$errorRedir = ROOT; $successRedir = ROOT; $db = db_connect(); $loggedIn = check_login($db); if (!$loggedIn) { $db->close(); header('Location: login.php'); exit; } //Authenticated, so now check params if (!isset($_POST['id']) || !$_POST['id'] || count(trim($_POST['id'])) < 1) { die_error($errorRedir, 'Missing controller ID.'); } $id = trim($_POST['id']); if (!isset($_POST['field']) || !$_POST['field'] || count($_POST['field']) < 1) { die_error($errorRedir, 'Missing settings field.'); } $field = trim($_POST['field']); if (!isset($_POST['value']) || count($_POST['value']) < 1) { die_error($errorRedir, 'Missing settings value.'); } $value = trim($_POST['value']); //Params looks good, so lets attempt the update in one go because f**k it $update_sql = sprintf("UPDATE `settings` SET `%s` = '%s' WHERE `id` = %d ", $db->real_escape_string($field), $db->real_escape_string($value), $db->real_escape_string($id)); if (!$db->query($update_sql)) { $error = $db->error; $db->close(); echo sprintf('Error updating field: %s', $error); } die_success($successRedir);
if (!$data) { die_error('Invalid data parameter.'); } $db = db_connect(); //First check and make sure this is a valid controller $dbController = $db->query(sprintf("SELECT * FROM `controllers` WHERE `id`='%s' ", $db->real_escape_string($id))); if ($dbController->num_rows < 1) { $dbController->close(); $db->close(); die_error('Invalid controller.'); } $controllerRow = $dbController->fetch_assoc(); $dbController->close(); //Now see if it's authorized $dbSalt = $controllerRow['salt']; $genHash = hash_password($key, $dbSalt); if ($genHash != $controllerRow['hash']) { $db->close(); die_error('Unauthorized controller.'); } //Controller is valid and authorized //Now do actual update $update_sql = sprintf("UPDATE `status` SET `last_update` = %d, `last_fan_disable_time` = %d, `last_compressor_enable_time` = %d, `last_compressor_disable_time` = %d, `last_settings_update_time` = %d, `fan` = %d, `cooling` = %d, `heating` = %d WHERE `controller` = '%s' ", time(), $data->lastFanDisableTime, $data->lastCompressorEnableTime, $data->lastCompressorDisableTime, $data->lastSettingsUpdateTime, $data->fan === true ? 1 : 0, $data->cooling === true ? 1 : 0, $data->heating === true ? 1 : 0, $db->real_escape_string($id)); if (!$db->query($update_sql)) { $error = $db->error; $db->close(); die_error(sprintf('Error updating status: %s', $error)); } $db->close(); die_success('Status update successful.');
continue; } $temp += floatval($sensor['temperature']); $count++; } $query->close(); if ($count > 0) { $result['observed_temperature'] = $temp / $count; } else { $result['observed_temperature'] = 0; $invalid = true; } } else { $query = $db->query(sprintf("SELECT * FROM `sensors` WHERE `id`='%s'", $settings['observed_sensor'])); if ($query->num_rows < 1) { $query->close(); $db->close(); die_error('No sensors found.'); } $sensor = $query->fetch_assoc(); $query->close(); $result['observed_temperature'] = floatval($sensor['temperature']); $lastUpdate = $sensor['last_update']; if ($lastUpdate + IN_THE_BLIND_TIME < time()) { $invalid = true; } } $result['valid'] = !$invalid; $db->close(); die_success('Success', $result);
if ($data) { $r['data'] = $data; } die(json_encode($r)); } function die_error($error) { header("HTTP/1.1 400 Bad Request"); die(json_encode(array('success' => false, 'message' => $error))); } header('Content-type: application/json'); //Validation if (!is_https()) { die_error('Requests must be made through SSL (https).'); } if (!isset($_REQUEST['id']) || trim($_REQUEST['id']) == '') { die_error('Missing controller ID parameter (id).'); } $id = trim($_REQUEST['id']); $db = db_connect(); $query = $db->query(sprintf("SELECT * FROM `status` WHERE `id`=%d LIMIT 1", $db->real_escape_string($id))); if ($query->num_rows < 1) { $query->close(); $db->close(); die_error('No status found.'); } $status = $query->fetch_assoc(); $query->close(); $db->close(); die_success('Success', $status);
} $temperature = floatval($temperature); $time = NULL; if (!get_param('time', $time)) { die_error('Missing time parameter.'); } if (!intval($time) || intval($time) <= 0) { die_error('Invalid time parameter.'); } $time = intval($time); //Checking ID and key $db = db_connect(); $query = $db->query(sprintf("SELECT * FROM `sensors` WHERE `id`='%s' LIMIT 1", $db->real_escape_string($id))); if ($query->num_rows < 1) { $query->close(); $db->close(); die_error('Invalid sensor ID.'); } $sensor = $query->fetch_assoc(); $query->close(); $db_hash = $sensor['hash']; $db_salt = $sensor['salt']; if (!check_password($key, $db_salt, $db_hash)) { $db->close(); die_error('Invalid sensor key.'); } //Authenticated $db->query(sprintf("UPDATE `sensors` SET \n\t\t`last_update`=%d, \n\t\t`temperature`=%01.3f\n\t\tWHERE `id`='%s' ", $time, $temperature, $db->real_escape_string($id))); $db->close(); die_success('Sensor values updated successfully.');