SELECT username,email,phone,level,avatar,is_admin,is_enabled,create_time,updated_at FROM user $where ORDER BY create_time DESC LIMIT $perPage OFFSET $offset", $params);
echo json_encode(['success' => true, 'data' => ['users' => $users, 'total' => (int)$totalRow['cnt'], 'page' => $page, 'perPage' => $perPage, 'totalPages' => (int)ceil(((int)$totalRow['cnt']) / $perPage)]]);
exit;
}
if ($method === 'POST') {
$input = json_decode(file_get_contents('php://input'), true);
if (isset($input['login']) && $input['login'] === true) {
$username = trim($input['username'] ?? '');
$password = $input['password'] ?? '';
if ($username === '' || $password === '') { http_response_code(400); echo json_encode(['success' => false, 'message' => 'invalid']); exit; }
$row = $db->fetchOne("SELECT username,password,email,is_admin,is_enabled,is_deleted FROM user WHERE username = ? LIMIT 1", [$username]);
if (!$row || (int)$row['is_deleted'] === 1 || (int)$row['is_enabled'] === 0) { http_response_code(401); echo json_encode(['success' => false, 'message' => 'unauthorized']); exit; }
if (!Helper::verifyPassword($password, $row['password'])) { http_response_code(401); echo json_encode(['success' => false, 'message' => 'unauthorized']); exit; }
$token = base64_encode(hash('sha256', $username . '|' . microtime(true) . '|' . Helper::generateRandomString(16), true));
echo json_encode(['success' => true, 'data' => ['token' => $token, 'username' => $row['username'], 'email' => $row['email'], 'is_admin' => (int)$row['is_admin']]]);
exit;
}
$username = trim($input['username'] ?? '');
$password = $input['password'] ?? '';
$email = trim($input['email'] ?? '');
if ($username === '' || $password === '' || $email === '' || !Helper::validateEmail($email)) { http_response_code(400); echo json_encode(['success' => false, 'message' => 'invalid']); exit; }
$hash = Helper::encryptPassword($password);
$db->insert("INSERT INTO user (username,password,email,level,is_admin,is_enabled,is_deleted,create_time,updated_at) VALUES (?, ?, ?, 1, 0, 1, 0, NOW(), NOW())", [$username, $hash, $email]);
echo json_encode(['success' => true, 'message' => 'created']);
exit;
}
if ($method === 'PUT') {
$input = json_decode(file_get_contents('php://input'), true);
$username = trim($input['username'] ?? '');
if ($username === '') { http_response_code(400); echo json_encode(['success' => false, 'message' => 'invalid']); exit; }
$email = isset($input['email']) ? trim($input['email']) : null;
$phone = isset($input['phone']) ? trim($input['phone']) : null;
$level = isset($input['level']) ? (int)$input['level'] : null;
$is_admin = isset($input['is_admin']) ? (int)$input['is_admin'] : null;
$is_enabled = isset($input['is_enabled']) ? (int)$input['is_enabled'] : null;
$fields = [];
$params = [];
if ($email !== null) { $fields[] = "email = ?"; $params[] = $email; }
if ($phone !== null) { $fields[] = "phone = ?"; $params[] = $phone; }
if ($level !== null) { $fields[] = "level = ?"; $params[] = $level; }
if ($is_admin !== null) { $fields[] = "is_admin = ?"; $params[] = $is_admin; }
if ($is_enabled !== null) { $fields[] = "is_enabled = ?"; $params[] = $is_enabled; }
if (isset($input['password']) && $input['password'] !== '') { $fields[] = "password = ?"; $params[] = Helper::encryptPassword($input['password']); }
if (empty($fields)) { echo json_encode(['success' => true, 'message' => 'no changes']); exit; }
$fields[] = "updated_at = NOW()";
$params[] = $username;
$db->update("UPDATE user SET " . implode(', ', $fields) . " WHERE username = ? AND is_deleted = 0", $params);
echo json_encode(['success' => true, 'message' => 'updated']);
exit;
}
if ($method === 'DELETE') {
$username = isset($_GET['username']) ? trim($_GET['username']) : '';
if ($username === '') { http_response_code(400); echo json_encode(['success' => false, 'message' => 'invalid']); exit; }
$db->update("UPDATE user SET is_deleted = 1, is_enabled = 0, updated_at = NOW() WHERE username = ? AND is_deleted = 0", [$username]);
echo json_encode(['success' => true, 'message' => 'deleted']);
exit;
}
http_response_code(405);
echo json_encode(['success' => false, 'message' => 'method not allowed']);
Reference in new issue View Git Blame Copy Permalink