File manager - Edit - /home/autoph/public_html/connect/CheckinServices.php
Back
<?php date_default_timezone_set('Asia/Manila'); header('Content-Type: application/json'); //API.GEONAMES.ORG FOR THE API GEOLOCATION SERVICE // /mysql_connect('localhost','autoph_portal','mis1541ng') or die ($connect_error); $sqlUser = 'autoph_arnel'; $sqlDatabase = 'autoph_connect'; $sqlPass = 'Hke@2001'; $registrations_table = 'vts_users'; $checkins_table = 'login_history'; $conn = mysql_connect($sqlHost, $sqlUser, $sqlPass) or die ("Couldn't connct to MySQL server on $sqlHost: ". mysql_error(). '.'); $db = mysql_select_db($sqlDatabase, $conn) or die ("Couldn't select database $sqlDatabase: ". mysql_error(). '.'); //These functions are defined at the bottom. //initialize_htaccess(); // make sure .htaccess file allows web services calls from anyone //initialize_registrations(); //make sure registrations table has been created //initialize_checkins(); //make sure checkins table has been created $usrList= $_REQUEST['usrList']; // Expect LoginName, LoginPassword $login = $_REQUEST['login']; // Expect LoginName, LoginPassword $register = $_REQUEST['register'];//expect RegName, RegPassword $insert = $_REQUEST['insert'];//Expects CheckinRegID, Lattitue, Longitude, HouseNo, Street, Zip $select = $_REQUEST['select']; // Expects select = * or select = RegID $getLeads = $_REQUEST['getLeads']; // Expects select = * or select = RegID //$search = $_REQUEST['search']; // Expects select = * or select = RegID $did_something = 0; //$did_nothing_message ="Valid Input Sets: [login,LoginName,LoginPassword]; [register,RegName,RegPassword]; [insert,CheckinRegID,Latitude,Longitude, HouseNo,Street,Zip];[select]"; // if($register==1) { $RegName = addslashes($_REQUEST['RegName']); $RegPassword= addslashes($_REQUEST['RegPassword']); $sql = "SELECT * FROM $registrations_table WHERE RegName = '$RegName'"; $sqlResult = mysql_query($sql, $conn) or die ("Couldn't perform query $sql (".__LINE__."): ". mysql_error(). '.'); if(mysql_num_rows($sqlResult) == 1) { $status = "User $RegName already registered."; $json = json_encode(["status" => "$status", "statusCode" => '0']); } else { $sql = "INSERT INTO $registrations_table (RegName, RegPassword) VALUES('$RegName', '$RegPassword')"; $sqlQuery = mysql_query($sql, $conn) or die("Couldn't perform query $sql (".__LINE__."): " . mysql_error() . '.'); $sql = "SELECT * FROM $registrations_table WHERE (RegName = '$RegName' AND RegPassword ='$RegPassword')"; $sqlResult = mysql_query($sql, $conn) or die("Couldn't perform query $sql (".__LINE__."): " . mysql_error() . '.'); $status = "$RegName registered"; $sqlRecord = mysql_fetch_assoc($sqlResult); $status = "$RegName Registered ID = " . $sqlRecord['RegID']; $sqlRecord['status'] = $status; $sqlRecord['statusCode'] = '1'; $json = json_encode($sqlRecord); } //Returns the registration record $did_something += 1; } if($login==1) { $LoginName = addslashes($_REQUEST['LoginName']); $LoginPassword = addslashes($_REQUEST['LoginPassword']); $sql = "SELECT * FROM $registrations_table WHERE u_name = '$LoginName'"; $sqlResult = mysql_query($sql, $conn) or die("Couldn't perform query $sql (".__LINE__."): " . mysql_error() . '.'); if(mysql_num_rows($sqlResult) == 1) { $sqlRecord = mysql_fetch_assoc($sqlResult); if($sqlRecord['u_status'] == 1){ //start if account is not disabled if($sqlRecord['u_password'] == md5($LoginPassword)) { $status = "Connecting..."; $sqlRecord['status'] = $status; $sqlRecord['statusCode'] = '1'; $json = json_encode([$sqlRecord]); } else { $status = "Password Incorrect."; $json = json_encode(["status" => "$status", "statusCode" => '0']); } //end code }else{ $status = "Your account has been diactivated or locked out. Please contact your system administrator for assistance"; $json = json_encode(["status" => "$status", "statusCode" => '0']); } } else { $msg = "User $LoginName does not exist."; $json = json_encode(['status' => "$msg", "statusCode" => '0']); } $did_something += 1; } if($insert==1) { $CheckinRegID = addslashes($_REQUEST['CheckinRegID']); $CheckinTime = date('Y-m-d H:i:s', time()); $Latitude = addslashes($_REQUEST['Latitude']); $Longitude = addslashes($_REQUEST['Longitude']); $HouseNo = addslashes($_REQUEST['HouseNo']); $Street = addslashes($_REQUEST['Street']); $Zip = addslashes($_REQUEST['Zip']); // $sql = "INSERT INTO $checkins_table (CheckinTime, CheckinRegID, Latitude, Longitude, HouseNo, Street, Zip) VALUES('$CheckinTime','$CheckinRegID', '$Latitude','$Longitude','$HouseNo','$Street','$Zip')"; //$sqlQuery = mysql_query($sql , $conn) or die ("Couldnt perform query $sql ("//.__LINE__."): " . mysql_error() . '.'); $sqlLookUp= mysql_result(mysql_query("SELECT COUNT(`CheckinID`) FROM `checkins3` WHERE `CheckinRegID` = '$CheckinRegID' AND `HouseNo` = '$HouseNo' AND `Street` = '$Street' AND `Zip` = '$Zip'"),0); if($sqlLookUp > 0) { $msg = "Duplicate Entry.".$sqlLookUp; } else { $sql = "INSERT INTO $checkins_table (CheckinTime, CheckinRegID, Latitude, Longitude, HouseNo, Street, Zip) VALUES('$CheckinTime','$CheckinRegID', '$Latitude','$Longitude','$HouseNo','$Street','$Zip')"; $sqlQuery = mysql_query($sql , $conn) or die ("Couldnt perform query $sql (".__LINE__."): " . mysql_error() . '.'); $msg = "$CheckinTime: Checked in at $HouseNo $Street $Zip $sqlLookUp"; } $json = json_encode(['status' => "$msg", "$sqlLookUp"]); $did_something += 1; // $affectedRows = mysql_affected_rows(); // if($affectedRows == 0) // { // $msg = "A conflict was detected. No insert was made"; // } // else // { // $msg = "$CheckinTime: Checked in at $HouseNo $Street $Zip //$affectedRows"; // } $json = json_encode(['status' => "$msg", "$affectedRows"]); $did_something += 1; } //SEARCH USER NAME if($search == 1) { $searchText = addslashes($_REQUEST['searchText']); $return_arr = Array(); $sql = "SELECT * FROM $registrations_table WHERE RegName LIKE '%$searchText%'"; $sqlTable = mysql_query($sql, $conn); while($sqlRecord = mysql_fetch_assoc($sqlTable)) { $return_arr[]=$sqlRecord; } $json = json_encode($return_arr); $did_something += 1; } //====================== //GET ALL CHECKINS PER USER ONLY if($ckhList == 1) { $CheckinRegID = addslashes($_REQUEST['CheckinRegID']); $return_chk = Array(); $sql = "SELECT * FROM checkins3 WHERE CheckinRegID=$CheckinRegID"; $chkTable = mysql_query($sql, $conn) or die("Couldn't perform query (".__LINE__."): " . mysql_error(). '.'); while($chkRecord = mysql_fetch_array($chkTable)) { $return_chk[]=$chkRecord; } $json = json_encode($return_chk); $did_something += 1; } //====================== //GET ALL USERS ONLY if($getLeads == 1) { $salesID = addslashes($_REQUEST['salesID']); $return_arr = Array(); $lstUpdate = Array(); $sql = "SELECT * FROM sales_prospecting WHERE sales_id = $salesID"; $sqlTable = mysql_query($sql, $conn); while($sqlRecord = mysql_fetch_assoc($sqlTable)) { $isFleet=$sqlRecord['is_fleet']; $sCustID = $sqlRecord['cust_id']; if($isFleet==='Yes'){ $sCustLastUpdate = mysql_result(mysql_query("SELECT last_update_date FROM businesses_names WHERE bid=$sCustID"),0); }else{ $sCustLastUpdate = mysql_result(mysql_query("SELECT last_update_date FROM vts_customers WHERE c_id=$sCustID"),0); } $return_arr[]=$sqlRecord; // $lstUpdate[] = $sCustLastUpdate; } $json = json_encode($return_arr); // ["status" => "$msg", "statusCode" => '0'] $did_something += 1; } //====================== //GET ALL CHECKINS PER USER ONLY if($ckhList == 1) { // Expects select = * or select = RegID //$CheckinRegID = addslashes($_REQUEST['CheckinRegID']); $return_chk = Array(); $sql = "SELECT * FROM sales_prospecting WHERE employee_id=$empID AND status=''"; $chkTable = mysql_query($sql, $conn) or die("Couldn't perform query (".__LINE__."): " . mysql_error(). '.'); while($chkRecord = mysql_fetch_array($chkTable)) { $return_chk[]=$chkRecord; } //$json = json_encode([$return_chk, "LastUpdateDate" => $lastUpdateDate]); // (["status" => "$msg", "statusCode" => '0']); $did_something += 1; } //====================== if($select == "*") { $return_arr = Array(); $sql = "SELECT * FROM sales_prospecting WHERE status='open' AND employee_id='$empID' "; $sqlTable = mysql_query($sql, $conn) or die("Couldn't perform query (".__LINE__."): " . mysql_error(). '.'); while($sqlRecord = mysql_fetch_array($sqlTable)) { $sql = "SELECT * FROM $checkins_table LEFT JOIN $registrations_table ON CheckinRegID = RegID WHERE CheckinRegID = ".$sqlRecord['RegID']." ORDER BY CheckinTime DESC LIMIT 1"; $sqlResult = mysql_query($sql, $conn) or die("Couldn't perform query (".__LINE__."): ". mysql_error(). '.'); if($sqlCheckin = mysql_fetch_assoc($sqlResult)) array_push($return_arr, $sqlCheckin); } $json = json_encode($return_arr); $did_something += 1; } else if($select > 0) { $sql="SELECT * FROM $checkins_table LEFT JOIN $registrations_table ON CheckinRegID=RegID WHERE CheckinRegID =".$select." ORDER BY CheckinTime DESC LIMIT 1"; $sqlResult = mysql_query($sql, $conn) or die ("Couldn't perform query (".__LINE__."): ". mysql_error().'.'); if($sqlCheckin = mysql_fetch_array($sqlResult)) { // $sqlCheckin['status']='succes'; $json = json_encode($sqlCheckin); } else { $msg = "Registration ID $select not found. "; $json = json_encode(["status" => "$msg", "statusCode" => '0']); } $did_something += 1; } if($did_something === 0) { $msg = did_nothing_message; $json = json_encode(["status" => "$msg", "statusCode" => '0']); } echo $json; //RECORD TRANSACTOIN $handle = fopen("CheckinService.log", "a"); $json2 = json_encode($_REQUEST); fputs($handle, date('Y-m-d H:i:s', time())."\t".$_SERVER['REMOTE_ADD']."\t".$sql."\t".$json2."\t".$json."\not"); fclose($handle); function initialize_htaccess() { $found = 0; if(file_exists(".htaccess")) { $handle = fopen(".htaccess", "r"); while (($line = fgets($handle)) !== false){ if(strpos($line, 'Header set Access-Control-Allow-Origin')>0) $found = 1; } fclose($handle); } if($found == 0) { $handle = fopen(".htaccess", "a"); fputs($handle,'Header set Access-Control-Allow-Origin "*"' . "\n"); fclose($handle); } } function initialize_registrations() { global $conn, $registrations_table; $sql = "SHOW tables LIKE '$registrations_table'"; $sqlTables = mysql_query($sql, $conn) or die ("Couldn't perform query $sql (".__LINE__."): " . mysql_error(). '.'); if(mysql_num_rows($sqlTables)==0) { $sql = "CREATE TABLE IF NOT EXISTS `$registrations_table` (`RegID` int(11) NOT NULL AUTO_INCREMENT, `RegName` varchar(100) NOT NULL, `RegPassword` varchar(100) NOT NULL, PRIMARY KEY (`RegID`));"; $sqlResponse = mysql_query($sql, $conn) or die("Couldn't perform query $sql (".__LINE__."): ". mysql_error(). '.'); }; }; function initialize_checkins() { global $conn, $checkins_table; $sql = "SHOW tables LIKE '$checkins_table'"; $sqlTables = mysql_query($sql, $conn) or die ("Couldn't perform query $sql (".__LINE__."): " . mysql_error(). '.'); if(mysql_num_rows($sqlTables)){ $sql = "CREATE TABLE IF NOT EXISTS `$checkins_table`( `CheckinID` int(11) NOT NULL AUTO_INCREMENT, `CheckinRegID` int(11) NOT NULL, `CheckinTime` datetime NOT NULL, `Latitude` double NOT NULL, `Longitude` double NOT NULL, `HouseNo` varchar(5) NOT NULL, `Street` varchar(50) NOT NULL, `Zip` varchar(5) NOT NULL, PRIMARY KEY (`CheckinID`) ); "; $sqlResponse = mysql_query($sql, $conn) or die("Couldn't perform query $qsl (".__LINE__."): ". mysql_error() . '.'); }; }; ?>
| ver. 1.4 |
.
| PHP 7.3.33 | Generation time: 0 |
proxy
|
phpinfo
|
Settings