From 08cf2dac771863b44368a1a53fa311df1cef6589 Mon Sep 17 00:00:00 2001
From: fly <merspieler@airmail.cc>
Date: Wed, 3 Mar 2021 20:28:22 +0000
Subject: [PATCH] Added web API

Signed-off-by: fly <merspieler@airmail.cc>
---
 web/index.php | 214 ++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 214 insertions(+)
 create mode 100644 web/index.php

diff --git a/web/index.php b/web/index.php
new file mode 100644
index 0000000..4d39251
--- /dev/null
+++ b/web/index.php
@@ -0,0 +1,214 @@
+<?php
+include("config.php");
+$API_VERSION = 0.1;
+
+function quit()
+{
+	$ret = new stdClass;
+	$ret->success = False;
+	$ret->version = $GLOBALS["API_VERSION"];
+	echo(json_encode($ret));
+	exit();
+}
+
+$ret = new stdClass;
+$ret->success = True;
+$ret->version = $API_VERSION;
+
+// Make sure we've got at least auth and an action in the request
+if (isset($_POST['auth']) && $_POST['auth'] != "" && isset($_POST['action']) && $_POST['action'] != "")
+{
+	$auth = $_POST['auth'];
+	$action = $_POST['action'];
+}
+else
+{
+	quit();
+}
+
+// Connect to DB
+$con = new mysqli($SQL_SERVER, $SQL_USER, $SQL_PASSWORD, $SQL_DATABASE, $SQL_PORT);
+if ($con->connect_error)
+{
+	quit();
+}
+
+// Check auth
+$stmt = $con->prepare("SELECT id FROM auth WHERE token = ?");
+$stmt->bind_param("s", $auth);
+$stmt->execute();
+$result = $stmt->get_result();
+$res = $result->fetch_assoc();
+$stmt->close();
+if ($res == Null)
+{
+	quit();
+}
+
+// Setup helper functions
+function get_lock($con)
+{
+	$sql = "SELECT GET_LOCK('tile-status-lock', 10)";
+	$ret = $con->query($sql)->fetch_array()[0];
+	if ($ret == 0)
+	{
+		quit();
+	}
+}
+
+function rel_lock($con)
+{
+	$con->query("SELECT RELEASE_LOCK('tile-status-lock')");
+}
+
+function set_status($con, $name, $status, $type)
+{
+	get_lock($con);
+	if ($type == "area")
+	{
+		// Get parent ID
+		$sql = "SELECT id FROM secondLevel WHERE name = ?";
+		$stmt = $con->prepare($sql);
+		$stmt->bind_param("s", $name);
+		$stmt->execute();
+		$result = $stmt->get_result();
+		$stmt->close();
+		if ($result == False)
+		{
+			rel_lock($con);
+			quit();
+		}
+		$pid = $result->fetch_array()[0];
+
+		// Get status ID
+		$sql = "SELECT id FROM status WHERE name = ?";
+		$stmt = $con->prepare($sql);
+		$stmt->bind_param("s", $status);
+		$stmt->execute();
+		$result = $stmt->get_result();
+		$stmt->close();
+		if ($result == False)
+		{
+			rel_lock($con);
+			quit();
+		}
+		$sid = $result->fetch_array()[0];
+
+		// Update tiles in area
+		$sql = "UPDATE tile SET status_id = ? WHERE parent_id = ?";
+		$stmt = $con->prepare($sql);
+		$stmt->bind_param("ii", $sid, $pid);
+		$stmt->execute();
+		$stmt->close();
+	}
+	else
+	{
+		$sql = "UPDATE tile SET status_id = (SELECT id FROM status WHERE name = ?) WHERE id = ?";
+		$stmt = $con->prepare($sql);
+		$stmt->bind_param("si", $status, $name);
+		$stmt->execute();
+		$stmt->close();
+	}
+	rel_lock($con);
+}
+
+if ($action == "set")
+{
+	if (isset($_POST['tile']) && $_POST['tile'] != "")
+	{
+		set_status($con, $_POST['tile'], $_POST['status'], "tile");
+	}
+	else if (isset($_POST['area']) && $_POST['area'] != "")
+	{
+		set_status($con, $_POST['area'], $_POST['status'], "area");
+	}
+	else
+	{
+		quit();
+	}
+}
+else if ($action == "get-job")
+{
+	get_lock($con);
+	if (isset($_POST["additional-type"]) && $_POST["additional-type"] != "")
+	{
+		$sql = "SELECT id FROM tile WHERE status_id = (SELECT id FROM status WHERE name = 'pending') OR status_id = (SELECT id FROM status WHERE name = ?) ORDER BY parent_id LIMIT 1";
+		$stmt = $con->prepare($sql);
+		$stmt->bind_param("s", $_POST["additional-type"]);
+	}
+	else
+	{
+		$sql = "SELECT id FROM tile WHERE status_id = (SELECT id FROM status WHERE name = 'pending') ORDER BY parent_id LIMIT 1";
+		$stmt = $con->prepare($sql);
+	}
+	$stmt->execute();
+	$result = $stmt->get_result();
+	$stmt->close();
+	if ($result == False)
+	{
+		quit();
+	}
+	rel_lock($con);
+	$ret->job = $result->fetch_array()[0];
+	if ($ret->job == Null)
+	{
+		$ret->job = "None";
+	}
+	else
+	{
+		set_status($con, $ret->job, "started", "tile");
+	}
+}
+else if ($action == "get-done")
+{
+	$sql = "SELECT name FROM secondLevel WHERE status_id = (SELECT id FROM status WHERE name = 'done') LIMIT 1";
+	$ret->job = $con->query($sql)->fetch_array()[0];
+	if ($ret->job == Null)
+	{
+		$ret->job = "None";
+	}
+}
+else if ($action == "status")
+{
+	if (isset($_POST['tile']) && $_POST['tile'] != "")
+	{
+		$sql = "SELECT name FROM status WHERE id = (SELECT status_id FROM tile WHERE id = ?)";
+		$pattern = "i";
+		$req = $_POST['tile'];
+	}
+	else if (isset($_POST['area']) && $_POST['area'] != "")
+	{
+		$sql = "SELECT name FROM status WHERE id = (SELECT status_id FROM secondLevel WHERE name = ?)";
+		$pattern = "s";
+		$req = $_POST['area'];
+	}
+	else
+	{
+		quit();
+	}
+	$stmt = $con->prepare($sql);
+	$stmt->bind_param($pattern, $req);
+	$stmt->execute();
+	$result = $stmt->get_result();
+	if ($result == False)
+	{
+		quit();
+	}
+	$res = $result->fetch_assoc();
+	$stmt->close();
+	if ($res == Null)
+	{
+		quit();
+	}
+	$ret->status = $res["name"];
+}
+else
+{
+	quit();
+}
+
+// https://www.w3schools.com/php/php_mysql_prepared_statements.asp
+
+$con->close();
+echo(json_encode($ret));
+?>