 Server : Apache/2 System : Linux server-15-235-50-60 5.15.0-164-generic #174-Ubuntu SMP Fri Nov 14 20:25:16 UTC 2025 x86_64 User : gositeme ( 1004) PHP Version : 8.2.29 Disable Function : exec,system,passthru,shell_exec,proc_close,proc_open,dl,popen,show_source,posix_kill,posix_mkfifo,posix_getpwuid,posix_setpgid,posix_setsid,posix_setuid,posix_setgid,posix_seteuid,posix_setegid,posix_uname Directory : /home/gositeme/domains/soundstudiopro.com/private_html/api/ |
<?php
session_start();
// Check if user is logged in
if (!isset($_SESSION['user_id'])) {
http_response_code(401);
echo json_encode(['success' => false, 'error' => 'User not authenticated']);
exit;
}
// Get JSON input
$raw_input = file_get_contents('php://input');
$input = json_decode($raw_input, true);
// Debug logging
error_log("Update Account API - Raw input: " . substr($raw_input, 0, 500));
error_log("Update Account API - Parsed input: " . print_r($input, true));
if (!$input) {
http_response_code(400);
echo json_encode(['success' => false, 'error' => 'Invalid input']);
exit;
}
// Include database configuration
require_once '../config/database.php';
$pdo = getDBConnection();
try {
$user_id = $_SESSION['user_id'];
$updates = [];
$params = [];
// Validate and prepare name update
if (isset($input['name']) && !empty(trim($input['name']))) {
$name = trim($input['name']);
if (strlen($name) < 2 || strlen($name) > 50) {
throw new Exception('Name must be between 2 and 50 characters');
}
$updates[] = "name = ?";
$params[] = $name;
}
// Validate and prepare email update
if (isset($input['email']) && !empty(trim($input['email']))) {
$email = trim($input['email']);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
throw new Exception('Invalid email format');
}
// Check if email is already taken by another user
$stmt = $pdo->prepare("SELECT id FROM users WHERE email = ? AND id != ?");
$stmt->execute([$email, $user_id]);
if ($stmt->fetch()) {
throw new Exception('Email is already taken by another user');
}
$updates[] = "email = ?";
$params[] = $email;
}
// Validate and prepare custom URL update
// Always process custom_url if it's in the input (even if empty string)
if (array_key_exists('custom_url', $input)) {
$custom_url_raw = $input['custom_url'] ?? '';
$custom_url = trim($custom_url_raw);
error_log("Custom URL processing - Raw input: '" . $custom_url_raw . "', Trimmed: '" . $custom_url . "'");
// If custom_url is empty, remove it
if (empty($custom_url)) {
// Remove custom URL from user profile
$stmt = $pdo->prepare("UPDATE user_profiles SET custom_url = NULL WHERE user_id = ?");
$stmt->execute([$user_id]);
error_log("Custom URL removed for user " . $user_id);
} else {
// Convert to lowercase for consistency
$custom_url = strtolower($custom_url);
// Validate custom URL format (alphanumeric and hyphens only)
if (!preg_match('/^[a-zA-Z0-9-]+$/', $custom_url)) {
error_log("Custom URL validation failed - invalid characters: " . $custom_url);
throw new Exception('Custom URL can only contain letters, numbers, and hyphens');
}
if (strlen($custom_url) < 3 || strlen($custom_url) > 30) {
error_log("Custom URL validation failed - length: " . strlen($custom_url));
throw new Exception('Custom URL must be between 3 and 30 characters');
}
// Check if custom URL is already taken (case-insensitive)
$stmt = $pdo->prepare("SELECT user_id FROM user_profiles WHERE LOWER(custom_url) = ? AND user_id != ?");
$stmt->execute([$custom_url, $user_id]);
if ($stmt->fetch()) {
error_log("Custom URL validation failed - already taken: " . $custom_url);
throw new Exception('Custom URL is already taken by another user');
}
// Check if custom URL conflicts with existing routes
$reserved_urls = ['admin', 'api', 'auth', 'assets', 'uploads', 'config', 'includes', 'artists', 'tracks', 'profile', 'settings', 'login', 'register', 'logout', 'artist', 'track', 'genre', 'search', 'community', 'library', 'create', 'dashboard', 'credits', 'pricing', 'terms', 'privacy', 'checkout', 'cart', 'account'];
if (in_array($custom_url, $reserved_urls)) {
error_log("Custom URL validation failed - reserved: " . $custom_url);
throw new Exception('This custom URL is reserved and cannot be used');
}
// Update or insert user profile
$stmt = $pdo->prepare("SELECT COUNT(*) FROM user_profiles WHERE user_id = ?");
$stmt->execute([$user_id]);
$profile_exists = $stmt->fetchColumn() > 0;
if ($profile_exists) {
$stmt = $pdo->prepare("UPDATE user_profiles SET custom_url = ? WHERE user_id = ?");
$result = $stmt->execute([$custom_url, $user_id]);
error_log("Custom URL updated for user " . $user_id . ": " . $custom_url . " (Result: " . ($result ? 'success' : 'failed') . ")");
} else {
$stmt = $pdo->prepare("INSERT INTO user_profiles (user_id, custom_url) VALUES (?, ?)");
$result = $stmt->execute([$user_id, $custom_url]);
error_log("Custom URL inserted for user " . $user_id . ": " . $custom_url . " (Result: " . ($result ? 'success' : 'failed') . ")");
}
}
} else {
error_log("Custom URL not found in input array. Available keys: " . implode(', ', array_keys($input)));
}
// Update users table if there are changes
if (!empty($updates)) {
$params[] = $user_id;
$sql = "UPDATE users SET " . implode(", ", $updates) . " WHERE id = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute($params);
}
// Return success response
echo json_encode([
'success' => true,
'message' => 'Account updated successfully',
'data' => [
'name' => $input['name'] ?? null,
'email' => $input['email'] ?? null,
'custom_url' => $input['custom_url'] ?? null
]
]);
} catch (Exception $e) {
http_response_code(400);
echo json_encode(['success' => false, 'error' => $e->getMessage()]);
}
?>