Mercurial > bms / file revision

<?php

require($_SERVER['DOCUMENT_ROOT']."/config.php");
require($_SERVER['DOCUMENT_ROOT']."/version.php");

#Connect to the database
$connect = mysqli_connect(DBASE_HOST, DBASE_USER, DBASE_PASS, DBASE_NAME);
if (! $connect) {
	die('Connect Error (' . mysqli_connect_errno() . ') ' . mysqli_connect_error());
}
mysqli_set_charset($connect, "utf8" );

$escapers = array("\\", "/", "\"", "\n", "\r", "\t", "\x08", "\x0c");
$replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b");
$rescapers = array("'");
$rreplacements = array("\\'");
$disallowed = array('visibleindex','uniqueid','boundindex','uid');

// get data and store in a json array
$query = "SELECT * FROM profile_mash ORDER BY name";
if (isset($_GET['insert']) || isset($_GET['update'])) {
	if (isset($_GET['insert'])) {
		$sql  = "INSERT INTO";
	}
	if (isset($_GET['update'])) {
		$sql  = "UPDATE";
	}
	$sql .= " `profile_mash` SET name='" . mysqli_real_escape_string($connect, $_GET['name']);
	$sql .= "', notes='" . mysqli_real_escape_string($connect, $_GET['notes']);
	$array = $_GET['steps'];
	foreach($array as $key => $item){
		foreach ($disallowed as $disallowed_key) {
			unset($array[$key]["$disallowed_key"]);
		}
	}
	$sql .= "', steps='" . str_replace($rescapers,$rreplacements,json_encode($array));
	if (isset($_GET['insert'])) {
		$sql .= "';";
	}
	if (isset($_GET['update'])) {
		$sql .= "' WHERE record='" . $_GET['record'] . "';";
	}
	$result = mysqli_query($connect, $sql);
	if (! $result) {
		syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect));
	} else {
		if (isset($_GET['update'])) {
			syslog(LOG_NOTICE, "db_profile_mash: updated record ".$_GET['record']);
		} else {
			$lastid = mysqli_insert_id($connect);
			syslog(LOG_NOTICE, "db_profile_mash: inserted record ".$lastid);
		}
	}
	echo $result;

} else if (isset($_GET['delete'])) {
	// DELETE COMMAND
	$sql = "DELETE FROM `profile_mash` WHERE record='".$_GET['record']."';";
	$result = mysqli_query($connect, $sql);
	if (! $result) {
		syslog(LOG_NOTICE, "db_profile_mash: ".$sql." result: ".mysqli_error($connect));
	} else {
		syslog(LOG_NOTICE, "db_profile_mash: deleted record ".$_GET['record']);
	}
	echo $result;

} else {
	// SELECT COMMAND
	$result = mysqli_query($connect, $query) or die("SQL Error 1: " . mysqli_error($connect));
	$mashprofiles = '[';
	$comma = FALSE;
	while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
		// Manual encode to JSON.
		if ($comma) {
			$mashprofiles .= ',';
		}
		$comma = TRUE;
		$mashprofiles .= '{"record":' . $row['record'];
	        $mashprofiles .= ',"name":"'  . str_replace($escapers, $replacements, $row['name']);
		$mashprofiles .= '","notes":"' . str_replace($escapers, $replacements, $row['notes']);
		$mashprofiles .= '","steps":' . $row['steps'];
		$mashprofiles .= '}';
	}
	$mashprofiles .= ']';
	header("Content-type: application/json");
	echo $mashprofiles;
}
?>