ENGO150/FabrikaHradekTour
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
FabrikaHradekTour/res/forum/api/user_info.php

33 lines
913 B
PHP
Raw Normal View History

created api for user_info
2024-05-20 20:25:38 +02:00
<?php
include("../../global.php");
session_start();
if (!isset($_SESSION["username"])) goto fail;
comparing binary username for case sensitivity
2024-05-22 16:01:41 +02:00
$out = $database -> query("SELECT username, admin FROM user WHERE BINARY username=\"" . $_SESSION["username"] . "\" AND admin=\"1\"");
created api for user_info
2024-05-20 20:25:38 +02:00
fixed api permission problems for non-admins
2024-05-21 20:31:49 +02:00
if (!isset($_GET["username"])) return;
if ($out -> num_rows != 1 && $_GET["username"] != $_SESSION["username"])
created api for user_info
2024-05-20 20:25:38 +02:00
{
fail:
echo "nope";
header("Location: ../../../index.php");
return;
}
preventing from sql injection in APIs whoopsie
2024-05-25 15:49:49 +02:00
$safe_username = mysqli_real_escape_string($database, $_GET["username"]);
$out = $database -> query("SELECT user.username, user.admin, user_info.bio, user_info.nickname, user_info.sex FROM user INNER JOIN user_info ON user.user_info=user_info.id AND username=\"" . $safe_username . "\"");
joined user and user_info tables in user_info.php
2024-05-20 20:40:52 +02:00
sending user_info in json
2024-05-21 20:11:10 +02:00
$output = array();
$res = $out -> fetch_assoc();
created api for user_info
2024-05-20 20:25:38 +02:00
sending user_info in json
2024-05-21 20:11:10 +02:00
foreach ($res as $key => $value)
created api for user_info
2024-05-20 20:25:38 +02:00
{
sending user_info in json
2024-05-21 20:11:10 +02:00
$output[$key] = $value;
}
header('Content-type: application/json');
echo json_encode($output);
Reference in New Issue Copy Permalink