$errorRedir = ROOT;
$successRedir = ROOT;
$db = db_connect();
$loggedIn = check_login($db);
if (!$loggedIn) {
$db->close();
header('Location: login.php');
exit;
}
//Authenticated, so now check params
if (!isset($_POST['id']) || !$_POST['id'] || count(trim($_POST['id'])) < 1) {
die_error($errorRedir, 'Missing controller ID.');
}
$id = trim($_POST['id']);
if (!isset($_POST['field']) || !$_POST['field'] || count($_POST['field']) < 1) {
die_error($errorRedir, 'Missing settings field.');
}
$field = trim($_POST['field']);
if (!isset($_POST['value']) || count($_POST['value']) < 1) {
die_error($errorRedir, 'Missing settings value.');
}
$value = trim($_POST['value']);
//Params looks good, so lets attempt the update in one go because f**k it
$update_sql = sprintf("UPDATE `settings` SET `%s` = '%s' WHERE `id` = %d ", $db->real_escape_string($field), $db->real_escape_string($value), $db->real_escape_string($id));
if (!$db->query($update_sql)) {
$error = $db->error;
$db->close();
echo sprintf('Error updating field: %s', $error);
}
die_success($successRedir);
if (!$data) {
die_error('Invalid data parameter.');
}
$db = db_connect();
//First check and make sure this is a valid controller
$dbController = $db->query(sprintf("SELECT * FROM `controllers` WHERE `id`='%s' ", $db->real_escape_string($id)));
if ($dbController->num_rows < 1) {
$dbController->close();
$db->close();
die_error('Invalid controller.');
}
$controllerRow = $dbController->fetch_assoc();
$dbController->close();
//Now see if it's authorized
$dbSalt = $controllerRow['salt'];
$genHash = hash_password($key, $dbSalt);
if ($genHash != $controllerRow['hash']) {
$db->close();
die_error('Unauthorized controller.');
}
//Controller is valid and authorized
//Now do actual update
$update_sql = sprintf("UPDATE `status` SET `last_update` = %d, `last_fan_disable_time` = %d, `last_compressor_enable_time` = %d, `last_compressor_disable_time` = %d, `last_settings_update_time` = %d, `fan` = %d, `cooling` = %d, `heating` = %d WHERE `controller` = '%s' ", time(), $data->lastFanDisableTime, $data->lastCompressorEnableTime, $data->lastCompressorDisableTime, $data->lastSettingsUpdateTime, $data->fan === true ? 1 : 0, $data->cooling === true ? 1 : 0, $data->heating === true ? 1 : 0, $db->real_escape_string($id));
if (!$db->query($update_sql)) {
$error = $db->error;
$db->close();
die_error(sprintf('Error updating status: %s', $error));
}
$db->close();
die_success('Status update successful.');
continue;
}
$temp += floatval($sensor['temperature']);
$count++;
}
$query->close();
if ($count > 0) {
$result['observed_temperature'] = $temp / $count;
} else {
$result['observed_temperature'] = 0;
$invalid = true;
}
} else {
$query = $db->query(sprintf("SELECT * FROM `sensors` WHERE `id`='%s'", $settings['observed_sensor']));
if ($query->num_rows < 1) {
$query->close();
$db->close();
die_error('No sensors found.');
}
$sensor = $query->fetch_assoc();
$query->close();
$result['observed_temperature'] = floatval($sensor['temperature']);
$lastUpdate = $sensor['last_update'];
if ($lastUpdate + IN_THE_BLIND_TIME < time()) {
$invalid = true;
}
}
$result['valid'] = !$invalid;
$db->close();
die_success('Success', $result);
if ($data) {
$r['data'] = $data;
}
die(json_encode($r));
}
function die_error($error)
{
header("HTTP/1.1 400 Bad Request");
die(json_encode(array('success' => false, 'message' => $error)));
}
header('Content-type: application/json');
//Validation
if (!is_https()) {
die_error('Requests must be made through SSL (https).');
}
if (!isset($_REQUEST['id']) || trim($_REQUEST['id']) == '') {
die_error('Missing controller ID parameter (id).');
}
$id = trim($_REQUEST['id']);
$db = db_connect();
$query = $db->query(sprintf("SELECT * FROM `status` WHERE `id`=%d LIMIT 1", $db->real_escape_string($id)));
if ($query->num_rows < 1) {
$query->close();
$db->close();
die_error('No status found.');
}
$status = $query->fetch_assoc();
$query->close();
$db->close();
die_success('Success', $status);
}
$temperature = floatval($temperature);
$time = NULL;
if (!get_param('time', $time)) {
die_error('Missing time parameter.');
}
if (!intval($time) || intval($time) <= 0) {
die_error('Invalid time parameter.');
}
$time = intval($time);
//Checking ID and key
$db = db_connect();
$query = $db->query(sprintf("SELECT * FROM `sensors` WHERE `id`='%s' LIMIT 1", $db->real_escape_string($id)));
if ($query->num_rows < 1) {
$query->close();
$db->close();
die_error('Invalid sensor ID.');
}
$sensor = $query->fetch_assoc();
$query->close();
$db_hash = $sensor['hash'];
$db_salt = $sensor['salt'];
if (!check_password($key, $db_salt, $db_hash)) {
$db->close();
die_error('Invalid sensor key.');
}
//Authenticated
$db->query(sprintf("UPDATE `sensors` SET \n\t\t`last_update`=%d, \n\t\t`temperature`=%01.3f\n\t\tWHERE `id`='%s' ", $time, $temperature, $db->real_escape_string($id)));
$db->close();
die_success('Sensor values updated successfully.');
