Can find user ID with its folder name

2024-11-23 13:59:29 +00:00 · 2017-12-10 11:38:23 +01:00 · 2017-12-10 11:38:23 +01:00 · d8de0866ae
commit d8de0866ae
parent 2a9f0ed1a0
3 changed files with 75 additions and 0 deletions
--- a/RestControllers/userController.php
+++ b/RestControllers/userController.php
@ -124,4 +124,32 @@ class userController
 		//Return userID
 		return array("userID" => userID);
 	}
+
+	/**
+	 * Find user ID by a specified folder name
+	 *
+	 * @url POST /user/findbyfolder
+	 */
+	public function findUserByFolder(){
+
+		//Check for domain name
+		if(!isset($_POST['subfolder']))
+			Rest_fatal_error(400, "No subfolder specified!");
+
+		$input = safe_for_sql($_POST['subfolder']);
+
+		if(!check_string_before_insert($input))
+			Rest_fatal_error(401, "The request was cancelled because the query is unsafe !");
+
+		//Search user ID in the database
+		$id = CS::get()->components->user->findByFolder($input);
+
+		//Check for error
+		if($id === 0)
+			Rest_fatal_error(404, "No user was found with the specifed subfolder!");
+		
+		//Return result
+		return array("userID" => $id);
+
+	}
 }
--- a/classes/components/user.php
+++ b/classes/components/user.php
@ -297,6 +297,36 @@ class User{
 		return count($result) !== 0;
 	}

+	/**
+	 * Find the user specified by a folder name
+	 *
+	 * @param string $folder The folder of the research
+	 * @return int 0 if no user was found or the ID of the user in case of success
+	 */
+	public function findByFolder(string $folder) : int {
+
+		//Perform a request on the database
+		$tableName = $this->userTable;
+		$condition = "WHERE sous_repertoire = ?";
+		$condValues = array($folder);
+		$requiredFields = array("ID");
+
+		//Try to perform the request
+		$result = CS::get()->db->select($tableName, $condition, $condValues, $requiredFields);
+
+		//Check for errors
+		if($result === false){
+			return 0;
+		}
+
+		if(count($result) == 0)
+			return 0; //There is no result
+		
+		//Return result
+		return $result[0]["ID"];
+
+	}
+
 	/**
 	 * Crypt user password
 	 *
--- a/functions/requests.php
+++ b/functions/requests.php
@ -102,4 +102,21 @@ function check_string_before_insert($string){
 	
 	//Success
 	return true;
+}
+
+/**
+ * Make a string safe to be used to perform a query on a database
+ *
+ * @param string $input The string to process
+ * @return string The result string
+ */
+function safe_for_sql(string $input) : string {
+
+	//Perform safe adapation
+	$input = str_ireplace("\\", "\\\\", $input);
+	$input = str_ireplace("'", "\\'", $input);
+	$input = str_ireplace('"', "\\\"", $input);
+
+	return $input;
+
 }