} } else { header("HTTP/1.1 400 Bad Request"); } break; case "deleteMultiWaypoints": if ($_SERVER['REQUEST_METHOD'] == 'POST') { $userid = $um->getUserIdFromCredentials(); $deleted = array(); if ($userid <= 0) { header("HTTP/1.1 401 Unauthorized"); } elseif (isset($cpost["ids"])) { $user = new User($userid, $conn); $ids = json_decode($cpost["ids"]); foreach ($ids as $id) { if (ctype_digit("{$id}")) { $wr = Walkroute::getWalkrouteFromWaypoint($conn, $id); if ($userid > 0 && ($wr->getUserId() == $userid || $user->isAdmin())) { Walkroute::deleteWaypoint($conn, $id); $deleted[] = $id; } } } header("Content-type: application/json"); echo json_encode($deleted); } else { header("HTTP/1.1 400 Bad Request"); } } break; }