Cyclone-Team/e949
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Продолжение переписывания

Browse Source
This commit is contained in:
Shr3dd3r
2023-11-03 02:38:51 +03:00
parent 12143c148d
commit a573faf5a1
7 changed files with 236 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

41
api/user/create.php
View File

@@ -9,6 +9,30 @@ require_once("index.php");
// Functions
/*
* FUNCTION
* Create new user account
*/
function User_Create (string $login, string $password, ?string $email = null, ?string $invite_id = null, ?string $avatar_path = null): ReturnT {
$salt = Utils_GenerateRandomString(8);
$pwd_hash = hash("sha256", $password . $salt, true);
// TODO: process invite
$s = $db->prepare("INSERT INTO users (login,email,password_hash,salt,avatar_path,role,invite_id) VALUES (?,?,?,?,?,?,?)");
$role = "newbie"; // TODO: make decision from config
$s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, $role, $invite_id);
if ($s->execute() === false)
return new ReturnT(err_code: E_DBE_INSERTFAIL, err_desc: "cant insert record to users DB");
return new ReturnT(data: true);
}
// Methods
/*
@@ -77,22 +101,7 @@ function User_Create_Method (array $req): ReturnT {
// Actions
$result = null;
$salt = Utils_GenerateRandomString(8);
$pwd_hash = hash("sha256", $password . $salt, true);
// TODO: process invite
$s = $db->prepare("INSERT INTO users (login,email,password_hash,salt,avatar_path,role,invite_id) VALUES (?,?,?,?,?,?,?)");
$role = "newbie";
$s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, $role, $invite_id);
$result = ($s->execute() !== false);
if (!$result)
return new ReturnT(err_code: E_DBE_INSERTFAIL, err_desc: "cant insert record to users DB");
return new ReturnT(data: $result);
return User_Create($login, $password, $email, $invite_id, $avatar_path);
}

22
api/user/delete.php
View File

@@ -8,6 +8,21 @@ require_once("./index.php");
// Functions
/*
* FUNCTION
* Delete existing account
*/
function User_Delete (int $id): ReturnT {
$s = $db->prepare("delete from users where id = ?");
$s->bind_param("s", $id);
return new ReturnT(data: ($s->execute() !== false));
}
// Methods
/*
@@ -32,15 +47,12 @@ function User_Delete_Method (array $req): ReturnT {
}
// If its attempt to delete other account
if (!User_HasRole($THIS_USER, "admin") && $THIS_USER !== $id)
if (!User_HasRole($THIS_USER, "admin").GetData() && $THIS_USER !== $id)
return new ReturnT(err_code: E_ACS_INSUFROLE, err_desc: "you must be admin to delete other accounts");
// Actions
$s = $db->prepare("delete from users where id = ?");
$s->bind_param("s", $id);
return new ReturnT(data: ($s->execute() !== false));
return User_Delete($id);
}

77
api/user/index.php
View File

@@ -42,7 +42,7 @@ function User_IDExist ($id): bool {
* FUNCTION
* Check if user has specified role
*/
function User_HasRole ($id, $role) {
function User_HasRole ($id, $role): ReturnT {
global $db;
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
@@ -51,19 +51,16 @@ function User_HasRole ($id, $role) {
$d = $s->get_result()->fetch_assoc();
if (!(bool)$d)
return null;
return new ReturnT(err_code: E_UIN_WRONGID, err_desc: "user not found in database");
if ($d["role"] == $role)
return true;
return false;
return new ReturnT(data: $d["role"] === $role);
}
/*
* FUNCTION
* Check if user is moderator (or higher)
*/
function User_IsMod ($id) {
function User_IsMod ($id): ReturnT {
global $db;
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
@@ -71,11 +68,41 @@ function User_IsMod ($id) {
$s->execute();
$d = $s->get_result()->fetch_assoc();
if (!(bool)$d) {
return null;
if (!(bool)$d)
return new ReturnT(err_code: E_UIN_WRONGID, err_desc: "user not found in database");
return new ReturnT(data: in_array($d["role"], array("mod", "admin")));
}
/*
* FUNCTION
* Get user information from DB
*/
function User_GetInfoByID (int $id): ReturnT {
global $THIS_USER;
$result = array();
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
$s->bind_param("s", $id);
$s->execute();
$d = $s->get_result()->fetch_assoc();
if (!(bool)$d)
return new ReturnT(err_code: E_UIN_WRONGID, err_desc: "user not found in database");
$result["id"] = $d["id"];
$result["created_at"] = $d["created_at"];
$result["login"] = $d["login"];
$result["avatar_path"] = $d["avatar_path"];
$result["role"] = $d["role"];
$result["banned"] = $d["banned"];
if (($id === $THIS_USER) || User_IsMod($THIS_USER).GetData()) { // User himself and mods can see additional info
$result["email"] = $d["email"];
$result["invite_id"] = $d["invite_id"];
}
return in_array($d["role"], array("mod", "admin"));
return new ReturnT(data: $result);
}
@@ -91,43 +118,21 @@ function User_GetInfoByID_Method (array $req): ReturnT {
// Input sanity checks
$id = null;
$UserID = null;
if (isset($req["id"])) {
if (!ctype_digit($req["id"]))
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "id must be numeric");
$id = intval($req["id"]);
$UserID = intval($req["id"]);
} else {
if ($LOGGED_IN)
$id = $THIS_USER;
$UserID = $THIS_USER;
else
return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "id must be specified or valid session must be provided");
}
// Actions
$result = array();
$s = $db->prepare("SELECT * FROM users WHERE id = ?");
$s->bind_param("s", $id);
$s->execute();
$d = $s->get_result()->fetch_assoc();
if (!(bool)$d)
return new ReturnT(err_code: E_UIN_WRONGID, err_desc: "user not found in database");
//return new ReturnT(err_code: E_DBE_SELECTFAIL, err_desc: "failed to get user record");
$result["id"] = $d["id"];
$result["created_at"] = $d["created_at"];
$result["login"] = $d["login"];
$result["avatar_path"] = $d["avatar_path"];
$result["role"] = $d["role"];
$result["banned"] = $d["banned"];
if (($id === $THIS_USER) || User_IsMod($THIS_USER)) { // User himself and mods can see additional info
$result["email"] = $d["email"];
$result["invite_id"] = $d["invite_id"];
}
return new ReturnT(data: $result);
return User_GetInfoByID($UserID);
}