35 lines
890 B
PHP
35 lines
890 B
PHP
<?php
|
|
include_once($_SERVER['DOCUMENT_ROOT'] . '/db_config.php');
|
|
|
|
$token = get_bearer_token();
|
|
if (is_null($token)) {
|
|
header('Content-Type: application/json');
|
|
http_response_code(412);
|
|
echo '{"error":true,"message":"No token provided"}';
|
|
return;
|
|
}
|
|
|
|
$token = $mysqli->real_escape_string($token);
|
|
|
|
$stmt = $mysqli->prepare("SELECT id FROM users WHERE token = ?");
|
|
$stmt->bind_param('s', $token);
|
|
$stmt->execute();
|
|
$result = $stmt->get_result();
|
|
|
|
$row = $result->fetch_assoc();
|
|
if (!is_null($row)) {
|
|
$user_id = $row['id'];
|
|
$stmt->close();
|
|
$stmt = $mysqli->prepare("SELECT * FROM tunnels WHERE user = ?");
|
|
$stmt->bind_param('i', $user_id);
|
|
} else {
|
|
// return No user found
|
|
header('Content-Type: application/json');
|
|
http_response_code(403);
|
|
echo '{"error":true,"message":"Unauthorized"}';
|
|
$stmt->close();
|
|
$mysqli->close();
|
|
return;
|
|
}
|
|
|