Продолжил делать API для манипуляции с юзерами
This commit is contained in:
parent
79a031401a
commit
611e213592
6
TODO.md
6
TODO.md
@ -60,4 +60,8 @@
|
||||
- Комментарии
|
||||
- Теги
|
||||
- Перечень одобренных
|
||||
- Шаблонная разметка
|
||||
- Шаблонная разметка
|
||||
- Локализация
|
||||
- Кастомизация внешнего вида
|
||||
- Цветовые схемы
|
||||
- Название
|
||||
@ -2,6 +2,13 @@
|
||||
|
||||
require_once("_db.php"); //("api/_db.php");
|
||||
|
||||
|
||||
|
||||
// Check if request was to specified file
|
||||
function ThisFileIsRequested ($fullpath) {
|
||||
return substr($fullpath, -strlen($_SERVER["SCRIPT_NAME"])) === $_SERVER["SCRIPT_NAME"];
|
||||
}
|
||||
|
||||
session_start();
|
||||
|
||||
$LOGGED_IN = false;
|
||||
@ -11,7 +18,7 @@ if (isset($_SESSION["userid"])) {
|
||||
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
||||
$s->bind_param("s", $_SESSION["userid"]);
|
||||
$s->execute();
|
||||
if (!(bool)$s->get_result()->fetch_assoc()) {
|
||||
if (!(bool)$s->get_result()->fetch_assoc()) { // If not, then destroy session
|
||||
session_unset();
|
||||
session_destroy();
|
||||
echo "user id does not exist";
|
||||
|
||||
@ -2,6 +2,8 @@
|
||||
|
||||
require_once("_config.php"); //("api/_config.php");
|
||||
|
||||
|
||||
|
||||
$db = new mysqli($Config["db"]["addr"], $Config["db"]["user"], $Config["db"]["pass"], $Config["db"]["name"]);
|
||||
|
||||
?>
|
||||
@ -1,6 +1,12 @@
|
||||
<?php
|
||||
|
||||
// Internal errors
|
||||
$Err_Int_JSONEncodeError = "int.jsonencode";
|
||||
$Err_Int_JSONEncode = "int.jsonencode"; // Failed to encode JSON data
|
||||
|
||||
// Request data parsing errors
|
||||
$Err_RDP_InvalidID = "rdp.invalidid"; // Requested ID of resource is invalid
|
||||
|
||||
// Data processing errors
|
||||
$Err_DP_IDNotFound = "dp.idnotfound"; // Resource not found by requested ID
|
||||
|
||||
?>
|
||||
@ -2,10 +2,12 @@
|
||||
|
||||
require_once("_errors.php");
|
||||
|
||||
|
||||
|
||||
function ReturnJSONData ($arr) {
|
||||
$data = json_encode($arr);
|
||||
if (!$data) {
|
||||
$data = json_encode(array("error" => $Err_Int_JSONEncodeError));
|
||||
$data = json_encode(array("error" => $Err_Int_JSONEncode));
|
||||
}
|
||||
header("Content-Type: application/json; charset=utf-8");
|
||||
echo $data;
|
||||
|
||||
@ -3,12 +3,93 @@
|
||||
require_once("../_auth.php");
|
||||
require_once("../_json.php");
|
||||
|
||||
// TODO
|
||||
|
||||
if ($LOGGED_IN) {
|
||||
echo 1;
|
||||
} else {
|
||||
echo 2;
|
||||
|
||||
// Check if user has specified role
|
||||
function User_HasRole ($id, $role) {
|
||||
global $db;
|
||||
|
||||
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
||||
$s->bind_param("s", $id);
|
||||
$s->execute();
|
||||
$d = $s->get_result()->fetch_assoc();
|
||||
|
||||
if (!(bool)$d) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if ($d["role"] == $role) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check if user is moderator
|
||||
function User_IsMod ($id) {
|
||||
global $db;
|
||||
|
||||
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
||||
$s->bind_param("s", $id);
|
||||
$s->execute();
|
||||
$d = $s->get_result()->fetch_assoc();
|
||||
|
||||
if (!(bool)$d) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return in_array($d["role"], array("mod", "admin"));
|
||||
}
|
||||
|
||||
// Get user information from DB
|
||||
function User_GetInfoByID ($id) {
|
||||
global $db;
|
||||
|
||||
$result = array();
|
||||
|
||||
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
||||
$s->bind_param("s", $id);
|
||||
$s->execute();
|
||||
$d = $s->get_result()->fetch_assoc();
|
||||
|
||||
if (!(bool)$d) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$result["id"] = $d["id"];
|
||||
$result["created_at"] = $d["created_at"];
|
||||
$result["login"] = $d["login"];
|
||||
$result["avatar_path"] = $d["avatar_path"];
|
||||
$result["role"] = $d["role"];
|
||||
$result["banned"] = $d["banned"];
|
||||
if ($id === $_SESSION["userid"] || User_IsMod($_SESSION["userid"])) { // User himself and mods can see additional info
|
||||
$result["email"] = $d["email"];
|
||||
$result["invite_id"] = $d["invite_id"];
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (ThisFileIsRequested(__FILE__)) {
|
||||
$UserID = null;
|
||||
|
||||
if (isset($_REQUEST["id"])) {
|
||||
if (!ctype_digit($_REQUEST["id"]))
|
||||
ReturnJSONError($Err_RDP_InvalidID, "id must be numeric");
|
||||
$UserID = intval($_REQUEST["id"]);
|
||||
} else {
|
||||
if ($LOGGED_IN)
|
||||
$UserID = $_SESSION["userid"];
|
||||
else
|
||||
ReturnJSONError($Err_RDP_InvalidID, "id must be specified or valid session must be provided");
|
||||
}
|
||||
|
||||
$ResponseData = User_GetInfoByID($UserID);
|
||||
if ($ResponseData)
|
||||
ReturnJSONData($ResponseData);
|
||||
else
|
||||
ReturnJSONError($Err_DP_IDNotFound, "wrong id");
|
||||
}
|
||||
|
||||
?>
|
||||
@ -3,6 +3,6 @@
|
||||
"addr": "localhost",
|
||||
"name": "e949",
|
||||
"user": "e949",
|
||||
"pass": ""
|
||||
"pass": "password"
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue
Block a user