1 ) { // called from the command-line parse_str($argv[1], $_GET); } // // Check inputs for SQL statement injection and such. // Items not tested below are not vulnerable for SQL statement injection, e.g. // a time is always converted using 'strtotime()' and other items are only // used in the PHP but never in the composition of an SQL statement. // [security audit 2013-10-23] // if( ($_GET['zkl'] && !is_numeric($_GET['zkl'])) || ($_GET['logfile'] && $_GET['logfile'] !== "" && !preg_match('/^[0-9]+,[0-9]+,[0-9]+$/', $_GET['logfile']) && !in_array($_GET['logfile'], array('log_tcp','log_versienummer','log_realtime','log_secure'))) || ($_GET['sort'] && !in_array($_GET['sort'], array("idcode","serienr","imei","wavecom_serienr","sim","id", "imsi"))) || ($_GET['limit'] && !is_numeric($_GET['limit'])) || ($_GET['limit_start'] && !is_numeric($_GET['limit_start'])) || ($_GET['db'] && dirname($_GET['db']) != ".") ) { // don't do anything fancy or interruptive as fiddling with the GET parameters // is intended by the author die("Parameter error"); } // set up internationalization if( isset($_GET['lc']) ) { // old style "language code" $_GET['i18n'] = $_GET['lc']; } if( isset($_GET['i18n']) ) { i18n_settext_language($_GET['lc']); setlocale(LC_TIME, $_GET['lc']); } else { i18n_settext_language('nl'); setlocale(LC_TIME, "nl"); } ?> MTinfo V5 importer script "; echo ""; echo ""; echo "
\n"; echo "\n"; // remember sort order if( isset($_GET['sort']) ) echo "\n"; if( isset($_GET['use_tz']) ) echo "\n"; if( isset($_GET['extra']) ) echo "\n"; if( isset($_GET['debug']) ) echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; echo "\n"; // remember filter settings and options if( isset($_GET['filter']) ) { if( $_GET['filter']['all'] == 'all' ) { echo "\n"; } else { if( $_GET['filter']['all'] == 'invert' ) { echo "\n"; } else { echo "\n"; } foreach( $_GET['filter'] as $major => $subentries ) if( is_numeric($major) ) { if( isset($_GET['filter'][$major]['all']) ) { echo "\n"; } else foreach( $subentries as $minor => $dummy ) { echo "\n"; } } } } // page - list ZKLs $query = "SELECT id,idcode,serienr,imei,wavecom_serienr,sim,imsi FROM zkl"; $query .= " WHERE lans_status NOT IN ('nieuw','afgeschreven','verloren') AND capabilities='rtstatus' AND (imei IS NOT NULL OR imsi IS NOT NULL)"; $query .= " ORDER BY serienr"; $result = mysql_run($query, $db_main_handle); if (!$result) { echo "Error in query: " .mysql_error(); echo "
" . $query . "
\n"; exit(1); } echo '
';
while( $row = mysql_fetch_assoc($result) ) {
//,,,[customer label]
	printf('01%030d,1002,%s%s',
		$row['id'],
		$row['serienr'],
		(($row['serienr'] != $row['idcode']) ? ','.$row['idcode'] : ''));
	echo ";\n";
}
echo "
\n"; }