QuartzMap/admin/action/map.php

<?php
    session_start();
		require('../incl/const.php');
    require('../class/database.php');
    require('../class/map.php');
		require('../class/app.php');
		
function unzip_me($zipname){
	$ext_dir = '/tmp/uploads';
	if(!is_dir($ext_dir)){
		mkdir($ext_dir);
	}

	$zip = new ZipArchive;
	$res = $zip->open($zipname);
	if ($res === TRUE) {
		$zip->extractTo($ext_dir);
		$zip->close();
	} else {
		echo 'Error: Failed to open'.$zipname;
	}
	return $ext_dir;
}

function zip2html_dir($upload, $upload_dir){

	$unzip_dir = unzip_me($upload["tmp_name"]);
	$name = basename($upload["name"]);
	$name = explode('.', $name)[0];
	
	
	if(is_file($unzip_dir.'/index.html')){
		$html_dir = $upload_dir.'/'.$name;
		rename($unzip_dir, $html_dir);
	}else if(is_file($unzip_dir.'/'.$name.'/index.html')){
		$html_dir = $unzip_dir.'/'.$name;
	}else{
		echo 'Error: index.html not found';
		$html_dir = null;
	}
	return $html_dir;
}

    $result = ['success' => false, 'message' => 'Error while processing your request!'];

    if(isset($_SESSION['user']) && $_SESSION['user']->accesslevel == 'Admin') {
			$database = new Database(DB_HOST, DB_NAME, DB_USER, DB_PASS, DB_PORT, DB_SCMA);
    	$obj			= new map_Class($database->getConn(), $_SESSION['user']->id);
			$id = isset($_POST['id']) ? intval($_POST['id']) : 0;
			
				if(($id > 0) && !$obj->isOwnedByUs($id)){
					$result = ['success' => false, 'message' => 'Action not allowed!'];
		
				}else if(isset($_POST['save'])) {
            $newId = 0;

            if($id) { // update
              
							$newId = $obj->update($_POST) ? $id : 0;
							if($newId > 0){
								$html_dir = APPS_DIR.'/'.$newId;
								App::updateDatasources($_POST, $html_dir, DATA_DIR, APPS_DIR);
							}
							
            } else if(!empty($_POST['app']) || !empty($_FILES['archive'])){ // insert

              $newId = $obj->create($_POST);
							
							if(!is_dir(CACHE_DIR.'/'.$newId)){
								mkdir(CACHE_DIR.'/'.$newId, 0770);
							}
							
							if($newId > 0){
								$upload_dir = App::upload_dir($_SESSION['user']->ftp_user);
								$html_dir = null;
								$unzip_dir = null;
								// html dir can be in /var/www/upload or in /tmp, if its an upload
								if(isset($_POST['app'])){
									$html_dir = $upload_dir.'/'.$_POST['app'];
								}else if(!empty($_FILES["archive"]["tmp_name"])){	// if we have uploaded file
									$html_dir = zip2html_dir($_FILES["archive"], $upload_dir);
								}
								
								if($html_dir){
									App::installApp($newId, $_POST, $html_dir, DATA_DIR, APPS_DIR);	// process map data files
									if($unzip_dir){
										App::rrmdir($unzip_dir);
									}
								}else{
									$obj->delete($newId);
									$newId = 0;
								}
							}
            }

						if($newId > 0){
							if(isset($_FILES["image"]) && ($_FILES['image']['size'] < 10485760)){ // if image file and is less than 10 MB
								$image = null;
								// scale image to 200x150
								if($_FILES["image"]["type"] == 'image/png'){
									$image = imagecreatefrompng($_FILES["image"]["tmp_name"]);
								}else if($_FILES["image"]["type"] == 'image/jpeg'){
									$image = imagecreatefromjpeg($_FILES["image"]["tmp_name"]);
								}
								
								if($image){
									$imgResized = imagescale($image , 200, 150);
									imagepng($imgResized, "../../assets/maps/".$newId.'.png');
								}
							}
							
							$result = ['success' => true, 'message' => 'Map successfully created!', 'id' => $newId];
						}else{
							$result = ['success' => false, 'message' => 'Failed to save Map!'];
						}
        } else if(isset($_POST['delete'])) {
					
					$result = $obj->getById($_POST['id']);
					$row = pg_fetch_assoc($result);
					pg_free_result($result);
					
					if($obj->delete(intval($_POST['id']))){
						
						App::uninstallApp($row['name'], DATA_DIR, APPS_DIR);
						
						$result = ['success' => true, 'message' => 'Data Successfully Deleted!'];
					}else{
						$result = ['success' => false, 'message' => 'Error: Data Not Deleted!'];
					}
        
				} else if(isset($_POST['clear'])) {
					$map_cache_dir = CACHE_DIR.'/'.$_POST['id'];
					
					if(is_dir($map_cache_dir)){
						$dir_size = 0;
						
						$files = scandir($map_cache_dir);
						foreach($files as $f){
							if(is_file($map_cache_dir.'/'.$f)){
								$dir_size += filesize($map_cache_dir.'/'.$f);
								unlink($map_cache_dir.'/'.$f);
							}
						}
						
						rmdir($map_cache_dir);
						
						$unit = 'bytes';
						if($dir_size > (1024*1024)){
							$dir_size = $dir_size / (1024*1024);
							$unit = 'Mbytes';
						} else if($dir_size > 1024){
							$dir_size = $dir_size / 1024;
							$unit = 'kbytes';
						}

						$result = ['success' => true, 'message' => 'Successfully removed '.sprintf("%.2f %s", $dir_size, $unit)];
					}else{
						$result = ['success' => false, 'message' => 'Error: No cache!'];
					}
					
				}
    }

    echo json_encode($result);
?>