$text]); exit; } (!isset($_GET['token']) || md5($_GET['token']) != "d3fbcabfcf3648095037175fdeef322f") && error("token not correct.", 401); $USERNAME = filter_input(INPUT_GET, "username", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); $pdo = new PDO("mysql:host=localhost;dbname=phpmasterdb", "nobody", ""); $stmt = $pdo->prepare("SELECT userid, name, email, username, spamprotect, use_sa, greylist, enable FROM users WHERE username = ? AND cvsaccess LIMIT 1"); if (!$stmt->execute([$USERNAME])) { error("This error should never happen", 500); } $results = $stmt->fetch(PDO::FETCH_ASSOC); if (!$results) { error("No such user", 404); } $stmt = $pdo->prepare("SELECT note, entered FROM users_note WHERE userid = ?"); if (!$stmt->execute([$results["userid"]])) { error("This error should never happen", 500); } unset($results["userid"]); // Our internal ID has no meaning for anyone // @phan-suppress-next-line PhanTypeArraySuspicious $results["notes"] = $stmt->fetchAll(PDO::FETCH_ASSOC); echo json_encode($results);