From c0299dc870e201c928d47673788f8eb517ceab4d Mon Sep 17 00:00:00 2001 From: james Date: Fri, 4 Mar 2011 16:01:59 +0000 Subject: [PATCH] Update docs for account/edit, and tweak link_username_to_email --- account.inc.php | 14 ++++++++++++-- api.php | 35 +++++++++++++++-------------------- 2 files changed, 27 insertions(+), 22 deletions(-) diff --git a/account.inc.php b/account.inc.php index 7984207..c4cc72a 100644 --- a/account.inc.php +++ b/account.inc.php @@ -442,7 +442,7 @@ function account_remove_role($accounts_id, $roles_id, $conferences_id){ // A function for handling updates of any fields that can be modified through an API call. // returns 'ok' on success, error message otherwise. function account_update_info($fields){ - if(array_key_exists('accounts_id', $_SESSION)){ + if($_SESSION['accounts_id']) { $accounts_id = $_SESSION['accounts_id']; }else{ return 'you must be logged in to change your account settings'; @@ -480,7 +480,17 @@ function account_update_info($fields){ case 'link_username_to_email': if(in_array($value, array('yes', 'no'))){ - $updates[$index] = $value; + if($value=='yes') { + //if its yes, we can only do it if username==email + if($fields['username']==$fields['email']) { + $updates[$index] = $value; + } else { + $message="username and email must match for link_username_toemail"; + } + } + else { + $updates[$index] = $value; + } }else{ $message = '"link_username_to_email" must be either a "yes" or "no" value'; } diff --git a/api.php b/api.php index 0d3720f..54f555d 100644 --- a/api.php +++ b/api.php @@ -287,6 +287,7 @@ switch($request[0]) { /* APIDOC: account/view description(view account information for currently logged in account) + object(account: {id,username,link_username_to_email enum(no,yes),passwordset date,email,pendignemail,superuser enum(no,yes),deleted enum(no,yes),deleted_datetime datetime,created datetime}) return(account array) */ case 'view': @@ -304,33 +305,27 @@ switch($request[0]) { /* APIDOC: account/edit description(edits an account) post(account array) + object(account: {id,username,password,link_username_to_email enum(no,yes),email}) return(account array) */ case 'edit': if(isset($_SESSION['accounts_id'])) { - - // grab the relevant keys from $_POST - $params = array(); - foreach($_POST as $key => $value){ - if(in_array($key, array('username', 'password', 'email', 'link_username_to_email'))){ - $params[$key] = $_POST[$key]; - } - } - - if(count($params) > 0){ - $result = account_update_info($params); - if($result == 'ok'){ - $a = account_load($_SESSION['accounts_id']); - $ret['status'] = 'ok'; - $ret['account'] = $a; - }else{ - + $account=json_decode($_POST['account'],true); + if($account['id']!=$_SESSION['accounts_id']) { $ret['status'] = "error"; - $ret['error'] = $result; - } + $ret['error'] = "Account id mismatch"; + break; + } + + $result = account_update_info($account); + if($result == 'ok'){ + $a = account_load($_SESSION['accounts_id']); + $ret['status'] = 'ok'; + $ret['account'] = $a; }else{ + $ret['status'] = "error"; - $ret['error'] = "No field values passed"; + $ret['error'] = $result; } }else{