$where['player_id'] = $_GET['player_id']; } else { if (isset($_GET['name'])) { $where['player_shortname'] = $_GET['name']; } else { if (isset($_GET['player'])) { //legacy compatibility $where['player_shortname'] = $_GET['player']; } else { //default to first player $where['player_id'] = 1; } } } $dbh = db_connect(); $players = db_fetchPlayers($dbh, $where); $player = $players[0]; //print_r($player); $json = json_encode($player); ?> <!doctype html> <html> <head> <meta charset="utf-8" /> <title>Interim Digital Sign</title> <link rel="stylesheet" href="style.css" /> <!-- <link rel="icon" href="images/favicon.png" type="image/png" /> <link rel="icon" href="images/favicon.ico" type="image/x-icon" />
function db_restricted_fetchPlayers($dbh, $auth) { //If user is superuser or has sufficient global player_read, no restriction, just run the empty fetch if (account_isSuperuser($auth) || $auth['permissions']['global']['perm_player_read'] >= PRIV_MINE) { return db_fetchPlayers($dbh, array()); } //Otherwise, restrict it to players the user in $auth has read>mine on $array = array(); $stmt = $dbh->prepare("\n\t\tSELECT *\n\t\tFROM `players`\n\t\tINNER JOIN `privs_players` ON `privs_players`.`player_id` = `players`.`player_id`\n\t\tWHERE `user_id` = :user_id\n\t\tAND `perm_player_read` >= :perm_player_read\n\t;"); $stmt->bindValue(':user_id', $auth['user']['user_id']); $stmt->bindValue(':perm_player_read', PRIV_MINE); if ($stmt->execute()) { while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) { $array[] = $row; } } return $array; }