jerry
/
src.dualinventive.com
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
src.dualinventive.com/mtinfo/dist/webroot/support/v5import.php

257 lines
8.0 KiB
PHP
Raw Blame History

<?php
set_time_limit(0);
require_once("../include/i18n.php");
require_once("../include/cp3000-tcpclient.php");
require_once("../include/db_logtables.php");
require_once("support.inc.php");
if( isset($argc) && $argc > 1 ) {
// called from the command-line
parse_str($argv[1], $_GET);
}
//
// Check inputs for SQL statement injection and such.
// Items not tested below are not vulnerable for SQL statement injection, e.g.
// a time is always converted using 'strtotime()' and other items are only
// used in the PHP but never in the composition of an SQL statement.
// [security audit 2013-10-23]
//
if(
($_GET['zkl'] && !is_numeric($_GET['zkl'])) ||
($_GET['logfile'] && $_GET['logfile'] !== "" && !preg_match('/^[0-9]+,[0-9]+,[0-9]+$/', $_GET['logfile']) && !in_array($_GET['logfile'], array('log_tcp','log_versienummer','log_realtime','log_secure'))) ||
($_GET['sort'] && !in_array($_GET['sort'], array("idcode","serienr","imei","wavecom_serienr","sim","id", "imsi"))) ||
($_GET['limit'] && !is_numeric($_GET['limit'])) ||
($_GET['limit_start'] && !is_numeric($_GET['limit_start'])) ||
($_GET['db'] && dirname($_GET['db']) != ".")
) {
// don't do anything fancy or interruptive as fiddling with the GET parameters
// is intended by the author
die("Parameter error");
}
// set up internationalization
if( isset($_GET['lc']) ) {
// old style "language code"
$_GET['i18n'] = $_GET['lc'];
}
if( isset($_GET['i18n']) ) {
i18n_settext_language($_GET['lc']);
setlocale(LC_TIME, $_GET['lc']);
}
else {
i18n_settext_language('nl');
setlocale(LC_TIME, "nl");
}
?>
<html>
<head>
<title>MTinfo V5 importer script</title>
</head>
<body>
<script type="text/javascript">
function do_device_action(zkl,key,value,db,callback)
{
device_action = new XMLHttpRequest();
device_action.onreadystatechange = callback;
device_action.open('GET', 'device-action.php?db=' + db + '&zkl=' + zkl + '&key=' + key + '&value=' + value);
device_action.setRequestHeader('Content-Type', 'text/plain');
device_action.send(null);
}
function warn_about_settings()
{
var submit_ok = true;
var logfile = document.forms['form_logfile_selectie'].logfile.value;
// warn if a large log file is selected and there is no limit on the number
// of lines and there is no date limit
var limit_checked = document.forms['form_logfile_selectie'].use_limit.checked;
var tlimit_checked = document.forms['form_logfile_selectie'].use_tlimit.checked;
if( !limit_checked && !tlimit_checked ) {
submit_ok = confirm(
'De log \'' + logfile + '\' kan veel gegevens bevatten en ' +
'de limiet op het maximaal aantal regels is niet actief.' +
'\n\n' +
'Wilt u doorgaan?'
);
// cancel clicked?
if( !submit_ok ) document.forms['form_logfile_selectie'].use_limit.focus();
}
return submit_ok;
}
</script>
<style type="text/css">
* {
font-family: "Times New Roman", serif;
}
table {
font-size: 16px;
}
body {
font-family: "Times New Roman",serif;
font-size: 10pt;
}
h1,h2,h3,h4,h5 {
font-family: Arial,Helvetica,sans-serif;
}
table.DB_TABLE td {
border: 1px solid rgb(192,192,192);
padding: 2px;
}
table.DB_TABLE th {
border: 1px solid black;
border-bottom: 2px solid black;
}
table.SELECT {
border: none;
table-layout: auto;
border-collapse: collapse;
empty-cells: show;
}
table.SELECT td {
border: none;
padding: 0px 4px;
vertical-align: top;
}
</style>
<?php
//
// Define and connect to the database
//
// read the database information
if( ! isset($_GET['db']) ) {
// Set default to di_zkl which is mtinfo_main, 1 small step for a man, one giant leap for mankind
$_GET['db'] = 'di_zkl';
}
if( isset($_GET['db']) ) {
$db_info = read_database(DBCONFIG_DIR, $_GET['db']);
if( !isset($db_info['host']) ) $db_info['host'] = "localhost";
if( !isset($db_info['user']) ) $db_info['user'] = "root";
if( !isset($db_info['passwd']) ) $db_info['passwd'] = "";
if( !isset($db_info['db']) ) $db_info['db'] = "di_zkl";
// open the database
$db_data_handle = mysql_connect($db_info['host'], $db_info['user'], $db_info['passwd']);
if( $db_data_handle === FALSE ) {
echo "Cannot connect to database: " . mysql_error();
exit(1);
}
mysql_select_db($db_info['database'], $db_data_handle);
if( $db_info['main'] ) {
$db_main_info = read_database(DBCONFIG_DIR, $db_info['main']);
$db_main_handle = mysql_connect($db_main_info['host'], $db_main_info['user'], $db_main_info['passwd'], true);
if( $db_main_handle === FALSE ) {
echo "Cannot connect to database: " . mysql_error();
exit(1);
}
mysql_select_db($db_main_info['database'], $db_main_handle);
}
else {
$db_main_handle = $db_data_handle;
$db_main_info = $db_info;
}
}
//
// Globals
//
// set default value for the limit on the number of lines
if( !isset($_GET['limit_start']) ) {
$_GET['limit_start'] = 0;
}
if( !isset($_GET['use_limit']) ) {
$_GET['use_limit'] = 1;
}
// and to show extra info
if( !isset($_GET['extra']) ) {
$_GET['extra'] = 1;
}
unset($backtrace);
//
// Device selection and device sort order
//
if( $db_main_info ) {
echo "<table class=\"SELECT\">";
echo "<tr>";
echo "<td>";
echo "<form id=\"form_zkl_selectie\" action=\"showlog.php#logfile_selectie\" method=\"get\">\n";
echo "<input type=\"hidden\" id=\"db\" name=\"db\" value=\"" . $db_info['file'] . "\">\n";
// remember sort order
if( isset($_GET['sort']) ) echo "<input type=\"hidden\" id=\"sort\" name=\"sort\" value=\"" . $_GET['sort'] . "\">\n";
if( isset($_GET['use_tz']) ) echo "<input type=\"hidden\" name=\"use_tz\" value=\"1\">\n";
if( isset($_GET['extra']) ) echo "<input type=\"hidden\" name=\"extra\" value=\"1\">\n";
if( isset($_GET['debug']) ) echo "<input type=\"hidden\" name=\"debug\" value=\"1\">\n";
echo "<input type=\"hidden\" id=\"use_tlog\" name=\"use_tlog\" value=\"" . $_GET['use_tlog'] . "\">\n";
echo "<input type=\"hidden\" id=\"use_limit\" name=\"use_limit\" value=\"" . $_GET['use_limit'] . "\">\n";
echo "<input type=\"hidden\" id=\"limit\" name=\"limit\" value=\"" . $_GET['limit'] . "\">\n";
echo "<input type=\"hidden\" id=\"limit_start\" name=\"limit_start\" value=\"" . $_GET['limit_start'] . "\">\n";
echo "<input type=\"hidden\" id=\"use_tlimit\" name=\"use_tlimit\" value=\"" . $_GET['use_tlimit'] . "\">\n";
echo "<input type=\"hidden\" id=\"tmin\" name=\"tmin\" value=\"" . $_GET['tmin'] . "\">\n";
echo "<input type=\"hidden\" id=\"tmax\" name=\"tmax\" value=\"" . $_GET['tmax'] . "\">\n";
// remember filter settings and options
if( isset($_GET['filter']) ) {
if( $_GET['filter']['all'] == 'all' ) {
echo "<input type=\"hidden\" name=\"filter[all]\" value=\"all\">\n";
}
else {
if( $_GET['filter']['all'] == 'invert' ) {
echo "<input type=\"hidden\" name=\"filter[all]\" value=\"invert\">\n";
}
else {
echo "<input type=\"hidden\" name=\"filter[all]\" value=\"use\">\n";
}
foreach( $_GET['filter'] as $major => $subentries ) if( is_numeric($major) ) {
if( isset($_GET['filter'][$major]['all']) ) {
echo "<input type=\"hidden\" name=\"filter[" . $major . "][all]\" value=\"" . $major . "\">\n";
}
else foreach( $subentries as $minor => $dummy ) {
echo "<input type=\"hidden\" name=\"filter[" . $major . "][" . $minor . "]\" value=\"" . $minor . "\">\n";
}
}
}
}
// page - list ZKLs
$query = "SELECT id,idcode,serienr,imei,wavecom_serienr,sim,imsi FROM zkl";
$query .= " WHERE lans_status NOT IN ('nieuw','afgeschreven','verloren') AND capabilities='rtstatus' AND (imei IS NOT NULL OR imsi IS NOT NULL)";
$query .= " ORDER BY serienr";
$result = mysql_run($query, $db_main_handle);
if (!$result) {
echo "Error in query: " .mysql_error();
echo "<pre>" . $query . "</pre>\n";
exit(1);
}
echo '<pre>';
while( $row = mysql_fetch_assoc($result) ) {
//<uid>,<company ID owner>,<serial number>,[customer label]
printf('01%030d,1002,%s%s',
$row['id'],
$row['serienr'],
(($row['serienr'] != $row['idcode']) ? ','.$row['idcode'] : ''));
echo ";\n";
}
echo "</pre>\n";
}
Reference in New Issue View Git Blame Copy Permalink