49 lines
1.4 KiB
PHP
49 lines
1.4 KiB
PHP
<?php
|
|
|
|
require_once __DIR__ . '/../includes/api_bootstrap.php';
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
|
|
sendJson(['success' => false, 'error' => 'Method not allowed'], 405);
|
|
}
|
|
|
|
$people = normalizePeopleList(readJsonFile('people.json'));
|
|
assertHoHCanManagePeople($people);
|
|
|
|
$body = readJsonBody();
|
|
$targetId = isset($body['targetPersonId']) ? trim((string) $body['targetPersonId']) : '';
|
|
$newPin = isset($body['newPin']) ? (string) $body['newPin'] : '';
|
|
|
|
if ($targetId === '') {
|
|
sendJson(['success' => false, 'error' => 'targetPersonId is required'], 400);
|
|
}
|
|
if (strlen($newPin) < 4) {
|
|
sendJson(['success' => false, 'error' => 'newPin must be at least 4 characters'], 400);
|
|
}
|
|
|
|
$target = findPersonById($people, $targetId);
|
|
if ($target === null) {
|
|
sendJson(['success' => false, 'error' => 'Person not found'], 404);
|
|
}
|
|
if (($target['role'] ?? '') !== ROLE_HEAD) {
|
|
sendJson(['success' => false, 'error' => 'PIN applies only to Head of Household profiles'], 400);
|
|
}
|
|
|
|
$updated = false;
|
|
foreach ($people as $i => $p) {
|
|
if (($p['id'] ?? '') === $targetId) {
|
|
$people[$i]['pin_hash'] = password_hash($newPin, PASSWORD_DEFAULT);
|
|
$updated = true;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (!$updated) {
|
|
sendJson(['success' => false, 'error' => 'Update failed'], 500);
|
|
}
|
|
|
|
if (!writeJsonFile('people.json', $people)) {
|
|
sendJson(['success' => false, 'error' => 'Failed to save people'], 500);
|
|
}
|
|
|
|
sendJson(['success' => true]);
|