API filter per user level

2017-02-01 11:38:43 +01:00
parent 028c2373c1
commit e414a1633e
18 changed files with 309 additions and 268 deletions
--- a/website/public/API/loadFriends.php
+++ b/website/public/API/loadFriends.php
@@ -5,16 +5,22 @@ session_start();
 require_once ("../../queries/connect.php");
 require_once ("../../queries/checkInput.php");
 require_once ("../../queries/friendship.php");
+require_once("../../queries/user.php");

-if (isset($_SESSION["userID"])) {
-    if (isset($_POST["limit"])) {
-        echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_POST["limit"]));
-    } else if (isset($_GET["limit"])) {
-        echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_GET["limit"]));
+if (isset($_SESSION["userID"]) &&
+    getRoleByID($_SESSION["userID"]) != 'banned') {
+    if (isset($_SESSION["userID"])) {
+        if (isset($_POST["limit"])) {
+            echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_POST["limit"]));
+        } else if (isset($_GET["limit"])) {
+            echo selectLimitedFriends($_SESSION["userID"], (int)test_input($_GET["limit"]));
+        } else {
+            echo selectFriends($_SESSION["userID"]);
+        }
    } else {
-        echo selectFriends($_SESSION["userID"]);
+        echo "[]";
    }
 } else {
-    echo "[]";
+    header('HTTP/1.0 403 Forbidden');
 }