if (empty($_POST["lang"])) {
$language = "EN";
} else {
$language = $_POST["lang"];
}
if (!empty($_POST["q"])) {
if (file_exists("config/" . $_POST["q"] . ".php")) {
require_once "config/" . $_POST["q"] . ".php";
$q = $_POST['q'];
} else {
$statusMessage = makeStatusMessage(1, "error", "Incorrect query request...");
}
} else {
$statusMessage = makeStatusMessage(0, "error", "Empty query request...");
}
if (!empty($data)) {
$main = array($q => nullToEmptyString($data), "status" => $statusMessage);
} else {
$main = array("status" => $statusMessage);
}
echo json_encode($main, JSON_UNESCAPED_UNICODE);
if (isset($log)) {
if ($statusMessage['type'] == "error") {
writeLog($log, $statusMessage['message']);
} else {
writeLog($log);
}
}
if (isset($GLOBALS['debugSQL']) && $GLOBALS['debugSQL']) {
echo "<form method=post action=handle.php>\n\t\t<input type=text name=q />\n\t\t<input type=text name='showCats' value=1 />\n\t\t\t\t \n\t\t<input type=hidden value=1 name=debug />\n\t\t<input type=submit>\n\t\t</form>";
}
protected function user() {
switch($this->method){
case 'GET':
if(empty($this->verb) && empty($this->args)){
$result = $this->db->query("select id, role_id, username, email, banned, ban_reason, phone from users");
$newResult = $result->rows;
nullToEmptyString($newResult);
return array("success" => 1, "items" => $newResult);
} else if ($this->verb == 'role' && empty($this->args)){
$result = $this->db->query("select id, alt_name, locale, description from shop_rbac_roles_i18n where locale = 'ru'");
return array("success" => 1, "items" => $result->rows);
} else if ($this->verb == 'role' && count($this->args) == 1){
$id = htmlspecialchars(strip_tags($this->args[0]));
$result = $this->db->query("select id, alt_name, locale, description from shop_rbac_roles_i18n where locale = 'ru' and id = '".$id."'");
return array("success" => 1, "items" => $result->rows);
} else if (empty($this->verb) && count($this->args) == 1){
$id = htmlspecialchars(strip_tags($this->args[0]));
$result = $this->db->query("select id, role_id, username, email, banned, ban_reason, phone from users where id = '".$id."'");
$newResult = $result->rows;
nullToEmptyString($newResult);
return array("success" => 1, "items" => $newResult);
} else {
return array("success" => 0, "error_message" => "BAD REQUEST");
}
break;
case 'POST':
if (empty($this->verb) && empty($this->args)){
$data = $this->request;
$hash = _encode($data['user_password'], $this->encryption_key);
$hash = crypt($hash);
$result = $this->db->query("insert into users (role_id, username, password, email, phone) values ('".$data['role_id']."', '".$data['login']."', '".$hash."', '".$data['email']."', '".$data['phone']."')");
if($result->errno){
return array("success" => 0, "error_message" => "INCORRECT DATA");
} else {
$lastId = $this->db->getLastId();
$this->log("Добавлен пользователь. Id: ".$lastId, $data['username'], $data['device']);
return array("success" => 1, "insert_id" => $lastId);
}
} else {
return array("success" => 0, "error_message" => "BAD REQUEST");
}
break;
case 'PUT':
if (empty($this->verb) && count($this->args) == 1){
$id = htmlspecialchars(strip_tags($this->args[0]));
$data = $this->request;
if(isset($data['user_password']) && !empty($data['user_password'])) {
$hash = _encode($data['user_password'], $this->encryption_key);
$hash = crypt($hash);
$result = $this->db->query("update users set role_id='".$data['role_id']."', username='******'login']."', password='******', banned = '".$data['banned']."', ban_reason = '".$data['ban_reason']."', email='".$data['email']."', phone='".$data['phone']."' where id = '".$id."'");
} else {
$result = $this->db->query("update users set role_id='".$data['role_id']."', username='******'login']."', banned = '".$data['banned']."', ban_reason = '".$data['ban_reason']."', email='".$data['email']."', phone='".$data['phone']."' where id = '".$id."'");
}
if(!$result->errno){
$this->log("Изменен аккаунт пользователя. Id: ".$id, $data['username'], $data['device']);
return array("success" => 1);
} else {
return array("success" => 0, "error_message" => "INCORRECT DATA");
}
} else if ($this->verb == 'status' && count($this->args) == 1){
$id = htmlspecialchars(strip_tags($this->args[0]));
$data = $this->request;
$result = $this->db->query("update users set banned='".$data['banned']."' where id = '".$id."'");
if(!$result->errno){
$this->log("Изменен статус пользователя. Id: ".$id, $data['username'], $data['device']);
return array("success" => 1);
} else {
return array("success" => 0, "error_message" => "INCORRECT DATA");
}
} else {
return array("success" => 0, "error_message" => "BAD REQUEST");
}
break;
case 'DELETE':
if (empty($this->verb) && count($this->args) == 1){
$id = htmlspecialchars(strip_tags($this->args[0]));
$result = $this->db->query("delete from users where id = '".$id."'");
if(!$result->errno){
$data = $this->request;
$this->log("Удален пользователь. Id: ".$id, $data['username'], $data['device']);
return array("success" => 1);
} else {
return array("success" => 0, "error_message" => "USER NOT FOUND");
}
} else {
return array("success" => 0, "error_message" => "BAD REQUEST");
}
break;
default:
break;
}
}
