"Access not authorized"); } $userId = $_POST['user_id'] ?? $_GET['user_id'] ?? ""; $subdomain = $_POST['subdomain'] ?? $_GET['subdomain'] ?? ""; //TODO: scrub inputs if(empty($userId) || empty($subdomain)) { return array("error" => "One or more required fields missing: user_id, subdomain"); } $db = SqliteDatabase::getSingleton(); $preparedQuery = $db->prepare("SELECT rowid AS client_id FROM accounts WHERE subdomain = :subdomain LIMIT 1;"); $preparedQuery->bindValue(':subdomain', $subdomain); $clientId = 0; try { $result = $preparedQuery->execute(); $account = $result->fetchArray(SQLITE3_ASSOC); $clientId = $account['client_id']; } catch(Exception $e) {} if($clientId == 0) { return array("error" => "Invalid subdomain specified"); } $sql = "INSERT INTO user_accounts VALUES (:user_id, :client_id);"; $preparedQuery = $db->prepare($sql); $preparedQuery->bindValue(':client_id', $clientId); $preparedQuery->bindValue(':user_id', $userId); try { $result = $preparedQuery->execute(); $loggerData = array(); $loggerData['admin_display_name'] = $_SESSION['display_name']; $loggerData['admin_user_id'] = $_SESSION['user_id']; $loggerData['user_added'] = $userId; $loggerData['domain_added'] = $clientId; SecurityLogger::action("add-user-domain", $loggerData, time()); return array("status" => "success"); } catch(Exception $e) { return array("error" => "Error" , "exception" => $e->getMessage()); } } }