server-backend

<?php
//constants
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "DoorLock";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
//if the request contains files
if(isset($_FILES)) {
	$target_dir = "images/";
	//make sure they are images
	foreach($_FILES as $file) {
		$target_file = $target_dir . basename($file["name"]);
		$imageFileType = strtolower(pathinfo($target_file, PATHINFO_EXTENSION));
		// Check if image file is a actual image or fake image
		$check = getimagesize($file["tmp_name"]);
		if($check !== false) {
			echo "File is an image - " . $check["mime"] . ".";
		} else {
			echo "File is not an image.";
		}
		
		//upload them to the images folder
		if (move_uploaded_file($file["tmp_name"], $target_file)) {
			echo "The file ". basename( $file["name"]). " has been uploaded.";
		} else {
			echo "Sorry, there was an error uploading your file.";
		}

		//insert data into the server
		$sql = "INSERT INTO security (image, seen) VALUES ('".$file["name"]."', 0)";
		$conn->query($sql);
	}
}

//parse the JSON data
$post = json_decode(file_get_contents('php://input'), true);

if(isset($post)) {
	// Check connection
	if ($conn->connect_error) {
		die("Connection failed: " . $conn->connect_error);
	} 

	// --- HANDLE REQUESTS FROM APP ---
	//find out if the key is in the database
	if($post["action"] == "checkdb") {
		$sql = "SELECT * FROM key_ids WHERE UID='".$post["id"]."'";

		$result = $conn->query($sql);
		
		if ($result->num_rows > 0) {
			echo "Known key.";
		} else {
			echo "Unknown key.";
		}
	} 
	//insert the key into the database
	if($post["action"] == "authorise") {
		$sql = "INSERT INTO key_ids (UID) VALUES ('".$post["id"]."')";

		$result = $conn->query($sql);
		if($result == false) {
			echo "Key is already authorised!";
		} else {
			echo "Key authorised successfully!";
		}
	} 
	//delete the key from the database
	if($post["action"] == "unauthorise") {
		$sql = "DELETE FROM key_ids WHERE UID='".$post["id"]."'";

		$result = $conn->query($sql);
		if($result == false) {
			echo "Key is not authorised!";
		} else {
			echo "Key unauthorised successfully!";
		}
	}
	// --- HANDLE REQUESTS FROM LOCK ---
	//make sure the key has access
	if($post["action"] == "validate") {
		$sql = "SELECT * FROM key_ids WHERE UID='".$post["id"]."'";

		$result = $conn->query($sql);

		if ($result->num_rows > 0) {
			echo "OK";
		} else {
			echo "ERROR";
		}
	}
	//security check
	//handle continous requests from the app
	if($post["action"] == "security") {
		$sql = "SELECT * FROM security WHERE seen = 0";
		$result = $conn->query($sql);
		
		if ($result->num_rows > 0) {
			// output data of each row
			while($row = $result->fetch_assoc()) {
				echo $row["date"];
			}

			$sql = "UPDATE security SET seen = 1 WHERE seen = 0";
			$conn->query($sql);
		}
	}
	//this is not needed anymore
	if($post["action"] == "enter_attempt") {
		$sql = "INSERT INTO security (seen) VALUES (0)";
		$conn->query($sql);
	}
	if($post["action"] == "images") {
		$sql = "SELECT image FROM security";
		$result = $conn->query($sql);

		while($row = $result->fetch_assoc()) {
				echo $row["image"] . " ";
		}
	}
	//close connection
	$conn->close();
}

//print value(s) of variable
function debug( $data ) { 
	echo '<pre>'.print_r( $data, TRUE ).'</pre>'; 
}  
?>