<?php
/*
CARPOOL AND POINT 
*/
include '../../core/backend.php';
include_once '../config.php';
include_once '../constants.php';
include '../formarter.php';


$endpoints = array(
    'carpooltrack' => array('POST'),
    'another' => array('POST')
);


//*
header("Access-Control-Allow-Origin: *");
header("Access-Control-Expose-Headers: Access-Control-Allow-Origin");
header("Access-Control-Allow-Headers: Cache-Control, Pragma, Origin, Authorization, Content-Type, X-Requested-With, client_id");
header("Access-Control-Allow-Methods: POST, GET, PUT, DELETE, OPTIONS");
header('Content-type: application/json');
//*/
if ("OPTIONS" === $_SERVER['REQUEST_METHOD']) {
    exit();
}

$headers = getallheaders();
if ((!isset($headers["authorization"]) || substr($headers["authorization"], -strlen($httpAuthToken)) != $httpAuthToken) &&
        (!isset($headers["Authorization"]) || substr($headers["Authorization"], -strlen($httpAuthToken)) != $httpAuthToken)) {
    header('HTTP/1.1 401 Unauthorized');
    header('Status: 401 Unauthorized');
    echo "{\"status\":\"Missing authorization\"}";
    exit();
}

$endpoint = strtolower(str_replace('/SAVVY/carpool/', '', strtok($_SERVER['REQUEST_URI'], '?')));

$id = 0; // update, get & delete actions require ID
if (substr($endpoint, 0, 19) == 'gettransportrequest' || substr($endpoint, 0, 13) == 'updateprofile') {
    $endpoint = strtok($endpoint, '/');
    $id = strtok('/');
}

if (!isset($endpoints[$endpoint])) {
    header('HTTP/1.1 400 Bad Request');
    header('Status: 400 Bad Request');
    echo "{\"status\":\"Invalid endpoint url\"}";
    exit();
}

$methods = $endpoints[$endpoint];

if (array_search($_SERVER['REQUEST_METHOD'], $methods) === false) {
    header('HTTP/1.1 405 Method Not Allowed');
    header('Status: 405 Method Not Allowed');
    echo "{\"status\":\"Invalid request method\"}";
    exit();
}

include '../rest_api.php';

if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if ($endpoint == "uploadfile") {
        upload_file_call();
        exit();
    } else {
        $raw_json = file_get_contents("php://input");
        $raw_array = json_decode($raw_json, true);
        $in = flatten($raw_array);
    }
}

if ($_SERVER["REQUEST_METHOD"] == "PUT") {
    parse_str(file_get_contents('php://input'), $in);
}

// Decrypt the input
if (isset($in['encrypted_payload'])) {
    $payload = openssl_decrypt(hex2bin($in['encrypted_payload']), $encryptionAlg, $encryptionKey, OPENSSL_RAW_DATA, $encryptionIV);
    unset($in['encrypted_payload']);
    $in = array_merge($in, json_decode($payload, true));
}

// get who is connecting IP
$in["loc"] = getRemoteIpAddress(); // Do not use $_SERVER["REMOTE_ADDR"]; it is INVALID!!! 
$in["pid"] = 100;
// override session parameter(s) with the header value
$in["session"] = $headers["x-session-id"];
$in["sessionid"] = $headers["x-session-id"];

$out = array();

$extension_call = true; // by defualt unless specified at the gate
switch ($endpoint) {

    case 'carpooltrack': $in["action"] = SAVVY_CARPOOL_TRACK;
       $out["status"] =  "Got here anyway";
        break;
}


$in["pid"] = 100;

//file_put_contents("in_debug.log", $in); // DEBUG
//external_internal_call($in, $out);

function Fextension_call($in, &$out) {
    global $savvyext;
		foreach ($in as $key=>$val) {
			if ($val!="" && is_string($val)) {
				$in[$key] = pg_escape_string($val);
			}
		}
    $out = $savvyext->savvyext_api($in);
    return $out["retval"];
}

if ($extension_call == true) {
    Fextension_call($in, $out);
}

header("HTTP/1.1 200 OK");
header("Status: 200 OK");
//$out = array_merge($in, $out); // DEBUG
$payload = json_encode(processOutJson($in, $out));
echo $payload."\n";
//$encrypted_payload = bin2hex(openssl_encrypt($payload, $encryptionAlg, $encryptionKey, OPENSSL_RAW_DATA, $encryptionIV));
//echo "{\"payload\": \"${encrypted_payload}\"}";
exit();

function flatten($data, $parentkey = "") {
    $result = array();
    foreach ($data as $key => $val) {
        if (is_array($val)) {
            $result = array_merge($result, flatten($val, $parentkey . $key . "_"));
        } else {
            $result[$parentkey . $key] = $val;
        }
    }
    return $result;
}


function getRemoteIpAddress() {
    $ip = NULL;
    if (!empty($_SERVER['HTTP_CLIENT_IP']) && filter_var($_SERVER['HTTP_CLIENT_IP'], FILTER_VALIDATE_IP)) {
        $ip = trim($_SERVER['HTTP_CLIENT_IP']);
    } elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR']) && filter_var($_SERVER['HTTP_X_FORWARDED_FOR'], FILTER_VALIDATE_IP)) {
        $ip = trim($_SERVER['HTTP_X_FORWARDED_FOR']);
    } else {
        // Will not make much sense since we are behind the WAF reverse proxy
        $ip = trim($_SERVER['REMOTE_ADDR']);
    }
		putenv("REMOTE_ADDR=${ip}");
		$_ENV["REMOTE_ADDR"] = $ip;
    return $ip;
}

// vi:ts=2