gists/save_sign.php
2021-03-22 07:53:02 -06:00

155 lines
4.5 KiB
PHP

<?php
ini_set("log_errors", 1);
ini_set("error_log", "/tmp/php-error.log");
header('Access-Control-Allow-Origin: *');
$path = '/var/www/uploads/servicesignatures/';
if( isset($_REQUEST['apiKey']) && isset($_REQUEST['service_id']) && isset($_REQUEST['img_data']) ){
$apiKey = urldecode($_REQUEST['apiKey']);
$service_id = urldecode($_REQUEST['service_id']);
$imagedata = base64_decode($_REQUEST['img_data']);
$host = '127.0.0.1';
$user = '';
$pass = '';
$database = '';
// connect to the mysql database server.
$connect = mysqli_connect ( $host, $user, $pass ) ;
if ( ! $connect )
{
trigger_error ( mysqli_error(), E_USER_ERROR );
}
mysqli_select_db ( $connect,$database);
// Is there a record that matches this api_key?
$query='SELECT user_id FROM devices WHERE api_key="' . mysqli_real_escape_string($connect, $apiKey) . '"';
$result = mysqli_query ( $connect, $query );
if ( ! $result )
{
echo '{ "message": "Database error", "data": {}}';
exit();
}
if(mysqli_num_rows($result)>0)
{
// Update last active
$query='UPDATE devices SET last_active = "'.date('Y-m-d').'" WHERE api_key="' . mysqli_real_escape_string($connect, $apiKey) . '"';
$result2 = mysqli_query ( $connect, $query );
$row = mysqli_fetch_assoc($result);
$user_id = $row["user_id"];
// Is this a Matrix employee?
$query='SELECT user_type FROM users WHERE user_id="' . mysqli_real_escape_string($connect, $user_id) . '"';
$result = mysqli_query ( $connect, $query );
if ( ! $result )
{
echo '{ "message": "Database error", "data": {}}';
exit();
}
if(mysqli_num_rows($result)>0)
{
$row = mysqli_fetch_assoc($result);
$user_type = $row["user_type"];
// Is this a valid Service ID
$query='SELECT service_id FROM serviceorder WHERE service_id="' . mysqli_real_escape_string($connect, $service_id) . '"';
$result = mysqli_query ( $connect, $query );
if ( ! $result )
{
echo '{ "message": "Database error", "data": {}}';
exit();
}
if(mysqli_num_rows($result)>0)
{
if(!($user_type=="0" || $user_type=="1")){
// Else, are they allowed to save this signature?
$query='SELECT site_id FROM serviceorder WHERE service_id = "'.mysqli_real_escape_string($connect, $service_id).'"';
$result = mysqli_query ( $connect, $query );
if ( ! $result )
{
echo '{ "message": "Database error", "data": {}}';
exit();
}
if(mysqli_num_rows($result)>0)
{
$row2 = mysqli_fetch_assoc($result);
$query='SELECT site_id FROM siteaccess WHERE user_id="' . mysqli_real_escape_string($connect, $user_id) . '" AND site_id = "'.mysqli_real_escape_string($connect, $row2["site_id"]).'"';
$result = mysqli_query ( $connect, $query );
if ( ! $result )
{
echo '{ "message": "Database error", "data": {}}';
exit();
}
if(mysqli_num_rows($result)<1)
{
echo '{ "message": "You do not have access to this site", "data": {}}';
exit();
}
}else{
echo '{ "message": "Invalid Site", "data": {}}';
exit();
}
}
// Update or insert?
$query='SELECT file_id FROM servicesignatures WHERE service_id="' . mysqli_real_escape_string($connect, $service_id) . '"';
$result = mysqli_query ( $connect, $query );
if ( ! $result )
{
echo '{ "message": "Database error", "data": {}}';
exit();
}
if(mysqli_num_rows($result)>0)
{
$row = mysqli_fetch_assoc($result);
$file_id = $row["file_id"];
$query='UPDATE servicesignatures SET date = "'.date('Y-m-d').'" WHERE service_id = "'.mysqli_real_escape_string($connect, $service_id).'"';
$result = mysqli_query ( $connect, $query );
if ( ! $result )
{
echo '{ "message": "Database error", "data": {}}';
exit();
}
}else{
// Insert into the table
$query='INSERT INTO servicesignatures(service_id,date) VALUES("'.mysqli_real_escape_string($connect, $service_id).'","'.date('Y-m-d').'")';
$result = mysqli_query ( $connect, $query );
if ( ! $result )
{
echo '{ "message": "Database error", "data": {}}';
exit();
}
$file_id = mysqli_insert_id($connect);
}
$file = $path . $file_id;
file_put_contents($file, $imagedata);
echo '{ "message": "'.$error.'", "data": {}}';
}else{
echo '{ "message": "Invalid Service ID", "data": {}}';
}
}else{
echo '{ "message": "Database error", "data": {}}';
}
}else{
echo '{ "message": "Incorrect API credentials", "data": {}}';
}
}else{
echo '{ "message": "Invalid post variables", "data": {}}';
}
?>