Can find user ID with its folder name

This commit is contained in:
Pierre 2017-12-10 11:38:23 +01:00
parent 2a9f0ed1a0
commit d8de0866ae
3 changed files with 75 additions and 0 deletions

View File

@ -124,4 +124,32 @@ class userController
//Return userID
return array("userID" => userID);
}
/**
* Find user ID by a specified folder name
*
* @url POST /user/findbyfolder
*/
public function findUserByFolder(){
//Check for domain name
if(!isset($_POST['subfolder']))
Rest_fatal_error(400, "No subfolder specified!");
$input = safe_for_sql($_POST['subfolder']);
if(!check_string_before_insert($input))
Rest_fatal_error(401, "The request was cancelled because the query is unsafe !");
//Search user ID in the database
$id = CS::get()->components->user->findByFolder($input);
//Check for error
if($id === 0)
Rest_fatal_error(404, "No user was found with the specifed subfolder!");
//Return result
return array("userID" => $id);
}
}

View File

@ -297,6 +297,36 @@ class User{
return count($result) !== 0;
}
/**
* Find the user specified by a folder name
*
* @param string $folder The folder of the research
* @return int 0 if no user was found or the ID of the user in case of success
*/
public function findByFolder(string $folder) : int {
//Perform a request on the database
$tableName = $this->userTable;
$condition = "WHERE sous_repertoire = ?";
$condValues = array($folder);
$requiredFields = array("ID");
//Try to perform the request
$result = CS::get()->db->select($tableName, $condition, $condValues, $requiredFields);
//Check for errors
if($result === false){
return 0;
}
if(count($result) == 0)
return 0; //There is no result
//Return result
return $result[0]["ID"];
}
/**
* Crypt user password
*

View File

@ -103,3 +103,20 @@ function check_string_before_insert($string){
//Success
return true;
}
/**
* Make a string safe to be used to perform a query on a database
*
* @param string $input The string to process
* @return string The result string
*/
function safe_for_sql(string $input) : string {
//Perform safe adapation
$input = str_ireplace("\\", "\\\\", $input);
$input = str_ireplace("'", "\\'", $input);
$input = str_ireplace('"', "\\\"", $input);
return $input;
}