update ajax.php to add new action of profile.php

2024-12-15 06:09:58 +08:00 · 2016-02-03 18:13:20 +08:00 · 2016-02-03 18:13:20 +08:00 · ea10435664
commit ea10435664
parent 6ffa0d85f4
1 changed files with 69 additions and 23 deletions
--- a/ajax.php
+++ b/ajax.php
@ -3,29 +3,38 @@
 * @Author: printempw
 * @Date:   2016-01-16 23:01:33
 * @Last Modified by:   prpr
- * @Last Modified time: 2016-02-03 10:29:58
+ * @Last Modified time: 2016-02-03 18:03:57
+ *
+ * - login, register, logout
+ * - upload, change, delete
 *
 * All ajax requests will be handled here
 */

 header('Access-Control-Allow-Origin: *');
-session_start();
+header('Content-type: application/json');
+
 $dir = dirname(__FILE__);
 require "$dir/includes/autoload.inc.php";
 require "$dir/config.php";
-
 database::checkConfig();

+session_start();
+
 if (isset($_POST['uname'])) {
    $user = new user($_POST['uname']);
 } else {
    utils::raise('1', 'Empty username.');
 }
-$action = isset($_GET['action']) ? $_GET['action'] : "login";
+$action = isset($_GET['action']) ? $_GET['action'] : null;
 $json = null;

+/**
+ * Handle requests from index.php
+ * @var [type]
+ */
 if ($action == "login") {
-    if (checkInput()) {
+    if (checkPost()) {
        if (!$user->is_registered) {
            $json['errno'] = 1;
            $json['msg'] = "Non-existent user.";
@ -42,7 +51,7 @@ if ($action == "login") {
        }
    }
 } else if ($action == "register") {
-    if (checkInput()) {
+    if (checkPost()) {
        if (!$user->is_registered) {
            if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
                $ip = $_SERVER['HTTP_CLIENT_IP'];
@ -69,10 +78,25 @@ if ($action == "login") {

        } else {
            $json['errno'] = 1;
-            $json['msg'] = "User already existed.";
+            $json['msg'] = "User already registered.";
        }
    }
-} else if ($action == "upload") {
+}
+
+function checkPost() {
+    global $json;
+    if (!isset($_POST['passwd'])) {
+        $json['errno'] = 1;
+        $json['msg'] = "Empty password!";
+        return false;
+    }
+    return true;
+}
+
+/**
+ * Handle request from user/index.php
+ */
+if ($action == "upload") {
    if (utils::getValue('token', $_SESSION) == $user->getToken()) {
        if (checkFile()) {
            if ($file = utils::getValue('skin_file', $_FILES)) {
@ -109,21 +133,6 @@ if ($action == "login") {
    }
 }

-function checkInput() {
-    global $json;
-    if (!$_POST['uname']) {
-        $json['errno'] = 1;
-        $json['msg'] = 'Empty username!';
-        return false;
-    }
-    if (!$_POST['passwd']) {
-        $json['errno'] = 1;
-        $json['msg'] = "Empty password!";
-        return false;
-    }
-    return true;
-}
-
 function checkFile() {
    global $json;

@ -177,4 +186,41 @@ function checkFile() {
    return true;
 }

+/**
+ * Handle requests from user/profile.php
+ */
+if ($action == "change") {
+    if (checkPost()) {
+        if (isset($_POST['new_passwd'])) {
+            if ($user->checkPasswd($_POST['passwd'])) {
+                $user->changePasswd($_POST['new_passwd']);
+                $json['errno'] = 0;
+                $json['msg'] = "Password updated successfully.";
+            } else {
+                $json['errno'] = 1;
+                $json['msg'] = "Incorrect usename or password.";
+            }
+        } else {
+            $json['errno'] = 1;
+            $json['msg'] = "New password required.";
+        }
+    }
+} else if ($action == "delete") {
+    if (isset($_SESSION['token']) && $_SESSION['token'] == $user->getToken()) {
+        if (checkPost()) {
+            $user->unRegister();
+            $json['errno'] = 0;
+            $json['msg'] = "Account successfully deleted.";
+        }
+    } else {
+        $json['errno'] = 1;
+        $json['msg'] = "Invalid token.";
+    }
+}
+
+if (!$action) {
+    $json['errno'] = 1;
+    $json['msg'] = "Invalid parameters.";
+}
+
 echo json_encode($json);