71 lines
1.9 KiB
PHP
71 lines
1.9 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
require_once __DIR__ . '/_bootstrap.php'; // $pdo, $iduserlogin
|
|
|
|
try {
|
|
if (strtoupper($_SERVER['REQUEST_METHOD'] ?? '') !== 'POST') {
|
|
http_response_code(405);
|
|
echo json_encode(['success' => false, 'message' => 'Method not allowed. Use POST.']);
|
|
exit;
|
|
}
|
|
|
|
$user_id = (int)$iduserlogin;
|
|
|
|
$raw = file_get_contents('php://input');
|
|
$data = json_decode($raw ?: '', true);
|
|
if (!is_array($data)) $data = $_POST;
|
|
|
|
// Whitelist fields you allow to be updated
|
|
$allowed = [
|
|
'notify_email',
|
|
'notify_whatsapp',
|
|
'notify_push',
|
|
'notify_booking_confirm',
|
|
'notify_booking_cancel',
|
|
'notify_session_cancel',
|
|
'notify_payment_receipt',
|
|
'notify_expiration_reminder',
|
|
'newsletter_opt_in',
|
|
'marketing_opt_in',
|
|
'locale',
|
|
'timezone',
|
|
];
|
|
|
|
$updates = [];
|
|
$params = [];
|
|
|
|
foreach ($allowed as $field) {
|
|
if (array_key_exists($field, $data)) {
|
|
$val = $data[$field];
|
|
|
|
// Normalize booleans/numbers for tinyint fields
|
|
if (is_bool($val)) $val = $val ? 1 : 0;
|
|
|
|
$updates[] = "{$field} = ?";
|
|
$params[] = $val;
|
|
}
|
|
}
|
|
|
|
if (empty($updates)) {
|
|
http_response_code(422);
|
|
echo json_encode(['success' => false, 'message' => 'No valid fields to update.']);
|
|
exit;
|
|
}
|
|
|
|
// Ensure row exists
|
|
$pdo->prepare("INSERT IGNORE INTO user_settings (user_id) VALUES (?)")->execute([$user_id]);
|
|
|
|
$params[] = $user_id;
|
|
|
|
$sql = "UPDATE user_settings SET " . implode(', ', $updates) . " WHERE user_id = ?";
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute($params);
|
|
|
|
echo json_encode(['success' => true]);
|
|
} catch (Throwable $e) {
|
|
http_response_code(500);
|
|
echo json_encode(['success' => false, 'message' => 'Server error.', 'error' => $e->getMessage()]);
|
|
}
|