success = False; $ret->version = $GLOBALS["API_VERSION"]; echo(json_encode($ret)); exit(); } $ret = new stdClass; $ret->success = True; $ret->version = $API_VERSION; // Make sure we've got at least auth and an action in the request if (isset($_POST['auth']) && $_POST['auth'] != "" && isset($_POST['action']) && $_POST['action'] != "") { $auth = $_POST['auth']; $action = $_POST['action']; } else { quit(); } // Connect to DB $con = new mysqli($SQL_SERVER, $SQL_USER, $SQL_PASSWORD, $SQL_DATABASE, $SQL_PORT); if ($con->connect_error) { quit(); } // Check auth $stmt = $con->prepare("SELECT id FROM auth WHERE token = ?"); $stmt->bind_param("s", $auth); $stmt->execute(); $result = $stmt->get_result(); $res = $result->fetch_assoc(); $stmt->close(); if ($res == Null) { quit(); } // Setup helper functions function get_lock($con) { $sql = "SELECT GET_LOCK('tile-status-lock', 10)"; $ret = $con->query($sql)->fetch_array()[0]; if ($ret == 0) { quit(); } } function rel_lock($con) { $con->query("SELECT RELEASE_LOCK('tile-status-lock')"); } function set_status($con, $name, $status, $type) { if ($type == "area") { // Get parent ID $sql = "SELECT id FROM secondLevel WHERE name = ?"; $stmt = $con->prepare($sql); $stmt->bind_param("s", $name); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); if ($result == False) { rel_lock($con); quit(); } $pid = $result->fetch_array()[0]; // Get status ID $sql = "SELECT id FROM status WHERE name = ?"; $stmt = $con->prepare($sql); $stmt->bind_param("s", $status); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); if ($result == False) { rel_lock($con); quit(); } $sid = $result->fetch_array()[0]; // Update tiles in area $sql = "UPDATE tile SET status_id = ? WHERE parent_id = ?"; $stmt = $con->prepare($sql); $stmt->bind_param("ii", $sid, $pid); $stmt->execute(); $stmt->close(); } else { $sql = "UPDATE tile SET status_id = (SELECT id FROM status WHERE name = ?) WHERE id = ?"; $stmt = $con->prepare($sql); $stmt->bind_param("si", $status, $name); $stmt->execute(); $stmt->close(); } } if ($action == "set") { if (isset($_POST['tile']) && $_POST['tile'] != "") { get_lock($con); set_status($con, $_POST['tile'], $_POST['status'], "tile"); rel_lock($con); } else if (isset($_POST['area']) && $_POST['area'] != "") { get_lock($con); set_status($con, $_POST['area'], $_POST['status'], "area"); rel_lock($con); } else { quit(); } } else if ($action == "get-job" && isset($_POST["status"]) && $_POST["status"] != "" && isset($_POST["new-status"]) && $_POST["new-status"] != "") { get_lock($con); $sql = "SELECT id FROM tile WHERE status_id = (SELECT id FROM status WHERE name = ?) ORDER BY parent_id LIMIT 1"; $stmt = $con->prepare($sql); $stmt->bind_param("s", $_POST["status"]); $stmt->execute(); $result = $stmt->get_result(); $stmt->close(); if ($result == False) { quit(); } $ret->job = $result->fetch_array()[0]; if ($ret->job == Null) { $ret->job = "None"; } else { set_status($con, $ret->job, $_POST["new-status"], "tile"); } rel_lock($con); } else if ($action == "status") { if (isset($_POST['tile']) && $_POST['tile'] != "") { $sql = "SELECT name FROM status WHERE id = (SELECT status_id FROM tile WHERE id = ?)"; $pattern = "i"; $req = $_POST['tile']; } else if (isset($_POST['area']) && $_POST['area'] != "") { $sql = "SELECT name FROM status WHERE id = (SELECT status_id FROM secondLevel WHERE name = ?)"; $pattern = "s"; $req = $_POST['area']; } else { quit(); } $stmt = $con->prepare($sql); $stmt->bind_param($pattern, $req); $stmt->execute(); $result = $stmt->get_result(); if ($result == False) { quit(); } $res = $result->fetch_assoc(); $stmt->close(); if ($res == Null) { quit(); } $ret->status = $res["name"]; } else { quit(); } // https://www.w3schools.com/php/php_mysql_prepared_statements.asp $con->close(); echo(json_encode($ret)); ?>