X-Git-Url: https://git.openstreetmap.org/rails.git/blobdiff_plain/00f7307824008e6c9d3da1bfa4228f81632888aa..78b440ffc1e0448f8a6d73c8821dd58634ffb475:/app/controllers/swf_controller.rb

diff --git a/app/controllers/swf_controller.rb b/app/controllers/swf_controller.rb
index cd9bf1823..33e2ee4a6 100644
--- a/app/controllers/swf_controller.rb
+++ b/app/controllers/swf_controller.rb
@@ -1,4 +1,6 @@
 class SwfController < ApplicationController
+	session :off
+	before_filter :check_availability
 
 # to log:
 # RAILS_DEFAULT_LOGGER.error("Args: #{args[0]}, #{args[1]}, #{args[2]}, #{args[3]}")
@@ -44,12 +46,11 @@ class SwfController < ApplicationController
 		lastfile='-1'
 	
 		if params['token']
-			token=sqlescape(params['token'])
+                        user=User.authenticate(:token => params[:token])
 			sql="SELECT gps_points.latitude*0.000001 AS lat,gps_points.longitude*0.000001 AS lon,gpx_files.id AS fileid,UNIX_TIMESTAMP(gps_points.timestamp) AS ts "+
-				 " FROM gpx_files,gps_points,users "+
+				 " FROM gpx_files,gps_points "+
 				 "WHERE gpx_files.id=gpx_id "+
-				 "  AND gpx_files.user_id=users.id "+
-				 "  AND token='#{token}' "+
+				 "  AND gpx_files.user_id=#{user.id} "+
 				 "  AND (gps_points.longitude BETWEEN #{xminr} AND #{xmaxr}) "+
 				 "  AND (gps_points.latitude BETWEEN #{yminr} AND #{ymaxr}) "+
 				 "  AND (gps_points.timestamp IS NOT NULL) "+
@@ -93,12 +94,13 @@ class SwfController < ApplicationController
 			sql="SELECT cn1.latitude AS lat1,cn1.longitude AS lon1,"+
 				"		cn2.latitude AS lat2,cn2.longitude AS lon2 "+
 				"  FROM current_segments "+
-				"       LEFT OUTER JOIN current_way_segments"+
+				"       LEFT OUTER JOIN current_way_nodes"+
 				"       ON segment_id=current_segments.id,"+
 				"       current_nodes AS cn1,current_nodes AS cn2"+
 				" WHERE (cn1.longitude BETWEEN #{xmin} AND #{xmax})"+
 				"   AND (cn1.latitude  BETWEEN #{ymin} AND #{ymax})"+
 				"   AND segment_id IS NULL"+
+				"   AND current_segments.visible=1"+
 				"   AND cn1.id=node_a AND cn1.visible=1"+
 				"   AND cn2.id=node_b AND cn2.visible=1"
 			seglist=ActiveRecord::Base.connection.select_all sql
@@ -138,8 +140,7 @@ class SwfController < ApplicationController
 		m=packRect(bounds_left,bounds_right,bounds_bottom,bounds_top) + 0.chr + 12.chr + packUI16(1) + m
 		m='FWS' + 6.chr + packUI32(m.length+8) + m
 	
-		response.headers["Content-Type"]="application/x-shockwave-flash"
-		render :text=>m
+		render :text => m, :content_type => "application/x-shockwave-flash"
 	end
 
 	private