diff options
Diffstat (limited to 'requests.php')
| -rwxr-xr-x | requests.php | 268 |
1 files changed, 268 insertions, 0 deletions
diff --git a/requests.php b/requests.php new file mode 100755 index 0000000..38a0168 --- /dev/null +++ b/requests.php @@ -0,0 +1,268 @@ +<?php +/* phpTrackme + * + * Copyright(C) 2013 Bartek Fabiszewski (www.fabiszewski.net) + * + * This is free software; you can redistribute it and/or modify it under + * the terms of the GNU Library General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU Library General Public + * License along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ +// TrackMe API +// http://forum.xda-developers.com/showpost.php?p=3250539&postcount=2 + +require_once("config.php"); +$user = (isset($_REQUEST['u']) ? $_REQUEST['u'] : ""); +$pass = (isset($_REQUEST['p']) ? md5($salt.$_REQUEST['p']) : ""); +$requireddb = (isset($_REQUEST['db']) ? $_REQUEST['db'] : 0); +$tripname = (isset($_REQUEST['tn']) ? $_REQUEST['tn'] : ""); +$action = (isset($_REQUEST['a']) ? $_REQUEST['a'] : ""); + +// FIXME what is it for? +if ($requireddb<8) { + //Result:5 Incompatible database. + quit(5); +} + +$mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname); +if ($mysqli->connect_errno) { + //Result:4 Unable to connect database. + quit(4); +} + +if ((!$user) || (!$pass)){ + //Result:3 User or password not specified. + quit(3); +} + +$query = $mysqli->prepare("SELECT ID,username,password FROM users WHERE username=? LIMIT 1"); +$query->bind_param('s', $user); +$query->execute(); +$query->store_result(); +$query->bind_result($userid, $rec_user, $rec_pass); +$query->fetch(); +$num = $query->num_rows; +$query->free_result(); +$query->close(); +if ($num) { + if (($user==$rec_user) && ($pass!=$rec_pass)) { + //Result:1 User correct, invalid password. + quit(1); + } +} +else { + if ($allow_registration) { + // User unknown, let's create it + $query = $mysqli->prepare("INSERT INTO users (username,password) VALUES (?,?)"); + $query->bind_param('ss', $user, $pass); + $query->execute(); + $userid = $mysqli->insert_id; + $query->close(); + if (!$userid) { + //Result:2 User did not exist but after being created couldn't be found. + // Or rather something went wrong while updating database + quit(2); + } + } + else { + // User unknown, we don't allow autoregistration + // Let's use this one: + //Result:1 User correct, invalid password. + quit(1); + } +} + +switch($action) { + // action: noop + case "noop": + // test + quit(0); + break; + + // action: deletetrip + case "deletetrip": + if ($tripname) { + $sql = "DELETE FROM positions LEFT JOIN trips ON positions.FK_Trips_ID=trips.ID " + ."WHERE positions.FK_Users_ID=? AND trips.Name=?"; + $query = $mysqli->prepare($sql); + if ($query) { + $query->bind_param('is', $userid, $tripname); + $query->execute(); + $query->close(); + } + $sql = "DELETE FROM trips WHERE FK_Users_ID=? AND Name=?"; + $query = $mysqli->prepare($sql); + $query->bind_param('is', $userid, $tripname); + $query->execute(); + $rows = $mysqli->affected_rows; + $query->close(); + if ($rows) { + quit(0); + } + else { + //Result:7 Trip not found + quit(7); + } + } + else { + //Result:6 Trip not specified. + quit(6); + } + break; + + // action: addtrip + case "addtrip": + if ($tripname) { + $sql = "INSERT INTO trips (FK_Users_ID,Name) VALUES (?,?)"; + $query = $mysqli->prepare($sql); + $query->bind_param('is', $userid, $tripname); + $query->execute(); + $query->close(); + } + else { + //Result:6 Trip not specified. + quit(6); + } + break; + + // action: gettriplist + case "gettriplist": + $sql = "SELECT a1.Name,(SELECT MIN(a2.DateOccurred) FROM positions a2 " + ."WHERE a2.FK_Trips_ID=a1.ID) AS startdate " + ."FROM trips a1 WHERE a1.FK_Users_ID=? ORDER BY Name"; + $query = $mysqli->prepare($sql); + $query->bind_param('i', $userid); + $query->execute(); + $query->store_result(); + $query->bind_result($tripname,$startdate); + $num = $query->num_rows; + $triplist = array(); + if ($num) { + while ($query->fetch()) { + $triplist[] = $tripname."|".$startdate; + } + } + $query->free_result(); + $query->close(); + $param = implode("\n",$triplist); + quit(0,$param); + break; + + // action: upload + case "upload": + $lat = isset($_REQUEST["lat"]) ? $_REQUEST["lat"] : NULL; + $long = isset($_REQUEST["long"]) ? $_REQUEST["long"] : NULL; + $dateoccurred = isset($_REQUEST["do"]) ? $_REQUEST["do"] : NULL; + $altitude = isset($_REQUEST["alt"]) ? $_REQUEST["alt"] : NULL; + $angle = isset($_REQUEST["ang"]) ? $_REQUEST["ang"] : NULL; + $speed = isset($_REQUEST["sp"]) ? $_REQUEST["sp"] : NULL; + $iconname = isset($_REQUEST["iconname"]) ? $_REQUEST["iconname"] : NULL; + $comments = isset($_REQUEST["comments"]) ? $_REQUEST["comments"] : NULL; + $imageurl = isset($_REQUEST["imageurl"]) ? $_REQUEST["imageurl"] : NULL; + $cellid = isset($_REQUEST["cid"]) ? $_REQUEST["cid"] : NULL; + $signalstrength = isset($_REQUEST["ss"]) ? $_REQUEST["ss"] : NULL; + $signalstrengthmax = isset($_REQUEST["ssmax"]) ? $_REQUEST["ssmax"] : NULL; + $signalstrengthmin = isset($_REQUEST["ssmin"]) ? $_REQUEST["ssmin"] : NULL; + $batterystatus = isset($_REQUEST["bs"]) ? $_REQUEST["bs"] : NULL; + $uploadss = isset($_REQUEST["upss"]) ? $_REQUEST["upss"] : NULL; // FIXME is it needed? + $iconid = NULL; + if ($iconname) { + $sql = "SELECT ID FROM icons WHERE Name=? LIMIT 1"; + $query = $mysqli->prepare($sql); + $query->bind_param('s', $iconname); + $query->execute(); + $query->store_result(); + $query->bind_result($id); + $query->fetch(); + $num = $query->num_rows; + $query->free_result(); + $query->close(); + if ($num) { + $iconid = $id; + } + } + $tripid = NULL; // FIXME: not sure what trips with null id are + if ($tripname) { + // get tripid + $query = $mysqli->prepare("SELECT ID FROM trips WHERE FK_Users_ID=? AND Name=? LIMIT 1"); + $query->bind_param('is', $userid, $tripname); + $query->execute(); + $query->store_result(); + $query->bind_result($tripid); + $query->fetch(); + $num = $query->num_rows; + $query->free_result(); + $query->close(); + if (!$num) { + // create trip + $query = $mysqli->prepare("INSERT INTO trips (FK_Users_ID,Name) VALUES (?,?)"); + $query->bind_param('is', $userid, $tripname); + $query->execute(); + $tripid = $mysqli->insert_id; + $query->close(); + if (!$tripid) { + //Result:6 Trip didn't exist and system was unable to create it. + quit(6); + } + } + } + $sql = "INSERT INTO positions " + ."(FK_Users_ID,FK_Trips_ID,Latitude,Longitude,DateOccurred,FK_Icons_ID," + ."Speed,Altitude,Comments,ImageURL,Angle,SignalStrength,SignalStrengthMax," + ."SignalStrengthMin,BatteryStatus) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"; + $query = $mysqli->prepare($sql); + $query->bind_param('iiddsiddssdiiii', + $userid,$tripid,$lat,$long,$dateoccurred,$iconid, + $speed,$altitude,$comments,$imageurl,$angle,$signalstrength,$signalstrengthmax, + $signalstrengthmin,$batterystatus); + $query->execute(); + $query->close(); + if ($mysqli->errno) { + //Result:7|SQLERROR Insert statement failed. + quit(7,$mysqli->error); + } + //FIXME Are cellids used in Android client? + $upcellext = isset($_REQUEST["upcellext"]) ? $_REQUEST["upcellext"] : NULL; + if ($upcellext==1 && $cellid) { + $sql = "INSERT INTO cellids (CellID,Latitude,Longitude,SignalStrength,SignalStrengthMax,SignalStrengthMin) " + ."VALUES (?,?,?,?,?,?)"; + $query = $mysqli->prepare($sql); + $query->bind_param('sddiii',$cellid,$lat,$long,$signalstrength,$signalstrengthmax,$signalstrengthmin); + $query->execute(); + $query->close(); + if ($mysqli->errno) { + //Result:7|SQLERROR Insert statement failed. + quit(7,$mysqli->error); + } + } + quit(0); + break; + + // action: geticonlist + // action: renametrip + // action: findclosestbuddy + // action: delete + // action: sendemail + // action: updateimageurl + // action: findclosestpositionbytime + // action: findclosestpositionbyposition + // action: gettripinfo + // action: gettriphighlights +} + +function quit($errno,$param=""){ + print "Result:".$errno.(($param)?"|$param":""); + exit(); +} + +$mysqli->close(); +?> |