Browse Source

status create

master
Robin Thoni 10 years ago
parent
commit
e64f729bac
3 changed files with 31 additions and 6 deletions
  1. 1
    1
      index.php
  2. 25
    2
      status.php
  3. 5
    3
      utils.php

+ 1
- 1
index.php View File

6
 
6
 
7
 function check_api_key()
7
 function check_api_key()
8
 {
8
 {
9
-  if (!check_table_field("Api-Key", "api_keys", "key"))
9
+  if (check_table_field("Api-Key", "api_keys", "key") === false)
10
     error(401, "Bad API key");
10
     error(401, "Bad API key");
11
 }
11
 }
12
 
12
 

+ 25
- 2
status.php View File

3
 
3
 
4
 function check_token()
4
 function check_token()
5
 {
5
 {
6
-  if (!check_table_field("Authorization", "tokens", "token"))
6
+  $token = check_table_field("Authorization", "tokens", "token");
7
+  if ($token === false)
7
     error(401, "Invalid token");
8
     error(401, "Invalid token");
9
+  return $token;
8
 }
10
 }
9
 
11
 
10
 function status_confirm($id)
12
 function status_confirm($id)
14
 
16
 
15
 function status_create()
17
 function status_create()
16
 {
18
 {
17
-  check_token();
19
+  $token = check_token();
18
   $status = get_post("status");
20
   $status = get_post("status");
21
+  if (strlen($status) < 10)
22
+    error(422, "Status too short");
23
+  $latitude = get_post("latitude", false);
24
+  $longitude = get_post("longitude", false);
25
+  $u = database_exec("SELECT `id`, `username` FROM users WHERE `id` = ".
26
+    "(SELECT `user` FROM tokens WHERE `token` = :token)",
27
+    array(":token" => $token))->fetch();
28
+  database_exec("INSERT INTO status (`status`, `user`) VALUES(:status, :user)",
29
+    array(":status" => $status, ":user" => $u["id"]));
30
+  $s = database_exec("SELECT * FROM status WHERE id = :id",
31
+    array(":id" => database_get()->lastInsertId()))->fetch();
32
+  echo json_encode(array("status" => $s["status"],
33
+    "creation_date" => $s['date'],
34
+    /*"nb_confirm_up" => intval($s["up"]),
35
+    "nb_confirm_down" => intval($s["down"]),*/
36
+    "latitude" => $s["latitude"] === null ? null : floatval($s["latitude"]),
37
+    "longitude" => $s["longitude"] === null ? null : floatval($s["longitude"]),
38
+    "media_url" => $s["media"],
39
+    "id" => $s["id"],
40
+    "user_id" => $u["id"]
41
+  ));
19
 }
42
 }
20
 
43
 
21
 function status_feed()
44
 function status_feed()

+ 5
- 3
utils.php View File

33
   $headers = apache_request_headers();
33
   $headers = apache_request_headers();
34
   if (!isset($headers[$header]))
34
   if (!isset($headers[$header]))
35
     return false;
35
     return false;
36
-  return database_exec("SELECT id FROM $table WHERE `$field` = :data",
37
-    array(":data" => $headers[$header]))-> fetch()
38
-    !== false;
36
+  $u = database_exec("SELECT id FROM $table WHERE `$field` = :data",
37
+    array(":data" => $headers[$header]))->fetch();
38
+  if (!$u)
39
+    return false;
40
+  return $headers[$header];
39
 }
41
 }
40
 
42
 
41
 ?>
43
 ?>

Loading…
Cancel
Save