From 1e037cd6a2703ba4b471d0372c8084d9be788cd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bruno=20Ryb=C3=A1rsky?= Date: Sat, 3 Feb 2024 17:55:54 +0100 Subject: [PATCH] Edit APIs --- lib/account.php | 42 +++++++++++++++++++++++++++++-------- templates/adminActions.html | 18 +++++++++------- templates/userActions.html | 33 +++++++++++++---------------- 3 files changed, 59 insertions(+), 34 deletions(-) diff --git a/lib/account.php b/lib/account.php index 0aff641..64bb9f2 100644 --- a/lib/account.php +++ b/lib/account.php @@ -289,11 +289,11 @@ function addActivationCodes($count): array $output = ["Status" => "Fail"]; // Default Status is "Fail" if (is_numeric($count) && $count > 0 && $_SESSION["privilege_level"] >= $routerConfig["user_admin_permission_level"] && isLoggedIn()) { - $stmt = $mysqli->prepare("UPDATE Users SET ActivationToken = ?, CreatedAt = NOW(), CreatedBy = ? WHERE ID = ?"); + $stmt = $mysqli->prepare("INSERT INTO Users VALUES ActivationToken = ?, CreatedAt = NOW(), CreatedBy = ?"); for ($i = 0; $i < $count; $i++) { $activationCode = generateActivationToken(); - $stmt->bind_param("sii", $activationCode, $_SESSION["ID"], $_SESSION["ID"]); + $stmt->bind_param("si", $activationCode, $_SESSION["ID"]); $stmt->execute(); if ($stmt->affected_rows > 0) { @@ -342,20 +342,44 @@ function listActivationCodes(): array if (isUserAdmin()) { $activationCodes = []; - $result = $mysqli->query("SELECT ActivationToken, CreatedAt, CreatedBy FROM Users"); - // Check if the query executed Successfully - if ($result) { - while ($row = $result->fetch_assoc()) { - $activationCodes[] = $row; + // Use placeholders in the query + $query = "SELECT ActivationToken, CreatedAt, CreatedBy FROM Users WHERE isActivated = 0"; + $stmt = $mysqli->prepare($query); + + if ($stmt) { + // Bind the result variables + $activationToken = ""; + $createdAt = ""; + $createdBy = ""; + $stmt->bind_result($activationToken, $createdAt, $createdBy); + + // Execute the prepared statement + $stmt->execute(); + + // Fetch the results into the bound variables + while ($stmt->fetch()) { + $activationCodes[] = [ + 'ActivationToken' => $activationToken, + 'CreatedAt' => $createdAt, + 'CreatedBy' => $createdBy + ]; } - $output["Status"] = "Success"; - $output["ActivationCodes"] = $activationCodes; + + // Check if any results were fetched + if (!empty($activationCodes)) { + $output["Status"] = "Success"; + $output["ActivationCodes"] = $activationCodes; + } + + // Close the statement + $stmt->close(); } } return $output; } + function deleteUser($userID): array { global $mysqli, $routerConfig; diff --git a/templates/adminActions.html b/templates/adminActions.html index 82db77b..7ebd46f 100644 --- a/templates/adminActions.html +++ b/templates/adminActions.html @@ -1,12 +1,14 @@