d2drJMbr

· 3 months ago · Jun 23, 2025, 03:20 AM
1<?php
2// include '../config/header.php';
3include '../../config/koneksi.php';
4
5$response = ['success' => false, 'message' => ''];
6$errors = [];
7
8try {
9  $data = json_decode(file_get_contents('php://input'), true);
10  if (!$data) {
11    $data = $_POST;
12  }
13
14  //* name validation
15  if (empty($data['name'])) {
16    $errors[] = 'Name cannot be empty!';
17    $response['message'] = 'Name cannot be empty!';
18  } elseif (strlen(trim($data['name'])) < 8) {
19    $errors[] = 'Name at least 8 characters!';
20    $response['message'] = 'Name at least 8 characters!';
21  } else if (strlen(trim($data['name'])) > 100) {
22    $errors[] = 'Name cannot be more than 100 characters!';
23    $response['message'] = 'Name cannot be more than 100 characters!';
24  } else {
25    $data['name'] = htmlspecialchars($data['name'], ENT_QUOTES, 'UTF-8');
26  }
27
28  //* email validation
29  if (empty($data['email'])) {
30    $errors[] = 'Email cannot be empty!';
31    $response['message'] = 'Email cannot be empty!';
32  } elseif (!filter_var($data['email'], FILTER_VALIDATE_EMAIL)) {
33    $errors[] = 'Invalid email format!';
34    $response['message'] = 'Invalid email format';
35  } else {
36    $data['email'] = filter_var($data['email'], FILTER_VALIDATE_EMAIL);
37  }
38
39  //* password validation
40  if (empty($data['password'])) {
41    $errors[] = 'Password cannot be empty!';
42    $response['message'] = 'Password cannot be empty!';
43  } elseif (strlen($data['password']) < 8) {
44    $errors[] = 'Password at least 8 characters!';
45    $response['message'] = 'Password at least 8 characters!';
46  } elseif (!preg_match('/[A-Z]/', $data['password'])) {
47    $errors[] = 'Password must contain at least 1 uppercase letter!';
48    $response['message'] = 'Password must contain at least 1 uppercase letter!';
49  } elseif (!preg_match('/[a-z]/', $data['password'])) {
50    $errors[] = 'Password must contain at least 1 lowercase letter!';
51    $response['message'] = 'Password must contain at least 1 lowercase letter!';
52  } elseif (!preg_match('/[0-9]/', $data['password'])) {
53    $errors[] = 'Password must contain at least 1 number!';
54    $response['message'] = 'Password must contain at least 1 number!';
55  } elseif (!preg_match('/[@$!%*#?&]/', $data['password'])) {
56    $errors[] = 'Password must contain at least 1 special character!';
57    $response['message'] = 'Password must contain at least 1 special character!';
58  } else {
59    $data['password'] = htmlspecialchars($data['password'], ENT_QUOTES, 'UTF-8');
60  }
61
62  //* address validation
63  if (empty($data['address'])) {
64    $errors[] = 'Address cannot be empty!';
65    $response['message'] = 'Address cannot be empty!';
66  } else {
67    $data['address'] = htmlspecialchars($data['address'], ENT_QUOTES, 'UTF-8');
68  }
69
70  //* phone validation
71  if (empty($data['phone'])) {
72    $errors[] = 'Phone cannot be empty!';
73    $response['message'] = 'Phone cannot be empty!';
74  } else {
75    $data['phone'] = htmlspecialchars($data['phone'], ENT_QUOTES, 'UTF-8');
76  }
77
78  //* role validation
79  if (empty($data['role'])) {
80    $errors[] = 'Role cannot be empty!';
81    $response['message'] = 'Role cannot be empty!';
82  } else {
83    $data['role'] = htmlspecialchars($data['role'], ENT_QUOTES, 'UTF-8');
84  }
85
86  if (!isset($_GET['id']) || empty($_GET['id'])) {
87    echo "<p>Invalid user id...</p>";
88    exit;
89  } else {
90    $id = $_GET['id'];
91    $checkUser = "SELECT * FROM users WHERE id = :id";
92    $stmtCheckUser = $conn->prepare($checkUser);
93    $stmtCheckUser->bindParam(':id', $id);
94    $stmtCheckUser->execute();
95    $user = $stmt->fetch(PDO::FETCH_ASSOC);
96
97    if (!$user) {
98      echo "<p>User no found...</p>";
99      exit;
100    } else {
101      //* photo
102      $old_photo = $data['photo'];
103      $new_photo = $old_photo;
104
105      if (!empty($_FILES['photo']['name'])) {
106        $target_dir = "uploads/";
107        if (!is_dir($target_dir)) mkdir($target_dir, 0777, true);
108
109        $file_ext = pathinfo($_FILES['photo']['name'], PATHINFO_EXTENSION);
110        $filename = uniqid() . '.' . $file_ext;
111        $target_file = $target_dir . $filename;
112
113        $allowed = ['jpg', 'jpeg', 'png', 'gif'];
114        if (in_array(strtolower($file_ext), $allowed)) {
115          if (move_uploaded_file($_FILES['photo']['tmp_name'], $target_file)) {
116            if ($old_photo && file_exists($old_photo)) unlink($old_photo);
117            $new_photo = $target_file;
118          } else {
119            $errors = "Failed to upload photo!";
120            $response['message'] = 'Failed to upload photo!';
121          }
122        } else {
123          $errors = "Invalid photo format!";
124          $response['message'] = 'Invalid photo format!';
125        }
126      }
127
128      //* if no errors then process to database
129      if (empty($errors)) {
130        $hashedPassword = password_hash($data['password'], PASSWORD_BCRYPT);
131
132        $sql = "UPDATE users SET name = :name, email = :email, password = :password, address = :address, phone = :phone, role = :role, photo = :photo WHERE id = :id";
133        $stmt = $conn->prepare($sql);
134
135        $stmt->bindParam(':name', $data['name']);
136        $stmt->bindParam(':email', $data['email']);
137        $stmt->bindParam(':password', $hashedPassword);
138        $stmt->bindParam(':address', $data['address']);
139        $stmt->bindParam(':phone', $data['phone']);
140        $stmt->bindParam(':role', $data['role']);
141        $stmt->bindParam(':photo', $new_photo);
142        $stmt->bindParam(':id', $data['id']);
143        $stmt->execute();
144
145        $token = bin2hex(random_bytes(16));
146
147        $rowCount = $stmt->rowCount();
148        if ($rowCount > 0) {
149          $lastId = $conn->lastInsertId();
150          $response = [
151            'success' => true,
152            'message' => 'Registration successful!',
153            'id' => $lastId,
154            'name' => $data['name'],
155            'email' => $data['email'],
156            'address' => $data['address'],
157            'phone' => $data['phone'],
158            'photo' => $new_photo,
159            'role' => $data['role'],
160            'token' => $token,
161          ];
162        } else {
163          $response = [
164            'success' => false,
165            'message' => 'Registration failed!',
166            'id' => '',
167            'name' => '',
168            'email' => '',
169            'address' => '',
170            'phone' => '',
171            'photo' => '',
172            'role' => '',
173            'token' => '',
174          ];
175        }
176      } else {
177        $response = [
178          'success' => false,
179          'message' => implode(', ', $errors),
180        ];
181      }
182    }
183  }
184} catch (PDOException $e) {
185  $response['message'] = $e->getMessage();
186} finally {
187  $conn = null;
188}
189//* only for development purpose
190echo json_encode($response);
191