<?php
ini_set("log_errors", 1);
ini_set("error_log", "/tmp/php-error.log");

header('Access-Control-Allow-Origin: *');

$path = '/var/www/uploads/servicesignatures/';

if( isset($_REQUEST['apiKey']) && isset($_REQUEST['service_id']) ){
	$apiKey = urldecode($_REQUEST['apiKey']);
	$service_id = urldecode($_REQUEST['service_id']);

	$host		=	'127.0.0.1';
	$user		=	'';
	$pass		=	'';
	$database	=	'';
	// connect to the mysql database server.
	$connect = mysqli_connect ( $host, $user, $pass ) ;
	if ( ! $connect )
	{
		trigger_error ( mysqli_error(), E_USER_ERROR );
	}
	mysqli_select_db ( $connect,$database);

	// Is there a record that matches this api_key?
	$query='SELECT user_id FROM devices WHERE api_key="' . mysqli_real_escape_string($connect, $apiKey) . '"';
	$result = mysqli_query ( $connect, $query );
	if ( ! $result )
	{
		echo '{ "message": "Database error", "data": {}}';
		exit();
	}
	if(mysqli_num_rows($result)>0)
	{

		// Update last active
		$query='UPDATE devices SET last_active = "'.date('Y-m-d').'" WHERE api_key="' . mysqli_real_escape_string($connect, $apiKey) . '"';
		$result2 = mysqli_query ( $connect, $query );


		$row = mysqli_fetch_assoc($result);
		$user_id = $row["user_id"];

		// Is this a Matrix employee?
		$query='SELECT user_type FROM users WHERE user_id="' . mysqli_real_escape_string($connect, $user_id) . '"';
		$result = mysqli_query ( $connect, $query );
		if ( ! $result )
		{
			echo '{ "message": "Database error", "data": {}}';
			exit();
		}
		if(mysqli_num_rows($result)>0)
		{
			$row = mysqli_fetch_assoc($result);
			$user_type = $row["user_type"];

			if(!($user_type=="0" || $user_type=="1")){
				// Else, are they allowed to see this document?
				$query='SELECT site_id FROM serviceorder WHERE service_id = "'.mysqli_real_escape_string($connect, $service_id).'"';
				$result = mysqli_query ( $connect, $query );
				if ( ! $result )
				{
					echo '{ "message": "Database error", "data": {}}';
					exit();
				}
				if(mysqli_num_rows($result)>0)
				{

					$row2 = mysqli_fetch_assoc($result);

					$query='SELECT site_id FROM siteaccess WHERE user_id="' . mysqli_real_escape_string($connect, $user_id) . '" AND site_id = "'.mysqli_real_escape_string($connect, $row2["site_id"]).'"';
					$result = mysqli_query ( $connect, $query );
					if ( ! $result )
					{
						echo '{ "message": "Database error", "data": {}}';
						exit();
					}
					if(mysqli_num_rows($result)<1)
					{
						echo '{ "message": "You do not have access to this site", "data": {}}';
						exit();
					}
				}else{
					echo '{ "message": "Invalid Site", "data": {}}';
					exit();
				}

			}


			$query='SELECT file_id FROM servicesignatures WHERE service_id="' . mysqli_real_escape_string($connect, $service_id) . '"';
			$result = mysqli_query ( $connect, $query );
			if ( ! $result )
			{
				echo '{ "message": "Database error", "data": {}}';
				exit();
			}
			if(mysqli_num_rows($result)>0)
			{
				$row = mysqli_fetch_assoc($result);
				$file_id = $row["file_id"];

				$file = $path . $file_id;

				echo '{ "message": "", "data": {"img":"data:image/png;base64,'.base64_encode(file_get_contents($file)).'"}}';

			}else{
				echo '{ "message": "", "data": {"img":""}}';
			}
		}else{
			echo '{ "message": "Database error", "data": {}}';
		}
	}else{
		echo '{ "message": "Incorrect API credentials", "data": {}}';
	}
}else{
	echo '{ "message": "Invalid post variables", "data": {}}';
}
?>