Продолжил делать API для манипуляции с юзерами
This commit is contained in:
@@ -3,12 +3,93 @@
|
||||
require_once("../_auth.php");
|
||||
require_once("../_json.php");
|
||||
|
||||
// TODO
|
||||
|
||||
if ($LOGGED_IN) {
|
||||
echo 1;
|
||||
} else {
|
||||
echo 2;
|
||||
|
||||
// Check if user has specified role
|
||||
function User_HasRole ($id, $role) {
|
||||
global $db;
|
||||
|
||||
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
||||
$s->bind_param("s", $id);
|
||||
$s->execute();
|
||||
$d = $s->get_result()->fetch_assoc();
|
||||
|
||||
if (!(bool)$d) {
|
||||
return null;
|
||||
}
|
||||
|
||||
if ($d["role"] == $role) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check if user is moderator
|
||||
function User_IsMod ($id) {
|
||||
global $db;
|
||||
|
||||
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
||||
$s->bind_param("s", $id);
|
||||
$s->execute();
|
||||
$d = $s->get_result()->fetch_assoc();
|
||||
|
||||
if (!(bool)$d) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return in_array($d["role"], array("mod", "admin"));
|
||||
}
|
||||
|
||||
// Get user information from DB
|
||||
function User_GetInfoByID ($id) {
|
||||
global $db;
|
||||
|
||||
$result = array();
|
||||
|
||||
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
||||
$s->bind_param("s", $id);
|
||||
$s->execute();
|
||||
$d = $s->get_result()->fetch_assoc();
|
||||
|
||||
if (!(bool)$d) {
|
||||
return null;
|
||||
}
|
||||
|
||||
$result["id"] = $d["id"];
|
||||
$result["created_at"] = $d["created_at"];
|
||||
$result["login"] = $d["login"];
|
||||
$result["avatar_path"] = $d["avatar_path"];
|
||||
$result["role"] = $d["role"];
|
||||
$result["banned"] = $d["banned"];
|
||||
if ($id === $_SESSION["userid"] || User_IsMod($_SESSION["userid"])) { // User himself and mods can see additional info
|
||||
$result["email"] = $d["email"];
|
||||
$result["invite_id"] = $d["invite_id"];
|
||||
}
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (ThisFileIsRequested(__FILE__)) {
|
||||
$UserID = null;
|
||||
|
||||
if (isset($_REQUEST["id"])) {
|
||||
if (!ctype_digit($_REQUEST["id"]))
|
||||
ReturnJSONError($Err_RDP_InvalidID, "id must be numeric");
|
||||
$UserID = intval($_REQUEST["id"]);
|
||||
} else {
|
||||
if ($LOGGED_IN)
|
||||
$UserID = $_SESSION["userid"];
|
||||
else
|
||||
ReturnJSONError($Err_RDP_InvalidID, "id must be specified or valid session must be provided");
|
||||
}
|
||||
|
||||
$ResponseData = User_GetInfoByID($UserID);
|
||||
if ($ResponseData)
|
||||
ReturnJSONData($ResponseData);
|
||||
else
|
||||
ReturnJSONError($Err_DP_IDNotFound, "wrong id");
|
||||
}
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user