prepare("SELECT * FROM users WHERE id = ?"); $s->bind_param("s", $id); $s->execute(); $d = $s->get_result()->fetch_assoc(); if (!(bool)$d) { return null; } if ($d["role"] == $role) { return true; } return false; } // Check if user is moderator function User_IsMod ($id) { global $db; $s = $db->prepare("SELECT * FROM users WHERE id = ?"); $s->bind_param("s", $id); $s->execute(); $d = $s->get_result()->fetch_assoc(); if (!(bool)$d) { return null; } return in_array($d["role"], array("mod", "admin")); } // Get user information from DB function User_GetInfoByID ($id) { global $db; $result = array(); $s = $db->prepare("SELECT * FROM users WHERE id = ?"); $s->bind_param("s", $id); $s->execute(); $d = $s->get_result()->fetch_assoc(); if (!(bool)$d) { return null; } $result["id"] = $d["id"]; $result["created_at"] = $d["created_at"]; $result["login"] = $d["login"]; $result["avatar_path"] = $d["avatar_path"]; $result["role"] = $d["role"]; $result["banned"] = $d["banned"]; if ($id === $_SESSION["userid"] || User_IsMod($_SESSION["userid"])) { // User himself and mods can see additional info $result["email"] = $d["email"]; $result["invite_id"] = $d["invite_id"]; } return $result; } if (ThisFileIsRequested(__FILE__)) { $UserID = null; if (isset($_REQUEST["id"])) { if (!ctype_digit($_REQUEST["id"])) ReturnJSONError($Err_RDP_InvalidID, "id must be numeric"); $UserID = intval($_REQUEST["id"]); } else { if ($LOGGED_IN) $UserID = $_SESSION["userid"]; else ReturnJSONError($Err_RDP_InvalidID, "id must be specified or valid session must be provided"); } $ResponseData = User_GetInfoByID($UserID); if ($ResponseData) ReturnJSONData($ResponseData); else ReturnJSONError($Err_DP_IDNotFound, "wrong id"); } ?>