function bgg_get_profile($username_tainted)
{
global $config;
$username = bgg_untaint_username($username_tainted);
$url = 'https://' . $config['bgg']['domain'] . '/user/' . rawurlencode($username);
$data = http_get_simple($url);
# If it's not a 200 response, it's an error
if (strcmp($data['headers'][0], "HTTP/1.1 200 OK") != 0) {
return array('error' => 'Unable to fetch user profile.', 'result' => FALSE);
}
$content = $data['content'];
if (strpos($content, "Error: User does not exist.") !== FALSE) {
return array('user_not_found' => 1, 'result' => FALSE);
}
$mb_start_off = strpos($content, 'Microbadges for ');
global $bgg_mb_stars;
$found = array();
for ($i = 0; $i < count($bgg_mb_stars); ++$i) {
$found[$i] = strpos($content, '/microbadge/' . $bgg_mb_stars[$i], $mb_start_off) !== FALSE;
}
return array('stars' => $found, 'result' => TRUE);
}
<?php
require_once "award.inc.php";
require_once "bgg.inc.php";
db_connect();
$user = db_get_user_by_cookie($_COOKIE['bggcookie']);
if (!$user) {
?>
Error authenticating. Try logging in again.
<?php
exit;
}
$recipient = bgg_untaint_username(trim($_POST['recipient']));
if (strlen($recipient) <= 0) {
?>
Error: recipient not specified. Go back and try again.
<?php
exit;
}
# check if the BGG user is the same as the BGG user of the giver
if (strcasecmp($recipient, $user['username']) == 0) {
?>
Error: You cannot award to yourself!
<?php
exit;
}
$recipient_profile = bgg_get_profile($recipient);
if (!$recipient_profile || !$recipient_profile['result']) {
if ($recipient_profile['user_not_found']) {
?>
Error: Could not find user profile for <?php
