Jakach/jakach-login
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fc3181ee3bab398e8dad62b7a5a7a31a3393b93a
jakach-login/app-code/api/manage/fetch_users.php
T
janis fc3181ee3b fixing minor security issues
2026-05-20 19:35:11 +02:00

65 lines
2.1 KiB
PHP
Raw Blame History

<?php
header('Content-Type: application/json');
include "../utils/security.php";
secure_session_start();
if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true || !is_admin_session()) {
echo(json_encode(['success' => false, 'message' => 'not authenticated']));
exit();
}
include "../../config/config.php";
$conn = new mysqli($DB_SERVERNAME, $DB_USERNAME, $DB_PASSWORD, $DB_DATABASE);
if ($conn->connect_error) {
echo json_encode(['success' => false, 'message' => 'Database connection failed: ' . $conn->connect_error]);
exit;
}
$search = trim($_GET['search'] ?? '');
$sort = $_GET['sort'] ?? '';
$order = strtoupper($_GET['order'] ?? 'ASC') === 'DESC' ? 'DESC' : 'ASC';
if ($search !== '') {
if ($sort === 'username') {
$query = $order === 'DESC'
? "SELECT id, username FROM users WHERE username LIKE ? ORDER BY username DESC"
: "SELECT id, username FROM users WHERE username LIKE ? ORDER BY username ASC";
} else {
$query = $order === 'DESC'
? "SELECT id, username FROM users WHERE username LIKE ? ORDER BY id DESC"
: "SELECT id, username FROM users WHERE username LIKE ? ORDER BY id ASC";
}
$stmt = $conn->prepare($query);
$like = '%' . $search . '%';
$stmt->bind_param('s', $like);
} else {
if ($sort === 'username') {
$query = $order === 'DESC'
? "SELECT id, username FROM users ORDER BY username DESC"
: "SELECT id, username FROM users ORDER BY username ASC";
} else {
$query = $order === 'DESC'
? "SELECT id, username FROM users ORDER BY id DESC"
: "SELECT id, username FROM users ORDER BY id ASC";
}
$stmt = $conn->prepare($query);
}
if (!$stmt) {
echo json_encode(['success' => false, 'message' => 'Failed to prepare statement']);
exit;
}
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($id, $username);
$users = [];
while ($stmt->fetch()) {
$users[] = ['id' => $id, 'username' => $username];
}
$stmt->close();
$conn->close();
echo json_encode(['success' => true, 'data' => $users]);
?>
Reference in New Issue View Git Blame Copy Permalink