Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
d82a08f77bb7b7a8a177ea367309cdcaeaf69299
jakach-login/app-code/api/account/update_message.php
T
janis d82a08f77b
Deploy / deploy (push) Successful in 33s
Details
adding enhanced csrf protection
2026-05-06 09:07:48 +02:00

71 lines
2.3 KiB
PHP
Raw Blame History

<?php
include "../utils/security.php";
secure_session_start();
require_same_origin_request();
require_csrf_token();
header('Content-Type: application/json');
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
json_response(['success' => false, 'message' => 'Invalid request method.'], 405);
}
// Check if the user is logged in
require_logged_in();
// Include database configuration
include "../../config/config.php";
// Create a new database connection
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
// Check for database connection errors
if ($conn->connect_error) {
echo json_encode([
'success' => false,
'message' => 'Database connection failed: ' . $conn->connect_error
]);
exit();
}
// Get the logged-in user's ID and username from the session
$id = $_SESSION["id"];
$username = $_SESSION["username"];
// Get the raw POST data (JSON)
$data = json_decode(file_get_contents("php://input"));
if(!isset($data->enable_message) || !is_bool($data->enable_message)){
echo json_encode(['success' => false, 'message' => 'Missing required fields.']);
exit();
}
if($data->enable_message==true){
$sql="UPDATE users SET login_message=1 WHERE id = ?";
if ($update_stmt = $conn->prepare($sql)) {
$update_stmt->bind_param("i", $id);
if ($update_stmt->execute()) {
echo json_encode(['success' => true, 'message' => 'Login messages enabled.']);
} else {
echo json_encode(['success' => false, 'message' => 'Failed to enable login messages.']);
}
$update_stmt->close();
} else {
echo json_encode(['success' => false, 'message' => 'Database error.']);
}
}
if($data->enable_message==false){
//create 2fa secret key
$sql="UPDATE users SET login_message=0 WHERE id = ?";
if ($update_stmt = $conn->prepare($sql)) {
$update_stmt->bind_param("i",$id);
if ($update_stmt->execute()) {
echo json_encode(['success' => true, 'message' => 'Login messages disabled.']);
} else {
echo json_encode(['success' => false, 'message' => 'Failed to disable login messages.']);
}
$update_stmt->close();
} else {
echo json_encode(['success' => false, 'message' => 'Database error.']);
}
}
?>
Reference in New Issue View Git Blame Copy Permalink