예제 #1
0
function generateMarkers($con, $marker_id, $showPathMarkers, $markerDelay)
{
    // Select all the rows in the markers table
    $markerSql = "";
    if ($marker_id != "") {
        $markerSql = "ge.gps_entry_id = " . phpGPS_DB::cleanInput($marker_id);
    }
    //build query, if marker is set, then show regardless of status
    $query = "SELECT \n" . "  * \n" . "FROM \n" . "  gps_entries ge \n" . "  left join gps_type gt on ge.gps_type_id = gt.gps_type_id \n";
    $query = $query . "WHERE \n";
    if ($markerSql == "") {
        $query = $query . "  ((ge.gps_status <> 'H' ";
        if (!$showPathMarkers) {
            $query = $query . "AND ge.gps_status <> 'P' ";
        }
        $query = $query . ") or ge.gps_status IS NULL) \n";
        //H is Hidden, P is Path Only
    } else {
        $query = $query . "  {$markerSql} \n";
    }
    if ($markerDelay != null && $markerDelay > 0) {
        $query = $query . " AND ge.gps_entry_date < NOW() - INTERVAL {$markerDelay} DAY \n";
    }
    $query = $query . "ORDER BY \n" . "  ge.gps_date;";
    $result = mysqli_query($con, $query);
    if (!$result) {
        die('Invalid query: ' . mysql_error());
    }
    //Exit if no results
    if ($result->num_rows == 0) {
        return;
    }
    //Start Marker XML
    echo '<markers>';
    // Iterate through the rows, printing XML nodes for each
    while ($row = @mysqli_fetch_assoc($result)) {
        echo '<marker ';
        echo 'id="' . parseToXML($row['gps_entry_id']) . '" ';
        echo 'name="' . parseToXML($row['gps_name']) . '" ';
        echo 'comment="' . parseToXML($row['gps_comment']) . '" ';
        echo 'address="' . parseToXML($row['gps_address1']) . '" ';
        echo 'lat="' . $row['gps_latitude'] . '" ';
        echo 'lng="' . $row['gps_longitude'] . '" ';
        echo 'accuracy="' . $row['gps_accuracy'] . '" ';
        echo 'path_id="' . $row['gps_path_id'] . '" ';
        echo 'type_name="' . $row['gps_type_name'] . '" ';
        echo 'image="' . $row['gps_type_image'] . '" ';
        echo 'custom_icon_name="' . $row['gps_type_icon'] . '" ';
        echo '/>';
    }
    // End XML file
    echo '</markers>';
}
예제 #2
0
function setPathStatus($con, $gps_path_id, $gps_status)
{
    $gps_path_id = phpGPS_DB::cleanInput($gps_path_id);
    $sql = "update gps_path \n" . "set gps_path_status = '{$gps_status}'\n" . "where gps_path_id = {$gps_path_id}\n" . ";";
    $sqlBR = str_replace("\n", "<br />\n", $sql);
    echo $sqlBR . "<br />";
    if ($gps_path_id != null && $gps_path_id != "") {
        mysqli_query($con, $sql) or die(mysqli_error($con));
        return true;
    } else {
        return false;
    }
}
예제 #3
0
        $type = $loginT->getType();
    }
}
$delete = false;
if (isset($_GET['delete']) && $_GET['delete'] == "true") {
    $delete = true;
}
$viewQuery = false;
if (isset($_GET['viewQuery']) && $_GET['viewQuery'] == "true") {
    $viewQuery = true;
}
if (!isset($_GET['table']) || $_GET['table'] == "") {
    exit("Table not set");
}
if (!isset($_GET['where']) || $_GET['where'] == "") {
    exit("Where not set");
}
$table = phpGPS_DB::cleanInput($_GET['table']);
if (!in_array($table, phpGPS_DB::$_allowedTables)) {
    exit("Invalid Table!");
}
$where = phpGPS_DB::cleanInput($_GET['where']);
$sql = "DELETE FROM " . $table . " WHERE " . $where;
if ($viewQuery) {
    $sqlBR = str_replace("\n", "<br />\n", $sql);
    echo $sqlBR . "<br />";
}
if ($delete) {
    mysqli_query($con, $sql) or die(mysqli_error($con));
    echo "Record Deleted";
}
예제 #4
0
function newEntry($con)
{
    //TODO add debug mode to hide the extra output statements
    $gps_entry_date = "now()";
    $gps_device_id = isset($_GET["gps_device_id"]) && $_GET["gps_device_id"] != "" ? $_GET["gps_device_id"] : phpGPS_Settings::$_defaultDeviceID;
    $gps_type_id = isset($_GET["gps_type_id"]) && $_GET["gps_type_id"] != "" ? $_GET["gps_type_id"] : phpGPS_Settings::$_defaultTypeID;
    $gps_path_id = isset($_GET["gps_path_id"]) && $_GET["gps_path_id"] != "" ? $_GET["gps_path_id"] : "NULL";
    $gps_date_dt = isset($_GET["gps_date_dt"]) && $_GET["gps_date_dt"] != "" ? $_GET["gps_date_dt"] : null;
    $gps_date_time = isset($_GET["gps_date_time"]) && $_GET["gps_date_time"] != "" ? $_GET["gps_date_time"] : null;
    $gps_status = isset($_GET["gps_status"]) && $_GET["gps_status"] != "" ? $_GET["gps_status"] : "NULL";
    $gps_latitude = isset($_GET["gps_latitude"]) && $_GET["gps_latitude"] != "" ? $_GET["gps_latitude"] : null;
    $gps_longitude = isset($_GET["gps_longitude"]) && $_GET["gps_longitude"] != "" ? $_GET["gps_longitude"] : null;
    $gps_altitude = isset($_GET["gps_altitude"]) && $_GET["gps_altitude"] != "" ? $_GET["gps_altitude"] : "NULL";
    $gps_accuracy = isset($_GET["gps_accuracy"]) && $_GET["gps_accuracy"] != "" ? $_GET["gps_accuracy"] : "NULL";
    $gps_name = isset($_GET["gps_name"]) && $_GET["gps_name"] != "" ? $_GET["gps_name"] : "";
    $gps_comment = isset($_GET["gps_comment"]) && $_GET["gps_comment"] != "" ? $_GET["gps_comment"] : "";
    $gps_address1 = isset($_GET["gps_address1"]) && $_GET["gps_address1"] != "" ? $_GET["gps_address1"] : "";
    $gps_address2 = isset($_GET["gps_address2"]) && $_GET["gps_address2"] != "" ? $_GET["gps_address2"] : "";
    $gps_address3 = isset($_GET["gps_address3"]) && $_GET["gps_address3"] != "" ? $_GET["gps_address3"] : "";
    $gps_city = isset($_GET["gps_city"]) && $_GET["gps_city"] != "" ? $_GET["gps_city"] : "";
    $gps_zipcode = isset($_GET["gps_zipcode"]) && $_GET["gps_zipcode"] != "" ? $_GET["gps_zipcode"] : "";
    $gps_state = isset($_GET["gps_state"]) && $_GET["gps_state"] != "" ? $_GET["gps_state"] : "";
    $gps_country = isset($_GET["gps_country"]) && $_GET["gps_country"] != "" ? $_GET["gps_country"] : "";
    $gps_date = "now()";
    //FIXME to generate mysql datetime from gps date and time vars
    $gps_latlong = isset($_GET["gps_latlong"]) && $_GET["gps_latlong"] != "" ? $_GET["gps_latlong"] : null;
    $gps_devicename = isset($_GET["gps_devicename"]) && $_GET["gps_devicename"] != "" ? $_GET["gps_devicename"] : null;
    //Clean Inputs
    $gps_entry_date = phpGPS_DB::cleanInput($gps_entry_date);
    $gps_device_id = phpGPS_DB::cleanInput($gps_device_id);
    $gps_type_id = phpGPS_DB::cleanInput($gps_type_id);
    $gps_path_id = phpGPS_DB::cleanInput($gps_path_id);
    $gps_date_dt = phpGPS_DB::cleanInput($gps_date_dt);
    $gps_date_time = phpGPS_DB::cleanInput($gps_date_time);
    $gps_status = phpGPS_DB::cleanInput($gps_status);
    $gps_latitude = phpGPS_DB::cleanInput($gps_latitude);
    $gps_longitude = phpGPS_DB::cleanInput($gps_longitude);
    $gps_altitude = phpGPS_DB::cleanInput($gps_altitude);
    $gps_accuracy = phpGPS_DB::cleanInput($gps_accuracy);
    $gps_name = phpGPS_DB::cleanInput($gps_name);
    $gps_comment = phpGPS_DB::cleanInput($gps_comment);
    $gps_address1 = phpGPS_DB::cleanInput($gps_address1);
    $gps_address2 = phpGPS_DB::cleanInput($gps_address2);
    $gps_address3 = phpGPS_DB::cleanInput($gps_address3);
    $gps_city = phpGPS_DB::cleanInput($gps_city);
    $gps_zipcode = phpGPS_DB::cleanInput($gps_zipcode);
    $gps_state = phpGPS_DB::cleanInput($gps_state);
    $gps_country = phpGPS_DB::cleanInput($gps_country);
    $gps_date = phpGPS_DB::cleanInput($gps_date);
    $gps_latlong = phpGPS_DB::cleanInput($gps_latlong);
    $gps_devicename = phpGPS_DB::cleanInput($gps_devicename);
    //Split latlong to lat, long variables if its present, otherwise the separate vars will be used
    if ($gps_latlong != null && $gps_latlong != "") {
        $latlongAr = explode(",", $gps_latlong);
        if (sizeof($latlongAr) == 2) {
            $gps_latitude = $latlongAr[0];
            $gps_longitude = $latlongAr[1];
            echo "split to lat: {$gps_latitude} long: {$gps_longitude}<br>\n";
        }
    }
    //lookup device id using device name
    if ($gps_devicename != null && $gps_devicename != "") {
        echo "devicename: {$gps_devicename}<br>\n";
        $devNameSql = "select gps_device_id from gps_device where gps_device_local_id = '{$gps_devicename}'";
        $result = mysqli_query($con, $devNameSql);
        if (mysqli_num_rows($result) > 0) {
            while ($deviceRow = @mysqli_fetch_assoc($result)) {
                $gps_device_id = $deviceRow['gps_device_id'];
                echo "gps name: {$gps_devicename} id: {$gps_device_id}<br>\n";
            }
        } else {
            $newDeviceSql = "insert into gps_device (gps_device_name, gps_device_local_id) VALUES ('New Device', '{$gps_devicename}')";
            mysqli_query($con, $newDeviceSql);
        }
    }
    //Validate Path and insert if needed
    $sql = "select gps_path_id from gps_path where gps_path_id = {$gps_path_id}";
    $result = mysqli_query($con, $sql);
    if ($result->num_rows == 0) {
        $newPathSql = "insert into gps_path (\n" . " gps_path_id \n" . ") VALUES (\n" . "{$gps_path_id});";
        mysqli_query($con, $newPathSql);
    }
    //Create and execute query string
    $sql = "insert into gps_entries (\n" . "  gps_entry_date, \n" . "  gps_device_id, \n" . "  gps_type_id, \n" . "  gps_path_id, \n" . "  gps_date, \n" . "  gps_status, \n" . "  gps_latitude, \n" . "  gps_longitude, \n" . "  gps_altitude, \n" . "  gps_accuracy, \n" . "  gps_name, \n" . "  gps_comment, \n" . "  gps_address1, \n" . "  gps_address2, \n" . "  gps_address3, \n" . "  gps_city, \n" . "  gps_zipcode, \n" . "  gps_state, \n" . "  gps_country \n" . ") VALUES ( \n" . "  {$gps_entry_date}, \n" . "  {$gps_device_id}, \n" . "  {$gps_type_id}, \n" . "  {$gps_path_id}, \n" . "  {$gps_date}, \n" . "  '{$gps_status}', \n" . "  {$gps_latitude}, \n" . "  {$gps_longitude}, \n" . "  {$gps_altitude}, \n" . "  {$gps_accuracy}, \n" . "  '{$gps_name}', \n" . "  '{$gps_comment}', \n" . "  '{$gps_address1}', \n" . "  '{$gps_address2}', \n" . "  '{$gps_address3}', \n" . "  '{$gps_city}', \n" . "  '{$gps_zipcode}', \n" . "  '{$gps_state}', \n" . "  '{$gps_country}' \n" . ");";
    $sqlBR = str_replace("\n", "<br />\n", $sql);
    echo $sqlBR . "<br />";
    if ($gps_device_id != null && $gps_date_dt != null && $gps_date_time != null && $gps_latitude != null && $gps_longitude != null) {
        mysqli_query($con, $sql) or die(mysqli_error($con));
        echo "Record Created!<br />\n";
    } else {
        echo "<h2>Missing Data!</h2>";
    }
}
예제 #5
0
if (!isset($_GET['table']) || $_GET['table'] == "") {
    exit("Table not set");
}
$table = phpGPS_DB::cleanInput($_GET['table']);
if (!in_array($table, phpGPS_DB::$_allowedTables)) {
    exit("Invalid Table!");
}
//TODO add user level based table security
$sql = "INSERT INTO " . $table;
$hasValues = false;
$columns = "";
$values = "";
foreach ($_GET as $key => $value) {
    if ($key != "insert" && $key != "table" && $key != "viewQuery") {
        $field = phpGPS_DB::cleanInput($key);
        $val = phpGPS_DB::cleanInput($value);
        if ($val != "NULL") {
            $val = "'" . $val . "'";
        }
        if ($hasValues) {
            $columns = $columns . ", ";
            $values = $values . ", ";
        }
        $columns = $columns . $field;
        $values = $values . $val;
        $hasValues = true;
    }
}
$sql = $sql . " ({$columns}) VALUES ({$values})";
if (!$hasValues) {
    exit("No Fields set");
예제 #6
0
파일: view.php 프로젝트: vivek779/phpGPS
 * embedded elsewhere. 
 */
include "phpGPS.php";
$args = "";
if (isset($_GET['marker_id']) && $_GET['marker_id'] != "") {
    $args = $args . "?marker_id=" . $_GET['marker_id'];
}
$zoom = "";
if (isset($_GET['zoom']) && $_GET['zoom'] != "") {
    $zoom = $_GET['zoom'];
    $zoom = phpGPS_DB::cleanInput($zoom);
}
$center = phpGPS_Settings::$_defaultCenterLat . ', ' . phpGPS_Settings::$_defaultCenterLong;
if (isset($_GET['center']) && $_GET['center'] != "") {
    $center = $_GET['center'];
    $center = phpGPS_DB::cleanInput($center);
}
$edit = "false";
if (isset($_GET['edit']) && $_GET['edit'] == "true") {
    $userGroups = array("admin", "users");
    $edit = "true";
    if (strlen($args > 0)) {
        $args = $args . "&";
    } else {
        $args = "?";
    }
    $args = $args . "showPathMarkers=true";
}
?>

<!DOCTYPE html >
예제 #7
0
    if (!$loginT->userStatus && $userGroups != "admin") {
        echo "Login Failed<br>";
        login::showLogin();
        exit;
    } else {
        $type = $loginT->getType();
    }
}
//Load Vars from URL
if (!isset($_GET['user']) || $_GET['user'] == "") {
    exit("user not set");
}
$userToChange = phpGPS_DB::cleanInput($_GET['user']);
if (!isset($_GET['oldpass']) || $_GET['oldpass'] == "") {
    if ($loginT->getType() != "admin") {
        exit("oldpass not set");
    }
}
$oldPass = phpGPS_DB::cleanInput($_GET['oldpass']);
if (!isset($_GET['newpass']) || $_GET['newpass'] == "") {
    exit("newpass not set");
}
$newPass = phpGPS_DB::cleanInput($_GET['newpass']);
//if admin, or user with valid username and valid oldpass
if ($loginT->getType() == "admin" || $loginT->getType() == "user" && $userToChange == $loginT->getUserId() && login::checkPassForUser($con, $userToChange, $oldPass)) {
    //update pass
    $usersalt = generateRandomString(10);
    $newEncryptedPass = crypt($newPass, $usersalt);
    $updateSql = "update users set user_salt = '{$usersalt}', user_pass='******' where user_id='{$userToChange}'";
    mysqli_query($con, $updateSql) or die(mysqli_error($con));
}