}
}
break;
case "deleteMulti":
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$userid = $um->getUserIdFromCredentials();
$deleted = array();
if ($userid <= 0) {
header("HTTP/1.1 401 Unauthorized");
} elseif (isset($cpost["ids"])) {
$user = new User($userid, $conn);
$ids = json_decode($cpost["ids"]);
foreach ($ids as $id) {
if (ctype_digit($id)) {
$wr = new Walkroute($conn, $id);
if ($userid > 0 && ($wr->getUserId() == $userid || $user->isAdmin())) {
$wr->delete();
$deleted[] = $id;
}
}
}
header("Content-type: application/json");
echo json_encode($deleted);
} else {
header("HTTP/1.1 400 Bad Request");
}
}
break;
case "moveWaypoint":
if ($_SERVER['REQUEST_METHOD'] == 'POST' && ctype_digit($cpost["id"]) && preg_match("/^-?[\\d\\.]+\$/", $cpost["lon"]) && preg_match("/^-?[\\d\\.]+\$/", $cpost["lat"])) {
$userid = $um->getUserIdFromCredentials();
