From d98b62cc69fb1e5c190472e0a33cf9c9dc7d9ec2 Mon Sep 17 00:00:00 2001 From: Klaus-Uwe Mitterer Date: Wed, 3 Aug 2016 19:37:08 +0200 Subject: [PATCH] Require device ID to be passed --- .gitignore | 1 + config.php => config.dist.php | 0 endpoint.php | 5 ++--- 3 files changed, 3 insertions(+), 3 deletions(-) create mode 100644 .gitignore rename config.php => config.dist.php (100%) diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..4f4773f --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +config.php diff --git a/config.php b/config.dist.php similarity index 100% rename from config.php rename to config.dist.php diff --git a/endpoint.php b/endpoint.php index 5dfe5a9..db0d7e5 100644 --- a/endpoint.php +++ b/endpoint.php @@ -2,8 +2,7 @@ require_once("config.php"); -if (isset($_GET["lat"]) && preg_match("/^-?\d+\.\d+$/", $_GET["lat"]) - && isset($_GET["lon"]) && preg_match("/^-?\d+\.\d+$/", $_GET["lon"]) ) { +if (isset($_GET["lat"]) && preg_match("/^-?\d+\.\d+$/", $_GET["lat"]) && isset($_GET["lon"]) && preg_match("/^-?\d+\.\d+$/", $_GET["lon"]) && isset($_GET["device"]) ) { $conn = new mysqli($servername, $username, $password, $dbname); @@ -11,7 +10,7 @@ if (isset($_GET["lat"]) && preg_match("/^-?\d+\.\d+$/", $_GET["lat"]) die("Connection failed: " . $conn->connect_error); } - $sql = "INSERT INTO tracker (lat, lon) VALUES (" . mysqli_real_escape_string($conn, $_GET['lat']) . ", " . mysqli_real_escape_string($conn, $_GET['lon']) . ");"; + $sql = "INSERT INTO tracker (device, lat, lon) VALUES (" . mysqli_real_escape_string($conn, $_GET['device']) . ", " . mysqli_real_escape_string($conn, $_GET['lat']) . ", " . mysqli_real_escape_string($conn, $_GET['lon']) . ");"; if (!mysqli_query($conn, $sql)) { die('Error: ' . mysqli_error($conn));