false ]; $mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname); if ($mysqli->connect_errno) { setError($response, $mysqli->error); $action = null; } switch ($action) { // action: authorize case "auth": break; // action: adduser case "adduser": $login = isset($_REQUEST['login']) ? $_REQUEST['login'] : NULL; $hash = isset($_REQUEST['password']) ? password_hash($_REQUEST['password'], PASSWORD_DEFAULT) : NULL; if (!empty($login) && !empty($hash)) { $sql = "INSERT INTO users (login, password) VALUES (?, ?)"; $query = $mysqli->prepare($sql); $query->bind_param('ss', $login, $hash); $query->execute(); $userid = $mysqli->insert_id; $query->close(); if ($mysqli->errno) { setError($response, $mysqli->error); break; } // return user id $response['userid'] = $userid; } else { setError($response, "Empty login"); } break; // action: addtrack case "addtrack": $trackname = isset($_REQUEST['track']) ? $_REQUEST['track'] : NULL; if (empty($trackname)) { setError($response, "missing required parameter"); break; } $sql = "INSERT INTO tracks (user_id, name) VALUES (?, ?)"; $query = $mysqli->prepare($sql); $query->bind_param('is', $userid, $trackname); $query->execute(); $trackid = $mysqli->insert_id; $query->close(); if ($mysqli->errno) { setError($response, $mysqli->error); break; } // return track id $response['trackid'] = $trackid; break; // action: addposition case "addpos": $lat = isset($_REQUEST["lat"]) ? $_REQUEST["lat"] : NULL; $lon = isset($_REQUEST["lon"]) ? $_REQUEST["lon"] : NULL; $time = isset($_REQUEST["time"]) ? $_REQUEST["time"] : NULL; $altitude = isset($_REQUEST["altitude"]) ? $_REQUEST["altitude"] : NULL; $speed = isset($_REQUEST["speed"]) ? $_REQUEST["speed"] : NULL; $bearing = isset($_REQUEST["bearing"]) ? $_REQUEST["bearing"] : NULL; $accuracy = isset($_REQUEST["accuracy"]) ? $_REQUEST["accuracy"] : NULL; $provider = isset($_REQUEST["provider"]) ? $_REQUEST["provider"] : NULL; $comment = isset($_REQUEST["comment"]) ? $_REQUEST["comment"] : NULL; $imageid = isset($_REQUEST["imageid"]) ? $_REQUEST["imageid"] : NULL; $trackid = isset($_REQUEST["trackid"]) ? $_REQUEST["trackid"] : NULL; if (is_null($lat) || is_null($lon) || is_null($time) || is_null($trackid)) { setError($response, "missing required parameter"); break; } $sql = "INSERT INTO positions " ."(user_id, track_id," ."time, latitude, longitude, altitude, speed, bearing, accuracy, provider, comment, image_id)" ."VALUES (?,?,FROM_UNIXTIME(?),?,?,?,?,?,?,?,?,?)"; $query = $mysqli->prepare($sql); $query->bind_param('iisddddddssi', $userid, $trackid, $time, $lat, $lon, $altitude, $speed, $bearing, $accuracy, $provider, $comment, $imageid); $query->execute(); $query->close(); if ($mysqli->errno) { setError($response, $mysqli->error); } break; } $mysqli->close(); header('Content-Type: application/json'); echo json_encode($response); exit(); ?>