1<?php // vim: et ts=4 sw=4 2function error($text, $status) 3{ 4 switch((int)$status) { 5 default: 6 case 500: 7 header("HTTP/1.0 500 Internal server error"); 8 break; 9 10 case 404: 11 header("HTTP/1.0 404 Not Found"); 12 break; 13 14 case 401: 15 header("HTTP/1.0 401 Unauthorized"); 16 break; 17 } 18 render(["error" => $text]); 19 exit; 20} 21 22function render($result) 23{ 24 $json = json_encode($result); 25 header('Content-Type: application/json'); 26 header('Content-Length: ' . strlen($json)); 27 echo $json; 28} 29 30(!isset($_GET['token']) || md5($_GET['token']) != "d3fbcabfcf3648095037175fdeef322f") && error("token not correct.", 401); 31 32$USERNAME = filter_input(INPUT_GET, "username", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); 33 34$pdo = new PDO("mysql:host=localhost;dbname=phpmasterdb", "nobody", ""); 35 36$stmt = $pdo->prepare(" 37 SELECT u.username, COALESCE(up.markdown, '') AS markdown, COALESCE(up.html, '') AS html 38 FROM users u 39 LEFT JOIN users_profile up ON u.userid = up.userid 40 WHERE u.username = ? AND cvsaccess 41 LIMIT 1 42"); 43if (!$stmt->execute([$USERNAME])) { 44 error("This error should never happen", 500); 45} 46 47$results = $stmt->fetch(PDO::FETCH_ASSOC); 48if (!$results) { 49 error("No such user", 404); 50} 51 52render($results); 53
