From 611e21359253ec15ada9a407cf7b0d3a70ff1003 Mon Sep 17 00:00:00 2001
From: shr3dd3r <uraneban@blackhost.xyz>
Date: Wed, 16 Aug 2023 06:34:01 +0300
Subject: [PATCH] =?UTF-8?q?=D0=9F=D1=80=D0=BE=D0=B4=D0=BE=D0=BB=D0=B6?=
 =?UTF-8?q?=D0=B8=D0=BB=20=D0=B4=D0=B5=D0=BB=D0=B0=D1=82=D1=8C=20API=20?=
 =?UTF-8?q?=D0=B4=D0=BB=D1=8F=20=D0=BC=D0=B0=D0=BD=D0=B8=D0=BF=D1=83=D0=BB?=
 =?UTF-8?q?=D1=8F=D1=86=D0=B8=D0=B8=20=D1=81=20=D1=8E=D0=B7=D0=B5=D1=80?=
 =?UTF-8?q?=D0=B0=D0=BC=D0=B8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 TODO.md            |  6 ++-
 api/_auth.php      |  9 ++++-
 api/_db.php        |  2 +
 api/_errors.php    |  8 +++-
 api/_json.php      |  4 +-
 api/user/index.php | 91 +++++++++++++++++++++++++++++++++++++++++++---
 config.json        |  2 +-
 7 files changed, 112 insertions(+), 10 deletions(-)

diff --git a/TODO.md b/TODO.md
index ee8e348..c925f25 100644
--- a/TODO.md
+++ b/TODO.md
@@ -60,4 +60,8 @@
 	- Комментарии
 	- Теги
 		- Перечень одобренных
-	- Шаблонная разметка
\ No newline at end of file
+	- Шаблонная разметка
+	- Локализация
+	- Кастомизация внешнего вида
+		- Цветовые схемы
+		- Название
\ No newline at end of file
diff --git a/api/_auth.php b/api/_auth.php
index c89761c..e8c108e 100644
--- a/api/_auth.php
+++ b/api/_auth.php
@@ -2,6 +2,13 @@
 
 require_once("_db.php"); //("api/_db.php");
 
+
+
+// Check if request was to specified file
+function ThisFileIsRequested ($fullpath) {
+	return substr($fullpath, -strlen($_SERVER["SCRIPT_NAME"])) === $_SERVER["SCRIPT_NAME"];
+}
+
 session_start();
 
 $LOGGED_IN = false;
@@ -11,7 +18,7 @@ if (isset($_SESSION["userid"])) {
 	$s = $db->prepare("SELECT * FROM users WHERE id = ?");
 	$s->bind_param("s", $_SESSION["userid"]);
 	$s->execute();
-	if (!(bool)$s->get_result()->fetch_assoc()) {
+	if (!(bool)$s->get_result()->fetch_assoc()) { // If not, then destroy session
 		session_unset();
 		session_destroy();
 		echo "user id does not exist";
diff --git a/api/_db.php b/api/_db.php
index 70c005e..117b761 100644
--- a/api/_db.php
+++ b/api/_db.php
@@ -2,6 +2,8 @@
 
 require_once("_config.php"); //("api/_config.php");
 
+
+
 $db = new mysqli($Config["db"]["addr"], $Config["db"]["user"], $Config["db"]["pass"], $Config["db"]["name"]);
 
 ?>
\ No newline at end of file
diff --git a/api/_errors.php b/api/_errors.php
index cc0df4a..00a5792 100644
--- a/api/_errors.php
+++ b/api/_errors.php
@@ -1,6 +1,12 @@
 <?php
 
 // Internal errors
-$Err_Int_JSONEncodeError = "int.jsonencode";
+$Err_Int_JSONEncode = "int.jsonencode"; // Failed to encode JSON data
+
+// Request data parsing errors
+$Err_RDP_InvalidID = "rdp.invalidid"; // Requested ID of resource is invalid
+
+// Data processing errors
+$Err_DP_IDNotFound = "dp.idnotfound"; // Resource not found by requested ID
 
 ?>
\ No newline at end of file
diff --git a/api/_json.php b/api/_json.php
index 24158f0..d041459 100644
--- a/api/_json.php
+++ b/api/_json.php
@@ -2,10 +2,12 @@
 
 require_once("_errors.php");
 
+
+
 function ReturnJSONData ($arr) {
 	$data = json_encode($arr);
 	if (!$data) {
-		$data = json_encode(array("error" => $Err_Int_JSONEncodeError));
+		$data = json_encode(array("error" => $Err_Int_JSONEncode));
 	}
 	header("Content-Type: application/json; charset=utf-8");
 	echo $data;
diff --git a/api/user/index.php b/api/user/index.php
index d6d12dd..0bcc8f0 100644
--- a/api/user/index.php
+++ b/api/user/index.php
@@ -3,12 +3,93 @@
 require_once("../_auth.php");
 require_once("../_json.php");
 
-// TODO
 
-if ($LOGGED_IN) {
-	echo 1;
-} else {
-	echo 2;
+
+// Check if user has specified role
+function User_HasRole ($id, $role) {
+	global $db;
+
+	$s = $db->prepare("SELECT * FROM users WHERE id = ?");
+	$s->bind_param("s", $id);
+	$s->execute();
+	$d = $s->get_result()->fetch_assoc();
+
+	if (!(bool)$d) {
+		return null;
+	}
+
+	if ($d["role"] == $role) {
+		return true;
+	}
+	return false;
+}
+
+// Check if user is moderator
+function User_IsMod ($id) {
+	global $db;
+
+	$s = $db->prepare("SELECT * FROM users WHERE id = ?");
+	$s->bind_param("s", $id);
+	$s->execute();
+	$d = $s->get_result()->fetch_assoc();
+
+	if (!(bool)$d) {
+		return null;
+	}
+
+	return in_array($d["role"], array("mod", "admin"));
+}
+
+// Get user information from DB
+function User_GetInfoByID ($id) {
+	global $db;
+
+	$result = array();
+
+	$s = $db->prepare("SELECT * FROM users WHERE id = ?");
+	$s->bind_param("s", $id);
+	$s->execute();
+	$d = $s->get_result()->fetch_assoc();
+
+	if (!(bool)$d) {
+		return null;
+	}
+
+	$result["id"]            = $d["id"];
+	$result["created_at"]    = $d["created_at"];
+	$result["login"]         = $d["login"];
+	$result["avatar_path"]   = $d["avatar_path"];
+	$result["role"]          = $d["role"];
+	$result["banned"]        = $d["banned"];
+	if ($id === $_SESSION["userid"] || User_IsMod($_SESSION["userid"])) { // User himself and mods can see additional info
+		$result["email"]     = $d["email"];
+		$result["invite_id"] = $d["invite_id"];
+	}
+
+	return $result;
+}
+
+
+
+if (ThisFileIsRequested(__FILE__)) {
+	$UserID = null;
+
+	if (isset($_REQUEST["id"])) {
+		if (!ctype_digit($_REQUEST["id"]))
+			ReturnJSONError($Err_RDP_InvalidID, "id must be numeric");
+		$UserID = intval($_REQUEST["id"]);
+	} else {
+		if ($LOGGED_IN)
+			$UserID = $_SESSION["userid"];
+		else
+			ReturnJSONError($Err_RDP_InvalidID, "id must be specified or valid session must be provided");
+	}
+
+	$ResponseData = User_GetInfoByID($UserID);
+	if ($ResponseData)
+		ReturnJSONData($ResponseData);
+	else
+		ReturnJSONError($Err_DP_IDNotFound, "wrong id");
 }
 
 ?>
\ No newline at end of file
diff --git a/config.json b/config.json
index 35fdbe1..5fa12c3 100644
--- a/config.json
+++ b/config.json
@@ -3,6 +3,6 @@
 		"addr": "localhost",
 		"name": "e949",
 		"user": "e949",
-		"pass": ""
+		"pass": "password"
 	}
 }
\ No newline at end of file