- token=sqlescape(params['token'])
- sql="SELECT gps_points.latitude*0.0000001 AS lat,gps_points.longitude*0.0000001 AS lon,gpx_files.id AS fileid,UNIX_TIMESTAMP(gps_points.timestamp) AS ts "+
- " FROM gpx_files,gps_points,users "+
- "WHERE gpx_files.id=gpx_id "+
- " AND gpx_files.user_id=users.id "+
- " AND token='#{token}' "+
- " AND (gps_points.longitude BETWEEN #{xmin} AND #{xmax}) "+
- " AND (gps_points.latitude BETWEEN #{ymin} AND #{ymax}) "+
- "ORDER BY fileid DESC,ts "+
- "LIMIT 10000"
- else
+ user=User.authenticate(:token => params[:token])
+ sql="SELECT gps_points.latitude*0.0000001 AS lat,gps_points.longitude*0.0000001 AS lon,gpx_files.id AS fileid,UNIX_TIMESTAMP(gps_points.timestamp) AS ts "+
+ " FROM gpx_files,gps_points "+
+ "WHERE gpx_files.id=gpx_id "+
+ " AND gpx_files.user_id=#{user.id} "+
+ " AND "+OSM.sql_for_area(ymin,xmin,ymax,xmax,"gps_points.")+
+ " AND (gps_points.timestamp IS NOT NULL) "+
+ "ORDER BY fileid DESC,ts "+
+ "LIMIT 10000"
+ else