ulogger-server/client/index.php

<?php
/* μlogger
 *
 * Copyright(C) 2017 Bartek Fabiszewski (www.fabiszewski.net)
 *
 * This is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Library General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful, but
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU Library General Public
 * License along with this program; if not, write to the Free Software
 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */

function setError(&$response, $message) {
  $response['error'] = true; 
  $response['message'] = $message;
}

define("headless", true); 
require_once("../auth.php"); // sets $mysqli, $user
$userid = $user->id;

$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : null;
$response = [ 'error' => false ];

switch ($action) {
  // action: authorize
  case "auth":
    break;

  // action: adduser (currently unused)
  case "adduser":
    $login = isset($_REQUEST['login']) ? $_REQUEST['login'] : NULL;
    $hash = isset($_REQUEST['password']) ? password_hash($_REQUEST['password'], PASSWORD_DEFAULT) : NULL;
    if (!empty($login) && !empty($hash)) {
      $newUser = new uUser();
      $newId = $newUser->add($login, $hash);
      if ($newId !== false) {
        // return user id
        $response['userid'] = $newId;
      } else {
        setError($response, "Server error");
      }
    } else {
      setError($response, "Empty login or password");
    }
    break;

  // action: addtrack
  case "addtrack":
    $trackname = isset($_REQUEST['track']) ? $_REQUEST['track'] : NULL;
    if (empty($trackname)) {
      setError($response, "missing required parameter");
      break;
    }
    $sql = "INSERT INTO tracks (user_id, name) VALUES (?, ?)";
    $query = $mysqli->prepare($sql);
    $query->bind_param('is', $userid, $trackname);
    $query->execute();
    $trackid = $mysqli->insert_id;
    $query->close();
    if ($mysqli->errno) {
      setError($response, $mysqli->error);
      break;
    }
    // return track id
    $response['trackid'] = $trackid;
    break;

  // action: addposition
  case "addpos":
    $lat = isset($_REQUEST["lat"]) ? $_REQUEST["lat"] : NULL;
    $lon = isset($_REQUEST["lon"]) ? $_REQUEST["lon"] : NULL;
    $time = isset($_REQUEST["time"]) ? $_REQUEST["time"] : NULL;
    $altitude = isset($_REQUEST["altitude"]) ? $_REQUEST["altitude"] : NULL;
    $speed = isset($_REQUEST["speed"]) ? $_REQUEST["speed"] : NULL;
    $bearing = isset($_REQUEST["bearing"]) ? $_REQUEST["bearing"] : NULL;
    $accuracy = isset($_REQUEST["accuracy"]) ? $_REQUEST["accuracy"] : NULL;
    $provider = isset($_REQUEST["provider"]) ? $_REQUEST["provider"] : NULL;
    $comment = isset($_REQUEST["comment"]) ? $_REQUEST["comment"] : NULL;
    $imageid = isset($_REQUEST["imageid"]) ? $_REQUEST["imageid"] : NULL;
    $trackid = isset($_REQUEST["trackid"]) ? $_REQUEST["trackid"] : NULL;

    if (is_null($lat) || is_null($lon) || is_null($time) || is_null($trackid)) {
      setError($response, "missing required parameter");
      break;
    }

    $sql = "INSERT INTO positions "
        ."(user_id, track_id,"
        ."time, latitude, longitude, altitude, speed, bearing, accuracy, provider, comment, image_id)"
        ."VALUES (?,?,FROM_UNIXTIME(?),?,?,?,?,?,?,?,?,?)";

    $query = $mysqli->prepare($sql);
    $query->bind_param('iisddddddssi',
            $userid, $trackid,
            $time, $lat, $lon, $altitude, $speed, $bearing, $accuracy, $provider, $comment, $imageid);
    $query->execute();
    $query->close();
    if ($mysqli->errno) {
      setError($response, $mysqli->error);
    }
    break;

}

$mysqli->close();

header('Content-Type: application/json');
echo json_encode($response);
exit();
?>