function generateMarkers($con, $marker_id, $showPathMarkers, $markerDelay)
{
// Select all the rows in the markers table
$markerSql = "";
if ($marker_id != "") {
$markerSql = "ge.gps_entry_id = " . phpGPS_DB::cleanInput($marker_id);
}
//build query, if marker is set, then show regardless of status
$query = "SELECT \n" . " * \n" . "FROM \n" . " gps_entries ge \n" . " left join gps_type gt on ge.gps_type_id = gt.gps_type_id \n";
$query = $query . "WHERE \n";
if ($markerSql == "") {
$query = $query . " ((ge.gps_status <> 'H' ";
if (!$showPathMarkers) {
$query = $query . "AND ge.gps_status <> 'P' ";
}
$query = $query . ") or ge.gps_status IS NULL) \n";
//H is Hidden, P is Path Only
} else {
$query = $query . " {$markerSql} \n";
}
if ($markerDelay != null && $markerDelay > 0) {
$query = $query . " AND ge.gps_entry_date < NOW() - INTERVAL {$markerDelay} DAY \n";
}
$query = $query . "ORDER BY \n" . " ge.gps_date;";
$result = mysqli_query($con, $query);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
//Exit if no results
if ($result->num_rows == 0) {
return;
}
//Start Marker XML
echo '<markers>';
// Iterate through the rows, printing XML nodes for each
while ($row = @mysqli_fetch_assoc($result)) {
echo '<marker ';
echo 'id="' . parseToXML($row['gps_entry_id']) . '" ';
echo 'name="' . parseToXML($row['gps_name']) . '" ';
echo 'comment="' . parseToXML($row['gps_comment']) . '" ';
echo 'address="' . parseToXML($row['gps_address1']) . '" ';
echo 'lat="' . $row['gps_latitude'] . '" ';
echo 'lng="' . $row['gps_longitude'] . '" ';
echo 'accuracy="' . $row['gps_accuracy'] . '" ';
echo 'path_id="' . $row['gps_path_id'] . '" ';
echo 'type_name="' . $row['gps_type_name'] . '" ';
echo 'image="' . $row['gps_type_image'] . '" ';
echo 'custom_icon_name="' . $row['gps_type_icon'] . '" ';
echo '/>';
}
// End XML file
echo '</markers>';
}
function setPathStatus($con, $gps_path_id, $gps_status)
{
$gps_path_id = phpGPS_DB::cleanInput($gps_path_id);
$sql = "update gps_path \n" . "set gps_path_status = '{$gps_status}'\n" . "where gps_path_id = {$gps_path_id}\n" . ";";
$sqlBR = str_replace("\n", "<br />\n", $sql);
echo $sqlBR . "<br />";
if ($gps_path_id != null && $gps_path_id != "") {
mysqli_query($con, $sql) or die(mysqli_error($con));
return true;
} else {
return false;
}
}
$type = $loginT->getType();
}
}
$delete = false;
if (isset($_GET['delete']) && $_GET['delete'] == "true") {
$delete = true;
}
$viewQuery = false;
if (isset($_GET['viewQuery']) && $_GET['viewQuery'] == "true") {
$viewQuery = true;
}
if (!isset($_GET['table']) || $_GET['table'] == "") {
exit("Table not set");
}
if (!isset($_GET['where']) || $_GET['where'] == "") {
exit("Where not set");
}
$table = phpGPS_DB::cleanInput($_GET['table']);
if (!in_array($table, phpGPS_DB::$_allowedTables)) {
exit("Invalid Table!");
}
$where = phpGPS_DB::cleanInput($_GET['where']);
$sql = "DELETE FROM " . $table . " WHERE " . $where;
if ($viewQuery) {
$sqlBR = str_replace("\n", "<br />\n", $sql);
echo $sqlBR . "<br />";
}
if ($delete) {
mysqli_query($con, $sql) or die(mysqli_error($con));
echo "Record Deleted";
}
function newEntry($con)
{
//TODO add debug mode to hide the extra output statements
$gps_entry_date = "now()";
$gps_device_id = isset($_GET["gps_device_id"]) && $_GET["gps_device_id"] != "" ? $_GET["gps_device_id"] : phpGPS_Settings::$_defaultDeviceID;
$gps_type_id = isset($_GET["gps_type_id"]) && $_GET["gps_type_id"] != "" ? $_GET["gps_type_id"] : phpGPS_Settings::$_defaultTypeID;
$gps_path_id = isset($_GET["gps_path_id"]) && $_GET["gps_path_id"] != "" ? $_GET["gps_path_id"] : "NULL";
$gps_date_dt = isset($_GET["gps_date_dt"]) && $_GET["gps_date_dt"] != "" ? $_GET["gps_date_dt"] : null;
$gps_date_time = isset($_GET["gps_date_time"]) && $_GET["gps_date_time"] != "" ? $_GET["gps_date_time"] : null;
$gps_status = isset($_GET["gps_status"]) && $_GET["gps_status"] != "" ? $_GET["gps_status"] : "NULL";
$gps_latitude = isset($_GET["gps_latitude"]) && $_GET["gps_latitude"] != "" ? $_GET["gps_latitude"] : null;
$gps_longitude = isset($_GET["gps_longitude"]) && $_GET["gps_longitude"] != "" ? $_GET["gps_longitude"] : null;
$gps_altitude = isset($_GET["gps_altitude"]) && $_GET["gps_altitude"] != "" ? $_GET["gps_altitude"] : "NULL";
$gps_accuracy = isset($_GET["gps_accuracy"]) && $_GET["gps_accuracy"] != "" ? $_GET["gps_accuracy"] : "NULL";
$gps_name = isset($_GET["gps_name"]) && $_GET["gps_name"] != "" ? $_GET["gps_name"] : "";
$gps_comment = isset($_GET["gps_comment"]) && $_GET["gps_comment"] != "" ? $_GET["gps_comment"] : "";
$gps_address1 = isset($_GET["gps_address1"]) && $_GET["gps_address1"] != "" ? $_GET["gps_address1"] : "";
$gps_address2 = isset($_GET["gps_address2"]) && $_GET["gps_address2"] != "" ? $_GET["gps_address2"] : "";
$gps_address3 = isset($_GET["gps_address3"]) && $_GET["gps_address3"] != "" ? $_GET["gps_address3"] : "";
$gps_city = isset($_GET["gps_city"]) && $_GET["gps_city"] != "" ? $_GET["gps_city"] : "";
$gps_zipcode = isset($_GET["gps_zipcode"]) && $_GET["gps_zipcode"] != "" ? $_GET["gps_zipcode"] : "";
$gps_state = isset($_GET["gps_state"]) && $_GET["gps_state"] != "" ? $_GET["gps_state"] : "";
$gps_country = isset($_GET["gps_country"]) && $_GET["gps_country"] != "" ? $_GET["gps_country"] : "";
$gps_date = "now()";
//FIXME to generate mysql datetime from gps date and time vars
$gps_latlong = isset($_GET["gps_latlong"]) && $_GET["gps_latlong"] != "" ? $_GET["gps_latlong"] : null;
$gps_devicename = isset($_GET["gps_devicename"]) && $_GET["gps_devicename"] != "" ? $_GET["gps_devicename"] : null;
//Clean Inputs
$gps_entry_date = phpGPS_DB::cleanInput($gps_entry_date);
$gps_device_id = phpGPS_DB::cleanInput($gps_device_id);
$gps_type_id = phpGPS_DB::cleanInput($gps_type_id);
$gps_path_id = phpGPS_DB::cleanInput($gps_path_id);
$gps_date_dt = phpGPS_DB::cleanInput($gps_date_dt);
$gps_date_time = phpGPS_DB::cleanInput($gps_date_time);
$gps_status = phpGPS_DB::cleanInput($gps_status);
$gps_latitude = phpGPS_DB::cleanInput($gps_latitude);
$gps_longitude = phpGPS_DB::cleanInput($gps_longitude);
$gps_altitude = phpGPS_DB::cleanInput($gps_altitude);
$gps_accuracy = phpGPS_DB::cleanInput($gps_accuracy);
$gps_name = phpGPS_DB::cleanInput($gps_name);
$gps_comment = phpGPS_DB::cleanInput($gps_comment);
$gps_address1 = phpGPS_DB::cleanInput($gps_address1);
$gps_address2 = phpGPS_DB::cleanInput($gps_address2);
$gps_address3 = phpGPS_DB::cleanInput($gps_address3);
$gps_city = phpGPS_DB::cleanInput($gps_city);
$gps_zipcode = phpGPS_DB::cleanInput($gps_zipcode);
$gps_state = phpGPS_DB::cleanInput($gps_state);
$gps_country = phpGPS_DB::cleanInput($gps_country);
$gps_date = phpGPS_DB::cleanInput($gps_date);
$gps_latlong = phpGPS_DB::cleanInput($gps_latlong);
$gps_devicename = phpGPS_DB::cleanInput($gps_devicename);
//Split latlong to lat, long variables if its present, otherwise the separate vars will be used
if ($gps_latlong != null && $gps_latlong != "") {
$latlongAr = explode(",", $gps_latlong);
if (sizeof($latlongAr) == 2) {
$gps_latitude = $latlongAr[0];
$gps_longitude = $latlongAr[1];
echo "split to lat: {$gps_latitude} long: {$gps_longitude}<br>\n";
}
}
//lookup device id using device name
if ($gps_devicename != null && $gps_devicename != "") {
echo "devicename: {$gps_devicename}<br>\n";
$devNameSql = "select gps_device_id from gps_device where gps_device_local_id = '{$gps_devicename}'";
$result = mysqli_query($con, $devNameSql);
if (mysqli_num_rows($result) > 0) {
while ($deviceRow = @mysqli_fetch_assoc($result)) {
$gps_device_id = $deviceRow['gps_device_id'];
echo "gps name: {$gps_devicename} id: {$gps_device_id}<br>\n";
}
} else {
$newDeviceSql = "insert into gps_device (gps_device_name, gps_device_local_id) VALUES ('New Device', '{$gps_devicename}')";
mysqli_query($con, $newDeviceSql);
}
}
//Validate Path and insert if needed
$sql = "select gps_path_id from gps_path where gps_path_id = {$gps_path_id}";
$result = mysqli_query($con, $sql);
if ($result->num_rows == 0) {
$newPathSql = "insert into gps_path (\n" . " gps_path_id \n" . ") VALUES (\n" . "{$gps_path_id});";
mysqli_query($con, $newPathSql);
}
//Create and execute query string
$sql = "insert into gps_entries (\n" . " gps_entry_date, \n" . " gps_device_id, \n" . " gps_type_id, \n" . " gps_path_id, \n" . " gps_date, \n" . " gps_status, \n" . " gps_latitude, \n" . " gps_longitude, \n" . " gps_altitude, \n" . " gps_accuracy, \n" . " gps_name, \n" . " gps_comment, \n" . " gps_address1, \n" . " gps_address2, \n" . " gps_address3, \n" . " gps_city, \n" . " gps_zipcode, \n" . " gps_state, \n" . " gps_country \n" . ") VALUES ( \n" . " {$gps_entry_date}, \n" . " {$gps_device_id}, \n" . " {$gps_type_id}, \n" . " {$gps_path_id}, \n" . " {$gps_date}, \n" . " '{$gps_status}', \n" . " {$gps_latitude}, \n" . " {$gps_longitude}, \n" . " {$gps_altitude}, \n" . " {$gps_accuracy}, \n" . " '{$gps_name}', \n" . " '{$gps_comment}', \n" . " '{$gps_address1}', \n" . " '{$gps_address2}', \n" . " '{$gps_address3}', \n" . " '{$gps_city}', \n" . " '{$gps_zipcode}', \n" . " '{$gps_state}', \n" . " '{$gps_country}' \n" . ");";
$sqlBR = str_replace("\n", "<br />\n", $sql);
echo $sqlBR . "<br />";
if ($gps_device_id != null && $gps_date_dt != null && $gps_date_time != null && $gps_latitude != null && $gps_longitude != null) {
mysqli_query($con, $sql) or die(mysqli_error($con));
echo "Record Created!<br />\n";
} else {
echo "<h2>Missing Data!</h2>";
}
}
if (!isset($_GET['table']) || $_GET['table'] == "") {
exit("Table not set");
}
$table = phpGPS_DB::cleanInput($_GET['table']);
if (!in_array($table, phpGPS_DB::$_allowedTables)) {
exit("Invalid Table!");
}
//TODO add user level based table security
$sql = "INSERT INTO " . $table;
$hasValues = false;
$columns = "";
$values = "";
foreach ($_GET as $key => $value) {
if ($key != "insert" && $key != "table" && $key != "viewQuery") {
$field = phpGPS_DB::cleanInput($key);
$val = phpGPS_DB::cleanInput($value);
if ($val != "NULL") {
$val = "'" . $val . "'";
}
if ($hasValues) {
$columns = $columns . ", ";
$values = $values . ", ";
}
$columns = $columns . $field;
$values = $values . $val;
$hasValues = true;
}
}
$sql = $sql . " ({$columns}) VALUES ({$values})";
if (!$hasValues) {
exit("No Fields set");
* embedded elsewhere.
*/
include "phpGPS.php";
$args = "";
if (isset($_GET['marker_id']) && $_GET['marker_id'] != "") {
$args = $args . "?marker_id=" . $_GET['marker_id'];
}
$zoom = "";
if (isset($_GET['zoom']) && $_GET['zoom'] != "") {
$zoom = $_GET['zoom'];
$zoom = phpGPS_DB::cleanInput($zoom);
}
$center = phpGPS_Settings::$_defaultCenterLat . ', ' . phpGPS_Settings::$_defaultCenterLong;
if (isset($_GET['center']) && $_GET['center'] != "") {
$center = $_GET['center'];
$center = phpGPS_DB::cleanInput($center);
}
$edit = "false";
if (isset($_GET['edit']) && $_GET['edit'] == "true") {
$userGroups = array("admin", "users");
$edit = "true";
if (strlen($args > 0)) {
$args = $args . "&";
} else {
$args = "?";
}
$args = $args . "showPathMarkers=true";
}
?>
<!DOCTYPE html >
if (!$loginT->userStatus && $userGroups != "admin") {
echo "Login Failed<br>";
login::showLogin();
exit;
} else {
$type = $loginT->getType();
}
}
//Load Vars from URL
if (!isset($_GET['user']) || $_GET['user'] == "") {
exit("user not set");
}
$userToChange = phpGPS_DB::cleanInput($_GET['user']);
if (!isset($_GET['oldpass']) || $_GET['oldpass'] == "") {
if ($loginT->getType() != "admin") {
exit("oldpass not set");
}
}
$oldPass = phpGPS_DB::cleanInput($_GET['oldpass']);
if (!isset($_GET['newpass']) || $_GET['newpass'] == "") {
exit("newpass not set");
}
$newPass = phpGPS_DB::cleanInput($_GET['newpass']);
//if admin, or user with valid username and valid oldpass
if ($loginT->getType() == "admin" || $loginT->getType() == "user" && $userToChange == $loginT->getUserId() && login::checkPassForUser($con, $userToChange, $oldPass)) {
//update pass
$usersalt = generateRandomString(10);
$newEncryptedPass = crypt($newPass, $usersalt);
$updateSql = "update users set user_salt = '{$usersalt}', user_pass='******' where user_id='{$userToChange}'";
mysqli_query($con, $updateSql) or die(mysqli_error($con));
}