` në fund të skedarit,
// nëse nuk ka kod tjetër HTML ose tekst poshtë saj.
// Zakonisht, në skedarët PHP që shërbejnë si API, etiketa mbyllëse `?>` nuk përdoret.
// THIS IS THE ONLY AND CORRECT LINE YOU NEED TO ADD TO THIS FILE.
// This line links the custom autoloader that loads Firebase\JWT classes.
// This assumes that the 'riga-api.php' file is located in the root of your plugin (e.g., weather_token_rewards/),
// and 'autoload.php' is located inside the 'vendor' subdirectory (e.g., weather_token_rewards/vendor/autoload.php).
require_once __DIR__ . '/vendor/autoload.php';
use Firebase\JWT\JWT;
use Firebase\JWT\Key;
// =============================
// HELPER: Download file from URL and upload to WordPress Media Library
// =============================
function riga_upload_file_from_url_to_media_library($file_url, $document_type) {
// Sigurohuni që të gjitha funksionet e nevojshme të media-s të WordPress-it janë të ngarkuara.
// wp-admin/includes/image.php zakonisht përfshin edhe file.php dhe media.php
require_once( ABSPATH . 'wp-admin/includes/file.php' );
require_once( ABSPATH . 'wp-admin/includes/image.php' );
require_once( ABSPATH . 'wp-admin/includes/media.php' );
// Validate URL
if (!filter_var($file_url, FILTER_VALIDATE_URL)) {
return new WP_Error('invalid_url', 'Invalid URL provided.', ['status' => 400]);
}
// Get file contents from URL
$response = wp_remote_get($file_url, [
'timeout' => 60, // Rritja e timeout-it për shkarkime më të gjata
'user-agent' => 'WordPress/' . get_bloginfo('version'),
]);
if (is_wp_error($response)) {
return new WP_Error('download_error', 'Failed to download file: ' . $response->get_error_message(), ['status' => 500]);
}
$response_code = wp_remote_retrieve_response_code($response);
if ($response_code !== 200) {
return new WP_Error('download_error', 'Failed to download file. HTTP status: ' . $response_code, ['status' => 500]);
}
$file_data = wp_remote_retrieve_body($response);
if (empty($file_data)) {
return new WP_Error('empty_file', 'Downloaded file is empty.', ['status' => 400]);
}
// Get file info from URL
$parsed_url = parse_url($file_url);
$original_filename = basename($parsed_url['path']);
// If no extension in URL, try to detect from content type
if (pathinfo($original_filename, PATHINFO_EXTENSION) === '') {
$content_type = wp_remote_retrieve_header($response, 'content-type');
$extension = '';
switch ($content_type) {
case 'image/jpeg':
$extension = '.jpg';
break;
case 'image/png':
$extension = '.png';
break;
case 'image/gif':
$extension = '.gif';
break;
case 'application/pdf':
$extension = '.pdf';
break;
default:
// Tentojmë të dedektojmë nga të dhënat e skedarit nëse tipi i përmbajtjes nuk është specifik
$finfo = finfo_open(FILEINFO_MIME_TYPE);
$mime_type = finfo_buffer($finfo, $file_data);
finfo_close($finfo);
switch ($mime_type) {
case 'image/jpeg':
$extension = '.jpg';
break;
case 'image/png':
$extension = '.png';
break;
case 'image/gif':
$extension = '.gif';
break;
case 'application/pdf':
$extension = '.pdf';
break;
default:
$extension = '.jpg';
}
}
$original_filename = $document_type . '_' . time() . $extension;
}
// Create a safe filename
$filename = sanitize_file_name($original_filename);
$upload_dir = wp_upload_dir();
$file_path = $upload_dir['path'] . '/' . $filename;
// Check if file already exists and create unique name
$counter = 1;
$file_info = pathinfo($filename);
while (file_exists($file_path)) {
$new_filename = $file_info['filename'] . '_' . $counter . '.' . $file_info['extension'];
$file_path = $upload_dir['path'] . '/' . $new_filename;
$filename = $new_filename;
$counter++;
}
// Save file to uploads directory
$saved = file_put_contents($file_path, $file_data);
if ($saved === false) {
return new WP_Error('save_error', 'Failed to save file to uploads directory.', ['status' => 500]);
}
// Check file type (WordPress's internal check)
$file_type = wp_check_filetype($filename, null);
if (!$file_type['type']) {
// Clean up the file if type is not allowed
unlink($file_path);
return new WP_Error('invalid_file_type', 'File type is not allowed.', ['status' => 400]);
}
// Create attachment array
$attachment = [
'post_mime_type' => $file_type['type'],
'post_title' => sanitize_file_name($filename),
'post_content' => '',
'post_status' => 'inherit'
];
// Insert attachment into WordPress database
$attachment_id = wp_insert_attachment($attachment, $file_path);
if (is_wp_error($attachment_id)) {
// Clean up the file if attachment creation failed
unlink($file_path);
return $attachment_id;
}
// Generate attachment metadata (thumbnails, sizes etc.)
$attach_data = wp_generate_attachment_metadata($attachment_id, $file_path);
wp_update_attachment_metadata($attachment_id, $attach_data);
// Return success with attachment ID and URL
return [
'id' => $attachment_id,
'url' => wp_get_attachment_url($attachment_id) // Marr URL-në e plotë nga WordPress
];
}
// =============================
// NEW ENDPOINT: Upload KYC Document Directly (multipart/form-data)
// Method: POST
// URL: /riga/v1/kyc/upload-direct
// Requires: Auth Token, document_type (front_id, back_id, selfie), file_upload (the actual file)
// Stores: Attachment ID in user meta (kyc_front, kyc_back, kyc_selfie)
// =============================
function riga_api_upload_kyc_document_direct($request) {
// User authentication required
$user = riga_verify_token_and_get_user($request);
if (is_wp_error($user) || !$user) {
return new WP_REST_Response(['success' => false, 'message' => 'Unauthorized. Invalid or missing token.'], 401);
}
$user_id = $user->ID;
// Këtu do të marrim të dhënat nga $_POST për 'document_type' dhe skedarin nga $_FILES
$document_type = sanitize_text_field($_POST['document_type'] ?? ''); // e.g., 'front_id', 'back_id', 'selfie'
if (empty($document_type)) {
return new WP_REST_Response(['success' => false, 'message' => 'Document type is required.'], 400);
}
// Validoni llojin e dokumentit
$allowed_types = ['front_id', 'back_id', 'selfie'];
if (!in_array($document_type, $allowed_types)) {
return new WP_REST_Response(['success' => false, 'message' => 'Invalid document type. Allowed types: ' . implode(', ', $allowed_types)], 400);
}
// Kontrollo nëse skedari është dërguar dhe nuk ka gabime
if (empty($_FILES['file_upload'])) {
return new WP_REST_Response(['success' => false, 'message' => 'No file was uploaded. Please make sure the input field name is "file_upload".'], 400);
}
// Përdorni funksionin e ri ndihmës për ngarkim direkt të skedarit
$upload_result = riga_upload_file_from_direct_upload_to_media_library($_FILES['file_upload'], $document_type);
if (is_wp_error($upload_result)) {
// Kthe gabimin nga funksioni ndihmës
return new WP_REST_Response([
'success' => false,
'message' => $upload_result->get_error_message()
], $upload_result->get_error_data()['status'] ?? 500);
}
// Ruani ID-në e attachment-it në meta të përdoruesit
$meta_key_for_kyc = str_replace('_id', '', 'kyc_' . $document_type);
update_user_meta($user_id, $meta_key_for_kyc, $upload_result['id']);
return new WP_REST_Response([
'success' => true,
'message' => 'Document uploaded successfully.',
'document_url' => $upload_result['url'], // Kthe URL-në e WordPress
'document_type' => $document_type,
'attachment_id' => $upload_result['id']
], 200);
}
// =============================
// ENDPOINT: Submit KYC Verification
// Method: POST
// URL: /riga/v1/kyc/submit
// Requires: Auth Token. Optional parameters like first_name, last_name, city, country, dob.
// Updates: User meta and sets 'kyc_approved' to false (pending approval).
// =============================
function riga_api_submit_kyc($request) {
// User authentication required
$user = riga_verify_token_and_get_user($request);
if (is_wp_error($user) || !$user) {
return new WP_REST_Response(['success' => false, 'message' => 'Unauthorized. Invalid or missing token.'], 401);
}
$user_id = $user->ID;
$params = $request->get_json_params();
// Update other user data if sent
$first_name = sanitize_text_field($params['first_name'] ?? '');
$last_name = sanitize_text_field($params['last_name'] ?? '');
$city = sanitize_text_field($params['city'] ?? '');
$country = sanitize_text_field($params['country'] ?? '');
$dob = sanitize_text_field($params['dob'] ?? '');
// Only update if values are provided, so as not to erase existing data
if (!empty($first_name)) update_user_meta($user_id, 'first_name', $first_name);
if (!empty($last_name)) update_user_meta($user_id, 'last_name', $last_name);
if (!empty($city)) update_user_meta($user_id, 'city', $city);
if (!empty($country)) update_user_meta($user_id, 'country', $country);
if (!empty($dob)) update_user_meta($user_id, 'dob', $dob);
// Set KYC status to 'pending' by setting 'kyc_approved' to false
// This is the status the admin plugin checks.
update_user_meta($user_id, 'kyc_approved', false);
// You could add another field for more detailed client-side status,
// e.g., update_user_meta($user_id, 'wtr_kyc_status', 'submitted_for_review');
// Your admin currently only changes 'kyc_approved'.
// Return response
return new WP_REST_Response([
'success' => true,
'message' => 'KYC submission received. Awaiting admin approval.',
'kyc_approved' => false // Inform the app that it's now pending
], 200);
}
// =============================
// ✅ NEW ADDITION: ENDPOINT: Update User Profile Data
// Method: POST
// URL: /riga/v1/profile/update
// Requires: Auth Token. Can update various user meta fields and email/phone based on KYC.
// =============================
function riga_api_update_profile($request) {
$user = riga_verify_token_and_get_user($request);
if (is_wp_error($user) || !$user) {
return new WP_REST_Response(['success' => false, 'message' => 'Unauthorized. Invalid or missing token.'], 401);
}
$user_id = $user->ID;
$params = $request->get_json_params();
// Fetch current KYC status
$kyc_approved_status = get_user_meta($user_id, 'kyc_approved', true);
$has_kyc = ($kyc_approved_status === '1' || $kyc_approved_status === true);
$updated_fields = [];
$errors = [];
// Fields allowed ONLY if no KYC OR if specific conditions met
if (!$has_kyc) { // User has NOT completed KYC - allow all fields from the image
$first_name = sanitize_text_field($params['first_name'] ?? '');
$last_name = sanitize_text_field($params['last_name'] ?? '');
$city = sanitize_text_field($params['city'] ?? '');
$country = sanitize_text_field($params['country'] ?? '');
$dob = sanitize_text_field($params['dob'] ?? '');
$phone = sanitize_text_field($params['phone'] ?? ''); // Use 'phone' as meta key from your other code
if (!empty($first_name)) { update_user_meta($user_id, 'first_name', $first_name); $updated_fields['first_name'] = $first_name; }
if (!empty($last_name)) { update_user_meta($user_id, 'last_name', $last_name); $updated_fields['last_name'] = $last_name; }
if (!empty($city)) { update_user_meta($user_id, 'city', $city); $updated_fields['city'] = $city; }
if (!empty($country)) { update_user_meta($user_id, 'country', $country); $updated_fields['country'] = $country; }
if (!empty($dob)) { update_user_meta($user_id, 'dob', $dob); $updated_fields['dob'] = $dob; }
if (!empty($phone)) { update_user_meta($user_id, 'phone', $phone); $updated_fields['phone'] = $phone; }
} else { // User HAS completed KYC - ONLY allow email and phone
$phone = sanitize_text_field($params['phone'] ?? '');
if (!empty($phone)) { update_user_meta($user_id, 'phone', $phone); $updated_fields['phone'] = $phone; }
}
// Handle email update (can be common for both, but with validation)
$new_email = sanitize_email($params['email'] ?? '');
if (!empty($new_email) && $new_email !== $user->user_email) {
if (email_exists($new_email) && email_exists($new_email) !== $user_id) {
$errors[] = 'Email already in use by another account.';
} else {
$updated = wp_update_user(['ID' => $user_id, 'user_email' => $new_email]);
if (is_wp_error($updated)) {
$errors[] = 'Failed to update email: ' . $updated->get_error_message();
} else {
$updated_fields['email'] = $new_email;
}
}
}
if (!empty($errors)) {
return new WP_REST_Response(['success' => false, 'message' => 'Profile update failed.', 'errors' => $errors], 400);
}
if (empty($updated_fields)) {
return new WP_REST_Response(['success' => false, 'message' => 'No valid fields provided for update or no changes made.'], 200);
}
return new WP_REST_Response([
'success' => true,
'message' => 'Profile updated successfully.',
'updated_fields' => $updated_fields // This shows which fields were actually updated
], 200);
}
// =============================
// Riga Token REST API Endpoints - Registration
// =============================
add_action('rest_api_init', function () {
// Existing route: Test
register_rest_route('riga/v1', '/test', [
'methods' => 'GET',
'callback' => function () {
return new WP_REST_Response(['msg' => 'Route inside riga-api.php works'], 200);
},
'permission_callback' => '__return_true', // Added: Test can be accessed by everyone
]);
// Existing route: Login
register_rest_route('riga/v1', '/login', [
'methods' => 'POST',
'callback' => 'riga_api_login_user',
'permission_callback' => '__return_true',
]);
// Existing route: Register
register_rest_route('riga/v1', '/register', [
'methods' => 'POST',
'callback' => 'riga_api_register_user',
'permission_callback' => '__return_true',
]);
// Existing route: Userinfo
register_rest_route('riga/v1', '/userinfo', [
'methods' => 'GET',
'callback' => 'riga_api_get_userinfo',
'permission_callback' => 'riga_permission_check_token', // Changed: Now requires token
]);
// Existing route: Dashboard
register_rest_route('wtr/v1', '/dashboard', [
'methods' => 'GET',
'callback' => 'wtr_get_dashboard_data',
'permission_callback' => 'riga_permission_check_token',
]);
// ✅ MODIFIED Route: KYC Document Upload from URL
register_rest_route('riga/v1', '/kyc/upload', [
'methods' => 'POST',
'callback' => 'riga_api_upload_kyc_document',
'permission_callback' => 'riga_permission_check_token', // Requires token to upload documents
'args' => [
'document_type' => [
'description' => 'Type of document (front_id, back_id, selfie).',
'type' => 'string',
'required' => true,
'validate_callback' => function($param) {
return in_array($param, ['front_id', 'back_id', 'selfie']);
}
],
'file_url' => [
'description' => 'URL of the file to download and upload.',
'type' => 'string',
'required' => true,
'validate_callback' => function($param) {
return filter_var($param, FILTER_VALIDATE_URL) !== false;
}
],
],
]);
// ✅ NEW ADDITION: Route for Direct KYC Document Upload (multipart/form-data)
register_rest_route('riga/v1', '/kyc/upload-direct', [
'methods' => 'POST',
'callback' => 'riga_api_upload_kyc_document_direct',
'permission_callback' => 'riga_permission_check_token', // Kërkon token për të ngarkuar dokumente
// Nuk kemi nevojë për args specifikë për skedarët, pasi $_FILES menaxhon këtë
'args' => [
'document_type' => [
'description' => 'Type of document (front_id, back_id, selfie).',
'type' => 'string',
'required' => true,
'validate_callback' => function($param) {
return in_array($param, ['front_id', 'back_id', 'selfie']);
}
],
// Nuk ka 'file_upload' këtu sepse është menaxhuar nga $_FILES, jo si param JSON
],
]);
// ✅ Existing Route: KYC Submit Verification
register_rest_route('riga/v1', '/kyc/submit', [
'methods' => 'POST',
'callback' => 'riga_api_submit_kyc',
'permission_callback' => 'riga_permission_check_token', // Requires token to submit KYC
'args' => [
'first_name' => [ 'type' => 'string', 'required' => false ],
'last_name' => [ 'type' => 'string', 'required' => false ],
'city' => [ 'type' => 'string', 'required' => false ],
'country' => [ 'type' => 'string', 'required' => false ],
'dob' => [ 'type' => 'string', 'required' => false ],
],
]);
// ✅ NEW ADDITION: Route for Profile Update (The one we just created)
register_rest_route('riga/v1', '/profile/update', [
'methods' => 'POST',
'callback' => 'riga_api_update_profile',
'permission_callback' => 'riga_permission_check_token', // Requires token
'args' => [
'first_name' => [ 'type' => 'string', 'required' => false ],
'last_name' => [ 'type' => 'string', 'required' => false ],
'city' => [ 'type' => 'string', 'required' => false ],
'country' => [ 'type' => 'string', 'required' => false ],
'dob' => [ 'type' => 'string', 'required' => false ],
'email' => [ 'type' => 'string', 'required' => false, 'format' => 'email' ],
'phone' => [ 'type' => 'string', 'required' => false ],
],
]);
});
// =============================
// Allow Bearer token via REST API
// =============================
add_filter('rest_authentication_errors', function ($result) {
if (!empty($result)) return $result;
if (is_user_logged_in()) return $result; // Allow logged-in admin
$allowed_routes_without_bearer = [
'/wp-json/riga/v1/login',
'/wp-json/riga/v1/register',
'/wp-json/riga/v1/test'
];
$current_path = $_SERVER['REQUEST_URI'];
foreach ($allowed_routes_without_bearer as $route) {
if (strpos($current_path, $route) !== false) return true; // Allow these without token
}
// Check for Bearer token for other routes
$auth = null;
if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
$auth = $_SERVER['HTTP_AUTHORIZATION'];
} elseif (function_exists('apache_request_headers')) {
$headers = apache_request_headers();
if (isset($headers['Authorization'])) {
$auth = $headers['Authorization'];
}
}
if ($auth && strpos($auth, 'Bearer ') === 0) {
// If there's a Bearer token, proceed with its verification
return true;
}
// If no Bearer token and the route is not allowed without it, return error
return new WP_Error('rest_forbidden', __('You are not authorized to do this.'), ['status' => 401]);
});
// =============================
// LOGIN Endpoint with JWT Token
// =============================
function riga_api_login_user($request) {
$params = $request->get_json_params();
$username = sanitize_text_field($params['username'] ?? '');
$password = $params['password'] ?? '';
if (empty($username) || empty($password)) {
return new WP_REST_Response(['success' => false, 'message' => 'Username and password are required.'], 400);
}
$user = wp_authenticate($username, $password);
if (is_wp_error($user)) {
return new WP_REST_Response(['success' => false, 'message' => 'Invalid credentials.'], 401);
}
if (!defined('JWT_AUTH_SECRET_KEY')) {
return new WP_REST_Response(['success' => false, 'message' => 'JWT secret key not defined.'], 500);
}
$payload = [
'iss' => get_bloginfo('url'),
'iat' => time(),
'exp' => time() + (DAY_IN_SECONDS * 7), // Token valid for 7 days
'data' => [ 'user' => [ 'id' => $user->ID, ], ],
];
$token = JWT::encode($payload, JWT_AUTH_SECRET_KEY, 'HS256');
// Get real KYC status from user meta
// Admin plugin uses 'kyc_approved' (boolean true/false)
$kyc_approved_status = get_user_meta($user->ID, 'kyc_approved', true);
// Here you can put additional logic for client status
// E.g., 'pending' if not approved, 'approved' if it is, 'submitted' if submitted but not approved
$kyc_status_for_app = ($kyc_approved_status === '1' || $kyc_approved_status === true) ? 'approved' : 'pending'; // '1' is how boolean true is stored by update_user_meta
// Find uploaded document URLs (to return to the app if you want to display them)
$kyc_front_id = get_user_meta($user->ID, 'kyc_front', true);
$kyc_back_id = get_user_meta($user->ID, 'kyc_back', true);
$kyc_selfie_id = get_user_meta($user->ID, 'kyc_selfie', true);
$kyc_front_url = $kyc_front_id ? wp_get_attachment_url($kyc_front_id) : '';
$kyc_back_url = $kyc_back_id ? wp_get_attachment_url($kyc_back_id) : '';
$kyc_selfie_url = $kyc_selfie_id ? wp_get_attachment_url($kyc_selfie_id) : '';
return new WP_REST_Response([
'success' => true,
'token' => $token,
'user_id' => $user->ID,
'username' => $user->user_login,
'email' => $user->user_email,
'displayName' => $user->display_name,
'referral_link' => site_url('/ref/' . $user->user_login),
'token_balance' => (int)get_user_meta($user->ID, 'tokens', true) ?? 0, // Corrected 'wtr_token_balance' to 'tokens'
'kyc_status' => $kyc_status_for_app, // Use the newly defined status
'solana_wallet' => get_user_meta($user->ID, 'solana_wallet', true) ?? '', // Corrected 'wtr_solana_wallet' to 'solana_wallet'
'kyc_documents' => [ // Added document URLs
'front_id' => $kyc_front_url,
'back_id' => $kyc_back_url,
'selfie' => $kyc_selfie_url,
]
], 200);
}
// =============================
// Verify JWT and return user
// =============================
function riga_verify_token_and_get_user($request) {
$auth_header = $request->get_header('Authorization');
if (!$auth_header || strpos($auth_header, 'Bearer ') !== 0) {
return null; // No Bearer token
}
$token = trim(str_replace('Bearer ', '', $auth_header));
if (!defined('JWT_AUTH_SECRET_KEY')) {
return new WP_Error('jwt_secret_not_defined', 'JWT secret key not defined.', ['status' => 500]);
}
try {
$decoded = JWT::decode($token, new Key(JWT_AUTH_SECRET_KEY, 'HS256'));
$user_id = $decoded->data->user->id ?? null;
return get_user_by('id', $user_id);
} catch (Exception $e) {
return new WP_Error('jwt_decode_error', 'Invalid token: ' . $e->getMessage(), ['status' => 403]);
}
}
// =============================
// Permission check using token
// =============================
function riga_permission_check_token($request) {
$user = riga_verify_token_and_get_user($request);
if (is_wp_error($user)) {
return $user; // Return authorization error
}
return $user instanceof WP_User; // Allow only if it's a valid user object
}
// =============================
// DASHBOARD DATA for token-logged-in users
// =============================
function wtr_get_dashboard_data($request) {
// Authorization via token is required (set in register_rest_route)
$user = get_user_by('id', get_current_user_id()); // get_current_user_id() works after token is verified
if (!$user) {
return new WP_REST_Response(['message' => 'Unauthorized. No logged-in user found.'], 401);
}
$user_id = $user->ID;
// Get KYC data as used by the admin plugin
$kyc_approved_status = get_user_meta($user_id, 'kyc_approved', true);
$kyc_status_for_app = ($kyc_approved_status === '1' || $kyc_approved_status === true) ? 'approved' : 'pending';
$kyc_front_id = get_user_meta($user->ID, 'kyc_front', true);
$kyc_back_id = get_user_meta($user->ID, 'kyc_back', true);
$kyc_selfie_id = get_user_meta($user->ID, 'kyc_selfie', true);
$kyc_front_url = $kyc_front_id ? wp_get_attachment_url($kyc_front_id) : '';
$kyc_back_url = $kyc_back_id ? wp_get_attachment_url($kyc_back_id) : '';
$kyc_selfie_url = $kyc_selfie_id ? wp_get_attachment_url($kyc_selfie_id) : '';
$data = [
'id' => $user_id,
'displayName' => $user->display_name,
'email' => $user->user_email,
'username' => $user->user_login,
'first_name' => get_user_meta($user_id, 'first_name', true),
'last_name' => get_user_meta($user_id, 'last_name', true),
'tokens' => (int) get_user_meta($user_id, 'tokens', true),
'kyc_status' => $kyc_status_for_app, // Use the new status
'wallet' => get_user_meta($user_id, 'solana_wallet', true),
'phone' => get_user_meta($user->ID, 'phone', true),
'country' => get_user_meta($user->ID, 'country', true),
'city' => get_user_meta($user->ID, 'city', true),
'dob' => get_user_meta($user->ID, 'dob', true),
'gender' => get_user_meta($user->ID, 'gender', true),
'rainy_days' => (int) get_user_meta($user->ID, 'wtr_rainy_days_count', true),
'referral_link' => home_url("/newuser?ref=" . $user->user_login),
'invited_count' => count(get_users(['meta_key' => 'wtr_referrer_id', 'meta_value' => $user_id, 'fields' => 'ID'])),
'transactions' => get_user_meta($user_id, 'wtr_transactions', true),
'withdrawals' => get_user_meta($user_id, 'wtr_withdrawals', true),
'kyc_documents' => [ // Added document URLs
'front_id' => $kyc_front_url,
'back_id' => $kyc_back_url,
'selfie' => $kyc_selfie_url,
]
]; // This is the array for $data variable.
return rest_ensure_response($data); // This returns the response.
}
// =============================
// Placeholder: userinfo endpoint (can be used to get basic user info)
// =============================
function riga_api_get_userinfo($request) {
// This route now requires a token (permission_callback)
$user = get_user_by('id', get_current_user_id());
if (!$user) {
return new WP_REST_Response(['message' => 'Unauthorized'], 401);
}
// Get real KYC status
$kyc_approved_status = get_user_meta($user->ID, 'kyc_approved', true);
$kyc_status_for_app = ($kyc_approved_status === '1' || $kyc_approved_status === true) ? 'approved' : 'pending';
$user_data = [
'id' => $user->ID,
'username' => $user->user_login,
'email' => $user->user_email,
'first_name' => get_user_meta($user->ID, 'first_name', true),
'last_name' => get_user_meta($user->ID, 'last_name', true), // KORRIGJIM: Kjo linjë duhet të marrë 'last_name' nga meta
'kyc_status' => $kyc_status_for_app,
'token_balance' => (int)get_user_meta($user->ID, 'tokens', true) ?? 0,
// Add any other fields you want to retrieve in "userinfo"
];
return new WP_REST_Response(['success' => true, 'user_data' => $user_data], 200);
}
// =============================
// REGISTER Endpoint
// =============================
function riga_api_register_user($request) {
$params = $request->get_json_params();
$username = sanitize_user($params['username'] ?? '');
$email = sanitize_email($params['email'] ?? '');
$password = $params['password'] ?? '';
$first_name = sanitize_text_field($params['first_name'] ?? '');
$last_name = sanitize_text_field($params['last_name'] ?? '');
$phone = sanitize_text_field($params['phone'] ?? '');
$dob = sanitize_text_field($params['dob'] ?? '');
$gender = sanitize_text_field($params['gender'] ?? '');
$city = sanitize_text_field($params['city'] ?? '');
$country = sanitize_text_field($params['country'] ?? '');
$referral = sanitize_text_field($params['referral'] ?? ''); // ADDED
if (empty($username) || empty($email) || empty($password)) {
return new WP_Error('missing_fields', 'Username, email, and password are required.', ['status' => 400]);
}
if (username_exists($username)) {
return new WP_Error('username_exists', 'This username is taken.', ['status' => 400]);
}
if (email_exists($email)) {
return new WP_Error('email_exists', 'This email is already registered.', ['status' => 400]);
}
$user_id = wp_create_user($username, $password, $email);
if (is_wp_error($user_id)) {
return $user_id;
}
// Saving additional data
update_user_meta($user_id, 'first_name', $first_name);
update_user_meta($user_id, 'last_name', $last_name);
update_user_meta($user_id, 'phone', $phone);
update_user_meta($user_id, 'dob', $dob);
update_user_meta($user_id, 'gender', $gender);
update_user_meta($user_id, 'city', $city);
update_user_meta($user_id, 'country', $country);
// ADDED: Logic for referral code (optional)
if (!empty($referral)) {
$referrer_user = get_user_by('login', $referral); // Find the user by referral username
if ($referrer_user) {
update_user_meta($user_id, 'wtr_referrer_id', $referrer_user->ID);
}
}
// Set initial values
// Use 'kyc_approved' as the admin plugin checks
update_user_meta($user_id, 'kyc_approved', false); // Default to "pending"
update_user_meta($user_id, 'tokens', 0); // Corrected from 'wtr_token_balance' to 'tokens'
// ***************************************************************
// MAIN MODIFICATION HERE: Return user data in the response
// ***************************************************************
$user_data_response = [
'id' => $user_id,
'username' => $username,
'email' => $email,
'first_name' => $first_name,
'last_name' => $last_name,
'phone' => $phone,
'dob' => $dob,
'gender' => $gender,
'city' => $city,
'country' => $country,
'kyc_status' => 'pending', // Directly after registration, KYC is always pending
'token_balance' => 0,
'referrer_id' => get_user_meta($user_id, 'wtr_referrer_id', true) ?? null
];
return new WP_REST_Response([
'success' => true,
'message' => 'User registered successfully.',
'user_data' => $user_data_response // Create a 'user_data' object
], 201);
}
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the updraftplus domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/rigazawz/rewards.rigatoken.online/wp-includes/functions.php on line 6121
Warning: Cannot modify header information - headers already sent by (output started at /home/rigazawz/rewards.rigatoken.online/wp-content/plugins/weather_token_rewards/riga-api.php:32) in /home/rigazawz/rewards.rigatoken.online/wp-includes/sitemaps/class-wp-sitemaps-renderer.php on line 126
https://rewards.rigatoken.online/wp-sitemap-posts-post-1.xmlhttps://rewards.rigatoken.online/wp-sitemap-posts-page-1.xmlhttps://rewards.rigatoken.online/wp-sitemap-taxonomies-category-1.xmlhttps://rewards.rigatoken.online/wp-sitemap-taxonomies-post_tag-1.xmlhttps://rewards.rigatoken.online/wp-sitemap-users-1.xml