"Access not authorized"); } $projectId = $_POST['project_id'] ?? $_GET['project_id'] ?? ""; $bucket = $_POST['bucket'] ?? $_GET['bucket'] ?? ""; $folder = $_POST['folder'] ?? $_GET['folder'] ?? ""; $displayName = $_POST['display_name'] ?? $_GET['display_name'] ?? ""; //TODO: scrub inputs if(empty($projectId) || empty($bucket) || empty($folder) || empty($displayName)) { return array("error" => "One or more required fields missing: project_id, bucket, folder, display_name"); } $db = SqliteDatabase::getSingleton(); $sql = "UPDATE projects SET bucket = :bucket, folder = :folder, display_name = :display_name WHERE rowid = :project_id"; $preparedQuery = $db->prepare($sql); $preparedQuery->bindValue(':bucket', $bucket); $preparedQuery->bindValue(':folder', $folder); $preparedQuery->bindValue(':display_name', $displayName); $preparedQuery->bindValue(':project_id', $projectId); try { $result = $preparedQuery->execute(); $loggerData = array(); $loggerData['display_name'] = $_SESSION['display_name']; $loggerData['user_id'] = $_SESSION['user_id']; $loggerData['project_id'] = $projectId; $loggerData['project_display_name'] = $displayName; SecurityLogger::action("edit-project", $loggerData, time()); return array("status" => "success", "message" => "Updated project '" . $displayName . "' (".$projectId.")."); } catch(Exception $e) { return array("error" => "Error when updating project '" . $displayName. "' (".$projectId."): invalid fields?" , "exception" => $e->getMessage()); } } }