HEX
Server: LiteSpeed
System: Linux s1049.use1.mysecurecloudhost.com 4.18.0-477.27.2.lve.el8.x86_64 #1 SMP Wed Oct 11 12:32:56 UTC 2023 x86_64
User: xedaptot (3356)
PHP: 8.3.31
Disabled: NONE
Upload Files
File: //proc/thread-self/root/proc/thread-self/root/home/xedaptot/360.naniguide.com/api/users.php
<?php
header("Access-Control-Allow-Origin: *");
header("Content-Type: application/json; charset=UTF-8");
header("Access-Control-Allow-Methods: GET");
header("Access-Control-Max-Age: 3600");
header("Access-Control-Allow-Headers: Content-Type, Access-Control-Allow-Headers, Authorization, X-Requested-With");
error_reporting(E_ALL & ~E_WARNING & ~E_NOTICE & ~E_DEPRECATED);
ob_start();
session_start();
require_once("../db/connection.php");
require_once("../backend/functions.php");
require_once("api_functions.php");
require_once("vendor/autoload.php");

register_shutdown_function("fatal_handler");

$method = $_SERVER["REQUEST_METHOD"];
if($method!='GET') {
    ob_end_clean();
    http_response_code(405);
    echo json_encode(array("message"=>"invalid method $method"));
    exit;
}

if(!empty($_GET)) {
    $params = $_GET;
} else {
    $content = trim(file_get_contents("php://input"));
    $params = json_decode($content, true);
}

$mandatory_params = ['token'];
check_api_missing_params($params,$mandatory_params);
$payload = validate_token($params['token']);
$id_user = $payload['id_user'];

$user_api_info = get_user_info($id_user);
$user_api_role = $user_api_info['role'];
$demo = check_if_demo($id_user);
$saas = check_if_saas();

if($user_api_role!='administrator' || $demo || !$saas) {
    ob_end_clean();
    http_response_code(403);
    echo json_encode(array("message"=>"unauthorized"));
    exit;
}

if (is_ssl()) { $protocol = 'https'; } else { $protocol = 'http'; }
$base_url = $protocol ."://". $_SERVER['SERVER_NAME'] . str_replace("api/user.php","",$_SERVER['SCRIPT_NAME']);

get_users_api($params);
exit;

function get_users_api($params) {
    global $mysqli,$base_url;
    $users = array();
    if(isset($params['limit']) && $params['limit']!='') {
        $limit = (int)$params['limit'];
    } else {
        $limit = 99999;
    }
    if(isset($params['offset']) && $params['offset']!='') {
        $offset = (int)$params['offset'];
    } else {
        $offset = 0;
    }
    $query = "SELECT u.*,COALESCE(p.name, '--') as plan_name,(SELECT COUNT(*) FROM svt_virtualtours WHERE id_user=u.id) as count_vt FROM svt_users as u LEFT JOIN svt_plans as p ON p.id = u.id_plan LIMIT $offset,$limit;";
    $result = $mysqli->query($query);
    if($result) {
        if($result->num_rows>0) {
            while($row=$result->fetch_array(MYSQLI_ASSOC)) {
                unset($row['password']);
                unset($row['forgot_code']);
                unset($row['hash']);
                unset($row['id_customer_stripe']);
                unset($row['id_customer_2checkout']);
                unset($row['id_subscription_stripe']);
                unset($row['id_subscription_paypal']);
                unset($row['id_subscription_2checkout']);
                unset($row['status_subscription_stripe']);
                unset($row['status_subscription_paypal']);
                unset($row['status_subscription_2checkout']);
                unset($row['storage_space']);
                unset($row['google_identifier']);
                unset($row['facebook_identifier']);
                unset($row['twitter_identifier']);
                unset($row['wechat_identifier']);
                unset($row['qq_identifier']);
                unset($row['2fa_secretkey']);
                unset($row['max_storage_space']);
                if(!empty($row['avatar'])) {
                    $row['avatar'] = $base_url."backend/".$row['avatar'];
                }
                $users[] = $row;
            }
            ob_end_clean();
            http_response_code(200);
            echo json_encode(array("message"=>"ok","data"=>$users));
            exit;
        } else {
            ob_end_clean();
            http_response_code(404);
            echo json_encode(array("message"=>"no users found"));
            exit;
        }
    } else {
        ob_end_clean();
        http_response_code(500);
        echo json_encode(array("message"=>"error"));
        exit;
    }
}