0) { // Update last active $query='UPDATE devices SET last_active = "'.date('Y-m-d').'" WHERE api_key="' . mysqli_real_escape_string($connect, $apiKey) . '"'; $result2 = mysqli_query ( $connect, $query ); $row = mysqli_fetch_assoc($result); $user_id = $row["user_id"]; // Is this a Matrix employee? $query='SELECT user_type FROM users WHERE user_id="' . mysqli_real_escape_string($connect, $user_id) . '"'; $result = mysqli_query ( $connect, $query ); if ( ! $result ) { echo '{ "message": "Database error", "data": {}}'; exit(); } if(mysqli_num_rows($result)>0) { $row = mysqli_fetch_assoc($result); $user_type = $row["user_type"]; if(!($user_type=="0" || $user_type=="1")){ // Else, are they allowed to see this document? $query='SELECT site_id FROM serviceorder WHERE service_id = "'.mysqli_real_escape_string($connect, $service_id).'"'; $result = mysqli_query ( $connect, $query ); if ( ! $result ) { echo '{ "message": "Database error", "data": {}}'; exit(); } if(mysqli_num_rows($result)>0) { $row2 = mysqli_fetch_assoc($result); $query='SELECT site_id FROM siteaccess WHERE user_id="' . mysqli_real_escape_string($connect, $user_id) . '" AND site_id = "'.mysqli_real_escape_string($connect, $row2["site_id"]).'"'; $result = mysqli_query ( $connect, $query ); if ( ! $result ) { echo '{ "message": "Database error", "data": {}}'; exit(); } if(mysqli_num_rows($result)<1) { echo '{ "message": "You do not have access to this site", "data": {}}'; exit(); } }else{ echo '{ "message": "Invalid Site", "data": {}}'; exit(); } } $query='SELECT file_id FROM servicesignatures WHERE service_id="' . mysqli_real_escape_string($connect, $service_id) . '"'; $result = mysqli_query ( $connect, $query ); if ( ! $result ) { echo '{ "message": "Database error", "data": {}}'; exit(); } if(mysqli_num_rows($result)>0) { $row = mysqli_fetch_assoc($result); $file_id = $row["file_id"]; $file = $path . $file_id; echo '{ "message": "", "data": {"img":"data:image/png;base64,'.base64_encode(file_get_contents($file)).'"}}'; }else{ echo '{ "message": "", "data": {"img":""}}'; } }else{ echo '{ "message": "Database error", "data": {}}'; } }else{ echo '{ "message": "Incorrect API credentials", "data": {}}'; } }else{ echo '{ "message": "Invalid post variables", "data": {}}'; } ?>