130 lines
4.2 KiB
PHP
130 lines
4.2 KiB
PHP
|
<?php
|
||
|
|
/* μlogger
|
||
|
|
*
|
||
|
|
* Copyright(C) 2017 Bartek Fabiszewski (www.fabiszewski.net)
|
||
|
|
*
|
||
|
|
* This is free software; you can redistribute it and/or modify it under
|
||
|
|
* the terms of the GNU Library General Public License as published by
|
||
|
|
* the Free Software Foundation; either version 2 of the License, or
|
||
|
|
* (at your option) any later version.
|
||
|
|
*
|
||
|
|
* This program is distributed in the hope that it will be useful, but
|
||
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||
|
|
* General Public License for more details.
|
||
|
|
*
|
||
|
|
* You should have received a copy of the GNU Library General Public
|
||
|
|
* License along with this program; if not, write to the Free Software
|
||
|
|
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
||
|
|
*/
|
||
|
|
|
||
|
|
function setError(&$response, $message) {
|
||
|
|
$response['error'] = true;
|
||
|
|
$response['message'] = $message;
|
||
|
|
}
|
||
|
|
|
||
|
|
define("headless", true);
|
||
|
|
require_once("../auth.php");
|
||
|
|
|
||
|
|
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
|
||
|
|
$userid = $_SESSION['auth'];
|
||
|
|
|
||
|
|
$response = [ 'error' => false ];
|
||
|
|
|
||
|
|
$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
|
||
|
|
if ($mysqli->connect_errno) {
|
||
|
|
setError($response, $mysqli->error);
|
||
|
|
$action = null;
|
||
|
|
}
|
||
|
|
|
||
|
|
switch ($action) {
|
||
|
|
// action: authorize
|
||
|
|
case "auth":
|
||
|
|
break;
|
||
|
|
|
||
|
|
// action: adduser
|
||
|
|
case "adduser":
|
||
|
|
$login = isset($_REQUEST['login']) ? $_REQUEST['login'] : NULL;
|
||
|
|
$hash = isset($_REQUEST['password']) ? password_hash($_REQUEST['password'], PASSWORD_DEFAULT) : NULL;
|
||
|
|
if (!empty($login) && !empty($hash)) {
|
||
|
|
$sql = "INSERT INTO users (login, password) VALUES (?, ?)";
|
||
|
|
$query = $mysqli->prepare($sql);
|
||
|
|
$query->bind_param('ss', $login, $hash);
|
||
|
|
$query->execute();
|
||
|
|
$userid = $mysqli->insert_id;
|
||
|
|
$query->close();
|
||
|
|
if ($mysqli->errno) {
|
||
|
|
setError($response, $mysqli->error);
|
||
|
|
break;
|
||
|
|
}
|
||
|
|
// return user id
|
||
|
|
$response['userid'] = $userid;
|
||
|
|
} else {
|
||
|
|
setError($response, "Empty login");
|
||
|
|
}
|
||
|
|
break;
|
||
|
|
|
||
|
|
// action: addtrack
|
||
|
|
case "addtrack":
|
||
|
|
$trackname = isset($_REQUEST['track']) ? $_REQUEST['track'] : NULL;
|
||
|
|
if (empty($trackname)) {
|
||
|
|
setError($response, "missing required parameter");
|
||
|
|
break;
|
||
|
|
}
|
||
|
|
$sql = "INSERT INTO tracks (user_id, name) VALUES (?, ?)";
|
||
|
|
$query = $mysqli->prepare($sql);
|
||
|
|
$query->bind_param('is', $userid, $trackname);
|
||
|
|
$query->execute();
|
||
|
|
$trackid = $mysqli->insert_id;
|
||
|
|
$query->close();
|
||
|
|
if ($mysqli->errno) {
|
||
|
|
setError($response, $mysqli->error);
|
||
|
|
break;
|
||
|
|
}
|
||
|
|
// return track id
|
||
|
|
$response['trackid'] = $trackid;
|
||
|
|
break;
|
||
|
|
|
||
|
|
// action: addposition
|
||
|
|
case "addpos":
|
||
|
|
$lat = isset($_REQUEST["lat"]) ? $_REQUEST["lat"] : NULL;
|
||
|
|
$lon = isset($_REQUEST["lon"]) ? $_REQUEST["lon"] : NULL;
|
||
|
|
$time = isset($_REQUEST["time"]) ? $_REQUEST["time"] : NULL;
|
||
|
|
$altitude = isset($_REQUEST["altitude"]) ? $_REQUEST["altitude"] : NULL;
|
||
|
|
$speed = isset($_REQUEST["speed"]) ? $_REQUEST["speed"] : NULL;
|
||
|
|
$bearing = isset($_REQUEST["bearing"]) ? $_REQUEST["bearing"] : NULL;
|
||
|
|
$accuracy = isset($_REQUEST["accuracy"]) ? $_REQUEST["accuracy"] : NULL;
|
||
|
|
$provider = isset($_REQUEST["provider"]) ? $_REQUEST["provider"] : NULL;
|
||
|
|
$comment = isset($_REQUEST["comment"]) ? $_REQUEST["comment"] : NULL;
|
||
|
|
$imageid = isset($_REQUEST["imageid"]) ? $_REQUEST["imageid"] : NULL;
|
||
|
|
$trackid = isset($_REQUEST["trackid"]) ? $_REQUEST["trackid"] : NULL;
|
||
|
|
|
||
|
|
if (is_null($lat) || is_null($lon) || is_null($time) || is_null($trackid)) {
|
||
|
|
setError($response, "missing required parameter");
|
||
|
|
break;
|
||
|
|
}
|
||
|
|
|
||
|
|
$sql = "INSERT INTO positions "
|
||
|
|
."(user_id, track_id,"
|
||
|
|
."time, latitude, longitude, altitude, speed, bearing, accuracy, provider, comment, image_id)"
|
||
|
|
."VALUES (?,?,FROM_UNIXTIME(?),?,?,?,?,?,?,?,?,?)";
|
||
|
|
|
||
|
|
$query = $mysqli->prepare($sql);
|
||
|
|
$query->bind_param('iisddddddssi',
|
||
|
|
$userid, $trackid,
|
||
|
|
$time, $lat, $lon, $altitude, $speed, $bearing, $accuracy, $provider, $comment, $imageid);
|
||
|
|
$query->execute();
|
||
|
|
$query->close();
|
||
|
|
if ($mysqli->errno) {
|
||
|
|
setError($response, $mysqli->error);
|
||
|
|
}
|
||
|
|
break;
|
||
|
|
|
||
|
|
}
|
||
|
|
|
||
|
|
$mysqli->close();
|
||
|
|
|
||
|
|
header('Content-Type: application/json');
|
||
|
|
echo json_encode($response);
|
||
|
|
exit();
|
||
|
|
?>
|