diff --git a/GlassesController.php b/GlassesController.php index 98bec9c3b42bcdf98afb007234bdda580600717a..228bb09e9be34cf797e012e51834fa02d82dbee5 100644 --- a/GlassesController.php +++ b/GlassesController.php @@ -14,22 +14,30 @@ class GlassesController { } function insert($PARAM){ - // TODO Security issue, use statements $msg=$PARAM['msg']; $msg=$this->db->quote($msg); - $this->db->query("insert into CrowdGlassesMsg(text) values (".$msg.")"); + + $user=$this->db->quote($PARAM['user']); + + $statement=$this->db->prepare("insert into CrowdGlassesMsg(user,text) select name, :msg from Users where id=:user"); + $statement->bindParam(":msg",$msg,PDO::PARAM_STR); + $statement->bindParam(":user",$user,PDO::PARAM_INT); + $statement->execute(); $answer=new StdClass(); $answer->status = "Ok"; return $answer; } function get($PARAM){ - $data=$_REQUEST['data']; + @$data=$_REQUEST['data']; $myObj=new StdClass(); - $myObj->content = "Hello bob, you sent me $data right ?"; - $table=$this->db->query("select text from CrowdGlassesMsg"); + $myObj->content = array(); + + // TODO Security issue, use statements + + $table=$this->db->query("select id, user as name, text from CrowdGlassesMsg",PDO::FETCH_OBJ); foreach($table as $tuple) - $myObj->content=$myObj->content.$tuple['text']."\n"; + array_push($myObj->content,$tuple); return $myObj; } } @@ -46,9 +54,13 @@ if (isset($_GET['action'])) { $PARAM['msg']=$_GET['msg']; else $PARAM['msg']="empty"; + if (isset($_SESSION['id'])) + $PARAM['user']=$_SESSION['id']; + else + $PARAM['user']="unknown"; $result=json_encode($manager->$action($PARAM)); echo $result; } -?> \ No newline at end of file +?> diff --git a/projects/Crowd-glasses/init-skills.sql b/projects/Crowd-glasses/init-skills.sql index 9ceba0866c495b3579ec0f911405d29d19f30feb..1cbfa298ca3ab91b7d6e1486c34ba8721851099f 100644 --- a/projects/Crowd-glasses/init-skills.sql +++ b/projects/Crowd-glasses/init-skills.sql @@ -1,8 +1,9 @@ insert into SkillTree values -(2000, 1, 'Crowd-glasses'), -(2001, 2000, 'First-aid'), -(2002, 2000, 'Building Safety'), -(2003, 2000, 'Electric Safety'), +(5000, 1, 'Crowd-glasses'), +(5001, 5000, 'First-aid'), +(5002, 5000, 'Building Safety'), +(5003, 5000, 'Electric Safety'); + diff --git a/projects/Crowd-glasses/init-workflow.sql b/projects/Crowd-glasses/init-workflow.sql index 61762942049a689b95518924cf0c5e2354d46a81..431a8147342ffa356961916e531648e7474d29e8 100644 --- a/projects/Crowd-glasses/init-workflow.sql +++ b/projects/Crowd-glasses/init-workflow.sql @@ -2,7 +2,7 @@ DROP TABLE IF EXISTS CrowdGlassesMsg; DELETE from Artifact where classid in (select id from ArtifactClass where project = 'Crowd-glasses'); DELETE from ArtifactClass where project = 'Crowd-glasses'; -CREATE TABLE CrowdGlassesMsg(id int auto_increment primary key, text varchar(300)); +CREATE TABLE CrowdGlassesMsg(id int auto_increment primary key, user varchar(100),text varchar(300)); insert into ArtifactClass(id,description,definition,tablename,project,autostart) values (10000,'Emergency Response','Crowd-glasses/crowd-glasses.sca', null, 'Crowd-glasses',true);