Initial commit

api/admin/profile.php

@@ -0,0 +1,113 @@
+<?php
+
+/**
+ * BOHA Automation - Profile API
+ *
+ * Allows any authenticated user to update their own profile
+ *
+ * PUT /api/admin/profile.php - Update own profile
+ */
+
+declare(strict_types=1);
+
+require_once dirname(__DIR__) . '/config.php';
+require_once dirname(__DIR__) . '/includes/JWTAuth.php';
+require_once dirname(__DIR__) . '/includes/AuditLog.php';
+
+// Set headers
+setCorsHeaders();
+setSecurityHeaders();
+setNoCacheHeaders();
+header('Content-Type: application/json; charset=utf-8');
+
+// Require authentication
+$authData = JWTAuth::requireAuth();
+AuditLog::setUser($authData['user_id'], $authData['user']['username'] ?? 'unknown');
+
+$method = $_SERVER['REQUEST_METHOD'];
+
+if ($method !== 'PUT') {
+    errorResponse('Metoda není povolena', 405);
+}
+
+try {
+    $pdo = db();
+    $userId = $authData['user_id'];
+
+    // Get existing user
+    $stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
+    $stmt->execute([$userId]);
+    $existingUser = $stmt->fetch();
+
+    if (!$existingUser) {
+        errorResponse('Uživatel nebyl nalezen', 404);
+    }
+
+    $input = getJsonInput();
+
+    $username = isset($input['username']) ? sanitize($input['username']) : $existingUser['username'];
+    $email = isset($input['email']) ? sanitize($input['email']) : $existingUser['email'];
+    $firstName = isset($input['first_name']) ? sanitize($input['first_name']) : $existingUser['first_name'];
+    $lastName = isset($input['last_name']) ? sanitize($input['last_name']) : $existingUser['last_name'];
+
+    // Validate email format
+    if (!isValidEmail($email)) {
+        errorResponse('Neplatný formát e-mailu');
+    }
+
+    // Check username uniqueness (excluding current user)
+    $stmt = $pdo->prepare('SELECT id FROM users WHERE username = ? AND id != ?');
+    $stmt->execute([$username, $userId]);
+    if ($stmt->fetch()) {
+        errorResponse('Uživatelské jméno již existuje');
+    }
+
+    // Check email uniqueness (excluding current user)
+    $stmt = $pdo->prepare('SELECT id FROM users WHERE email = ? AND id != ?');
+    $stmt->execute([$email, $userId]);
+    if ($stmt->fetch()) {
+        errorResponse('E-mail již existuje');
+    }
+
+    // Update user
+    if (!empty($input['password'])) {
+        // Validate password length
+        if (strlen($input['password']) < 8) {
+            errorResponse('Heslo musí mít alespoň 8 znaků');
+        }
+
+        $passwordHash = password_hash($input['password'], PASSWORD_BCRYPT, ['cost' => BCRYPT_COST]);
+
+        $stmt = $pdo->prepare('
+            UPDATE users
+            SET username = ?, email = ?, password_hash = ?, first_name = ?, last_name = ?, password_changed_at = NOW()
+            WHERE id = ?
+        ');
+        $stmt->execute([$username, $email, $passwordHash, $firstName, $lastName, $userId]);
+    } else {
+        $stmt = $pdo->prepare('
+            UPDATE users
+            SET username = ?, email = ?, first_name = ?, last_name = ?
+            WHERE id = ?
+        ');
+        $stmt->execute([$username, $email, $firstName, $lastName, $userId]);
+    }
+
+    // Audit log
+    AuditLog::logUpdate('user', $userId, [
+        'username' => $existingUser['username'],
+        'email' => $existingUser['email'],
+        'first_name' => $existingUser['first_name'],
+        'last_name' => $existingUser['last_name'],
+    ], [
+        'username' => $username,
+        'email' => $email,
+        'first_name' => $firstName,
+        'last_name' => $lastName,
+    ], 'Uživatel aktualizoval svůj profil');
+
+    successResponse(null, 'Profil byl úspěšně aktualizován');
+} catch (PDOException $e) {
+    error_log('Profile API error: ' . $e->getMessage());
+    errorResponse('Chyba databáze', 500);
+}