X-Git-Url: https://dev.renevier.net/gitweb.cgi?p=syp.git;a=blobdiff_plain;f=api.php;h=7895dadec249500bbd5cea178bd76c3421bdc5d4;hp=fda62ff32389e1a630759a43e5d3643b9b44d29e;hb=a42abf4f24b4ba9fc5ad84b39c74e1b7a446934e;hpb=939514b912738c5784b04a0d207db1afd918eb69

diff --git a/api.php b/api.php
index fda62ff..7895dad 100644
--- a/api.php
+++ b/api.php
@@ -3,7 +3,8 @@
    license. */
 
 function exit_document ($body) {
-    exit ("<html><head></head><body>$body</body></html>");
+    $charset_meta = '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">';
+    exit ("<html>$charset_meta<head></head><body>$body</body></html>");
 }
 
 function success ($reason) {
@@ -192,8 +193,14 @@ function setcookies ($user, $pwd) {
     // cookie will be valid for 2 weeks. I've chosen that value
     // arbitrarily, and it may change in the future.
     $time = time () + 14 * 60 * 24 * 60;
-    setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
-    setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+    if (version_compare (PHP_VERSION, '5.2.0', '>=')) {
+        setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
+        setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+    } else {
+        setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false);
+        setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false);
+    }
+
 }
 
 function check_auth ($con, $user, $pwd, $auth_only) {
@@ -239,7 +246,7 @@ function main ($con) {
             if (!isset ($feature)) {
                 error_unreferenced ($id);
             }
-            if ($feature->user != $user) {
+            if (($feature->user != $user) && ($user != "admin")) {
                 error_unauthorized ();
             }
 
@@ -248,6 +255,7 @@ function main ($con) {
             if ($_POST ["keep_img"] == "yes") {
                 $imgpath = $feature->imgpath;
             } else {
+                error_request ();
                 $imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
             }
 
@@ -288,6 +296,7 @@ function main ($con) {
             success_feature ($new_feature, "update");
         break;
         case "add":
+            error_request ();
             $imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
 
             $lon = $_POST ["lon"];
@@ -307,6 +316,7 @@ function main ($con) {
             success_feature ($feature, "add");
         break;
         case "del":
+            error_request ();
             $id = $_POST ["fid"];
             $feature = $con->getfeature ($id);
             if (!isset ($feature)) {
@@ -329,6 +339,7 @@ function main ($con) {
 
             success_delete_feature ($feature);
         case "changepass":
+            error_request ();
             $currpass = unquote ($_POST ["pass_current"]);
             if (!$con->checkpwdmd5 ($user, md5 ($currpass))) {
                 error_wrongpass ();
@@ -337,12 +348,16 @@ function main ($con) {
             try {
                 $con->setpwd ($user, $newpass);
             } catch (Exception $e) {
+                if ($e->getMessage () == anydbConnection::err_query) {
+                    error_request ();
+                }
                 error_server ();
             }
             setcookies ($user, $newpass);
             success_changepass ($user);
         break;
         case "newuser":
+            error_request ();
             if ($user != "admin") {
                 error_unauthorized ();
             }
@@ -357,6 +372,9 @@ function main ($con) {
             try {
                 $con->setpwd ($newuser_name, $newuser_password);
             } catch (Exception $e) {
+                if ($e->getMessage () == anydbConnection::err_query) {
+                    error_request ();
+                }
                 error_server ();
             }
             success_newuser ($newuser_name);