This repository has been archived by the owner on Apr 15, 2020. It is now read-only.
/
index.php
117 lines (98 loc) · 3.26 KB
/
index.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<?php
session_start ();
require_once ('config.php');
require_once ('database.php');
require_once ('ui.php');
$secret = '';
if ( $testdata or isset ($_GET['testdata']) ) {
$_POST["latitude"] = 'here';
$_POST["longitude"] = 'here';
$_POST["accuracy"] = 'here';
$_POST["secret"] = 'testname';
}
if ( isset ( $_POST['latitude'] )) {
$ip = $_SERVER['REMOTE_ADDR'];
$lat = clean_input($_POST['latitude']);
$lon = clean_input($_POST['longitude']);
$secret = clean_input($_POST['secret']);
@$acc = clean_input($_POST['accuracy']);
@$battery = clean_input($_POST['battlevel']);
@$charging = clean_input($_POST['charging']);
@$provider = clean_input($_POST["provider"]);
@$bearing = clean_input($_POST["bearing"]);
@$speed = clean_input($_POST["speed"]);
@$time = clean_input($_POST["time"]);
@$deviceid = clean_input($_POST["deviceid"]);
@$subscriberid = clean_input($_POST["subscriberid"]);
} else if ( isset ( $_GET['latitude'] )) {
$ip = $_SERVER['REMOTE_ADDR'];
$lat = clean_input($_GET['latitude']);
$lon = clean_input($_GET['longitude']);
$secret = clean_input($_GET['secret']);
@$acc = clean_input($_GET['accuracy']);
@$battery = clean_input($_GET['battlevel']);
@$charging = clean_input($_GET['charging']);
@$provider = clean_input($_GET["provider"]);
@$bearing = clean_input($_GET["bearing"]);
@$speed = clean_input($_GET["speed"]);
@$time = clean_input($_GET["time"]);
@$deviceid = clean_input($_GET["deviceid"]);
@$subscriberid = clean_input($_GET["subscriberid"]);
}
if ( isset($lat) ) { # If we've got a request:
openlog('bigbrothergpsweb', LOG_NDELAY, LOG_USER);
$msg = "Error! Something wrong with setup or data: " . $secret;
if ( # If adding request went OK
add_request (
$lat, $lon, $acc, $secret, $ip, $battery, $charging,
$provider, $bearing, $speed, $time, $deviceid, $subscriberid
) ) {
$msg = "200 OK. Logged request at ".date('Y-m-d H:i')." from $secret.";
print $msg;
if ($syslog)
syslog(LOG_NOTICE, $msg);
} else { # If adding request failed.
print $msg;
syslog(LOG_NOTICE, $msg);
}
exit (0);
}
# If not a request from app, go on:
#Authentication:
if ( !isset($_SESSION['admin']) ) {
if ( !isset($_POST['pwd']) ) {
include ('login.php');
} else {
$user = list_users ('admin');
print_r( $user );
print_r($_POST);
if ( $user['upassword'] == $_POST['pwd'] ) {
$_SESSION['admin'] = 'yes';
print 'Access granted.';
} else {
print 'Wrong password!';
}
}
}
if ( isset($_SESSION['admin']) ) {
$sid = 0; # Selecting one device
if ( isset ($_GET['sid']))
$sid = clean_input($_GET['sid']);
$rid = 0; # Selecting one request
if ( isset ($_GET['rid']))
$rid = clean_input($_GET['rid']);
if ($verbose) {
print 'Post:<br/>';
print_r($_POST);
}
show_header ();
show_menu ();
$requests = list_requests ($sid, $rid);
$devices = list_secrets ();
show_map ($devices, $requests, $rid);
show_requests ($requests);
#show_devices ($devices);
#show_log ( list_latest_requests() );
}
include ('html_footer.html');
?>