. */ require_once(dirname(__DIR__) . "/auth.php"); // sets $mysqli, $user /** * Exit with xml response * @param boolean $isError Error if true * @param string $errorMessage Optional error message */ function exitWithStatus($isError, $errorMessage = NULL) { header("Content-type: text/xml"); $xml = new XMLWriter(); $xml->openURI("php://output"); $xml->startDocument("1.0"); $xml->setIndent(true); $xml->startElement('root'); $xml->writeElement("error", (int) $isError); if ($isError) { $xml->writeElement("message", $errorMessage); } $xml->endElement(); $xml->endDocument(); $xml->flush(); exit; } $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : NULL; $login = isset($_REQUEST['login']) ? trim($_REQUEST['login']) : NULL; $hash = isset($_REQUEST['pass']) ? password_hash($_REQUEST['pass'], PASSWORD_DEFAULT) : NULL; if (!$user->isAdmin || empty($action) || empty($login) || $user->login == $login) { exitWithStatus(true, $lang["servererror"]); } $aUser = new uUser($login); switch ($action) { case 'add': if (empty($hash)) { exitWithStatus(true, $lang["servererror"]); } if ($aUser->isValid) { exitWithStatus(true, $lang["userexists"]); } if ($aUser->add($login, $hash) === false) { exitWithStatus(true, $mysqli->error); } break; case 'update': // update password if (empty($hash)) { exitWithStatus(true, $lang["servererror"]); } if ($aUser->setPass($hash) === false) { exitWithStatus(true, $mysqli->error); } break; case 'delete': if ($aUser->delete() === false) { exitWithStatus(true, $mysqli->error); } break; default: exitWithStatus(true, $lang["servererror"]); break; } exitWithStatus(false); ?>