if (empty($_POST["lang"])) { $language = "EN"; } else { $language = $_POST["lang"]; } if (!empty($_POST["q"])) { if (file_exists("config/" . $_POST["q"] . ".php")) { require_once "config/" . $_POST["q"] . ".php"; $q = $_POST['q']; } else { $statusMessage = makeStatusMessage(1, "error", "Incorrect query request..."); } } else { $statusMessage = makeStatusMessage(0, "error", "Empty query request..."); } if (!empty($data)) { $main = array($q => nullToEmptyString($data), "status" => $statusMessage); } else { $main = array("status" => $statusMessage); } echo json_encode($main, JSON_UNESCAPED_UNICODE); if (isset($log)) { if ($statusMessage['type'] == "error") { writeLog($log, $statusMessage['message']); } else { writeLog($log); } } if (isset($GLOBALS['debugSQL']) && $GLOBALS['debugSQL']) { echo "<form method=post action=handle.php>\n\t\t<input type=text name=q />\n\t\t<input type=text name='showCats' value=1 />\n\t\t\t\t \n\t\t<input type=hidden value=1 name=debug />\n\t\t<input type=submit>\n\t\t</form>"; }
protected function user() { switch($this->method){ case 'GET': if(empty($this->verb) && empty($this->args)){ $result = $this->db->query("select id, role_id, username, email, banned, ban_reason, phone from users"); $newResult = $result->rows; nullToEmptyString($newResult); return array("success" => 1, "items" => $newResult); } else if ($this->verb == 'role' && empty($this->args)){ $result = $this->db->query("select id, alt_name, locale, description from shop_rbac_roles_i18n where locale = 'ru'"); return array("success" => 1, "items" => $result->rows); } else if ($this->verb == 'role' && count($this->args) == 1){ $id = htmlspecialchars(strip_tags($this->args[0])); $result = $this->db->query("select id, alt_name, locale, description from shop_rbac_roles_i18n where locale = 'ru' and id = '".$id."'"); return array("success" => 1, "items" => $result->rows); } else if (empty($this->verb) && count($this->args) == 1){ $id = htmlspecialchars(strip_tags($this->args[0])); $result = $this->db->query("select id, role_id, username, email, banned, ban_reason, phone from users where id = '".$id."'"); $newResult = $result->rows; nullToEmptyString($newResult); return array("success" => 1, "items" => $newResult); } else { return array("success" => 0, "error_message" => "BAD REQUEST"); } break; case 'POST': if (empty($this->verb) && empty($this->args)){ $data = $this->request; $hash = _encode($data['user_password'], $this->encryption_key); $hash = crypt($hash); $result = $this->db->query("insert into users (role_id, username, password, email, phone) values ('".$data['role_id']."', '".$data['login']."', '".$hash."', '".$data['email']."', '".$data['phone']."')"); if($result->errno){ return array("success" => 0, "error_message" => "INCORRECT DATA"); } else { $lastId = $this->db->getLastId(); $this->log("Добавлен пользователь. Id: ".$lastId, $data['username'], $data['device']); return array("success" => 1, "insert_id" => $lastId); } } else { return array("success" => 0, "error_message" => "BAD REQUEST"); } break; case 'PUT': if (empty($this->verb) && count($this->args) == 1){ $id = htmlspecialchars(strip_tags($this->args[0])); $data = $this->request; if(isset($data['user_password']) && !empty($data['user_password'])) { $hash = _encode($data['user_password'], $this->encryption_key); $hash = crypt($hash); $result = $this->db->query("update users set role_id='".$data['role_id']."', username='******'login']."', password='******', banned = '".$data['banned']."', ban_reason = '".$data['ban_reason']."', email='".$data['email']."', phone='".$data['phone']."' where id = '".$id."'"); } else { $result = $this->db->query("update users set role_id='".$data['role_id']."', username='******'login']."', banned = '".$data['banned']."', ban_reason = '".$data['ban_reason']."', email='".$data['email']."', phone='".$data['phone']."' where id = '".$id."'"); } if(!$result->errno){ $this->log("Изменен аккаунт пользователя. Id: ".$id, $data['username'], $data['device']); return array("success" => 1); } else { return array("success" => 0, "error_message" => "INCORRECT DATA"); } } else if ($this->verb == 'status' && count($this->args) == 1){ $id = htmlspecialchars(strip_tags($this->args[0])); $data = $this->request; $result = $this->db->query("update users set banned='".$data['banned']."' where id = '".$id."'"); if(!$result->errno){ $this->log("Изменен статус пользователя. Id: ".$id, $data['username'], $data['device']); return array("success" => 1); } else { return array("success" => 0, "error_message" => "INCORRECT DATA"); } } else { return array("success" => 0, "error_message" => "BAD REQUEST"); } break; case 'DELETE': if (empty($this->verb) && count($this->args) == 1){ $id = htmlspecialchars(strip_tags($this->args[0])); $result = $this->db->query("delete from users where id = '".$id."'"); if(!$result->errno){ $data = $this->request; $this->log("Удален пользователь. Id: ".$id, $data['username'], $data['device']); return array("success" => 1); } else { return array("success" => 0, "error_message" => "USER NOT FOUND"); } } else { return array("success" => 0, "error_message" => "BAD REQUEST"); } break; default: break; } }