"Access not authorized"); } $clientId = $_POST['client_id'] ?? $_GET['client_id'] ?? ""; $subdomain = $_POST['subdomain'] ?? $_GET['subdomain'] ?? ""; $displayName = $_POST['display_name'] ?? $_GET['display_name'] ?? ""; //TODO: scrub inputs if(empty($clientId) || empty($subdomain) || empty($displayName)) { return array("error" => "One or more required fields missing: client_id, subdomain, display_name"); } $db = SqliteDatabase::getSingleton(); $sql = "UPDATE accounts SET subdomain = :subdomain, display_name = :display_name WHERE rowid = :client_id"; $preparedQuery = $db->prepare($sql); $preparedQuery->bindValue(':subdomain', $subdomain); $preparedQuery->bindValue(':display_name', $displayName); $preparedQuery->bindValue(':client_id', $clientId); try { $result = $preparedQuery->execute(); $loggerData = array(); $loggerData['display_name'] = $_SESSION['display_name']; $loggerData['user_id'] = $_SESSION['user_id']; $loggerData['client_id'] = $clientId; $loggerData['account_display_name'] = $displayName; $loggerData['subdomain'] = $subdomain; SecurityLogger::action("edit-account", $loggerData, time()); return array("status" => "success", "message" => "Updated account '" . $subdomain . "' (".$clientId.")."); } catch(Exception $e) { return array("error" => "Error when updating account '" . $subdomain. "' (".$clientId."): invalid fields?" , "exception" => $e->getMessage()); } } }