prepare(' SELECT id, username, email, first_name, last_name, role_id, is_active, last_login, created_at FROM users WHERE id = ? '); $stmt->execute([$userId]); $existingUser = $stmt->fetch(); if (!$existingUser) { errorResponse('Uživatel nebyl nalezen', 404); } $input = getJsonInput(); $username = isset($input['username']) ? sanitize($input['username']) : $existingUser['username']; $email = isset($input['email']) ? sanitize($input['email']) : $existingUser['email']; $firstName = isset($input['first_name']) ? sanitize($input['first_name']) : $existingUser['first_name']; $lastName = isset($input['last_name']) ? sanitize($input['last_name']) : $existingUser['last_name']; // Validate email format if (!isValidEmail($email)) { errorResponse('Neplatný formát e-mailu'); } // Check username uniqueness (excluding current user) $stmt = $pdo->prepare('SELECT id FROM users WHERE username = ? AND id != ?'); $stmt->execute([$username, $userId]); if ($stmt->fetch()) { errorResponse('Uživatelské jméno již existuje'); } // Check email uniqueness (excluding current user) $stmt = $pdo->prepare('SELECT id FROM users WHERE email = ? AND id != ?'); $stmt->execute([$email, $userId]); if ($stmt->fetch()) { errorResponse('E-mail již existuje'); } // Update user if (!empty($input['password'])) { // Validate password length if (strlen($input['password']) < 8) { errorResponse('Heslo musí mít alespoň 8 znaků'); } $passwordHash = password_hash($input['password'], PASSWORD_BCRYPT, ['cost' => BCRYPT_COST]); $stmt = $pdo->prepare(' UPDATE users SET username = ?, email = ?, password_hash = ?, first_name = ?, last_name = ?, password_changed_at = NOW() WHERE id = ? '); $stmt->execute([$username, $email, $passwordHash, $firstName, $lastName, $userId]); } else { $stmt = $pdo->prepare(' UPDATE users SET username = ?, email = ?, first_name = ?, last_name = ? WHERE id = ? '); $stmt->execute([$username, $email, $firstName, $lastName, $userId]); } // Audit log AuditLog::logUpdate('user', $userId, [ 'username' => $existingUser['username'], 'email' => $existingUser['email'], 'first_name' => $existingUser['first_name'], 'last_name' => $existingUser['last_name'], ], [ 'username' => $username, 'email' => $email, 'first_name' => $firstName, 'last_name' => $lastName, ], 'Uživatel aktualizoval svůj profil'); successResponse(null, 'Profil byl úspěšně aktualizován'); } catch (PDOException $e) { error_log('Profile API error: ' . $e->getMessage()); errorResponse('Chyba databáze', 500); }