ok
Direktori : /home2/selectio/www/thecomponents.in/admin/api-firebase/ |
Current File : /home2/selectio/www/thecomponents.in/admin/api-firebase/user-registration.php |
<?php header('Access-Control-Allow-Origin: *'); header('Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization'); session_start(); include '../includes/crud.php'; include '../includes/custom-functions.php'; $fn = new custom_functions; include '../includes/variables.php'; include_once('verify-token.php'); $db = new Database(); $db->connect(); $fn = new custom_functions(); $settings = $fn->get_settings('system_timezone', true); $app_name = $settings['app_name']; include 'send-email.php'; $config = $fn->get_configurations(); $time_slot_config = $fn->time_slot_config(); $time_zone = $fn->set_timezone($config); if (!$time_zone) { $response['error'] = true; $response['message'] = "Time Zone is not set."; print_r(json_encode($response)); return false; exit(); } /* ------------------------------------------- APIs for eCart ------------------------------------------- 1. verify-user 2. verify-user-email 3. register 4. upload_profile 5. edit-profile 6. change-password 7. forgot-password-email 8. forgot-password-mobile 9. delete-notification 10.register-device 11.send-invitation ------------------------------------------- ------------------------------------------- */ $response = array(); $accesskey = $db->escapeString($fn->xss_clean($_POST['accesskey'])); if ($access_key != $accesskey) { $response['error'] = true; $response['message'] = "invalid accesskey"; print_r(json_encode($response)); return false; } if ((isset($_POST['type'])) && ($_POST['type'] == 'verify-user')) { if (!verify_token()) { return false; } $mobile = $db->escapeString($fn->xss_clean($_POST['mobile'])); if (!empty($mobile) && $mobile != "") { $sql = 'select id from users where mobile =' . $mobile; $db->sql($sql); $res = $db->getResult(); $num_rows = $db->numRows($res); if ($num_rows > 0) { $response["error"] = true; $response["id"] = $res[0]['id']; $response["message"] = "This mobile is already registered. Please login!"; echo json_encode($response); } else if ($num_rows == 0) { $response["error"] = false; $response["message"] = "Ready to sent firebase OTP request!"; echo json_encode($response); } } else { $response['error'] = true; $response['message'] = "mobile is required."; echo json_encode($response); } } if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'verify-user-email') { if (!verify_token()) { return false; } $email = $db->escapeString($fn->xss_clean($_POST['email'])); $otp = rand(100000, 999999); $sql = "select `id`,`name` from `users` where `email`='" . $email . "'"; $db->sql($sql); $result = $db->getResult(); $num_rows = $db->numRows($result); if ($num_rows == 0) { $to = $email; $subject = "$app_name Registration Verification"; $message = "<#> Your OTP for $app_name Registration verification is : " . $otp . ". Please enter this OTP to activate your profile. "; if (!send_email($to, $subject, $message)) { $response["error"] = true; $response["message"] = "Activation mail could not be sent!Try Again"; echo json_encode($response); return false; } $response["error"] = false; $response["message"] = "OTP for account activation is sent to your email. Please verify it to complete the registration process."/*.$smsResult*/; $response["OTP"] = $otp; } else { $response["error"] = true; $response["message"] = "Email is already registered. Please login!"; } echo json_encode($response); } if ((isset($_POST['type'])) && ($_POST['type'] == 'register')) { if (!verify_token()) { return false; } $name = (isset($_POST['name'])) ? $db->escapeString($fn->xss_clean($_POST['name'])) : ""; $mobile = (isset($_POST['mobile'])) ? $db->escapeString($fn->xss_clean($_POST['mobile'])) : ""; $country_code = (isset($_POST['country_code'])) ? $db->escapeString($fn->xss_clean($_POST['country_code'])) : ""; $fcm_id = (isset($_POST['fcm_id'])) ? $db->escapeString($fn->xss_clean($_POST['fcm_id'])) : ""; $dob = (isset($_POST['dob'])) ? $db->escapeString($fn->xss_clean($_POST['dob'])) : ""; $email = (isset($_POST['email']) && !empty($_POST['email'])) ? $db->escapeString($fn->xss_clean($_POST['email'])) : ""; $password = md5($db->escapeString($fn->xss_clean($_POST['password']))); $city = (isset($_POST['city_id'])) ? $db->escapeString($fn->xss_clean($_POST['city_id'])) : ""; $area = (isset($_POST['area_id'])) ? $db->escapeString($fn->xss_clean($_POST['area_id'])) : ""; $street = (isset($_POST['street'])) ? $db->escapeString($fn->xss_clean($_POST['street'])) : ""; $pincode = (isset($_POST['pincode'])) ? $db->escapeString($fn->xss_clean($_POST['pincode'])) : ""; $api_key = (isset($_POST['api_key'])) ? $db->escapeString($fn->xss_clean($_POST['api_key'])) : ""; $latitude = (isset($_POST['latitude'])) ? $db->escapeString($fn->xss_clean($_POST['latitude'])) : "0"; $longitude = (isset($_POST['longitude'])) ? $db->escapeString($fn->xss_clean($_POST['longitude'])) : "0"; $status = 1; $chars = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; $referral_code = ""; for ($i = 0; $i < 10; $i++) { $referral_code .= $chars[mt_rand(0, strlen($chars) - 1)]; } if (isset($_POST['friends_code']) && $_POST['friends_code'] != '') { $friend_code = $db->escapeString($fn->xss_clean($_POST['friends_code'])); $sql = "SELECT id FROM users WHERE referral_code='" . $friend_code . "'"; $db->sql($sql); $result = $db->getResult(); $num_rows = $db->numRows($result); if ($num_rows > 0) { $friends_code = $db->escapeString($fn->xss_clean($_POST['friends_code'])); } else { $response["error"] = true; $response["message"] = "Invalid friends code!"; echo json_encode($response); return false; } } else { $friends_code = ''; } if (!empty($mobile)) { $sql = "select mobile from users where mobile='" . $mobile . "'"; $db->sql($sql); $res = $db->getResult(); $num_rows = $db->numRows($res); if ($num_rows > 0) { $response["error"] = true; $response["message"] = "This mobile $mobile is already registered. Please login!"; echo json_encode($response); } else if ($num_rows == 0) { // print_r($settings); // return false; if (isset($_FILES['profile']) && !empty($_FILES['profile']) && $_FILES['profile']['error'] == 0 && $_FILES['profile']['size'] > 0) { $profile = $db->escapeString($fn->xss_clean($_FILES['profile']['name'])); if (!is_dir('../upload/profile/')) { mkdir('../upload/profile/', 0777, true); } $extension = pathinfo($_FILES["profile"]["name"])['extension']; $result = $fn->validate_image($_FILES["profile"]); if ($result) { $response["error"] = true; $response["message"] = "Image type must jpg, jpeg, gif, or png!"; echo json_encode($response); return false; } $filename = microtime(true) . '.' . strtolower($extension); $full_path = '../upload/profile/' . "" . $filename; if (!move_uploaded_file($_FILES["profile"]["tmp_name"], $full_path)) { $response["error"] = true; $response["message"] = "Invalid directory to load profile!"; echo json_encode($response); return false; } } else { $filename = 'default_user_profile.png'; $full_path = '../upload/profile/' . "" . $filename; } $balance = isset($settings['welcome-wallet-balance']) && $settings['welcome-wallet-balance'] == '1' && !empty($settings['wallet_balance']) ? $settings['wallet_balance'] : 0; $sql = "INSERT INTO `users`(`name`, `email`,`profile`, `mobile`,`dob`, `city`,`area`, `street` , `pincode`, `apikey`, `password`,`referral_code`,`friends_code`,`fcm_id`,`latitude`,`longitude`,`status`,`country_code`,`balance`) VALUES ('$name','$email','$filename','$mobile','$dob','$city','$area','$street','$pincode','$api_key','$password','$referral_code','$friends_code','$fcm_id','$latitude','$longitude',$status,'$country_code','$balance')"; $data = array( 'name' => $name, 'email' => $email, 'profile' => DOMAIN_URL . 'upload/profile/' . "" . $filename, 'mobile' => $mobile, 'country_code' => $country_code, 'fcm_id' => $fcm_id, 'dob' => $dob, 'city' => $city, 'area' => $area, 'street' => $street, 'pincode' => $pincode, 'apikey' => $api_key, 'password' => $password, 'referral_code' => $referral_code, 'friends_code' => $friends_code, 'latitude' => $latitude, 'longitude' => $longitude, 'balance' => $balance, 'status' => $status ); $db->sql($sql); $res = $db->getResult(); $usr_id = $fn->get_data($columns = ['id'], 'mobile = "' . $mobile . '"', 'users'); $sql = "DELETE FROM devices where fcm_id = '$fcm_id' "; $db->sql($sql); $res = $db->getResult(); $sql_query = "SELECT *,(SELECT name FROM area a WHERE a.id=u.area) as area_name,(SELECT name FROM city c WHERE c.id=u.city) as city_name FROM `users` u WHERE `mobile` = '" . $mobile . "' AND `password` ='" . $password . "'"; $db->sql($sql_query); $result = $db->getResult(); if ($db->numRows($result) > 0) { $response["error"] = false; $response["message"] = "User registered successfully"; $response['password'] = $data['password']; foreach ($result as $row) { $response['error'] = false; $response['user_id'] = $row['id']; $response['name'] = $row['name']; $response['email'] = $row['email']; $response['profile'] = DOMAIN_URL . 'upload/profile/' . "" . $row['profile']; $response['mobile'] = $row['mobile']; $response['country_code'] = $row['country_code']; $response['dob'] = $row['dob']; $response['balance'] = $row['balance']; $response['city_id'] = !empty($row['city']) ? $row['city'] : ''; $response['city_name'] = !empty($row['city_name']) ? $row['city_name'] : ''; $response['area_id'] = !empty($row['area']) ? $row['area'] : ''; $response['area_name'] = !empty($row['area_name']) ? $row['area_name'] : ''; $response['street'] = $row['street']; $response['pincode'] = $row['pincode']; $response['referral_code'] = $row['referral_code']; $response['friends_code'] = $row['friends_code']; $response['latitude'] = (!empty($row['latitude'])) ? $row['latitude'] : '0'; $response['longitude'] = (!empty($row['longitude'])) ? $row['longitude'] : '0'; $response['apikey'] = $row['apikey']; $response['status'] = $row['status']; $response['created_at'] = $row['created_at']; } echo json_encode($response); } } } else { echo "Email is required."; } } if ((isset($_POST['type'])) && ($_POST['type'] == 'upload_profile')) { if (!verify_token()) { return false; } if (!isset($_POST['user_id']) && empty($_POST['user_id'])) { $response["error"] = true; $response["message"] = "User id is missing."; print_r(json_encode($response)); return false; exit(); } $id = $db->escapeString($fn->xss_clean($_POST['user_id'])); $sql = 'select * from users where id =' . $id; $db->sql($sql); $res = $db->getResult(); if (!empty($res)) { if (isset($_FILES['profile']) && !empty($_FILES['profile']) && $_FILES['profile']['error'] == 0 && $_FILES['profile']['size'] > 0) { if (!is_dir('../upload/profile/')) { mkdir('../upload/profile/', 0777, true); } if (!empty($res[0]['profile'])) { $old_image = $res[0]['profile']; if ($old_image != 'default_user_profile.png' && !empty($old_image)) { unlink('../upload/profile/' . $old_image); } } $profile = $db->escapeString($fn->xss_clean($_FILES['profile']['name'])); $extension = pathinfo($_FILES["profile"]["name"])['extension']; $result = $fn->validate_image($_FILES["profile"]); if ($result) { $response["error"] = true; $response["message"] = "Image type must jpg, jpeg, gif, or png!"; echo json_encode($response); return false; } $filename = microtime(true) . '.' . strtolower($extension); $full_path = '../upload/profile/' . "" . $filename; if (!move_uploaded_file($_FILES["profile"]["tmp_name"], $full_path)) { $response["error"] = true; $response["message"] = "Invalid directory to load profile!"; echo json_encode($response); return false; } $sql = "UPDATE users SET `profile`='" . $filename . "' WHERE `id`=" . $id; if ($db->sql($sql)) { $profile = $fn->get_data($columns = ['profile'], 'id = "' . $id . '"', 'users'); $profile_url = DOMAIN_URL . 'upload/profile/' . "" . $profile[0]['profile']; $response["error"] = false; $response["profile"] = $profile_url; $response["message"] = "Profile has been updated successfully."; } else { $response["error"] = true; $response["message"] = "Profile is not updated."; } } else { $response["error"] = true; $response["message"] = "Profile parameter is missing."; } } else { $response["error"] = true; $response["message"] = "User does not exist."; } echo json_encode($response); } if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'edit-profile') { if (!verify_token()) { return false; } $id = $db->escapeString($fn->xss_clean($_POST['id'])); $name = $db->escapeString($fn->xss_clean($_POST['name'])); $email = $db->escapeString($fn->xss_clean($_POST['email'])); $city = $db->escapeString($fn->xss_clean($_POST['city_id'])); $area = $db->escapeString($fn->xss_clean($_POST['area_id'])); $street = $db->escapeString($fn->xss_clean($_POST['street'])); $pincode = $db->escapeString($fn->xss_clean($_POST['pincode'])); $dob = $db->escapeString($fn->xss_clean($_POST['dob'])); $latitude = (isset($_POST['latitude']) && !empty($_POST['latitude'])) ? $db->escapeString($fn->xss_clean($_POST['latitude'])) : "0"; $longitude = (isset($_POST['longitude']) && !empty($_POST['longitude'])) ? $db->escapeString($fn->xss_clean($_POST['longitude'])) : "0"; $sql = 'select * from users where id =' . $id; $db->sql($sql); $res = $db->getResult(); if (!empty($res)) { if (isset($_FILES['profile']) && !empty($_FILES['profile']) && $_FILES['profile']['error'] == 0 && $_FILES['profile']['size'] > 0) { if (!empty($res[0]['profile'])) { $old_image = $res[0]['profile']; if ($old_image != 'default_user_profile.png' && !empty($old_image)) { unlink('../upload/profile/' . $old_image); } } $profile = $db->escapeString($fn->xss_clean($_FILES['profile']['name'])); $extension = pathinfo($_FILES["profile"]["name"])['extension']; $result = $fn->validate_image($_FILES["profile"]); if ($result) { $response["error"] = true; $response["message"] = "Image type must jpg, jpeg, gif, or png!"; echo json_encode($response); return false; } $filename = microtime(true) . '.' . strtolower($extension); $full_path = '../upload/profile/' . "" . $filename; if (!move_uploaded_file($_FILES["profile"]["tmp_name"], $full_path)) { $response["error"] = true; $response["message"] = "Invalid directory to load profile!"; echo json_encode($response); return false; } $sql = "UPDATE users SET `profile`='" . $filename . "' WHERE `id`=" . $id; $db->sql($sql); } $sql = 'UPDATE `users` SET `name`="' . $name . '",`email`="' . $email . '",`dob`="' . $dob . '",`city`="' . $city . '",`area`="' . $area . '",`street`="' . $street . '",`pincode`="' . $pincode . '",`latitude`="' . $latitude . '",`longitude`="' . $longitude . '" WHERE `id`=' . $id; $db->sql($sql); $response["error"] = false; $response["message"] = "Profile has been updated successfully."; } else { $response["error"] = true; $response["message"] = "valid id is required!!"; } echo json_encode($response); } if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'change-password') { if (!verify_token()) { return false; } // if (ALLOW_MODIFICATION != 0) { $id = $db->escapeString($fn->xss_clean($_POST['id'])); $password = $db->escapeString($fn->xss_clean($_POST['password'])); $password = md5($password); $sql = 'UPDATE `users` SET `password`="' . $password . '" WHERE `id`=' . $id; if ($db->sql($sql)) { $response["error"] = false; $response["message"] = "Profile updated successfully"; } else { $response["error"] = true; $response["message"] = "Something went wrong! Try Again!"; } // } else { // $response["error"] = true; // $response["message"] = "You have no permission to Change Password"; // } echo json_encode($response); } if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'forgot-password-email') { if (!verify_token()) { return false; } $email = $db->escapeString($fn->xss_clean($_POST['email'])); $password = rand(10000, 99999); $encrypted_password = md5($password); $sql = "select `id`,`name` from `users` where `email`='" . $email . "'"; $db->sql($sql); $result = $db->getResult(); if ($db->numRows($result)) { $to = $email; $subject = "Password Recovery Mail - Password is reset ( $email )"; $message = "Hi, <b>" . $result[0]['name'] . " - " . $email . "</b>, \t\r\n Your Password has been reset. Please Login with the new password. \r\nYour new Password is : " . $password . "\r\n Thank you"; if (!send_email($to, $subject, $message)) { $response["error"] = true; $response["message"] = "Password could not be reset!Try Again"; echo json_encode($response); return false; } $sql = 'UPDATE `users` SET `password`="' . $encrypted_password . '" WHERE `email`="' . $email . '"'; if ($db->sql($sql)) { $response["error"] = false; $response["message"] = "Password updated successfully! Please check the mail!"; } } else { $response["error"] = true; $response["message"] = "Email ID does not exist!"; } echo json_encode($response); } if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'forgot-password-mobile') { if (!verify_token()) { return false; } $mobile = $db->escapeString($fn->xss_clean($_POST['mobile'])); $password = 'test1234'; $encrypted_password = md5($password); $sql = "select `id`,`name`,`country_code` from `users` where `mobile`='" . $mobile . "'"; $db->sql($sql); $result = $db->getResult(); if ($db->numRows($result) > 0) { $country_code = $result[0]['country_code']; $message = 'Your Password for ' . $app_name . ' is Reset. Please login using new Password : ' . $password . '.'; $sql = 'UPDATE `users` SET `password`="' . $encrypted_password . '" WHERE `mobile`="' . $mobile . '"'; if ($db->sql($sql)) { $response["error"] = false; $response["message"] = "Password is sent successfully! Please login via the OTP sent to your mobile number!"; } } else { $response["error"] = true; $response["message"] = "Mobile number does not exist! Please Register"; } echo json_encode($response); } if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'delete-notification') { $permissions = $fn->get_permissions($_SESSION['id']); if ($permissions['notifications']['delete'] == 0) { echo 2; return false; } $id = $db->escapeString($fn->xss_clean($_POST['id'])); $image = $db->escapeString($fn->xss_clean($_POST['image'])); if (!empty($image)) unlink('../' . $image); $sql = 'DELETE FROM `notifications` WHERE `id`=' . $id; if ($db->sql($sql)) { echo 1; } else { echo 0; } } if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'register-device') { if (!verify_token()) { return false; } $user_id = $db->escapeString($fn->xss_clean($_POST['user_id'])); $token = $db->escapeString($fn->xss_clean($_POST['token'])); $sql = "select `id` from `users` where `id`='" . $user_id . "'"; $db->sql($sql); $result = $db->getResult(); if ($db->numRows($result) > 0) { $sql = 'UPDATE `users` SET `fcm_id`="' . $token . '" WHERE `id`="' . $user_id . '"'; if ($db->sql($sql)) { $response["error"] = false; $response["message"] = "Device updated successfully"; } } else { $response["error"] = true; $response["message"] = "User does't exists."; } echo json_encode($response); } if (isset($_POST['type']) && $_POST['type'] != '' && $_POST['type'] == 'send-invitation') { if (!verify_token()) { return false; } $referral_code = $db->escapeString($fn->xss_clean($_POST['referral_code'])); $friend_id = $db->escapeString($fn->xss_clean($_POST['friend_id'])); $sql = "select * from `users` where `referral_code`='" . $referral_code . "'"; $db->sql($sql); $result = $db->getResult(); if ($db->numRows($result) > 0) { $sql = 'UPDATE `users` SET `friends_code`="' . $referral_code . '" WHERE `id`="' . $friend_id . '"'; if ($db->sql($sql)) { $response["error"] = false; $response["message"] = "Invitation sent successfully"; $response['data'] = $result; } } else { $response["error"] = true; $response["message"] = "Invalid referral code."; } echo json_encode($response); }