ok

Mini Shell

Direktori : /proc/thread-self/root/home2/selectio/www/ramali.in/dashboard/api-firebase/
Upload File :
Current File : //proc/thread-self/root/home2/selectio/www/ramali.in/dashboard/api-firebase/user-registration.php

<?php
header('Access-Control-Allow-Origin: *');
header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization');
session_start();
include '../includes/crud.php';
include '../includes/custom-functions.php';
$fn = new custom_functions;
include '../includes/variables.php';
include_once('verify-token.php');
$db = new Database();
$db->connect();
$fn = new custom_functions();
$settings = $fn->get_settings('system_timezone', true);
$app_name = $settings['app_name'];
include 'send-email.php';

$config = $fn->get_configurations();
$time_slot_config = $fn->time_slot_config();
$time_zone = $fn->set_timezone($config);
if (!$time_zone) {
    $response['error'] = true;
    $response['message'] = "Time Zone is not set.";
    print_r(json_encode($response));
    return false;
    exit();
}

/* 
-------------------------------------------
APIs for eCart
-------------------------------------------
1. verify-user
2. verify-user-email
3. register
4. upload_profile
5. edit-profile
6. change-password
7. forgot-password-email
8. forgot-password-mobile
9. delete-notification
10.register-device
11.send-invitation
-------------------------------------------
-------------------------------------------
*/

$response = array();
$accesskey = $db->escapeString($fn->xss_clean($_POST['accesskey']));

if ($access_key != $accesskey) {
    $response['error'] = true;
    $response['message'] = "invalid accesskey";
    print_r(json_encode($response));
    return false;
}

if ((isset($_POST['type'])) && ($_POST['type'] == 'verify-user')) {
    if (!verify_token()) {
        return false;
    }
    $mobile = $db->escapeString($fn->xss_clean($_POST['mobile']));
    if (!empty($mobile) && $mobile != "") {
        $sql = 'select id from users where mobile =' . $mobile;
        $db->sql($sql);
        $res = $db->getResult();
        $num_rows = $db->numRows($res);
        if ($num_rows > 0) {
            $response["error"]   = true;
            $response["id"]   = $res[0]['id'];
            $response["message"] = "This mobile is already registered. Please login!";
            echo json_encode($response);
        } else if ($num_rows == 0) {
            $response["error"]   = false;
            $response["message"] = "Ready to sent firebase OTP request!";
            echo json_encode($response);
        }
    } else {
        $response['error'] = true;
        $response['message'] = "mobile is required.";
        echo json_encode($response);
    }
}

if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'verify-user-email') {
    if (!verify_token()) {
        return false;
    }
    $email  = $db->escapeString($fn->xss_clean($_POST['email']));
    $otp    = rand(100000, 999999);

    $sql = "select `id`,`name` from `users` where `email`='" . $email . "'";
    $db->sql($sql);
    $result = $db->getResult();
    $num_rows = $db->numRows($result);
    if ($num_rows == 0) {
        $to = $email;
        $subject = "$app_name Registration Verification";

        $message = "<#> Your OTP for $app_name Registration verification is : " . $otp . ". Please enter this OTP to activate your profile. ";

        if (!send_email($to, $subject, $message)) {
            $response["error"]   = true;
            $response["message"] = "Activation mail could not be sent!Try Again";
            echo json_encode($response);
            return false;
        }
        $response["error"]   = false;
        $response["message"] = "OTP for account activation is sent to your email. Please verify it to complete the registration process."/*.$smsResult*/;
        $response["OTP"] = $otp;
    } else {
        $response["error"]   = true;
        $response["message"] = "Email is already registered. Please login!";
    }
    echo json_encode($response);
}

if ((isset($_POST['type'])) && ($_POST['type'] == 'register')) {
    if (!verify_token()) {
        return false;
    }
    $name          = (isset($_POST['name'])) ? $db->escapeString($fn->xss_clean($_POST['name'])) : "";
    $mobile      = (isset($_POST['mobile'])) ? $db->escapeString($fn->xss_clean($_POST['mobile'])) : "";
    $country_code      = (isset($_POST['country_code'])) ? $db->escapeString($fn->xss_clean($_POST['country_code'])) : "";
    $fcm_id      = (isset($_POST['fcm_id'])) ? $db->escapeString($fn->xss_clean($_POST['fcm_id'])) : "";
    $dob      = (isset($_POST['dob'])) ? $db->escapeString($fn->xss_clean($_POST['dob'])) : "";
    $email      = (isset($_POST['email']) && !empty($_POST['email'])) ? $db->escapeString($fn->xss_clean($_POST['email'])) : "";
    $password     = md5($db->escapeString($fn->xss_clean($_POST['password'])));
    $city         = (isset($_POST['city_id'])) ? $db->escapeString($fn->xss_clean($_POST['city_id'])) : "";
    $area         = (isset($_POST['area_id'])) ? $db->escapeString($fn->xss_clean($_POST['area_id'])) : "";
    $street     = (isset($_POST['street'])) ? $db->escapeString($fn->xss_clean($_POST['street'])) : "";
    $pincode     = (isset($_POST['pincode'])) ? $db->escapeString($fn->xss_clean($_POST['pincode'])) : "";
    $api_key     = (isset($_POST['api_key'])) ? $db->escapeString($fn->xss_clean($_POST['api_key'])) : "";
    $latitude     = (isset($_POST['latitude'])) ? $db->escapeString($fn->xss_clean($_POST['latitude'])) : "0";
    $longitude     = (isset($_POST['longitude'])) ? $db->escapeString($fn->xss_clean($_POST['longitude'])) : "0";
    $status     = 1;
    $chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ";
    $referral_code  = "";
    for ($i = 0; $i < 10; $i++) {
        $referral_code .= $chars[mt_rand(0, strlen($chars) - 1)];
    }
    if (isset($_POST['friends_code']) && $_POST['friends_code'] != '') {
        $friend_code = $db->escapeString($fn->xss_clean($_POST['friends_code']));
        $sql = "SELECT id FROM users WHERE referral_code='" . $friend_code . "'";
        $db->sql($sql);
        $result = $db->getResult();
        $num_rows = $db->numRows($result);
        if ($num_rows > 0) {
            $friends_code = $db->escapeString($fn->xss_clean($_POST['friends_code']));
        } else {
            $response["error"]   = true;
            $response["message"] = "Invalid friends code!";
            echo json_encode($response);
            return false;
        }
    } else {
        $friends_code = '';
    }

    if (!empty($mobile)) {
        $sql = "select mobile from users where mobile='" . $mobile . "'";
        $db->sql($sql);
        $res = $db->getResult();
        $num_rows = $db->numRows($res);
        if ($num_rows > 0) {

            $response["error"]   = true;
            $response["message"] = "This mobile $mobile is already registered. Please login!";

            echo json_encode($response);
        } else if ($num_rows == 0) {
            // print_r($settings);
            // return false;

            if (isset($_FILES['profile']) && !empty($_FILES['profile']) && $_FILES['profile']['error'] == 0 && $_FILES['profile']['size'] > 0) {
                $profile = $db->escapeString($fn->xss_clean($_FILES['profile']['name']));
                if (!is_dir('../upload/profile/')) {
                    mkdir('../upload/profile/', 0777, true);
                }
                $extension = pathinfo($_FILES["profile"]["name"])['extension'];
                $result = $fn->validate_image($_FILES["profile"]);
                if ($result) {
                    $response["error"]   = true;
                    $response["message"] = "Image type must jpg, jpeg, gif, or png!";
                    echo json_encode($response);
                    return false;
                }
                $filename = microtime(true) . '.' . strtolower($extension);
                $full_path = '../upload/profile/' . "" . $filename;
                if (!move_uploaded_file($_FILES["profile"]["tmp_name"], $full_path)) {
                    $response["error"]   = true;
                    $response["message"] = "Invalid directory to load profile!";
                    echo json_encode($response);
                    return false;
                }
            } else {
                $filename = 'default_user_profile.png';
                $full_path = '../upload/profile/' . "" . $filename;
            }

            $balance = isset($settings['welcome-wallet-balance']) && $settings['welcome-wallet-balance'] == '1' && !empty($settings['wallet_balance']) ? $settings['wallet_balance'] : 0;

            $sql = "INSERT INTO `users`(`name`, `email`,`profile`, `mobile`,`dob`, `city`,`area`, `street` , `pincode`, `apikey`, `password`,`referral_code`,`friends_code`,`fcm_id`,`latitude`,`longitude`,`status`,`country_code`,`balance`) VALUES 
			('$name','$email','$filename','$mobile','$dob','$city','$area','$street','$pincode','$api_key','$password','$referral_code','$friends_code','$fcm_id','$latitude','$longitude',$status,'$country_code','$balance')";
            $data = array(
                'name' => $name,
                'email' => $email,
                'profile' => DOMAIN_URL . 'upload/profile/' . "" . $filename,
                'mobile' => $mobile,
                'country_code' => $country_code,
                'fcm_id' => $fcm_id,
                'dob' => $dob,
                'city' => $city,
                'area' => $area,
                'street' => $street,
                'pincode' => $pincode,
                'apikey' => $api_key,
                'password' => $password,
                'referral_code' => $referral_code,
                'friends_code' => $friends_code,
                'latitude' => $latitude,
                'longitude' => $longitude,
                'balance' => $balance,
                'status' => $status
            );

            $db->sql($sql);
            $res = $db->getResult();
            $usr_id = $fn->get_data($columns = ['id'], 'mobile = "' . $mobile . '"', 'users');

            $sql = "DELETE FROM devices where fcm_id = '$fcm_id' ";
            $db->sql($sql);
            $res = $db->getResult();

            $sql_query = "SELECT *,(SELECT name FROM area a WHERE a.id=u.area) as area_name,(SELECT name FROM city c WHERE c.id=u.city) as city_name FROM `users` u WHERE `mobile` = '" . $mobile . "' AND `password` ='" . $password . "'";
            $db->sql($sql_query);
            $result = $db->getResult();
            if ($db->numRows($result) > 0) {
                $response["error"]   = false;
                $response["message"] = "User registered successfully";
                $response['password']  = $data['password'];
                foreach ($result as $row) {
                    $response['error']     = false;
                    $response['user_id'] = $row['id'];
                    $response['name'] = $row['name'];
                    $response['email'] = $row['email'];
                    $response['profile'] = DOMAIN_URL . 'upload/profile/' . "" . $row['profile'];
                    $response['mobile'] = $row['mobile'];
                    $response['country_code'] = $row['country_code'];
                    $response['dob'] = $row['dob'];
                    $response['balance'] = $row['balance'];
                    $response['city_id'] = !empty($row['city']) ? $row['city'] : '';
                    $response['city_name'] = !empty($row['city_name']) ? $row['city_name'] : '';
                    $response['area_id'] = !empty($row['area']) ? $row['area'] : '';
                    $response['area_name'] = !empty($row['area_name']) ? $row['area_name'] : '';
                    $response['street'] = $row['street'];
                    $response['pincode'] = $row['pincode'];
                    $response['referral_code'] = $row['referral_code'];
                    $response['friends_code'] = $row['friends_code'];
                    $response['latitude'] = (!empty($row['latitude'])) ? $row['latitude'] : '0';
                    $response['longitude'] = (!empty($row['longitude'])) ? $row['longitude'] : '0';
                    $response['apikey'] = $row['apikey'];
                    $response['status'] = $row['status'];
                    $response['created_at'] = $row['created_at'];
                }
                echo json_encode($response);
            }
        }
    } else {
        echo "Email is required.";
    }
}

if ((isset($_POST['type'])) && ($_POST['type'] == 'upload_profile')) {
    if (!verify_token()) {
        return false;
    }
    if (!isset($_POST['user_id']) && empty($_POST['user_id'])) {
        $response["error"]   = true;
        $response["message"] = "User id is missing.";
        print_r(json_encode($response));
        return false;
        exit();
    }
    $id = $db->escapeString($fn->xss_clean($_POST['user_id']));
    $sql = 'select * from users where id =' . $id;
    $db->sql($sql);
    $res = $db->getResult();

    if (!empty($res)) {
        if (isset($_FILES['profile']) && !empty($_FILES['profile']) && $_FILES['profile']['error'] == 0 && $_FILES['profile']['size'] > 0) {

            if (!is_dir('../upload/profile/')) {
                mkdir('../upload/profile/', 0777, true);
            }
            if (!empty($res[0]['profile'])) {
                $old_image = $res[0]['profile'];
                if ($old_image != 'default_user_profile.png' && !empty($old_image)) {
                    unlink('../upload/profile/' . $old_image);
                }
            }
            $profile = $db->escapeString($fn->xss_clean($_FILES['profile']['name']));
            $extension = pathinfo($_FILES["profile"]["name"])['extension'];
            $result = $fn->validate_image($_FILES["profile"]);
            if ($result) {
                $response["error"]   = true;
                $response["message"] = "Image type must jpg, jpeg, gif, or png!";
                echo json_encode($response);
                return false;
            }
            $filename = microtime(true) . '.' . strtolower($extension);
            $full_path = '../upload/profile/' . "" . $filename;
            if (!move_uploaded_file($_FILES["profile"]["tmp_name"], $full_path)) {
                $response["error"]   = true;
                $response["message"] = "Invalid directory to load profile!";
                echo json_encode($response);
                return false;
            }
            $sql = "UPDATE users SET `profile`='" . $filename . "' WHERE `id`=" . $id;
            if ($db->sql($sql)) {
                $profile = $fn->get_data($columns = ['profile'], 'id = "' . $id . '"', 'users');
                $profile_url = DOMAIN_URL . 'upload/profile/' . "" . $profile[0]['profile'];
                $response["error"]   = false;
                $response["profile"]   = $profile_url;
                $response["message"] = "Profile has been updated successfully.";
            } else {
                $response["error"]   = true;
                $response["message"] = "Profile is not updated.";
            }
        } else {
            $response["error"]   = true;
            $response["message"] = "Profile parameter is missing.";
        }
    } else {
        $response["error"]   = true;
        $response["message"] = "User does not exist.";
    }
    echo json_encode($response);
}


if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'edit-profile') {
    if (!verify_token()) {
        return false;
    }
    $id       = $db->escapeString($fn->xss_clean($_POST['id']));
    $name   = $db->escapeString($fn->xss_clean($_POST['name']));
    $email  = $db->escapeString($fn->xss_clean($_POST['email']));
    $city   = $db->escapeString($fn->xss_clean($_POST['city_id']));
    $area   = $db->escapeString($fn->xss_clean($_POST['area_id']));
    $street = $db->escapeString($fn->xss_clean($_POST['street']));
    $pincode = $db->escapeString($fn->xss_clean($_POST['pincode']));
    $dob = $db->escapeString($fn->xss_clean($_POST['dob']));
    $latitude     = (isset($_POST['latitude']) && !empty($_POST['latitude'])) ? $db->escapeString($fn->xss_clean($_POST['latitude'])) : "0";
    $longitude     = (isset($_POST['longitude']) && !empty($_POST['longitude'])) ? $db->escapeString($fn->xss_clean($_POST['longitude'])) : "0";

    $sql = 'select * from users where id =' . $id;
    $db->sql($sql);
    $res = $db->getResult();

    if (!empty($res)) {

        if (isset($_FILES['profile']) && !empty($_FILES['profile']) && $_FILES['profile']['error'] == 0 && $_FILES['profile']['size'] > 0) {
            if (!empty($res[0]['profile'])) {
                $old_image = $res[0]['profile'];
                if ($old_image != 'default_user_profile.png' && !empty($old_image)) {
                    unlink('../upload/profile/' . $old_image);
                }
            }

            $profile = $db->escapeString($fn->xss_clean($_FILES['profile']['name']));
            $extension = pathinfo($_FILES["profile"]["name"])['extension'];
            $result = $fn->validate_image($_FILES["profile"]);
            if ($result) {
                $response["error"]   = true;
                $response["message"] = "Image type must jpg, jpeg, gif, or png!";
                echo json_encode($response);
                return false;
            }
            $filename = microtime(true) . '.' . strtolower($extension);
            $full_path = '../upload/profile/' . "" . $filename;
            if (!move_uploaded_file($_FILES["profile"]["tmp_name"], $full_path)) {
                $response["error"]   = true;
                $response["message"] = "Invalid directory to load profile!";
                echo json_encode($response);
                return false;
            }
            $sql = "UPDATE users SET `profile`='" . $filename . "' WHERE `id`=" . $id;
            $db->sql($sql);
        }

        $sql = 'UPDATE `users` SET `name`="' . $name . '",`email`="' . $email . '",`dob`="' . $dob . '",`city`="' . $city . '",`area`="' . $area . '",`street`="' . $street . '",`pincode`="' . $pincode . '",`latitude`="' . $latitude . '",`longitude`="' . $longitude . '" WHERE `id`=' . $id;
        $db->sql($sql);

        $response["error"]   = false;
        $response["message"] = "Profile has been updated successfully.";
    } else {
        $response["error"]   = true;
        $response["message"] = "valid id is required!!";
    }
    echo json_encode($response);
}

if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'change-password') {
    if (!verify_token()) {
        return false;
    }
    // if (ALLOW_MODIFICATION != 0) {
    $id       = $db->escapeString($fn->xss_clean($_POST['id']));
    $password = $db->escapeString($fn->xss_clean($_POST['password']));
    $password = md5($password);

    $sql = 'UPDATE `users` SET `password`="' . $password . '" WHERE `id`=' . $id;
    if ($db->sql($sql)) {
        $response["error"]   = false;
        $response["message"] = "Profile updated successfully";
    } else {
        $response["error"]   = true;
        $response["message"] = "Something went wrong! Try Again!";
    }
    // } else {
    //     $response["error"]   = true;
    //     $response["message"] = "You have no permission to Change Password";
    // }
    echo json_encode($response);
}

if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'forgot-password-email') {
    if (!verify_token()) {
        return false;
    }
    $email  = $db->escapeString($fn->xss_clean($_POST['email']));
    $password = rand(10000, 99999);
    $encrypted_password = md5($password);

    $sql = "select `id`,`name` from `users` where `email`='" . $email . "'";
    $db->sql($sql);
    $result = $db->getResult();
    if ($db->numRows($result)) {
        $to = $email;
        $subject = "Password Recovery Mail - Password is reset ( $email )";
        $message = "Hi, <b>" . $result[0]['name'] . " - " . $email . "</b>, \t\r\n Your Password has been reset. Please Login with the new password. \r\nYour new Password is : " . $password . "\r\n Thank you";

        if (!send_email($to, $subject, $message)) {
            $response["error"]   = true;
            $response["message"] = "Password could not be reset!Try Again";
            echo json_encode($response);
            return false;
        }
        $sql = 'UPDATE `users` SET `password`="' . $encrypted_password . '" WHERE `email`="' . $email . '"';
        if ($db->sql($sql)) {
            $response["error"]   = false;
            $response["message"] = "Password updated successfully! Please check the mail!";
        }
    } else {
        $response["error"]   = true;
        $response["message"] = "Email ID does not exist!";
    }
    echo json_encode($response);
}


if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'forgot-password-mobile') {
    if (!verify_token()) {
        return false;
    }
    $mobile  = $db->escapeString($fn->xss_clean($_POST['mobile']));
    $password = 'test1234';
    $encrypted_password = md5($password);
    $sql = "select `id`,`name`,`country_code` from `users` where `mobile`='" . $mobile . "'";
    $db->sql($sql);
    $result = $db->getResult();

    if ($db->numRows($result) > 0) {
        $country_code = $result[0]['country_code'];
        $message = 'Your Password for ' . $app_name . ' is Reset. Please login using new Password : ' . $password . '.';
        $sql = 'UPDATE `users` SET `password`="' . $encrypted_password . '" WHERE `mobile`="' . $mobile . '"';
        if ($db->sql($sql)) {
            $response["error"]   = false;
            $response["message"] = "Password is sent successfully! Please login via the OTP sent to your mobile number!";
        }
    } else {
        $response["error"]   = true;
        $response["message"] = "Mobile number does not exist! Please Register";
    }
    echo json_encode($response);
}


if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'delete-notification') {
    $permissions = $fn->get_permissions($_SESSION['id']);
    if ($permissions['notifications']['delete'] == 0) {
        echo 2;
        return false;
    }
    $id        = $db->escapeString($fn->xss_clean($_POST['id']));
    $image     = $db->escapeString($fn->xss_clean($_POST['image']));

    if (!empty($image))
        unlink('../' . $image);

    $sql = 'DELETE FROM `notifications` WHERE `id`=' . $id;
    if ($db->sql($sql)) {
        echo 1;
    } else {
        echo 0;
    }
}

if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'register-device') {
    if (!verify_token()) {
        return false;
    }
    $user_id  = $db->escapeString($fn->xss_clean($_POST['user_id']));
    $token  = $db->escapeString($fn->xss_clean($_POST['token']));

    $sql = "select `id` from `users` where `id`='" . $user_id . "'";
    $db->sql($sql);
    $result = $db->getResult();
    if ($db->numRows($result) > 0) {
        $sql = 'UPDATE `users` SET `fcm_id`="' . $token . '" WHERE `id`="' . $user_id . '"';
        if ($db->sql($sql)) {
            $response["error"]   = false;
            $response["message"] = "Device updated successfully";
        }
    } else {
        $response["error"]   = true;
        $response["message"] = "User does't exists.";
    }
    echo json_encode($response);
}

if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'send-invitation') {
    if (!verify_token()) {
        return false;
    }
    $referral_code = $db->escapeString($fn->xss_clean($_POST['referral_code']));
    $friend_id  = $db->escapeString($fn->xss_clean($_POST['friend_id']));
    $sql = "select * from `users` where `referral_code`='" . $referral_code . "'";
    $db->sql($sql);
    $result = $db->getResult();
    if ($db->numRows($result) > 0) {
        $sql = 'UPDATE `users` SET `friends_code`="' . $referral_code . '" WHERE `id`="' . $friend_id . '"';
        if ($db->sql($sql)) {
            $response["error"]   = false;
            $response["message"] = "Invitation sent successfully";
            $response['data'] = $result;
        }
    } else {
        $response["error"]   = true;
        $response["message"] = "Invalid referral code.";
    }
    echo json_encode($response);
}

Zerion Mini Shell 1.0