daktylos/libs/AddDataToAccountAction.class.php

<?php
class AddDataToAccountAction implements IAction {
	public function execute() {
		if(!Authorize::isLoggedIn() || !Authorize::hasPermission()) {
			return array("error" => "Access not authorized");
		}

		$projectId = $_POST['project_id'] ?? $_GET['project_id'] ?? "";
		$subdomain = $_POST['subdomain'] ?? $_GET['subdomain'] ?? "";
			
		//TODO: scrub inputs
		if(empty($projectId) || empty($subdomain)) {
			return array("error" => "One or more required fields missing: project_id, subdomain");
		}
		
		$db = SqliteDatabase::getSingleton();

		$preparedQuery = $db->prepare("SELECT rowid AS client_id FROM accounts WHERE subdomain = :subdomain LIMIT 1;");
		$preparedQuery->bindValue(':subdomain', $subdomain);
		$clientId = 0;

		try {
			$result = $preparedQuery->execute();
			$account = $result->fetchArray(SQLITE3_ASSOC);
			$clientId = $account['client_id'];
		}
		catch(Exception $e) {}

		if($clientId == 0) {
			return array("error" => "Invalid subdomain specified");
		}

		$sql = "INSERT INTO account_projects VALUES (:account_id, :project_id);";
		$preparedQuery = $db->prepare($sql);
		$preparedQuery->bindValue(':account_id', $clientId);
		$preparedQuery->bindValue(':project_id', $projectId);
		try {
			$result = $preparedQuery->execute();
			$loggerData = array();
			$loggerData['admin_display_name'] = $_SESSION['display_name'];
			$loggerData['admin_user_id'] = $_SESSION['user_id'];
			$loggerData['project_added'] = $projectId;
			$loggerData['domain_added'] = $clientId;
			SecurityLogger::action("add-project-domain", $loggerData, time());
			return array("status" => "success");
		}
		catch(Exception $e) {
			return array("error" => "Error" , "exception" => $e->getMessage());
		}
	}
}