X-Git-Url: https://dev.renevier.net/gitweb.cgi?p=syp.git;a=blobdiff_plain;f=api.php;h=7ba3f08c828bff59efe7ffedc4262ef6a8fd4e3f;hp=9b268dcaf31beb8ac4bbc0e4e7b577c9d44909fc;hb=refs%2Fheads%2Fdemo;hpb=1fa9f86af76141dee786b45083ebcdb72f49981a

diff --git a/api.php b/api.php
index 9b268dc..7ba3f08 100644
--- a/api.php
+++ b/api.php
@@ -3,7 +3,8 @@
    license. */
 
 function exit_document ($body) {
-    exit ("<html><head></head><body>$body</body></html>");
+    $charset_meta = '<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">';
+    exit ("<html>$charset_meta<head></head><body>$body</body></html>");
 }
 
 function success ($reason) {
@@ -192,8 +193,14 @@ function setcookies ($user, $pwd) {
     // cookie will be valid for 2 weeks. I've chosen that value
     // arbitrarily, and it may change in the future.
     $time = time () + 14 * 60 * 24 * 60;
-    setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
-    setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+    if (version_compare (PHP_VERSION, '5.2.0', '>=')) {
+        setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
+        setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+    } else {
+        setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false);
+        setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false);
+    }
+
 }
 
 function check_auth ($con, $user, $pwd, $auth_only) {
@@ -248,6 +255,7 @@ function main ($con) {
             if ($_POST ["keep_img"] == "yes") {
                 $imgpath = $feature->imgpath;
             } else {
+                error_request ();
                 $imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
             }
 
@@ -288,6 +296,7 @@ function main ($con) {
             success_feature ($new_feature, "update");
         break;
         case "add":
+            error_request ();
             $imgpath = save_uploaded_file ($_FILES ["image_file"], $con);
 
             $lon = $_POST ["lon"];
@@ -307,6 +316,7 @@ function main ($con) {
             success_feature ($feature, "add");
         break;
         case "del":
+            error_request ();
             $id = $_POST ["fid"];
             $feature = $con->getfeature ($id);
             if (!isset ($feature)) {
@@ -329,6 +339,7 @@ function main ($con) {
 
             success_delete_feature ($feature);
         case "changepass":
+            error_request ();
             $currpass = unquote ($_POST ["pass_current"]);
             if (!$con->checkpwdmd5 ($user, md5 ($currpass))) {
                 error_wrongpass ();
@@ -337,12 +348,16 @@ function main ($con) {
             try {
                 $con->setpwd ($user, $newpass);
             } catch (Exception $e) {
+                if ($e->getMessage () == anydbConnection::err_query) {
+                    error_request ();
+                }
                 error_server ();
             }
             setcookies ($user, $newpass);
             success_changepass ($user);
         break;
         case "newuser":
+            error_request ();
             if ($user != "admin") {
                 error_unauthorized ();
             }
@@ -357,6 +372,9 @@ function main ($con) {
             try {
                 $con->setpwd ($newuser_name, $newuser_password);
             } catch (Exception $e) {
+                if ($e->getMessage () == anydbConnection::err_query) {
+                    error_request ();
+                }
                 error_server ();
             }
             success_newuser ($newuser_name);
@@ -372,7 +390,7 @@ function main ($con) {
 if (!@include_once ("./inc/settings.php")) {
     error_server ();
 }
-require_once ("./inc/db/mysql.php");
+require_once ("./inc/db/" . (defined ("DBTYPE")? DBTYPE: "mysql") . ".php");
 require_once ("./inc/utils.php");
 
 try {