} break; case "deleteMulti": if ($_SERVER['REQUEST_METHOD'] == 'POST') { $userid = $um->getUserIdFromCredentials(); $deleted = array(); if ($userid <= 0) { header("HTTP/1.1 401 Unauthorized"); } elseif (isset($cpost["ids"])) { $user = new User($userid, $conn); $ids = json_decode($cpost["ids"]); foreach ($ids as $id) { if (ctype_digit($id)) { $wr = new Walkroute($conn, $id); if ($userid > 0 && ($wr->getUserId() == $userid || $user->isAdmin())) { $wr->delete(); $deleted[] = $id; } } } header("Content-type: application/json"); echo json_encode($deleted); } else { header("HTTP/1.1 400 Bad Request"); } } break; case "moveWaypoint": if ($_SERVER['REQUEST_METHOD'] == 'POST' && ctype_digit($cpost["id"]) && preg_match("/^-?[\\d\\.]+\$/", $cpost["lon"]) && preg_match("/^-?[\\d\\.]+\$/", $cpost["lat"])) { $userid = $um->getUserIdFromCredentials(); echo "userid {$userid}";