1<?php // vim: et ts=4 sw=4 2function error($text, $status) 3{ 4 switch((int)$status) { 5 default: 6 case 500: 7 header("HTTP/1.0 500 Internal server error"); 8 break; 9 10 case 404: 11 header("HTTP/1.0 404 Not Found"); 12 break; 13 14 case 401: 15 header("HTTP/1.0 401 Unauthorized"); 16 break; 17 } 18 echo json_encode(["error" => $text]); 19 exit; 20} 21 22(!isset($_GET['token']) || md5($_GET['token']) != "d3fbcabfcf3648095037175fdeef322f") && error("token not correct.", 401); 23 24$USERNAME = filter_input(INPUT_GET, "username", FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_HIGH); 25 26$pdo = new PDO("mysql:host=localhost;dbname=phpmasterdb", "nobody", ""); 27 28$stmt = $pdo->prepare("SELECT userid, name, email, username, spamprotect, use_sa, greylist, enable FROM users WHERE username = ? AND cvsaccess LIMIT 1"); 29if (!$stmt->execute([$USERNAME])) { 30 error("This error should never happen", 500); 31} 32 33$results = $stmt->fetch(PDO::FETCH_ASSOC); 34if (!$results) { 35 error("No such user", 404); 36} 37 38$stmt = $pdo->prepare("SELECT note, entered FROM users_note WHERE userid = ?"); 39if (!$stmt->execute([$results["userid"]])) { 40 error("This error should never happen", 500); 41} 42 43unset($results["userid"]); // Our internal ID has no meaning for anyone 44// @phan-suppress-next-line PhanTypeArraySuspicious 45$results["notes"] = $stmt->fetchAll(PDO::FETCH_ASSOC); 46 47echo json_encode($results); 48 49
