header("HTTP/1.1 400 Bad Request"); } } break; case "moveWaypoint": if ($_SERVER['REQUEST_METHOD'] == 'POST' && ctype_digit($cpost["id"]) && preg_match("/^-?[\\d\\.]+\$/", $cpost["lon"]) && preg_match("/^-?[\\d\\.]+\$/", $cpost["lat"])) { $userid = $um->getUserIdFromCredentials(); echo "userid {$userid}"; if ($userid > 0) { $user = new User($userid, $conn); $wr = Walkroute::getWalkrouteFromWaypoint($conn, $cpost["id"]); echo "walkroute user id " . $wr->getUserId(); if ($wr === null) { header("HTTP/1.1 404 Not Found"); } elseif ($wr->getUserId() == $userid || $user->isAdmin()) { Walkroute::moveWaypoint($conn, $cpost["id"], $cpost["lon"], $cpost["lat"]); } else { header("HTTP/1.1 401 Unauthorized"); } } else { header("HTTP/1.1 401 Unauthorized"); } } else { header("HTTP/1.1 400 Bad Request"); } break; case "deleteMultiWaypoints": if ($_SERVER['REQUEST_METHOD'] == 'POST') { $userid = $um->getUserIdFromCredentials(); $deleted = array(); if ($userid <= 0) {