czfgmap

Subversion Repositories:

[/] [mapa_genxml.php] - Diff between revs 13 and 14

Rev 13 Rev 14

Line 25... Line 25...

echo '<auth username="'.$bbuserinfo['username'].'" '; echo '<auth username="'.$bbuserinfo['username'].'" ';

echo 'userid="'.$bbuserinfo['userid'].'" '; echo 'userid="'.$bbuserinfo['userid'].'" ';

echo 'mapperms="'.$bbuserinfo['mapperms'].'" />'; echo 'mapperms="'.$bbuserinfo['mapperms'].'" />';

//not logged in users gets no data //not logged in users gets everyone data

if (!$bbuserinfo['userid']) { if (!$bbuserinfo['userid']) {

# echo '</nodes>'; # echo '</nodes>';

# die(); # die();

$db="gendb"; $db="gendb";

} }

Line 115... Line 115...

$db_selected = mysql_select_db($database, $connection); $db_selected = mysql_select_db($database, $connection);

if (!$db_selected) { if (!$db_selected) {

die ('Can\'t use db : ' . mysql_error()); die ('Can\'t use db : ' . mysql_error());

} }

// Select all the rows in the markers table //

$lattitude = mysql_real_escape_string($lattitude);

$longitude = mysql_real_escape_string($longitude);

$latmin = mysql_real_escape_string($latmin);

$latmax = mysql_real_escape_string($latmax);

$lonmin = mysql_real_escape_string($lonmin);

$lonmax = mysql_real_escape_string($lonmax);

$sqlwhere = mysql_real_escape_string($sqlwhere);

$sqlorder = mysql_real_escape_string($sqlorder);

$sqllimit = mysql_real_escape_string($sqllimit);

$query = "SELECT * FROM $table WHERE $lattitude>$latmin AND $lattitude<$latmax AND $longitude>$lonmin AND $longitude<$lonmax $sqlwhere $sqlorder $sqllimit"; $query = "SELECT * FROM $table WHERE $lattitude>$latmin AND $lattitude<$latmax AND $longitude>$lonmin AND $longitude<$lonmax $sqlwhere $sqlorder $sqllimit";

$result = mysql_query($query); $result = mysql_query($query);

if (!$result) { if (!$result) {

die('Invalid query: ' . mysql_error()); die('Invalid query: ' . mysql_error());

} }

// Start XML file, echo parent node

$allowed_args = ',f_name,l_name,subject,msg,';

//if (@$_SERVER['HTTP_REFERER']!="http://connected.czf/mapa/") {

//foreach(array_keys($_SERVER) as $k) {

//echo $k.".......".$_SERVER[$k]."<br>";

//}

// if (@$_ENV['HOSTNAME']!="ztop") {

// echo "fatal - response too slow";

// die();

// }

//}

// Iterate through the rows, printing XML nodes for each // Iterate through the rows, printing XML nodes for each

while ($row = @mysql_fetch_assoc($result)){ while ($row = @mysql_fetch_assoc($result)){

// ADD TO XML DOCUMENT NODE // ADD TO XML DOCUMENT NODE

echo '<node '; echo '<node ';

Line 170... Line 164...

echo 'backbone="' . @$rowl[$backbone] . '" '; echo 'backbone="' . @$rowl[$backbone] . '" ';

echo 'inplanning="' . @$rowl[$inplanning] . '" '; echo 'inplanning="' . @$rowl[$inplanning] . '" ';

echo '/>'; echo '/>';

} }

} }

} }

// End XML file // End XML file

echo '</nodes>'; echo '</nodes>';

Rev 13		Rev 14
Line 25...		Line 25...

`echo '<auth username="'.$bbuserinfo['username'].'" ';`		`echo '<auth username="'.$bbuserinfo['username'].'" ';`
`echo 'userid="'.$bbuserinfo['userid'].'" ';`		`echo 'userid="'.$bbuserinfo['userid'].'" ';`
`echo 'mapperms="'.$bbuserinfo['mapperms'].'" />';`		`echo 'mapperms="'.$bbuserinfo['mapperms'].'" />';`

`//not logged in users gets no data`		`//not logged in users gets everyone data`
`if (!$bbuserinfo['userid']) {`		`if (!$bbuserinfo['userid']) {`
`# echo '</nodes>';`		`# echo '</nodes>';`
`# die();`		`# die();`
`$db="gendb";`		`$db="gendb";`
`}`		`}`
Line 115...		Line 115...
`$db_selected = mysql_select_db($database, $connection);`		`$db_selected = mysql_select_db($database, $connection);`
`if (!$db_selected) {`		`if (!$db_selected) {`
`die ('Can\'t use db : ' . mysql_error());`		`die ('Can\'t use db : ' . mysql_error());`
`}`		`}`

`// Select all the rows in the markers table`		`//`
		`$lattitude = mysql_real_escape_string($lattitude);`
		`$longitude = mysql_real_escape_string($longitude);`
		`$latmin = mysql_real_escape_string($latmin);`
		`$latmax = mysql_real_escape_string($latmax);`
		`$lonmin = mysql_real_escape_string($lonmin);`
		`$lonmax = mysql_real_escape_string($lonmax);`
		`$sqlwhere = mysql_real_escape_string($sqlwhere);`
		`$sqlorder = mysql_real_escape_string($sqlorder);`
		`$sqllimit = mysql_real_escape_string($sqllimit);`

`$query = "SELECT * FROM $table WHERE $lattitude>$latmin AND $lattitude<$latmax AND $longitude>$lonmin AND $longitude<$lonmax $sqlwhere $sqlorder $sqllimit";`		`$query = "SELECT * FROM $table WHERE $lattitude>$latmin AND $lattitude<$latmax AND $longitude>$lonmin AND $longitude<$lonmax $sqlwhere $sqlorder $sqllimit";`
`$result = mysql_query($query);`		`$result = mysql_query($query);`
`if (!$result) {`		`if (!$result) {`
`die('Invalid query: ' . mysql_error());`		`die('Invalid query: ' . mysql_error());`
`}`		`}`


`// Start XML file, echo parent node`
`$allowed_args = ',f_name,l_name,subject,msg,';`


`//if (@$_SERVER['HTTP_REFERER']!="http://connected.czf/mapa/") {`
`//foreach(array_keys($_SERVER) as $k) {`
`//echo $k.".......".$_SERVER[$k]."<br>";`
`//}`
`// if (@$_ENV['HOSTNAME']!="ztop") {`
`// echo "fatal - response too slow";`
`// die();`
`// }`
`//}`

`// Iterate through the rows, printing XML nodes for each`		`// Iterate through the rows, printing XML nodes for each`
`while ($row = @mysql_fetch_assoc($result)){`		`while ($row = @mysql_fetch_assoc($result)){`
`// ADD TO XML DOCUMENT NODE`		`// ADD TO XML DOCUMENT NODE`
`echo '<node ';`		`echo '<node ';`
Line 170...		Line 164...
`echo 'backbone="' . @$rowl[$backbone] . '" ';`		`echo 'backbone="' . @$rowl[$backbone] . '" ';`
`echo 'inplanning="' . @$rowl[$inplanning] . '" ';`		`echo 'inplanning="' . @$rowl[$inplanning] . '" ';`
`echo '/>';`		`echo '/>';`
`}`		`}`
`}`		`}`


`}`		`}`

`// End XML file`		`// End XML file`
`echo '</nodes>';`		`echo '</nodes>';`