31 lines
770 B
PHP
31 lines
770 B
PHP
<?php
|
|
require 'db.php';
|
|
require 'auth.php';
|
|
|
|
header('Content-Type: application/json');
|
|
require_login();
|
|
|
|
$user_id = current_user_id();
|
|
|
|
$input = json_decode(file_get_contents('php://input'), true);
|
|
$profile_id = (int)($input['profile_id'] ?? 0);
|
|
|
|
if ($profile_id <= 0) {
|
|
http_response_code(400);
|
|
echo json_encode(['success' => false, 'error' => 'Invalid profile_id']);
|
|
exit;
|
|
}
|
|
|
|
$stmt = $pdo->prepare("SELECT id FROM profiles WHERE id = ? AND user_id = ?");
|
|
$stmt->execute([$profile_id, $user_id]);
|
|
|
|
if (!$stmt->fetchColumn()) {
|
|
http_response_code(403);
|
|
echo json_encode(['success' => false, 'error' => 'Profile not allowed']);
|
|
exit;
|
|
}
|
|
|
|
$_SESSION['active_profile_id'] = $profile_id;
|
|
|
|
echo json_encode(['success' => true, 'active_profile_id' => $profile_id]);
|