<?php
require_once '../lib/lib.everything.php';
enforce_master_on_off_switch($_SERVER['HTTP_ACCEPT_LANGUAGE']);
enforce_api_password($_POST['password']);
$context = default_context(False);
/**** ... ****/
$print_id = $_GET['id'] ? $_GET['id'] : null;
$print = get_print($context->db, $print_id);
if (!$print) {
die_with_code(400, "I don't know that print");
}
if ($progress = $_POST['progress']) {
$context->db->query('START TRANSACTION');
$print['progress'] = $progress;
set_print($context->db, $print);
$context->db->query('COMMIT');
}
header('HTTP/1.1 200');
echo "OK\n";
function fail_form(&$dbh, $form_id, $failure = 1)
{
$q = sprintf('UPDATE forms SET failed = %s WHERE id = %s', $dbh->quoteSmart($failure), $dbh->quoteSmart($form_id));
error_log(preg_replace('/\\s+/', ' ', $q));
$res = $dbh->query($q);
if (PEAR::isError($res)) {
die_with_code(500, "{$res->message}\n{$q}\n");
}
}
function verify_s3_etag($object_id, $expected_etag)
{
$url = s3_signed_object_url($object_id, time() + 300, 'HEAD');
$req = new HTTP_Request($url);
$req->setMethod('HEAD');
$res = $req->sendRequest();
if (PEAR::isError($res)) {
die_with_code(500, "{$res->message}\n{$q}\n");
}
if ($req->getResponseCode() == 200) {
return $req->getResponseHeader('etag') == $expected_etag;
}
return false;
}
function get_mbtiles_by_user_id(&$dbh, $user_id)
{
$q = sprintf("SELECT id, user_id, created,\n is_private, url, uploaded_file,\n min_zoom, max_zoom, center_zoom,\n center_x_coord, center_y_coord\n FROM mbtiles\n WHERE user_id=%s\n ORDER BY uploaded_file ASC", $dbh->quoteSmart($user_id));
error_log(preg_replace('/\\s+/', ' ', $q));
$res = $dbh->query($q);
if (PEAR::isError($res)) {
if ($res->getCode() == DB_ERROR_ALREADY_EXISTS) {
continue;
}
die_with_code(500, "{$res->message}\n{$q}\n");
}
$rows = array();
while ($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) {
$rows[] = $row;
}
return $rows;
}
$expected_etag = $_GET['etag'] ? $_GET['etag'] : null;
if ($scan_id) {
$scan = get_scan($context->db, $scan_id);
}
if ($scan && $object_id && $expected_etag) {
$url = s3_unsigned_object_url($object_id, time() + 300, 'HEAD');
$etag_match = verify_s3_etag($object_id, $expected_etag);
$attempted_upload = true;
$acceptable_upload = $etag_match;
} elseif ($scan && $url) {
// it's probably fine if a whole URL is being sent over
$attempted_upload = true;
$acceptable_upload = preg_match('#^http://#', $url);
}
if ($attempted_upload && !$acceptable_upload) {
die_with_code(400, 'Sorry, something about your file was bad');
}
if ($acceptable_upload && $scan && !$scan['decoded']) {
queue_task("tasks.decodeScan", array("http://" . SERVER_NAME, API_PASSWORD), array("action" => "decode", "scan_id" => $scan["id"], "url" => $url));
$context->db->query('START TRANSACTION');
$scan = get_scan($context->db, $scan['id']);
$parsed_url = parse_url($url);
$scan['base_url'] = "http://{$parsed_url['host']}" . dirname($parsed_url['path']);
$scan['progress'] = 0.1;
// the first 10% is just getting the thing uploaded
set_scan($context->db, $scan);
$context->db->query('COMMIT');
}
if ($attempted_upload) {
header('Location: http://' . get_domain_name() . get_base_dir() . '/snapshot.php?id=' . urlencode($scan['id']));
}
header('Content-Type: text/plain');
die_with_code(400, "It's not possible to specify both singular and plural article/WOE ID's.\n");
} else {
$points = get_points($C, compact('article_id', 'woe_id', 'article_ids', 'woe_ids', 'count', 'offset'));
$total = get_points_total($C, compact('article_id', 'woe_id', 'article_ids', 'woe_ids'));
$count = count($points);
}
$C->close();
header("Content-Type: {$response_mime_type}; charset=UTF-8");
switch ($response_format) {
case 'php':
print serialize(compact('count', 'offset', 'total', 'points'));
break;
case 'json':
echo json_encode(compact('count', 'offset', 'total', 'points'));
break;
case 'js':
if (is_null($js_callback)) {
die_with_code(400, "You must provide a javascript callback for format=js.");
}
printf("%s(%s)\n", $js_callback, json_encode(compact('count', 'offset', 'total', 'points')));
break;
default:
$sm =& get_smarty_instance();
$sm->assign('total', $total);
$sm->assign('count', $count);
$sm->assign('offset', $offset);
$sm->assign('points', $points);
echo $sm->fetch("points.{$response_format}.tpl");
break;
}
/**
* Convert a string of GeoJSON data to an atlas composition and queue it up.
*/
function compose_from_geojson(&$dbh, $data)
{
$json = json_decode($data, true);
if (!is_geojson($json)) {
return null;
}
//
// Move on to the actual business of converting GeoJSON to an atlas.
// Start with a global paper size and orientation for the full document.
//
$p = $json['properties'];
$paper_size = is_array($p) && isset($p['paper_size']) ? $p['paper_size'] : 'letter';
$orientation = is_array($p) && isset($p['orientation']) ? $p['orientation'] : 'portrait';
$layout = is_array($p) && isset($p['layout']) ? $p['layout'] : 'full-page';
//
// "orientation" above refers to the *map*, so if we want half-size
// we'll need to flip the orientation of the overall printed sheet
// to accommodate it.
//
if ($orientation == 'landscape' && $layout == 'half-page') {
$orientation = 'portrait';
} elseif ($orientation == 'portrait' && $layout == 'half-page') {
$orientation = 'landscape';
}
list($printed_width, $printed_height) = get_printed_dimensions($paper_size, $orientation, $layout);
$printed_aspect = $printed_width / $printed_height;
$paper_type = "{$orientation}, {$paper_size}";
$message = array('action' => 'compose', 'paper_size' => $paper_size, 'orientation' => $orientation, 'layout' => $layout, 'pages' => array());
//
// Iterate over each feature and determine an appropriate extent and zoom.
// Each feature in the GeoJSON becomes a single page in the atlas.
//
foreach ($json['features'] as $f => $feature) {
$number = $f + 1;
//
// Check the properties for a provider and explicit zoom.
//
$p = $feature['properties'];
$provider = is_array($p) && isset($p['provider']) ? new MMaps_Templated_Spherical_Mercator_Provider($p['provider']) : new MMaps_OpenStreetMap_Provider();
$explicit_zoom = is_array($p) && is_numeric($p['zoom']);
$zoom = $explicit_zoom ? intval($p['zoom']) : 16;
$mark = is_array($p['mark']) ? $p['mark'] : null;
$fuzzy = is_array($p['fuzzy']) ? $p['fuzzy'] : null;
$text = isset($p['text']) ? $p['text'] : null;
//
// Determine extent based on geometry type and zoom level.
//
$extent = null;
if ($feature['geometry']['type'] == 'Point') {
$extent = geojson_point_extent($feature['geometry'], $zoom);
} elseif ($feature['geometry']['type'] == 'Polygon') {
$extent = geojson_polygon_extent($feature['geometry']);
} else {
die_with_code(500, "I don't know how to do this yet, sorry.");
}
//
// If we got this far, we know we have a meaningful zoom and extent
// for this page, now adjust it to the known aspect ratio of the page.
//
$_mmap = MMaps_mapByExtentZoom($provider, $extent[0], $extent[1], $zoom);
$dim = $_mmap->dimensions;
$_mmap_center = $_mmap->pointLocation(new MMaps_Point($dim->x / 2, $dim->y / 2));
$_mmap_aspect = $dim->x / $dim->y;
if ($printed_aspect > $_mmap_aspect) {
// paper is wider than the map
$dim->x *= $printed_aspect / $_mmap_aspect;
} else {
// paper is taller than the map
$dim->y *= $_mmap_aspect / $printed_aspect;
}
$mmap = MMaps_mapByCenterZoom($provider, $_mmap_center, $zoom, $dim);
$provider = join(',', $mmap->provider->templates);
$northwest = $mmap->pointLocation(new MMaps_Point(0, 0));
$southeast = $mmap->pointLocation($mmap->dimensions);
$bounds = array($northwest->lat, $northwest->lon, $southeast->lat, $southeast->lon);
$message['pages'][] = compact('number', 'provider', 'bounds', 'zoom', 'text', 'mark', 'fuzzy');
}
//
// Make room in the database for the new print and all its pages.
//
$print = add_print($dbh, 'nobody');
$print['paper_size'] = $message['paper_size'];
$print['orientation'] = $message['orientation'];
$print['layout'] = $message['layout'];
$print['north'] = $message['pages'][0]['bounds'][0];
$print['south'] = $message['pages'][0]['bounds'][2];
$print['west'] = $message['pages'][0]['bounds'][1];
$print['east'] = $message['pages'][0]['bounds'][3];
foreach ($message['pages'] as $_page) {
$page = add_print_page($dbh, $print['id'], $_page['number']);
$page['text'] = $_page['text'];
$page['provider'] = $_page['provider'];
$page['zoom'] = $_page['zoom'];
$page['north'] = $_page['bounds'][0];
$page['south'] = $_page['bounds'][2];
$page['west'] = $_page['bounds'][1];
$page['east'] = $_page['bounds'][3];
set_print_page($dbh, $page);
$print['north'] = max($print['north'], $page['north']);
$print['south'] = min($print['south'], $page['south']);
$print['west'] = min($print['west'], $page['west']);
$print['east'] = max($print['east'], $page['east']);
}
$print['progress'] = 0.1;
// the first 10% is getting it queued
set_print($dbh, $print);
$message['print_id'] = $print['id'];
// queue the task
queue_task("tasks.composePrint", array("http://" . SERVER_NAME, API_PASSWORD), $message);
return $print;
}
function enforce_api_password($password)
{
if ($password != API_PASSWORD) {
die_with_code(401, 'Sorry, bad password');
}
}
<?php
require_once '../lib/lib.everything.php';
enforce_master_on_off_switch($_SERVER['HTTP_ACCEPT_LANGUAGE']);
enforce_api_password($_POST['password']);
$context = default_context(False);
/**** ... ****/
$form_id = $_GET['id'] ? $_GET['id'] : null;
$form = get_form($context->db, $form_id);
if (!$form) {
die_with_code(400, "I don't know that form");
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if ($_POST['password'] != API_PASSWORD) {
die_with_code(401, 'Sorry, bad password');
}
$context->db->query('START TRANSACTION');
add_log($context->db, "Failing form {$form['id']}");
fail_form($context->db, $form['id'], 1);
$context->db->query('COMMIT');
}
header('HTTP/1.1 200');
echo "OK\n";
/**
* Return count for prints
*/
function get_prints_count(&$dbh, $where_clauses = array())
{
$q = sprintf("SELECT count(*) as count from prints WHERE %s", join(' AND ', $where_clauses));
$res = $dbh->query($q);
if (PEAR::isError($res)) {
die_with_code(500, "{$res->message}\n{$q}\n");
}
$row = $res->fetchRow(DB_FETCHMODE_ASSOC);
return $row;
}
function flickr_place_info(&$C, $woe_id)
{
$req = new HTTP_Request('http://api.flickr.com/services/rest/?format=json&nojsoncallback=1&method=flickr.places.getInfo');
$req->addQueryString('api_key', $C->flickr_key);
$req->addQueryString('woe_id', $woe_id);
$res = $req->sendRequest();
if (PEAR::isError($res)) {
die_with_code(500, "{$res->message}\n");
}
if ($req->getResponseCode() == 200) {
if ($response = json_decode($req->getResponseBody())) {
if ($response->stat == 'ok') {
return $response->place;
}
}
}
// one place
return false;
}
enforce_master_on_off_switch();
/*** ... ***/
$dirname = $_POST['dirname'] ? $_POST['dirname'] : null;
$redirect = preg_match('#^http://#', $_POST['redirect']) ? $_POST['redirect'] : null;
$expiration = $_POST['expiration'] ? $_POST['expiration'] : null;
$file = is_array($_FILES['file']) ? $_FILES['file'] : null;
if (strtotime($expiration) < time()) {
die_with_code(401, "Sorry, expiration date {$expiration} has come and gone - " . date('r', strtotime($expiration)));
}
if ($file['error'] > 0) {
die_with_code(400, "Sorry, encountered error #{$file['error']} (see http://us.php.net/manual/en/features.file-upload.errors.php)");
}
$posted_signature = $_POST['signature'] ? $_POST['signature'] : null;
$expected_signature = sign_post_details($dirname, $expiration, API_PASSWORD);
if ($posted_signature != $expected_signature) {
die_with_code(401, 'Sorry, bad signature');
}
if (is_array($file) && is_uploaded_file($file['tmp_name'])) {
$object_id = rtrim($dirname, '/') . '/' . ltrim($file['name'], '/');
$content_bytes = file_get_contents($file['tmp_name']);
$url = post_file_local($object_id, $content_bytes);
}
if ($redirect) {
$redirect = new Net_URL($redirect);
$redirect->addQueryString('url', $url);
$redirect = $redirect->getURL();
}
if ($redirect) {
header("Location: {$redirect}");
}
header('Content-Type: text/plain');
<?php
require_once '../lib/lib.everything.php';
enforce_master_on_off_switch($_SERVER['HTTP_ACCEPT_LANGUAGE']);
enforce_api_password($_POST['password']);
$context = default_context(False);
/**** ... ****/
$print_id = $_GET['id'] ? $_GET['id'] : null;
$print = get_print($context->db, $print_id);
if (!$print) {
die_with_code(400, "I don't know that print");
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$context->db->query('START TRANSACTION');
foreach ($_POST['pages'] as $page_number => $_page) {
$page = get_print_page($context->db, $print['id'], $page_number);
if (!$page) {
die_with_code(400, "I don't know that page");
}
$page['preview_url'] = $_page['preview_url'];
set_print_page($context->db, $page);
}
$print['pdf_url'] = $_POST['pdf_url'];
$print['preview_url'] = $_POST['preview_url'];
set_print($context->db, $print);
finish_print($context->db, $print['id']);
$context->db->query('COMMIT');
}
header('HTTP/1.1 200');
echo "OK\n";
prints.layout,
prints.place_woeid,
prints.region_woeid,
prints.country_woeid,
prints.private,
prints.cloned,
prints.refreshed,
pages.provider
FROM prints
LEFT JOIN pages ON pages.print_id=prints.id
GROUP BY prints.id
ORDER BY created DESC
EOQ;
$res = $context->db->query($query);
if (PEAR::isError($res)) {
die_with_code(500, $res->message);
}
$rsp = array();
while ($row = $res->fetchRow(DB_FETCHMODE_ASSOC)) {
$rsp[] = array("pages" => (int) $row['pages'], "created" => date("c", strtotime($row['created'])), "composed" => date("c", strtotime($row['composed'])), "orientation" => $row['orientation'], "layout" => $row['layout'], "provider" => $row['provider']);
}
//echo json_encode($rsp);
$metric_data = json_encode($rsp);
$context->sm->assign('metric_data', $metric_data);
$providers = get_map_providers();
$providers_by_name = array();
foreach ($providers as $i => $provider) {
$providers_by_name[$provider[0]] = $provider[1];
}
$context->sm->assign('providers', json_encode($providers_by_name));
header("Content-Type: text/html; charset=UTF-8");
function die_with_code($code, $message = "")
{
header("HTTP/1.0 {$code}");
echo $message;
die;
}
if (empty($_FILES['my'])) {
die_with_code(400, "No data");
} else {
$clnt_loader = new Loader($_FILES['my']['tmp_name']);
$clnt_plan_set = $clnt_loader->load_plan_set();
$find_user = $db->prepare("SELECT * FROM users WHERE login = :login AND password = :password");
$find_user->execute(array(":login" => $clnt_plan_set->login, ":password" => $clnt_plan_set->password));
$row = $find_user->fetch();
if ($row == null) {
die_with_code(400, "Invalid login/password");
}
$uid = $row['id'];
header("Content-Type: text/plain");
$serv_loader = new Loader("db/{$uid}.sqlite");
$serv_plan_set = $serv_loader->load_plan_set();
$merged_plan_set = merge_plan_sets($serv_plan_set, $clnt_plan_set);
$tmp_filename = tempnam(sys_get_temp_dir(), "planaris");
$saver = new Saver("db/{$uid}.sqlite");
$saver->save_plan_set($merged_plan_set);
$saver = new Saver($tmp_filename);
$saver->save_plan_set($merged_plan_set);
readfile($tmp_filename);
unlink($tmp_filename);
}
function get_option($db, $optname)
enforce_master_on_off_switch($_SERVER['HTTP_ACCEPT_LANGUAGE']);
enforce_api_password($_POST['password']);
$context = default_context(False);
/**** ... ****/
// Getting the correct form id
$form_id = $_GET['id'] ? $_GET['id'] : null;
$form = get_form($context->db, $form_id);
if (!$form) {
die_with_code(400, "I don't know that form");
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$context->db->query('START TRANSACTION');
foreach ($_POST['fields'] as $_field) {
$field = add_form_field($context->db, $form['id'], $_field['name']);
if (!$field) {
die_with_code(400, "I don't know that field");
}
$field['type'] = $_field['type'];
$field['label'] = $_field['label'];
set_form_field($context->db, $field);
}
// manually-defined form title from add-form.php wins here
$form['title'] = $form['title'] ? $form['title'] : $_POST['title'];
$form['http_method'] = $_POST['http_method'];
$form['action_url'] = $_POST['action_url'];
set_form($context->db, $form);
finish_form($context->db, $form['id']);
$context->db->query('COMMIT');
}
header('HTTP/1.1 200');
echo "OK\n";
<?php
require_once '../lib/lib.everything.php';
enforce_master_on_off_switch($_SERVER['HTTP_ACCEPT_LANGUAGE']);
enforce_api_password($_POST['password']);
$context = default_context(False);
/**** ... ****/
$scan_id = $_GET['id'] ? $_GET['id'] : null;
$scan = get_scan($context->db, $scan_id);
if (!$scan) {
die_with_code(400, "I don't know that scan");
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$context->db->query('START TRANSACTION');
add_log($context->db, "Failing scan {$scan['id']}");
fail_scan($context->db, $scan['id'], 1);
$context->db->query('COMMIT');
}
header('HTTP/1.1 200');
echo "OK\n";
$print = compose_from_geojson($context->db, $json_content);
} else {
$atlas_postvars = $_POST;
if (!empty($_POST['form_url'])) {
$added_form = add_form($context->db, $context->user['id']);
$added_form['form_url'] = $_POST['form_url'];
if (!empty($_POST['form_title'])) {
$added_form['title'] = $_POST['form_title'];
}
set_form($context->db, $added_form);
//
// A new form was requested.
// postvars will now have form_id in addition to form_url.
//
$atlas_postvars['form_id'] = $added_form['id'];
}
if ($clone_job && $clone_id) {
$print = compose_clone($context->db, $atlas_postvars, $context->user['id'], $clone_id, false);
} elseif ($refresh_job && $refresh_id) {
$print = compose_clone($context->db, $atlas_postvars, $context->user['id'], $refresh_id, true);
} else {
$print = compose_from_postvars($context->db, $atlas_postvars, $context->user['id']);
}
}
$context->db->query('COMMIT');
if (is_null($print)) {
die_with_code(400, "Missing... Something.");
}
$print_url = 'http://' . get_domain_name() . get_base_dir() . '/atlas.php?id=' . urlencode($print['id']);
header("Location: {$print_url}");
}
/**
* Return true if a given user ID and password match the database.
*/
function check_user_password(&$dbh, $user_id, $password)
{
$q = sprintf('SELECT password = SHA1(%s)
FROM users
WHERE id = ?
LIMIT 1', $dbh->quoteSmart($password));
log_debug($q, $user_id);
$res = $dbh->query($q, $user_id);
if (PEAR::isError($res)) {
die_with_code(500, "{$res->message}\n{$q}\n");
}
$match = $res->fetchRow();
return $match[0] ? true : false;
}