AddDataToAccountAction.class.php 1.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051
  1. <?php
  2. class AddDataToAccountAction implements IAction {
  3. public function execute() {
  4. if(!Authorize::isLoggedIn() || !Authorize::hasPermission()) {
  5. return array("error" => "Access not authorized");
  6. }
  7. $projectId = $_POST['project_id'] ?? $_GET['project_id'] ?? "";
  8. $subdomain = $_POST['subdomain'] ?? $_GET['subdomain'] ?? "";
  9. //TODO: scrub inputs
  10. if(empty($projectId) || empty($subdomain)) {
  11. return array("error" => "One or more required fields missing: project_id, subdomain");
  12. }
  13. $db = SqliteDatabase::getSingleton();
  14. $preparedQuery = $db->prepare("SELECT rowid AS client_id FROM accounts WHERE subdomain = :subdomain LIMIT 1;");
  15. $preparedQuery->bindValue(':subdomain', $subdomain);
  16. $clientId = 0;
  17. try {
  18. $result = $preparedQuery->execute();
  19. $account = $result->fetchArray(SQLITE3_ASSOC);
  20. $clientId = $account['client_id'];
  21. }
  22. catch(Exception $e) {}
  23. if($clientId == 0) {
  24. return array("error" => "Invalid subdomain specified");
  25. }
  26. $sql = "INSERT INTO account_projects VALUES (:account_id, :project_id);";
  27. $preparedQuery = $db->prepare($sql);
  28. $preparedQuery->bindValue(':account_id', $clientId);
  29. $preparedQuery->bindValue(':project_id', $projectId);
  30. try {
  31. $result = $preparedQuery->execute();
  32. $loggerData = array();
  33. $loggerData['admin_display_name'] = $_SESSION['display_name'];
  34. $loggerData['admin_user_id'] = $_SESSION['user_id'];
  35. $loggerData['project_added'] = $projectId;
  36. $loggerData['domain_added'] = $clientId;
  37. SecurityLogger::action("add-project-domain", $loggerData, time());
  38. return array("status" => "success");
  39. }
  40. catch(Exception $e) {
  41. return array("error" => "Error" , "exception" => $e->getMessage());
  42. }
  43. }
  44. }