Проект ещё жив!
This commit is contained in:
@ -1,7 +1,10 @@
|
||||
<?php
|
||||
|
||||
// Includes
|
||||
require_once("_db.php");
|
||||
if ($IS_FRONTEND)
|
||||
require_once("api/_db.php");
|
||||
else
|
||||
require_once("_db.php");
|
||||
|
||||
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
$Config = array();
|
||||
$Config_FileName = "config.json";
|
||||
$Config_PossiblePaths = array(
|
||||
$Config_PossiblePaths = array( // TODO: remake with flag $IS_FRONTEND
|
||||
"./" . $Config_FileName,
|
||||
"../" . $Config_FileName,
|
||||
"../../" . $Config_FileName,
|
||||
|
||||
@ -1,6 +1,10 @@
|
||||
<?php // Database setup
|
||||
|
||||
require_once("_config.php");
|
||||
// Includes
|
||||
if ($IS_FRONTEND)
|
||||
require_once("api/_config.php");
|
||||
else
|
||||
require_once("_config.php");
|
||||
|
||||
|
||||
|
||||
|
||||
@ -1,7 +1,10 @@
|
||||
<?php // JSON-related functions
|
||||
|
||||
// Includes
|
||||
require_once("_errorslist.php");
|
||||
if ($IS_FRONTEND)
|
||||
require_once("api/_errorslist.php");
|
||||
else
|
||||
require_once("_errorslist.php");
|
||||
|
||||
|
||||
|
||||
|
||||
@ -1,8 +1,13 @@
|
||||
<?php // Necessary functions, types and other stuff
|
||||
|
||||
// Includes
|
||||
require_once("_errorslist.php");
|
||||
require_once("_json.php");
|
||||
if ($IS_FRONTEND) {
|
||||
require_once("api/_errorslist.php");
|
||||
require_once("api/_json.php");
|
||||
} else {
|
||||
require_once("_errorslist.php");
|
||||
require_once("_json.php");
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
@ -2,46 +2,127 @@
|
||||
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("../_types.php");
|
||||
require_once("../user/index.php");
|
||||
|
||||
|
||||
|
||||
// Get comments from range of selected comment section
|
||||
function ComSec_Get ($sec_id, $ts_from, $ts_to) {
|
||||
global $db;
|
||||
// Functions
|
||||
|
||||
/*
|
||||
* FUNCTION
|
||||
* Get comments from range of selected comment section
|
||||
*/
|
||||
function Comments_GetSectionRange (int $sec_id, int $ts_from = 0, int $ts_to = 0xffffffff): ReturnT {
|
||||
global $db, $LOGGED_IN, $THIS_USER;
|
||||
|
||||
$result = array();
|
||||
|
||||
$s = $db->prepare("SELECT * FROM posts WHERE id = ?");
|
||||
$s->bind_param("s", $id);
|
||||
$s = $db->prepare("SELECT * FROM comments WHERE comment_section_id=? AND created_at>=? AND created_at<=? ORDER BY created_at");
|
||||
$s->bind_param("sss", $sec_id, date("Y-m-d H:i:s", $ts_from), date("Y-m-d H:i:s", $ts_to));
|
||||
$s->execute();
|
||||
$d = $s->get_result()->fetch_assoc();
|
||||
$d = $s->get_result();
|
||||
|
||||
if (!(bool)$d) {
|
||||
return null;
|
||||
if (!(bool)$d)
|
||||
return new ReturnT(data: $result);
|
||||
|
||||
$isAdmin = false;
|
||||
if ($LOGGED_IN && User_HasRole($THIS_USER, "admin")->GetData())
|
||||
$isAdmin = true;
|
||||
|
||||
while ($row = $d->fetch_array()) {
|
||||
if (!$isAdmin && $row["needs_check"])
|
||||
continue;
|
||||
|
||||
$newResultRow = array(
|
||||
"id" => $row["id"],
|
||||
"author_id" => $row["author_id"],
|
||||
"created_at" => $row["created_at"],
|
||||
"contents" => $row["contents"]
|
||||
);
|
||||
|
||||
if ($isAdmin)
|
||||
$newResultRow["needs_check"] = (bool)$row["needs_check"];
|
||||
|
||||
$result[] = $newResultRow;
|
||||
}
|
||||
|
||||
return new ReturnT(data: $result);
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (ThisFileIsRequested(__FILE__)) {
|
||||
require_once("../_json.php");
|
||||
// Methods
|
||||
|
||||
/*
|
||||
* METHOD
|
||||
* Get comments from range of selected comment section
|
||||
*/
|
||||
function Comments_GetSectionRange_Method (array $req): ReturnT {
|
||||
// Input sanity checks
|
||||
|
||||
$SectionID = null;
|
||||
$TSFrom = 0;
|
||||
$TSTo = 0xffffffff;
|
||||
|
||||
if (isset($_REQUEST["id"])) {
|
||||
if (!ctype_digit($_REQUEST["id"]))
|
||||
ReturnJSONError($Err_RDP_InvalidID, "id must be numeric");
|
||||
$SectionID = intval($_REQUEST["id"]);
|
||||
if (isset($req["id"])) {
|
||||
if (!ctype_digit($req["id"]))
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "id must be numeric");
|
||||
$SectionID = intval($req["id"]);
|
||||
} else {
|
||||
ReturnJSONError($Err_RDP_InvalidID, "id must be specified");
|
||||
return new ReturnT(err_code: E_UIN_INSUFARGS, err_desc: "id must be specified");
|
||||
}
|
||||
|
||||
/*
|
||||
$ResponseData = ComSec_GetComms($SectionID);
|
||||
if ($ResponseData)
|
||||
ReturnJSONData($ResponseData);
|
||||
if (isset($req["ts_from"])) {
|
||||
$TSFrom = $req["ts_from"];
|
||||
|
||||
if (strlen($TSFrom) > 24)
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "start timestamp cant be this long");
|
||||
|
||||
if (!ctype_digit($TSFrom))
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "start timestamp must be numeric");
|
||||
|
||||
$TSFrom = intval($TSFrom);
|
||||
|
||||
if ($TSFrom > 0xffffffff)
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "start timestamp cant be bigger than INT32_MAX");
|
||||
}
|
||||
|
||||
if (isset($req["ts_to"])) {
|
||||
$TSTo = $req["ts_to"];
|
||||
|
||||
if (strlen($TSTo) > 24)
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "start timestamp cant be this long");
|
||||
|
||||
if (!ctype_digit($TSTo))
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "start timestamp must be numeric");
|
||||
|
||||
$TSTo = intval($TSTo);
|
||||
|
||||
if ($TSTo > 0xffffffff)
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "start timestamp cant be bigger than INT32_MAX");
|
||||
}
|
||||
|
||||
if ($TSTo < $TSFrom)
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "start timestamp cant be bigger than end timestamp");
|
||||
|
||||
// Actions
|
||||
|
||||
return Comments_GetSectionRange($SectionID, $TSFrom, $TSTo);
|
||||
}
|
||||
|
||||
|
||||
|
||||
if (Utils_ThisFileIsRequested(__FILE__)) {
|
||||
require_once("../_json.php");
|
||||
|
||||
$result = Comments_GetSectionRange_Method($_REQUEST);
|
||||
|
||||
if ($result->IsError())
|
||||
$result->ThrowJSONError();
|
||||
else
|
||||
ReturnJSONError($Err_DP_IDNotFound, "wrong id");
|
||||
*/
|
||||
JSON_ReturnData($result->GetData());
|
||||
}
|
||||
|
||||
?>
|
||||
@ -88,6 +88,8 @@ function Post_Create (
|
||||
bool $comms_enabled = false,
|
||||
bool $edit_lock = false
|
||||
): ReturnT {
|
||||
global $db;
|
||||
|
||||
$result = null;
|
||||
|
||||
// Author ID should exist
|
||||
@ -113,7 +115,7 @@ function Post_Create (
|
||||
* Create single publication
|
||||
*/
|
||||
function Post_Create_Method (array $req, array $files): ReturnT {
|
||||
global $db, $Config, $LOGGED_IN, $THIS_USER;
|
||||
global $Config, $LOGGED_IN, $THIS_USER;
|
||||
|
||||
$author_id = $THIS_USER;
|
||||
$tags = null;
|
||||
@ -168,7 +170,7 @@ function Post_Create_Method (array $req, array $files): ReturnT {
|
||||
|
||||
|
||||
|
||||
if (ThisFileIsRequested(__FILE__)) {
|
||||
if (Utils_ThisFileIsRequested(__FILE__)) {
|
||||
require_once("../_json.php");
|
||||
|
||||
// TODO: cleanup if bad result
|
||||
|
||||
@ -1,14 +1,39 @@
|
||||
<?php // Get single post by ID
|
||||
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("../_types.php");
|
||||
// Includes
|
||||
if ($IS_FRONTEND) {
|
||||
require_once("api/_auth.php");
|
||||
require_once("api/_utils.php");
|
||||
require_once("api/_errorslist.php");
|
||||
require_once("api/_types.php");
|
||||
} else {
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("../_types.php");
|
||||
}
|
||||
|
||||
|
||||
|
||||
// Functions
|
||||
|
||||
/*
|
||||
* FUNCTION
|
||||
* Get total amount of posts
|
||||
*/
|
||||
function Post_GetPostsAmount (): int {
|
||||
global $db;
|
||||
|
||||
$s = $db->prepare("SELECT id FROM posts"); // NOTICE: very naive and will impact performance when many posts are exist
|
||||
$s->execute();
|
||||
$d = $s->get_result()->fetch_assoc();
|
||||
|
||||
if ($d)
|
||||
return count($d);
|
||||
else
|
||||
return 0;
|
||||
}
|
||||
|
||||
/*
|
||||
* FUNCTION
|
||||
* Increment number of views for post
|
||||
@ -79,10 +104,10 @@ function Post_GetByID_Method (array $req) {
|
||||
$PostID = null;
|
||||
if (isset($req["id"])) {
|
||||
if (!ctype_digit($req["id"]))
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, "id must be numeric");
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "id must be numeric");
|
||||
$PostID = intval($req["id"]);
|
||||
} else {
|
||||
return new ReturnT(err_code: E_UIN_INSUFARGS, "id must be specified");
|
||||
return new ReturnT(err_code: E_UIN_INSUFARGS, err_desc: "id must be specified");
|
||||
}
|
||||
|
||||
// Actions
|
||||
|
||||
@ -15,7 +15,7 @@ if (Utils_ThisFileIsRequested(__FILE__)) {
|
||||
JSON_ReturnError(code: E_UNS_INTERNAL, desc: "you need to enable debug mode in configuration file first");
|
||||
|
||||
if (!isset($_REQUEST["id"]))
|
||||
JSON_ReturnError(code: E_UIN_WRONGID, desc: "valid id must be specified");
|
||||
JSON_ReturnError(code: E_UIN_INSUFARGS, desc: "valid id must be specified");
|
||||
|
||||
if (!isset($_SESSION["userid"]))
|
||||
session_start();
|
||||
|
||||
@ -16,13 +16,15 @@ require_once("index.php");
|
||||
* Create new user account
|
||||
*/
|
||||
function User_Create (string $login, string $password, ?string $email = null, ?string $invite_id = null, ?string $avatar_path = null): ReturnT {
|
||||
global $db;
|
||||
|
||||
$salt = Utils_GenerateRandomString(8);
|
||||
$pwd_hash = hash("sha256", $password . $salt, true);
|
||||
|
||||
// TODO: process invite
|
||||
|
||||
$s = $db->prepare("INSERT INTO users (login,email,password_hash,salt,avatar_path,role,invite_id) VALUES (?,?,?,?,?,?,?)");
|
||||
$role = "newbie"; // TODO: make decision from config
|
||||
$role = "newbie"; // TODO: make decision from config or supply by argument
|
||||
$s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, $role, $invite_id);
|
||||
|
||||
if ($s->execute() === false)
|
||||
@ -40,7 +42,7 @@ function User_Create (string $login, string $password, ?string $email = null, ?s
|
||||
* Create new user account
|
||||
*/
|
||||
function User_Create_Method (array $req): ReturnT {
|
||||
global $db, $Config, $LOGGED_IN;
|
||||
global $Config, $LOGGED_IN;
|
||||
|
||||
$login = null;
|
||||
$password = null;
|
||||
|
||||
@ -15,6 +15,8 @@ require_once("./index.php");
|
||||
* Delete existing account
|
||||
*/
|
||||
function User_Delete (int $id): ReturnT {
|
||||
global $db;
|
||||
|
||||
$s = $db->prepare("delete from users where id = ?");
|
||||
$s->bind_param("s", $id);
|
||||
|
||||
@ -30,7 +32,7 @@ function User_Delete (int $id): ReturnT {
|
||||
* Delete existing account
|
||||
*/
|
||||
function User_Delete_Method (array $req): ReturnT {
|
||||
global $db, $LOGGED_IN, $THIS_USER;
|
||||
global $LOGGED_IN, $THIS_USER;
|
||||
|
||||
$id = null;
|
||||
|
||||
@ -47,7 +49,7 @@ function User_Delete_Method (array $req): ReturnT {
|
||||
}
|
||||
|
||||
// If its attempt to delete other account
|
||||
if (!User_HasRole($THIS_USER, "admin").GetData() && $THIS_USER !== $id)
|
||||
if (!User_HasRole($THIS_USER, "admin")->GetData() && $THIS_USER !== $id)
|
||||
return new ReturnT(err_code: E_ACS_INSUFROLE, err_desc: "you must be admin to delete other accounts");
|
||||
|
||||
// Actions
|
||||
@ -63,7 +65,7 @@ if (Utils_ThisFileIsRequested(__FILE__)) {
|
||||
// HACK: for debugging purposes. Will be removed later
|
||||
if ($Config["debug"])
|
||||
$_POST = $_REQUEST;
|
||||
|
||||
|
||||
$result = User_Delete_Method($_POST);
|
||||
|
||||
if ($result->IsError()) {
|
||||
|
||||
@ -1,10 +1,17 @@
|
||||
<?php // Viewing account data
|
||||
|
||||
// Includes
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("../_types.php");
|
||||
if ($IS_FRONTEND) {
|
||||
require_once("api/_auth.php");
|
||||
require_once("api/_utils.php");
|
||||
require_once("api/_errorslist.php");
|
||||
require_once("api/_types.php");
|
||||
} else {
|
||||
require_once("../_auth.php");
|
||||
require_once("../_utils.php");
|
||||
require_once("../_errorslist.php");
|
||||
require_once("../_types.php");
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -14,7 +21,7 @@ require_once("../_types.php");
|
||||
* FUNCTION
|
||||
* Check if user with supplied login exists
|
||||
*/
|
||||
function User_LoginExist ($login): bool {
|
||||
function User_LoginExist (string $login): bool {
|
||||
global $db;
|
||||
|
||||
$s = $db->prepare("SELECT * FROM users WHERE login = ?");
|
||||
@ -28,7 +35,7 @@ function User_LoginExist ($login): bool {
|
||||
* FUNCTION
|
||||
* Check if user with supplied ID exists
|
||||
*/
|
||||
function User_IDExist ($id): bool {
|
||||
function User_IDExist (int $id): bool {
|
||||
global $db;
|
||||
|
||||
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
||||
@ -42,7 +49,7 @@ function User_IDExist ($id): bool {
|
||||
* FUNCTION
|
||||
* Check if user has specified role
|
||||
*/
|
||||
function User_HasRole ($id, $role): ReturnT {
|
||||
function User_HasRole (int $id, string $role): ReturnT {
|
||||
global $db;
|
||||
|
||||
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
||||
@ -60,7 +67,7 @@ function User_HasRole ($id, $role): ReturnT {
|
||||
* FUNCTION
|
||||
* Check if user is moderator (or higher)
|
||||
*/
|
||||
function User_IsMod ($id): ReturnT {
|
||||
function User_IsMod (int $id): ReturnT {
|
||||
global $db;
|
||||
|
||||
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
|
||||
@ -79,7 +86,7 @@ function User_IsMod ($id): ReturnT {
|
||||
* Get user information from DB
|
||||
*/
|
||||
function User_GetInfoByID (int $id): ReturnT {
|
||||
global $THIS_USER;
|
||||
global $db, $THIS_USER;
|
||||
|
||||
$result = array();
|
||||
|
||||
@ -97,7 +104,7 @@ function User_GetInfoByID (int $id): ReturnT {
|
||||
$result["avatar_path"] = $d["avatar_path"];
|
||||
$result["role"] = $d["role"];
|
||||
$result["banned"] = $d["banned"];
|
||||
if (($id === $THIS_USER) || User_IsMod($THIS_USER).GetData()) { // User himself and mods can see additional info
|
||||
if (($id === $THIS_USER) || User_IsMod($THIS_USER)->GetData()) { // User himself and mods can see additional info
|
||||
$result["email"] = $d["email"];
|
||||
$result["invite_id"] = $d["invite_id"];
|
||||
}
|
||||
@ -114,7 +121,7 @@ function User_GetInfoByID (int $id): ReturnT {
|
||||
* Get user information from DB
|
||||
*/
|
||||
function User_GetInfoByID_Method (array $req): ReturnT {
|
||||
global $db, $THIS_USER, $LOGGED_IN;
|
||||
global $THIS_USER, $LOGGED_IN;
|
||||
|
||||
// Input sanity checks
|
||||
|
||||
@ -127,7 +134,7 @@ function User_GetInfoByID_Method (array $req): ReturnT {
|
||||
if ($LOGGED_IN)
|
||||
$UserID = $THIS_USER;
|
||||
else
|
||||
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "id must be specified or valid session must be provided");
|
||||
return new ReturnT(err_code: E_UIN_INSUFARGS, err_desc: "id must be specified or valid session must be provided");
|
||||
}
|
||||
|
||||
// Actions
|
||||
|
||||
Reference in New Issue
Block a user