-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathareas.php
More file actions
118 lines (96 loc) · 2.76 KB
/
areas.php
File metadata and controls
118 lines (96 loc) · 2.76 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
<?php
include("db.php");
include("helpers.php");
// Get the server secret key
if(isset($_COOKIE['server_secret_key']) && isset($_COOKIE['server_id'])){
$server_secret = $_COOKIE['server_secret_key'];
$server_id = $_COOKIE['server_id'];
} else {
$data["unauthorized"] = "true";
http_response_code(401);
echo json_encode($data);
exit();
}
if(!isServerValidated($conn, $server_id, $server_secret)){
$data["unauthorized"] = "true";
http_response_code(401);
echo json_encode($data);
exit();
}
if($_SERVER['REQUEST_METHOD'] === 'POST'){
$input = file_get_contents("php://input");
$json = json_decode($input, true);
if(isset($json['uuid']) && isset($json['polygon']) && isset($json['area_name'])){
$uuid = $json['uuid'];
$polygon = $json['polygon'];
$area_name = $json['area_name'];
} else {
http_response_code(400);
exit();
}
$user_id = getUserId($conn, $uuid);
if($user_id == -1){
$data["error"] = "User does not exist";
http_response_code(400);
echo json_encode($data);
exit();
}
// Insert the area
$sql = "INSERT INTO areas (user_id, server_id, polygon, area_name) VALUES (?, ?, ?, ?)";
$stmt = $conn->stmt_init();
$stmt->prepare($sql);
$stmt->bind_param("iiss", $user_id, $server_id, $polygon, $area_name);
$stmt->execute();
$data["area_id"] = $stmt->insert_id;
echo json_encode($data);
exit();
} else if ($_SERVER['REQUEST_METHOD'] === 'GET'){
if(isset($_GET['uuid'])){
$uuid = $_GET['uuid'];
} else {
http_response_code(400);
exit();
}
$user_id = getUserId($conn, $uuid);
if($user_id == -1){
$data["error"] = "User does not exist";
http_response_code(400);
echo json_encode($data);
exit();
}
// Check that the server secret key matches the server id's secret key
$sql = "SELECT area_id, polygon, area_name FROM areas WHERE user_id = ? AND server_id = ? AND deleted_on IS NULL";
$stmt = $conn->stmt_init();
$stmt->prepare($sql);
$stmt->bind_param("ii", $user_id, $server_id);
$stmt->execute();
$result = $stmt->get_result();
$data["areas"] = array();
if($result->num_rows > 0){
while($row = $result->fetch_assoc()){
$newRow["area_id"] = $row["area_id"];
$newRow["polygon"] = $row["polygon"];
$newRow["area_name"] = $row["area_name"];
array_push($data["areas"], $newRow);
}
}
echo json_encode($data);
exit();
} else if($_SERVER['REQUEST_METHOD'] === 'DELETE') {
$input = file_get_contents("php://input");
$json = json_decode($input, true);
if(isset($json['area_id'])){
$area_id = $json['area_id'];
} else {
http_response_code(400);
exit();
}
// Insert the area
$sql = "UPDATE areas SET deleted_on = ? WHERE area_id = ?";
$now = date("Y-m-d H:i:s");
$stmt = $conn->stmt_init();
$stmt->prepare($sql);
$stmt->bind_param("si", $now, $area_id);
$stmt->execute();
exit();
}