mirror of
https://github.com/pierre42100/ComunicAPI
synced 2025-11-03 19:54:14 +00:00
Can find user ID with its folder name
This commit is contained in:
Pierre
@@ -124,4 +124,32 @@ class userController
|
|||||||
//Return userID
|
//Return userID
|
||||||
return array("userID" => userID);
|
return array("userID" => userID);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Find user ID by a specified folder name
|
||||||
|
*
|
||||||
|
* @url POST /user/findbyfolder
|
||||||
|
*/
|
||||||
|
public function findUserByFolder(){
|
||||||
|
|
||||||
|
//Check for domain name
|
||||||
|
if(!isset($_POST['subfolder']))
|
||||||
|
Rest_fatal_error(400, "No subfolder specified!");
|
||||||
|
|
||||||
|
$input = safe_for_sql($_POST['subfolder']);
|
||||||
|
|
||||||
|
if(!check_string_before_insert($input))
|
||||||
|
Rest_fatal_error(401, "The request was cancelled because the query is unsafe !");
|
||||||
|
|
||||||
|
//Search user ID in the database
|
||||||
|
$id = CS::get()->components->user->findByFolder($input);
|
||||||
|
|
||||||
|
//Check for error
|
||||||
|
if($id === 0)
|
||||||
|
Rest_fatal_error(404, "No user was found with the specifed subfolder!");
|
||||||
|
|
||||||
|
//Return result
|
||||||
|
return array("userID" => $id);
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
@@ -297,6 +297,36 @@ class User{
|
|||||||
return count($result) !== 0;
|
return count($result) !== 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Find the user specified by a folder name
|
||||||
|
*
|
||||||
|
* @param string $folder The folder of the research
|
||||||
|
* @return int 0 if no user was found or the ID of the user in case of success
|
||||||
|
*/
|
||||||
|
public function findByFolder(string $folder) : int {
|
||||||
|
|
||||||
|
//Perform a request on the database
|
||||||
|
$tableName = $this->userTable;
|
||||||
|
$condition = "WHERE sous_repertoire = ?";
|
||||||
|
$condValues = array($folder);
|
||||||
|
$requiredFields = array("ID");
|
||||||
|
|
||||||
|
//Try to perform the request
|
||||||
|
$result = CS::get()->db->select($tableName, $condition, $condValues, $requiredFields);
|
||||||
|
|
||||||
|
//Check for errors
|
||||||
|
if($result === false){
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(count($result) == 0)
|
||||||
|
return 0; //There is no result
|
||||||
|
|
||||||
|
//Return result
|
||||||
|
return $result[0]["ID"];
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Crypt user password
|
* Crypt user password
|
||||||
*
|
*
|
||||||
|
|||||||
@@ -102,4 +102,21 @@ function check_string_before_insert($string){
|
|||||||
|
|
||||||
//Success
|
//Success
|
||||||
return true;
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Make a string safe to be used to perform a query on a database
|
||||||
|
*
|
||||||
|
* @param string $input The string to process
|
||||||
|
* @return string The result string
|
||||||
|
*/
|
||||||
|
function safe_for_sql(string $input) : string {
|
||||||
|
|
||||||
|
//Perform safe adapation
|
||||||
|
$input = str_ireplace("\\", "\\\\", $input);
|
||||||
|
$input = str_ireplace("'", "\\'", $input);
|
||||||
|
$input = str_ireplace('"', "\\\"", $input);
|
||||||
|
|
||||||
|
return $input;
|
||||||
|
|
||||||
}
|
}
|
||||||
Reference in New Issue
Block a user