forked from hypercities/hypercities
-
Notifications
You must be signed in to change notification settings - Fork 0
/
user.php
106 lines (81 loc) · 2.91 KB
/
user.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php
include_once("includes/connect_db.inc");
include_once("includes/serverSession.inc");
include_once("includes/user.inc");
include_once("includes/util.inc");
include_once("includes/dbUtil.inc");
cServerSession::start();
HC_checkReferer();
//sync client user to server
if (!empty($_POST['command']) && $_POST['command'] == "sync") {
echo cServerSession::getSessionXml();
exit(0);
}
//user logout
if (isset($_POST['command']) && $_POST['command']=="logout") {
cServerSession::clearSession();
exit(0);
}
//user login
if (!empty($_POST['username']) && !empty($_POST['password'])) {
if(!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
$_POST['password'] = addslashes($_POST['password']);
}
$user = new cUser();
$isLogin = $user->login($_POST['username'], $_POST['password']);
if ($isLogin) echo cServerSession::getSessionXml();
else HC_reportError("Login fail!");
//query group table, to make sure it is admin or not
//echo something for javascript initialize
exit(0);
}
//query user info
if (isset($_POST['command']) && strcasecmp($_POST['command'], "queryUser") == 0) {
$user = new cUser();
$profile = $user->getProfileByLastname($_POST['username']);
if (count($profile) < 1) HC_reportError("Cannot find user!");
$dom = new DomDocument('1.0','utf-8');
$users = $dom->appendChild($dom->createElement('Users'));
foreach($profile as $row) {
$user = $users->appendChild($dom->createElement('user'));
$userId= $user->appendChild($dom->createElement('userId'));
$userId->appendChild($dom->createTextNode($row['id']));
$nickname = $user->appendChild($dom->createElement('username'));
$nickname->appendChild($dom->createTextNode($row['last_name']));
}
$dom->formatOutput = true;
header('Content-type: application/xml');
echo $dom->saveXML();
exit(0);
}
//check if the user exists by checking email
if (isset($_POST['command']) && strcasecmp($_POST['command'], "findAuthor") == 0) {
$user = new cUser();
$profile = $user->getProfileByEmail($_POST['email']);
$response = array();
if (count($profile) < 1) {
$response['error'] = true;
$response['message'] = "Cannot find user!";
} else {
$response['error'] = false;
$response['id'] = $profile[0]['id'];
$response['first_name'] = $profile[0]['first_name'];
$response['last_name'] = $profile[0]['last_name'];
}
header('Content-type: application/json', true, 201);
echo json_encode($response);
exit(0);
}
// check if the user has the update privilege
if (isset($_POST['command']) && strcasecmp($_POST['command'], "hasUpdatePrivilege") == 0) {
$userId = $_POST['userId'];
$objectId = $_POST['objectId'];
$user = new cUser();
$hasUpdatePrivilege = $user->hasUpdatePrivilege($userId, $objectId);
$response = array("hasUpdatePrivilege" => $hasUpdatePrivilege);
header('Content-type: application/json', true, 201);
echo json_encode($response);
exit(0);
}
?>