]> git.openstreetmap.org Git - rails.git/blobdiff - app/controllers/swf_controller.rb
Add additional validation to the user model and tidy up a few things on
[rails.git] / app / controllers / swf_controller.rb
index a58e899e01741d0daeec900a210de98587a20a0a..b8208050c02187ea56de55bf049594ca3d5ece95 100644 (file)
@@ -1,4 +1,6 @@
 class SwfController < ApplicationController
+       session :off
+       before_filter :check_availability
 
 # to log:
 # RAILS_DEFAULT_LOGGER.error("Args: #{args[0]}, #{args[1]}, #{args[2]}, #{args[3]}")
@@ -44,12 +46,11 @@ class SwfController < ApplicationController
                lastfile='-1'
        
                if params['token']
-                       token=sqlescape(params['token'])
+                        user=User.authenticate(:token => params[:token])
                        sql="SELECT gps_points.latitude*0.000001 AS lat,gps_points.longitude*0.000001 AS lon,gpx_files.id AS fileid,UNIX_TIMESTAMP(gps_points.timestamp) AS ts "+
-                                " FROM gpx_files,gps_points,users "+
+                                " FROM gpx_files,gps_points "+
                                 "WHERE gpx_files.id=gpx_id "+
-                                "  AND gpx_files.user_id=users.id "+
-                                "  AND token='#{token}' "+
+                                "  AND gpx_files.user_id=#{user.id} "+
                                 "  AND (gps_points.longitude BETWEEN #{xminr} AND #{xmaxr}) "+
                                 "  AND (gps_points.latitude BETWEEN #{yminr} AND #{ymaxr}) "+
                                 "  AND (gps_points.timestamp IS NOT NULL) "+