function handleMessage($msg) { if (!$msg) { return; } $Opt = $msg['operation']; $data = $msg; $Response = array(); switch ($Opt) { case 'count': $Response = handleCount($data); break; case 'regist': $Response = handleRegist($data); break; case 'login': $Response = handleLogin($data); break; case 'updatePW': $Response = handleUpdatePW($data); break; case 'userdata': $Response = handleUserData($data); break; case 'updateUserData': $Response = handleUpdateUserData($data); break; case 'logout': $Response = handleLogout($data); break; case 'search': $Response = handleSearch($data, false); break; case 'searchAll': $Response = handleSearch($data, true); break; case 'uploadHeadImage': $Response = handleUploadHeadImage($data); default: break; } echo json_encode($Response); }
{ $did = $_POST["did"]; $ret = array("max_id" => 0); $result = mysql_query("SELECT MAX(lid) FROM driver_location where did={$did}"); $row = mysql_fetch_row($result); $ret["max_id"] = $row[0]; echo json_encode($ret); } ////////////////////////// MAIN /////////////////////////////////////// if (!isset($_POST["op"])) { die("operation not specified"); } $op = $_POST["op"]; // API handlers........................................................ if ($op == "login") { handleLogin(); } if ($op == "register") { handleRegister(); } if ($op == "addcompany") { addCompany(); } // driver apis if ($op == "get_drivers") { handleGetDrivers(); } if ($op == "driver_login") { handleDriverLogin(); } if ($op == "add_driver_location") {
$result['reason'] = "Invalid username"; return $result; } if (!($password && is_string($password) && strlen($password) > 0)) { http_response_code(400); $result['reason'] = "invalid password"; return $result; } //SCOTT is this just another way of writting mysqli_real_escape_string???? //no, the user could still do something like -- to comment out the semicolon. $vals = mysqli_query($dbcon, "select * from users where user = '******';"); if (mysqli_num_rows($vals) != 1) { http_response_code(401); $result['reason'] = "The credentials do not match"; return $result; } if (mysqli_num_rows($vals) == 1) { $row = mysqli_fetch_array($vals); $pass = $row['pass']; $user = $row['user']; $id = $row['user_id']; } $_jwt_data = array('ID' => $id, 'username' => $user, 'iat' => time()); $jwt = JWT::encode($_jwt_data, $private_key); $result['token'] = $jwt; $result['username'] = $user; return $result; } $result = handleLogin(); header('Content-type:application/json;charset=utf-8'); echo json_encode($result);