if ($userid > 0) {
$routes = Walkroute::getRoutesByUser($conn, $userid);
Walkroute::outputRoutes($routes, $format);
} else {
header("HTTP/1.1 400 Bad Request");
}
}
break;
case "edit":
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$userid = $um->getUserIdFromCredentials();
if ($userid <= 0) {
header("HTTP/1.1 401 Unauthorized");
} else {
$wr = new Walkroute($conn, $cpost["id"]);
$wr->updateRoute($cpost["route"], $format);
}
}
break;
case "delete":
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (ctype_digit($cpost["id"])) {
$wr = new Walkroute($conn, $cpost["id"]);
$userid = $um->getUserIdFromCredentials();
$user = new User($userid, $conn);
if ($userid <= 0 || $wr->getUserId() != $userid && !$user->isAdmin()) {
header("HTTP/1.1 401 Unauthorized");
} else {
$wr->delete();
}
} else {
