Mercurial > bms / file revision

<?php

require($_SERVER['DOCUMENT_ROOT']."/config.php");
require($_SERVER['DOCUMENT_ROOT']."/version.php");

#Connect to the database
$connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME);
if (! $connect) {
	die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
mysqli_set_charset($connect, "utf8" );

$rescapers = array("'");
$rreplacements = array("\\'");

$response = array(
   'error' => false,
   'msg' => 'Ok',
);

if (isset($_POST['insert']) || isset($_POST['update'])) {
	if (isset($_POST['insert'])) {
		$sql  = "INSERT INTO";
	}
	if (isset($_POST['update'])) {
		$sql  = "UPDATE";
	}
	$sql .= " `profile_mash` SET ";
	if (isset($_POST['uuid']) && (strlen($_POST['uuid']) == 36)) {
                $sql .= "uuid='" . $_POST['uuid'];
        } else {
                $uuid = str_replace("\n", "", file_get_contents('/proc/sys/kernel/random/uuid'));
                $sql .= "uuid='" . $uuid;
        }
	$sql .= "', name='" . mysqli_real_escape_string($connect, $_POST['name']);
	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_POST['notes']);
	$array = $_POST['steps'];
	$comma = FALSE;
	$steps = '[';
	foreach($array as $key => $item) {
		/*
		 * Manual encode to json. This eliminates the wrong UTF-8 encodings
		 * but also removes the unwanted fields.
		 */
		if ($comma)
			$steps.= ',';
		$steps .= '{"step_name":"' . str_replace($rescapers,$rreplacements,$item['step_name']);
		$steps .= '","step_type":' . $item['step_type'];
		$steps .= ',"step_temp":' . $item['step_temp'];
		$steps .= ',"end_temp":' . $item['end_temp'];
		$steps .= ',"step_time":' . $item['step_time'];
		$steps .= ',"ramp_time":' . $item['ramp_time'] . '}';
		$comma = TRUE;
	}
	$steps .= ']';
	$sql .= "', steps='" . $steps;
	if (isset($_POST['insert'])) {
		$sql .= "';";
	}
	if (isset($_POST['update'])) {
		$sql .= "' WHERE record='" . $_POST['record'] . "';";
	}
	$result = mysqli_query($connect, $sql);
	if (! $result) {
		syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect));
                $response['error'] = true;
                $response['msg'] = "SQL fout: ".mysqli_error($connect);
        }
	exit(json_encode($response));

} else if (isset($_POST['delete'])) {
	// DELETE COMMAND
	$sql = "DELETE FROM `profile_mash` WHERE record='".$_POST['record']."';";
	$result = mysqli_query($connect, $sql);
	if (! $result) {
		syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect));
                $response['error'] = true;
                $response['msg'] = "SQL fout: ".mysqli_error($connect);
        }
        exit(json_encode($response));

} else {
	// SELECT COMMAND
	$query = "SELECT record,JSON_QUOTE(name),JSON_QUOTE(notes),steps,JSON_QUOTE(uuid) FROM profile_mash ORDER BY name";
	$result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect));
	$mashprofiles = '[';
	$comma = FALSE;
	while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
		// Manual encode to JSON.
		if ($comma) {
			$mashprofiles .= ',';
		}
		$comma = TRUE;
		$mashprofile  = '{"record":' . $row['record'];
		$mashprofile .= ',"name":'  . $row['JSON_QUOTE(name)'];
		$mashprofile .= ',"notes":' . $row['JSON_QUOTE(notes)'];
		$mashprofile .= ',"steps":' . $row['steps'];
	        $mashprofile .= ',"uuid":'  . $row['JSON_QUOTE(uuid)'] . '}';
		$mashprofiles .= $mashprofile;
	}
	$mashprofiles .= ']';
	header("Content-type: application/json");
	exit($mashprofiles);
}

syslog(LOG_NOTICE, "db_profile_mash: missing arguments");
$response['error'] = true;
$response['msg'] = "missing arguments";
echo json_encode($response);

?>