diff --git a/TODO.md b/TODO.md index ee8e348..c925f25 100644 --- a/TODO.md +++ b/TODO.md @@ -60,4 +60,8 @@ - Комментарии - Теги - Перечень одобренных - - Шаблонная разметка \ No newline at end of file + - Шаблонная разметка + - Локализация + - Кастомизация внешнего вида + - Цветовые схемы + - Название \ No newline at end of file diff --git a/api/_auth.php b/api/_auth.php index c89761c..e8c108e 100644 --- a/api/_auth.php +++ b/api/_auth.php @@ -2,6 +2,13 @@ require_once("_db.php"); //("api/_db.php"); + + +// Check if request was to specified file +function ThisFileIsRequested ($fullpath) { + return substr($fullpath, -strlen($_SERVER["SCRIPT_NAME"])) === $_SERVER["SCRIPT_NAME"]; +} + session_start(); $LOGGED_IN = false; @@ -11,7 +18,7 @@ if (isset($_SESSION["userid"])) { $s = $db->prepare("SELECT * FROM users WHERE id = ?"); $s->bind_param("s", $_SESSION["userid"]); $s->execute(); - if (!(bool)$s->get_result()->fetch_assoc()) { + if (!(bool)$s->get_result()->fetch_assoc()) { // If not, then destroy session session_unset(); session_destroy(); echo "user id does not exist"; diff --git a/api/_db.php b/api/_db.php index 70c005e..117b761 100644 --- a/api/_db.php +++ b/api/_db.php @@ -2,6 +2,8 @@ require_once("_config.php"); //("api/_config.php"); + + $db = new mysqli($Config["db"]["addr"], $Config["db"]["user"], $Config["db"]["pass"], $Config["db"]["name"]); ?> \ No newline at end of file diff --git a/api/_errors.php b/api/_errors.php index cc0df4a..00a5792 100644 --- a/api/_errors.php +++ b/api/_errors.php @@ -1,6 +1,12 @@ \ No newline at end of file diff --git a/api/_json.php b/api/_json.php index 24158f0..d041459 100644 --- a/api/_json.php +++ b/api/_json.php @@ -2,10 +2,12 @@ require_once("_errors.php"); + + function ReturnJSONData ($arr) { $data = json_encode($arr); if (!$data) { - $data = json_encode(array("error" => $Err_Int_JSONEncodeError)); + $data = json_encode(array("error" => $Err_Int_JSONEncode)); } header("Content-Type: application/json; charset=utf-8"); echo $data; diff --git a/api/user/index.php b/api/user/index.php index d6d12dd..0bcc8f0 100644 --- a/api/user/index.php +++ b/api/user/index.php @@ -3,12 +3,93 @@ require_once("../_auth.php"); require_once("../_json.php"); -// TODO -if ($LOGGED_IN) { - echo 1; -} else { - echo 2; + +// Check if user has specified role +function User_HasRole ($id, $role) { + global $db; + + $s = $db->prepare("SELECT * FROM users WHERE id = ?"); + $s->bind_param("s", $id); + $s->execute(); + $d = $s->get_result()->fetch_assoc(); + + if (!(bool)$d) { + return null; + } + + if ($d["role"] == $role) { + return true; + } + return false; +} + +// Check if user is moderator +function User_IsMod ($id) { + global $db; + + $s = $db->prepare("SELECT * FROM users WHERE id = ?"); + $s->bind_param("s", $id); + $s->execute(); + $d = $s->get_result()->fetch_assoc(); + + if (!(bool)$d) { + return null; + } + + return in_array($d["role"], array("mod", "admin")); +} + +// Get user information from DB +function User_GetInfoByID ($id) { + global $db; + + $result = array(); + + $s = $db->prepare("SELECT * FROM users WHERE id = ?"); + $s->bind_param("s", $id); + $s->execute(); + $d = $s->get_result()->fetch_assoc(); + + if (!(bool)$d) { + return null; + } + + $result["id"] = $d["id"]; + $result["created_at"] = $d["created_at"]; + $result["login"] = $d["login"]; + $result["avatar_path"] = $d["avatar_path"]; + $result["role"] = $d["role"]; + $result["banned"] = $d["banned"]; + if ($id === $_SESSION["userid"] || User_IsMod($_SESSION["userid"])) { // User himself and mods can see additional info + $result["email"] = $d["email"]; + $result["invite_id"] = $d["invite_id"]; + } + + return $result; +} + + + +if (ThisFileIsRequested(__FILE__)) { + $UserID = null; + + if (isset($_REQUEST["id"])) { + if (!ctype_digit($_REQUEST["id"])) + ReturnJSONError($Err_RDP_InvalidID, "id must be numeric"); + $UserID = intval($_REQUEST["id"]); + } else { + if ($LOGGED_IN) + $UserID = $_SESSION["userid"]; + else + ReturnJSONError($Err_RDP_InvalidID, "id must be specified or valid session must be provided"); + } + + $ResponseData = User_GetInfoByID($UserID); + if ($ResponseData) + ReturnJSONData($ResponseData); + else + ReturnJSONError($Err_DP_IDNotFound, "wrong id"); } ?> \ No newline at end of file diff --git a/config.json b/config.json index 35fdbe1..5fa12c3 100644 --- a/config.json +++ b/config.json @@ -3,6 +3,6 @@ "addr": "localhost", "name": "e949", "user": "e949", - "pass": "" + "pass": "password" } } \ No newline at end of file