xref: /web-master/fetch/user.php (revision 48cb59d3)
1<?php // vim: et ts=4 sw=4
2function error($text, $status)
3{
4    switch((int)$status) {
5    default:
6    case 500:
7        header("HTTP/1.0 500 Internal server error");
8        break;
9
10    case 404:
11        header("HTTP/1.0 404 Not Found");
12        break;
13
14    case 401:
15        header("HTTP/1.0 401 Unauthorized");
16        break;
17    }
18    echo json_encode(["error" => $text]);
19    exit;
20}
21
22(!isset($_GET['token']) || md5($_GET['token']) != "d3fbcabfcf3648095037175fdeef322f") && error("token not correct.", 401);
23
24$USERNAME = filter_input(INPUT_GET, "username", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH);
25
26$pdo = new PDO("mysql:host=localhost;dbname=phpmasterdb", "nobody", "");
27
28$stmt = $pdo->prepare("SELECT userid, name, email, username, spamprotect, use_sa, greylist, enable FROM users WHERE username = ? AND cvsaccess LIMIT 1");
29if (!$stmt->execute([$USERNAME])) {
30    error("This error should never happen", 500);
31}
32
33$results = $stmt->fetch(PDO::FETCH_ASSOC);
34if (!$results) {
35    error("No such user", 404);
36}
37
38$stmt = $pdo->prepare("SELECT note, entered FROM users_note WHERE userid = ?");
39if (!$stmt->execute([$results["userid"]])) {
40    error("This error should never happen", 500);
41}
42
43unset($results["userid"]); // Our internal ID has no meaning for anyone
44// @phan-suppress-next-line PhanTypeArraySuspicious
45$results["notes"] = $stmt->fetchAll(PDO::FETCH_ASSOC);
46
47echo json_encode($results);
48
49