diff -r fda7286871f2 -r 318aab371497 www/includes/db_profile_fermentation.php --- a/www/includes/db_profile_fermentation.php Sun Jan 27 17:39:53 2019 +0100 +++ b/www/includes/db_profile_fermentation.php Sun Jan 27 20:40:24 2019 +0100 @@ -14,55 +14,61 @@ $replacements = array("\\\\", "\\/", "\\\"", "\\n", "\\r", "\\t", "\\f", "\\b"); $rescapers = array("'"); $rreplacements = array("\\'"); -$disallowed = array('visibleindex','uniqueid','boundindex','uid','undefined'); -if (isset($_GET['insert']) || isset($_GET['update'])) { - if (isset($_GET['insert'])) { +if (isset($_POST['insert']) || isset($_POST['update'])) { + if (isset($_POST['insert'])) { $sql = "INSERT INTO `profile_fermentation` SET "; } - if (isset($_GET['update'])) { + if (isset($_POST['update'])) { $sql = "UPDATE `profile_fermentation` SET "; } - if (isset($_GET['uuid']) && (strlen($_GET['uuid']) == 36)) { - $sql .= "uuid='" . $_GET['uuid']; + if (isset($_POST['uuid']) && (strlen($_POST['uuid']) == 36)) { + $sql .= "uuid='" . $_POST['uuid']; } else { $uuid = str_replace("\n", "", file_get_contents('/proc/sys/kernel/random/uuid')); $sql .= "uuid='" . $uuid; } - $sql .= "', name='" . mysqli_real_escape_string($connect, $_GET['name']); - $sql .= "', inittemp_lo='" . floatval($_GET['inittemp_lo']); - $sql .= "', inittemp_hi='" . floatval($_GET['inittemp_hi']); - ($_GET['fridgemode'] == 'true') ? $sql .= "', fridgemode='1" : $sql .= "', fridgemode='0"; - $array = $_GET['steps']; + $sql .= "', name='" . mysqli_real_escape_string($connect, $_POST['name']); + $sql .= "', inittemp_lo='" . floatval($_POST['inittemp_lo']); + $sql .= "', inittemp_hi='" . floatval($_POST['inittemp_hi']); + ($_POST['fridgemode'] == 'true') ? $sql .= "', fridgemode='1" : $sql .= "', fridgemode='0"; + $array = $_POST['steps']; // Don't believe given duration and number of steps, recalculate. $duration = 0; $totalsteps = 0; + $steps = '['; foreach($array as $key => $item) { + if ($totalsteps > 0) + $steps.= ','; $totalsteps++; $duration += $item['steptime'] + $item['resttime']; - foreach ($disallowed as $disallowed_key) { - unset($array[$key]["$disallowed_key"]); - } + $steps .= '{"name":"' . str_replace($rescapers,$rreplacements,$item['name']); + $steps .= '","steptime":' . $item['steptime']; + $steps .= ',"resttime":' . $item['resttime']; + $steps .= ',"target_lo":' . $item['target_lo']; + $steps .= ',"target_hi":' . $item['target_hi']; + $steps .= ',"fridgemode":' . $item['fridgemode'] . '}'; } + $steps .= ']'; $sql .= "', totalsteps='" . $totalsteps; $sql .= "', duration='" . $duration; -// syslog(LOG_NOTICE, "steps=: ". str_replace($rescapers,$rreplacements,json_encode($array))); + syslog(LOG_NOTICE, $steps); $sql .= "', steps='" . str_replace($rescapers,$rreplacements,json_encode($array)); - if (isset($_GET['insert'])) { + if (isset($_POST['insert'])) { $sql .= "';"; } - if (isset($_GET['update'])) { - $sql .= "' WHERE record='" . $_GET['record'] . "';"; + if (isset($_POST['update'])) { + $sql .= "' WHERE record='" . $_POST['record'] . "';"; } syslog(LOG_NOTICE, $sql); $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_profile_fermentation: ".$sql." result: ".mysqli_error($connect)); } else { - if (isset($_GET['update'])) { - syslog(LOG_NOTICE, "db_profile_fermentation: updated record ".$_GET['record']); + if (isset($_POST['update'])) { + syslog(LOG_NOTICE, "db_profile_fermentation: updated record ".$_POST['record']); } else { $lastid = mysqli_insert_id($connect); syslog(LOG_NOTICE, "db_profile_fermentation: inserted record ".$lastid); @@ -70,14 +76,14 @@ } echo $result; -} else if (isset($_GET['delete'])) { +} else if (isset($_POST['delete'])) { // DELETE COMMAND - $sql = "DELETE FROM `profile_fermentation` WHERE record='".$_GET['record']."';"; + $sql = "DELETE FROM `profile_fermentation` WHERE record='".$_POST['record']."';"; $result = mysqli_query($connect, $sql); if (! $result) { syslog(LOG_NOTICE, "db_profile_fermentation: ".$sql." result: ".mysqli_error($connect)); } else { - syslog(LOG_NOTICE, "db_profile_fermentation: deleted record ".$_GET['record']); + syslog(LOG_NOTICE, "db_profile_fermentation: deleted record ".$_POST['record']); } echo $result; @@ -105,7 +111,7 @@ $profiles .= '}'; } $profiles .= ']'; - syslog(LOG_NOTICE, $profiles); +// syslog(LOG_NOTICE, $profiles); header("Content-type: application/json"); echo $profiles; }