Проект ещё жив!

api/user/__admin_session.php

@@ -15,7 +15,7 @@ if (Utils_ThisFileIsRequested(__FILE__)) {
 		JSON_ReturnError(code: E_UNS_INTERNAL, desc: "you need to enable debug mode in configuration file first");
 
 	if (!isset($_REQUEST["id"]))
-		JSON_ReturnError(code: E_UIN_WRONGID, desc: "valid id must be specified");
+		JSON_ReturnError(code: E_UIN_INSUFARGS, desc: "valid id must be specified");
 
 	if (!isset($_SESSION["userid"]))
 		session_start();

api/user/create.php

@@ -16,13 +16,15 @@ require_once("index.php");
  * Create new user account
  */
 function User_Create (string $login, string $password, ?string $email = null, ?string $invite_id = null, ?string $avatar_path = null): ReturnT {
+	global $db;
+
 	$salt = Utils_GenerateRandomString(8);
 	$pwd_hash = hash("sha256", $password . $salt, true);
 
 	// TODO: process invite
 
 	$s = $db->prepare("INSERT INTO users (login,email,password_hash,salt,avatar_path,role,invite_id) VALUES (?,?,?,?,?,?,?)");
-	$role = "newbie"; // TODO: make decision from config
+	$role = "newbie"; // TODO: make decision from config or supply by argument
 	$s->bind_param("sssssss", $login, $email, $pwd_hash, $salt, $avatar_path, $role, $invite_id);
 
 	if ($s->execute() === false)
@@ -40,7 +42,7 @@ function User_Create (string $login, string $password, ?string $email = null, ?s
  * Create new user account
  */
 function User_Create_Method (array $req): ReturnT {
-	global $db, $Config, $LOGGED_IN;
+	global $Config, $LOGGED_IN;
 
 	$login = null;
 	$password = null;

api/user/delete.php

@@ -15,6 +15,8 @@ require_once("./index.php");
  * Delete existing account
  */
 function User_Delete (int $id): ReturnT {
+	global $db;
+
 	$s = $db->prepare("delete from users where id = ?");
 	$s->bind_param("s", $id);
 
@@ -30,7 +32,7 @@ function User_Delete (int $id): ReturnT {
  * Delete existing account
  */
 function User_Delete_Method (array $req): ReturnT {
-	global $db, $LOGGED_IN, $THIS_USER;
+	global $LOGGED_IN, $THIS_USER;
 
 	$id = null;
 
@@ -47,7 +49,7 @@ function User_Delete_Method (array $req): ReturnT {
 	}
 
 	// If its attempt to delete other account
-	if (!User_HasRole($THIS_USER, "admin").GetData() && $THIS_USER !== $id)
+	if (!User_HasRole($THIS_USER, "admin")->GetData() && $THIS_USER !== $id)
 		return new ReturnT(err_code: E_ACS_INSUFROLE, err_desc: "you must be admin to delete other accounts");
 
 	// Actions
@@ -63,7 +65,7 @@ if (Utils_ThisFileIsRequested(__FILE__)) {
 	// HACK: for debugging purposes. Will be removed later
 	if ($Config["debug"])
 		$_POST = $_REQUEST;
-	
+
 	$result = User_Delete_Method($_POST);
 
 	if ($result->IsError()) {

api/user/index.php

@@ -1,10 +1,17 @@
 <?php // Viewing account data
 
 // Includes
-require_once("../_auth.php");
-require_once("../_utils.php");
-require_once("../_errorslist.php");
-require_once("../_types.php");
+if ($IS_FRONTEND) {
+	require_once("api/_auth.php");
+	require_once("api/_utils.php");
+	require_once("api/_errorslist.php");
+	require_once("api/_types.php");
+} else {
+	require_once("../_auth.php");
+	require_once("../_utils.php");
+	require_once("../_errorslist.php");
+	require_once("../_types.php");
+}
 
 
 
@@ -14,7 +21,7 @@ require_once("../_types.php");
  * FUNCTION
  * Check if user with supplied login exists
  */
-function User_LoginExist ($login): bool {
+function User_LoginExist (string $login): bool {
 	global $db;
 
 	$s = $db->prepare("SELECT * FROM users WHERE login = ?");
@@ -28,7 +35,7 @@ function User_LoginExist ($login): bool {
  * FUNCTION
  * Check if user with supplied ID exists
  */
-function User_IDExist ($id): bool {
+function User_IDExist (int $id): bool {
 	global $db;
 
 	$s = $db->prepare("SELECT * FROM users WHERE id = ?");
@@ -42,7 +49,7 @@ function User_IDExist ($id): bool {
  * FUNCTION
  * Check if user has specified role
  */
-function User_HasRole ($id, $role): ReturnT {
+function User_HasRole (int $id, string $role): ReturnT {
 	global $db;
 
 	$s = $db->prepare("SELECT * FROM users WHERE id = ?");
@@ -60,7 +67,7 @@ function User_HasRole ($id, $role): ReturnT {
  * FUNCTION
  * Check if user is moderator (or higher)
  */
-function User_IsMod ($id): ReturnT {
+function User_IsMod (int $id): ReturnT {
 	global $db;
 
 	$s = $db->prepare("SELECT * FROM users WHERE id = ?");
@@ -79,7 +86,7 @@ function User_IsMod ($id): ReturnT {
  * Get user information from DB
  */
 function User_GetInfoByID (int $id): ReturnT {
-	global $THIS_USER;
+	global $db, $THIS_USER;
 
 	$result = array();
 
@@ -97,7 +104,7 @@ function User_GetInfoByID (int $id): ReturnT {
 	$result["avatar_path"]   = $d["avatar_path"];
 	$result["role"]          = $d["role"];
 	$result["banned"]        = $d["banned"];
-	if (($id === $THIS_USER) || User_IsMod($THIS_USER).GetData()) { // User himself and mods can see additional info
+	if (($id === $THIS_USER) || User_IsMod($THIS_USER)->GetData()) { // User himself and mods can see additional info
 		$result["email"]     = $d["email"];
 		$result["invite_id"] = $d["invite_id"];
 	}
@@ -114,7 +121,7 @@ function User_GetInfoByID (int $id): ReturnT {
  * Get user information from DB
  */
 function User_GetInfoByID_Method (array $req): ReturnT {
-	global $db, $THIS_USER, $LOGGED_IN;
+	global $THIS_USER, $LOGGED_IN;
 
 	// Input sanity checks
 
@@ -127,7 +134,7 @@ function User_GetInfoByID_Method (array $req): ReturnT {
 		if ($LOGGED_IN)
 			$UserID = $THIS_USER;
 		else
-			return new ReturnT(err_code: E_UIN_BADARGS, err_desc: "id must be specified or valid session must be provided");
+			return new ReturnT(err_code: E_UIN_INSUFARGS, err_desc: "id must be specified or valid session must be provided");
 	}
 
 	// Actions