2023-08-19 21:15:47 +03:00
|
|
|
<?php // Viewing account data
|
2023-08-12 01:39:17 +03:00
|
|
|
|
2023-10-31 21:57:17 +03:00
|
|
|
// Includes
|
2023-08-12 01:39:17 +03:00
|
|
|
require_once("../_auth.php");
|
2023-08-19 21:15:47 +03:00
|
|
|
require_once("../_utils.php");
|
2023-10-31 21:57:17 +03:00
|
|
|
require_once("../_errorslist.php");
|
|
|
|
require_once("../_types.php");
|
2023-08-12 01:39:17 +03:00
|
|
|
|
|
|
|
|
2023-08-16 06:34:01 +03:00
|
|
|
|
2023-10-31 21:57:17 +03:00
|
|
|
// Functions
|
|
|
|
|
|
|
|
/*
|
|
|
|
* FUNCTION
|
|
|
|
* Check if user with supplied login exists
|
|
|
|
*/
|
2023-08-19 21:15:47 +03:00
|
|
|
function User_LoginExist ($login): bool {
|
|
|
|
global $db;
|
|
|
|
|
|
|
|
$s = $db->prepare("SELECT * FROM users WHERE login = ?");
|
|
|
|
$s->bind_param("s", $login);
|
|
|
|
$s->execute();
|
|
|
|
|
|
|
|
return (bool)$s->get_result()->fetch_assoc();
|
|
|
|
}
|
|
|
|
|
2023-10-31 21:57:17 +03:00
|
|
|
/*
|
|
|
|
* FUNCTION
|
|
|
|
* Check if user with supplied ID exists
|
|
|
|
*/
|
|
|
|
function User_IDExist ($id): bool {
|
|
|
|
global $db;
|
|
|
|
|
|
|
|
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
|
|
|
$s->bind_param("s", $id);
|
|
|
|
$s->execute();
|
|
|
|
|
|
|
|
return (bool)$s->get_result()->fetch_assoc();
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* FUNCTION
|
|
|
|
* Check if user has specified role
|
|
|
|
*/
|
2023-08-30 04:41:13 +03:00
|
|
|
function User_HasRole ($id, $role) {
|
2023-08-16 06:34:01 +03:00
|
|
|
global $db;
|
|
|
|
|
|
|
|
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
|
|
|
$s->bind_param("s", $id);
|
|
|
|
$s->execute();
|
|
|
|
$d = $s->get_result()->fetch_assoc();
|
|
|
|
|
2023-10-31 21:57:17 +03:00
|
|
|
if (!(bool)$d)
|
2023-08-16 06:34:01 +03:00
|
|
|
return null;
|
|
|
|
|
2023-10-31 21:57:17 +03:00
|
|
|
if ($d["role"] == $role)
|
2023-08-16 06:34:01 +03:00
|
|
|
return true;
|
2023-08-30 04:41:13 +03:00
|
|
|
|
2023-08-16 06:34:01 +03:00
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2023-10-31 21:57:17 +03:00
|
|
|
/*
|
|
|
|
* FUNCTION
|
|
|
|
* Check if user is moderator (or higher)
|
|
|
|
*/
|
2023-08-16 06:34:01 +03:00
|
|
|
function User_IsMod ($id) {
|
|
|
|
global $db;
|
|
|
|
|
|
|
|
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
|
|
|
$s->bind_param("s", $id);
|
|
|
|
$s->execute();
|
|
|
|
$d = $s->get_result()->fetch_assoc();
|
|
|
|
|
|
|
|
if (!(bool)$d) {
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
return in_array($d["role"], array("mod", "admin"));
|
|
|
|
}
|
|
|
|
|
2023-10-31 21:57:17 +03:00
|
|
|
|
|
|
|
|
|
|
|
// Methods
|
|
|
|
|
|
|
|
/*
|
|
|
|
* METHOD
|
|
|
|
* Get user information from DB
|
|
|
|
*/
|
|
|
|
function User_GetInfoByID_Method (array $req): ReturnT {
|
|
|
|
global $db, $THIS_USER, $LOGGED_IN;
|
|
|
|
|
|
|
|
// Input sanity checks
|
|
|
|
|
|
|
|
$id = null;
|
|
|
|
if (isset($req["id"])) {
|
|
|
|
if (!ctype_digit($req["id"]))
|
|
|
|
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "id must be numeric");
|
|
|
|
$id = intval($req["id"]);
|
|
|
|
} else {
|
|
|
|
if ($LOGGED_IN)
|
|
|
|
$id = $THIS_USER;
|
|
|
|
else
|
|
|
|
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "id must be specified or valid session must be provided");
|
|
|
|
}
|
|
|
|
|
|
|
|
// Actions
|
2023-08-16 06:34:01 +03:00
|
|
|
|
|
|
|
$result = array();
|
|
|
|
|
|
|
|
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
|
|
|
$s->bind_param("s", $id);
|
|
|
|
$s->execute();
|
|
|
|
$d = $s->get_result()->fetch_assoc();
|
|
|
|
|
2023-10-31 21:57:17 +03:00
|
|
|
if (!(bool)$d)
|
|
|
|
return new ReturnT(err_code: E_UIN_WRONGID, err_desc: "user not found in database");
|
|
|
|
//return new ReturnT(err_code: E_DBE_SELECTFAIL, err_desc: "failed to get user record");
|
2023-08-16 06:34:01 +03:00
|
|
|
|
|
|
|
$result["id"] = $d["id"];
|
|
|
|
$result["created_at"] = $d["created_at"];
|
|
|
|
$result["login"] = $d["login"];
|
|
|
|
$result["avatar_path"] = $d["avatar_path"];
|
|
|
|
$result["role"] = $d["role"];
|
|
|
|
$result["banned"] = $d["banned"];
|
2023-09-07 23:05:23 +03:00
|
|
|
if (($id === $THIS_USER) || User_IsMod($THIS_USER)) { // User himself and mods can see additional info
|
2023-08-16 06:34:01 +03:00
|
|
|
$result["email"] = $d["email"];
|
|
|
|
$result["invite_id"] = $d["invite_id"];
|
|
|
|
}
|
|
|
|
|
2023-10-31 21:57:17 +03:00
|
|
|
return new ReturnT(data: $result);
|
2023-08-16 06:34:01 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2023-10-31 21:57:17 +03:00
|
|
|
if (Utils_ThisFileIsRequested(__FILE__)) {
|
2023-08-19 21:15:47 +03:00
|
|
|
require_once("../_json.php");
|
|
|
|
|
2023-10-31 21:57:17 +03:00
|
|
|
$result = User_GetInfoByID_Method($_REQUEST);
|
2023-08-16 06:34:01 +03:00
|
|
|
|
2023-10-31 21:57:17 +03:00
|
|
|
if ($result->IsError())
|
|
|
|
$result->ThrowJSONError();
|
2023-08-16 06:34:01 +03:00
|
|
|
else
|
2023-10-31 21:57:17 +03:00
|
|
|
JSON_ReturnData($result->GetData());
|
2023-08-12 01:39:17 +03:00
|
|
|
}
|
|
|
|
|
2023-10-31 21:57:17 +03:00
|
|
|
|
|
|
|
|
2023-08-12 01:39:17 +03:00
|
|
|
?>
|