Lock down database infrastructure
--- a/include/common-db.inc.php
+++ b/include/common-db.inc.php
@@ -1,13 +1,15 @@
<?php
if (php_uname('n') == "actbus-www") {
$conn = pg_connect("dbname=transitdata user=transitdata password=transitdata host=bus-main.lambdacomplex.org");
- } else if (isDebugServer()) {
+ }
+ if (isDebugServer()) {
$conn = pg_connect("dbname=transitdata user=postgres password=snmc");
- } else {
+ }
+ if (strstr(php_uname('n'),"ip-10")){
$conn = pg_connect("dbname=transitdata user=transitdata password=transitdata ");
}
if (!$conn) {
- die("A database error occurred.\n");
+ die("A database error occurred on ".php_uname('n')."\n");
}
function databaseError($errMsg) {
--- a/include/common-request.inc.php
+++ /dev/null
@@ -1,45 +1,1 @@
-<?php
-if (isset($_REQUEST['firstLetter'])) {
- $firstLetter = filter_var($_REQUEST['firstLetter'], FILTER_SANITIZE_STRING);
-}
-if (isset($_REQUEST['bysuburbs'])) {
- $bysuburbs = true;
-}
-if (isset($_REQUEST['bynumber'])) {
- $bynumber = true;
-}
-if (isset($_REQUEST['allstops'])) {
- $allstops = true;
-}
-if (isset($_REQUEST['nearby'])) {
- $nearby = true;
-}
-if (isset($_REQUEST['suburb'])) {
- $suburb = filter_var($_REQUEST['suburb'], FILTER_SANITIZE_STRING);
-}
-$pageKey = filter_var($_REQUEST['pageKey'], FILTER_SANITIZE_NUMBER_INT);
-$lat = filter_var($_REQUEST['lat'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
-$lon = filter_var($_REQUEST['lon'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
-$max_distance = filter_var($_REQUEST['radius'], FILTER_SANITIZE_NUMBER_INT);
-if (isset($_REQUEST['numberSeries'])) {
- $numberSeries = filter_var($_REQUEST['numberSeries'], FILTER_SANITIZE_NUMBER_INT);
-}
-if (isset($_REQUEST['routeDestination'])) {
- $routeDestination = urldecode(filter_var($_REQUEST['routeDestination'], FILTER_SANITIZE_ENCODED));
-}
-if (isset($_REQUEST['stopcode'])) {
- $stopcode = filter_var($_REQUEST['stopcode'], FILTER_SANITIZE_STRING);
-}
-if (isset($_REQUEST['stopids'])) {
- $stopids = explode(",", filter_var($_REQUEST['stopids'], FILTER_SANITIZE_STRING));
-}
-if (isset($_REQUEST['tripid'])) {
- $tripid = filter_var($_REQUEST['tripid'], FILTER_SANITIZE_NUMBER_INT);
-}
-if (isset($_REQUEST['stopid'])) {
- $stopid = filter_var($_REQUEST['stopid'], FILTER_SANITIZE_NUMBER_INT);
-}
-if (isset($_REQUEST['stopid'])) {
- $routeid = filter_var($_REQUEST['routeid'], FILTER_SANITIZE_NUMBER_INT);
-}
-?>
+
--- a/include/common-template.inc.php
+++ b/include/common-template.inc.php
@@ -182,7 +182,7 @@
if ($opendiv) {
echo '<div data-role="page">
<div data-role="header" data-position="inline">
- <a href="' . (isset($_SERVER["HTTP_REFERER"]) ? $_SERVER["HTTP_REFERER"] : "javascript:history.go(-1)") . '" data-icon="arrow-l" data-rel="back" class="ui-btn-left">Back</a>
+ <a href="' . $_SERVER["HTTP_REFERER"] . '" data-icon="arrow-l" data-rel="back" class="ui-btn-left">Back</a>
<h1>' . $pageTitle . '</h1>
<a href="/index.php" data-icon="home" class="ui-btn-right">Home</a>
</div><!-- /header -->
--- a/include/common.inc.php
+++ b/include/common.inc.php
@@ -33,7 +33,6 @@
include_once ("common-session.inc.php");
include_once ("common-db.inc.php");
include_once ("common-template.inc.php");
-include_once ("common-request.inc.php");
function isDebugServer()
{
--- a/include/db/route-dao.inc.php
+++ b/include/db/route-dao.inc.php
@@ -1,21 +1,113 @@
<?php
-function getRoute($routeID)
-{
- global $conn;
- $query = "Select * from routes where route_id = '$routeID' LIMIT 1";
- debug($query, "database");
+
+function getRoute($routeID) {
+ global $conn;
+ $query = "Select * from routes where route_id = '$routeID' LIMIT 1";
+ debug($query,"database");
$result = pg_query($conn, $query);
if (!$result) {
databaseError(pg_result_error($result));
return Array();
}
- return pg_fetch_assoc($result);
+ return pg_fetch_assoc($result);
}
-function getRoutes()
+function getRoutes() {
+ global $conn;
+ $query = "Select * from routes order by route_short_name;";
+ debug($query,"database");
+ $result = pg_query($conn, $query);
+ if (!$result) {
+ databaseError(pg_result_error($result));
+ return Array();
+ }
+ return pg_fetch_all($result);
+}
+
+function getRoutesByNumber($routeNumber = "") {
+ global $conn;
+ if ($routeNumber != "") {
+ $query = "Select distinct routes.route_id,routes.route_short_name,routes.route_long_name,service_id from routes join trips on trips.route_id =
+routes.route_id join stop_times on stop_times.trip_id = trips.trip_id where route_short_name = '$routeNumber' order by route_short_name;";
+ } else {
+ $query = "SELECT DISTINCT route_short_name from routes order by route_short_name";
+ }
+ debug($query,"database");
+ $result = pg_query($conn, $query);
+ if (!$result) {
+ databaseError(pg_result_error($result));
+ return Array();
+ }
+ return pg_fetch_all($result);
+}
+
+function getRouteNextTrip($routeID) {
+ global $conn;
+ $query = "select * from routes join trips on trips.route_id = routes.route_id
+join stop_times on stop_times.trip_id = trips.trip_id where
+arrival_time > '".current_time()."' and routes.route_id = '$routeID' order by
+arrival_time limit 1";
+ debug($query,"database");
+ $result = pg_query($conn, $query);
+ if (!$result) {
+ databaseError(pg_result_error($result));
+ return Array();
+ }
+ $r = pg_fetch_assoc($result);
+ // past last trip of the day special case
+ if (sizeof($r) == 0) {
+ $query = "select * from routes join trips on trips.route_id = routes.route_id
+join stop_times on stop_times.trip_id = trips.trip_id where routes.route_id = '$routeID' order by
+arrival_time DESC limit 1";
+ debug($query,"database");
+ $result = pg_query($conn, $query);
+ if (!$result) {
+ databaseError(pg_result_error($result));
+ return Array();
+ }
+ $r = pg_fetch_assoc($result);
+ }
+ return $r;
+ }
+
+ function getTimeInterpolatedRouteAtStop($routeID, $stop_id)
{
- global $conn;
- $query = "Select * from routes order by route_short_name;";
- debug($query, "database");
+ $nextTrip = getRouteNextTrip($routeID);
+ if ($nextTrip['trip_id']){
+ foreach (getTimeInterpolatedTrip($nextTrip['trip_id']) as $tripStop) {
+ if ($tripStop['stop_id'] == $stop_id) return $tripStop;
+ }
+ }
+ return Array();
+}
+
+function getRouteTrips($routeID) {
+ global $conn;
+ $query = "select routes.route_id,trips.trip_id,service_id,arrival_time, stop_id, stop_sequence from routes join trips on trips.route_id = routes.route_id
+join stop_times on stop_times.trip_id = trips.trip_id where routes.route_id = '$routeID' and stop_sequence = '1' order by
+arrival_time ";
+ debug($query,"database");
+ $result = pg_query($conn, $query);
+ if (!$result) {
+ databaseError(pg_result_error($result));
+ return Array();
+ }
+ return pg_fetch_all($result);
+ }
+function getRoutesByDestination($destination = "", $service_period = "") {
+ global $conn;
+ if ($service_period == "") $service_period = service_period();
+ if ($destination != "") {
+ $query = "SELECT DISTINCT trips.route_id,route_short_name,route_long_name, service_id
+FROM stop_times join trips on trips.trip_id =
+stop_times.trip_id join routes on trips.route_id = routes.route_id
+WHERE route_long_name = '$destination' AND service_id='$service_period' order by route_short_name";
+ } else {
+ $query = "SELECT DISTINCT route_long_name
+FROM stop_times join trips on trips.trip_id =
+stop_times.trip_id join routes on trips.route_id = routes.route_id
+WHERE service_id='$service_period' order by route_long_name";
+ }
+ debug($query,"database");
$result = pg_query($conn, $query);
if (!$result) {
databaseError(pg_result_error($result));
@@ -23,17 +115,16 @@
}
return pg_fetch_all($result);
}
-function getRoutesByNumber($routeNumber = "")
-{
- global $conn;
- if ($routeNumber != "") {
- $query = "Select distinct routes.route_id,routes.route_short_name,routes.route_long_name,service_id from routes join trips on trips.route_id =
-routes.route_id join stop_times on stop_times.trip_id = trips.trip_id where route_short_name = '$routeNumber' order by route_short_name;";
- }
- else {
- $query = "SELECT DISTINCT route_short_name from routes order by route_short_name";
- }
- debug($query, "database");
+
+function getRoutesBySuburb($suburb, $service_period = "") {
+ if ($service_period == "") $service_period = service_period();
+ global $conn;
+ $query = "SELECT DISTINCT service_id,trips.route_id,route_short_name,route_long_name
+FROM stop_times join trips on trips.trip_id = stop_times.trip_id
+join routes on trips.route_id = routes.route_id
+join stops on stops.stop_id = stop_times.stop_id
+WHERE zone_id LIKE '%$suburb;%' AND service_id='$service_period' ORDER BY route_short_name";
+ debug($query,"database");
$result = pg_query($conn, $query);
if (!$result) {
databaseError(pg_result_error($result));
@@ -41,124 +132,14 @@
}
return pg_fetch_all($result);
}
-function getRoutesByNumberSeries($routeNumberSeries = "")
-{
- global $conn;
- if (strlen($routeNumberSeries) == 1) {
- return getRoutesByNumber($routeNumberSeries);
- }
- $seriesMin = substr($routeNumberSeries, 0, -1) . "0";
- $seriesMax = substr($routeNumberSeries, 0, -1) . "9";
- $query = "Select distinct routes.route_id,routes.route_short_name,routes.route_long_name,service_id from routes join trips on trips.route_id =
-routes.route_id join stop_times on stop_times.trip_id = trips.trip_id where to_number(route_short_name, 'FM999') between $seriesMin and $seriesMax order by route_short_name;";
- debug($query, "database");
- $result = pg_query($conn, $query);
- if (!$result) {
- databaseError(pg_result_error($result));
- return Array();
- }
- return pg_fetch_all($result);
-}
-function getRouteNextTrip($routeID)
-{
- global $conn;
- $query = "select * from routes join trips on trips.route_id = routes.route_id
-join stop_times on stop_times.trip_id = trips.trip_id where
-arrival_time > '" . current_time() . "' and routes.route_id = '$routeID' order by
-arrival_time limit 1";
- debug($query, "database");
- $result = pg_query($conn, $query);
- if (!$result) {
- databaseError(pg_result_error($result));
- return Array();
- }
- $r = pg_fetch_assoc($result);
- // past last trip of the day special case
- if (sizeof($r) == 0) {
- $query = "select * from routes join trips on trips.route_id = routes.route_id
-join stop_times on stop_times.trip_id = trips.trip_id where routes.route_id = '$routeID' order by
-arrival_time DESC limit 1";
- debug($query, "database");
- $result = pg_query($conn, $query);
- if (!$result) {
- databaseError(pg_result_error($result));
- return Array();
- }
- $r = pg_fetch_assoc($result);
- }
- return $r;
-}
-function getTimeInterpolatedRouteAtStop($routeID, $stop_id)
-{
- $nextTrip = getRouteNextTrip($routeID);
- if ($nextTrip['trip_id']) {
- foreach (getTimeInterpolatedTrip($nextTrip['trip_id']) as $tripStop) {
- if ($tripStop['stop_id'] == $stop_id) return $tripStop;
- }
- }
- return Array();
-}
-function getRouteTrips($routeID)
-{
- global $conn;
- $query = "select routes.route_id,trips.trip_id,service_id,arrival_time, stop_id, stop_sequence from routes join trips on trips.route_id = routes.route_id
-join stop_times on stop_times.trip_id = trips.trip_id where routes.route_id = '$routeID' and stop_sequence = '1' order by
-arrival_time ";
- debug($query, "database");
- $result = pg_query($conn, $query);
- if (!$result) {
- databaseError(pg_result_error($result));
- return Array();
- }
- return pg_fetch_all($result);
-}
-function getRoutesByDestination($destination = "", $service_period = "")
-{
- global $conn;
- if ($service_period == "") $service_period = service_period();
- if ($destination != "") {
- $query = "SELECT DISTINCT trips.route_id,route_short_name,route_long_name, service_id
-FROM stop_times join trips on trips.trip_id =
-stop_times.trip_id join routes on trips.route_id = routes.route_id
-WHERE route_long_name = '$destination' AND service_id='$service_period' order by route_short_name";
- }
- else {
- $query = "SELECT DISTINCT route_long_name
-FROM stop_times join trips on trips.trip_id =
-stop_times.trip_id join routes on trips.route_id = routes.route_id
-WHERE service_id='$service_period' order by route_long_name";
- }
- debug($query, "database");
- $result = pg_query($conn, $query);
- if (!$result) {
- databaseError(pg_result_error($result));
- return Array();
- }
- return pg_fetch_all($result);
-}
-function getRoutesBySuburb($suburb, $service_period = "")
-{
- if ($service_period == "") $service_period = service_period();
- global $conn;
- $query = "SELECT DISTINCT service_id,trips.route_id,route_short_name,route_long_name
-FROM stop_times join trips on trips.trip_id = stop_times.trip_id
-join routes on trips.route_id = routes.route_id
-join stops on stops.stop_id = stop_times.stop_id
-WHERE zone_id LIKE '%$suburb;%' AND service_id='$service_period' ORDER BY route_short_name";
- debug($query, "database");
- $result = pg_query($conn, $query);
- if (!$result) {
- databaseError(pg_result_error($result));
- return Array();
- }
- return pg_fetch_all($result);
-}
-function getRoutesNearby($lat, $lng, $limit = "", $distance = 500)
-{
- if ($service_period == "") $service_period = service_period();
- if ($limit != "") $limit = " LIMIT $limit ";
- global $conn;
- $query = "SELECT service_id,trips.route_id,route_short_name,route_long_name,min(stops.stop_id) as stop_id,
+
+function getRoutesNearby($lat, $lng, $limit = "", $distance = 500) {
+
+
+ if ($service_period == "") $service_period = service_period();
+ if ($limit != "") $limit = " LIMIT $limit ";
+ global $conn;
+ $query = "SELECT service_id,trips.route_id,route_short_name,route_long_name,min(stops.stop_id) as stop_id,
min(ST_Distance(position, ST_GeographyFromText('SRID=4326;POINT($lng $lat)'), FALSE)) as distance
FROM stop_times
join trips on trips.trip_id = stop_times.trip_id
@@ -168,7 +149,7 @@
AND ST_DWithin(position, ST_GeographyFromText('SRID=4326;POINT($lng $lat)'), $distance, FALSE)
group by service_id,trips.route_id,route_short_name,route_long_name
order by distance $limit";
- debug($query, "database");
+ debug($query,"database");
$result = pg_query($conn, $query);
if (!$result) {
databaseError(pg_result_error($result));
--- a/index.php
+++ b/index.php
@@ -13,14 +13,14 @@
<li data-role="list-divider">Timetables - Stops</li>
<li><a href="stopList.php">Major (Timing Point) Stops</a></li>
<li><a href="stopList.php?allstops=yes">All Stops</a></li>
- <li><a href="stopList.php?bysuburbs=yes">Stops By Suburb</a></li>
+ <li><a href="stopList.php?suburbs=yes">Stops By Suburb</a></li>
<li><a class="nearby" href="stopList.php?nearby=yes">Nearby Stops</a></li>
</ul>
<ul data-role="listview" data-inset="true" data-theme="c" data-dividertheme="b">
<li data-role="list-divider">Timetables - Routes</li>
<li><a href="routeList.php">Routes By Final Destination</a></li>
<li><a href="routeList.php?bynumber=yes">Routes By Number</a></li>
- <li><a href="routeList.php?bysuburbs=yes">Routes By Suburb</a></li>
+ <li><a href="routeList.php?bysuburb=yes">Routes By Suburb</a></li>
<li><a class="nearby" href="routeList.php?nearby=yes">Nearby Routes</a></li>
</ul>
<?php
@@ -28,5 +28,4 @@
echo ' <a href="labs/index.php" data-role="button" data-icon="beaker">Busness R&D</a>';
include_footer(true)
?>
-
--- a/labs/networkstats.php
+++ b/labs/networkstats.php
@@ -31,6 +31,7 @@
<?php
// middle of graph = 6am
$adjustFactor = 0;
+$routeid = ($_REQUEST['routeid'] ? filter_var($_REQUEST['routeid'], FILTER_SANITIZE_NUMBER_INT) : 0);
$route = getRoute($routeid);
echo "<h1>{$route['route_short_name']} {$route['route_long_name']}</h1>";
foreach (getRouteTrips($routeid) as $key => $trip) {
--- a/layar_api.php
+++ b/layar_api.php
@@ -5,8 +5,11 @@
$output['layer'] = "canberrabusstops";
$max_page = 10;
$max_results = 50;
-$page_start = 0 + $pageKey;
-$page_end = $max_page + $pageKey;
+$page_start = 0 + filter_var($_REQUEST['pageKey'], FILTER_SANITIZE_NUMBER_INT);
+$page_end = $max_page + filter_var($_REQUEST['pageKey'], FILTER_SANITIZE_NUMBER_INT);
+$lat = filter_var($_REQUEST['lat'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
+$lon = filter_var($_REQUEST['lon'], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION);
+$max_distance = filter_var($_REQUEST['radius'], FILTER_SANITIZE_NUMBER_INT);
$contents = getNearbyStops($lat, $lon, 50, $max_distance);
$stopNum = 0;
foreach ($contents as $stop) {
--- a/routeList.php
+++ b/routeList.php
@@ -7,70 +7,72 @@
<ul>
<li><a href="routeList.php">By Final Destination...</a></li>
<li><a href="routeList.php?bynumber=yes">By Number... </a></li>
- <li><a href="routeList.php?bysuburbs=yes">By Suburb... </a></li>
+ <li><a href="routeList.php?bysuburb=yes">By Suburb... </a></li>
<li><a href="routeList.php?nearby=yes">Nearby... </a></li>
</ul>
</div>
';
}
-if (isset($bysuburbs)) {
+if ($_REQUEST['bysuburb']) {
include_header("Routes by Suburb", "routeList");
navbar();
echo ' <ul data-role="listview" data-filter="true" data-inset="true" >';
- if (!isset($firstLetter)) {
+ if (!isset($_REQUEST['firstLetter'])) {
foreach (range('A', 'Z') as $letter) {
- echo "<li><a href=\"routeList.php?firstLetter=$letter&bysuburbs=yes\">$letter...</a></li>\n";
+ echo "<li><a href=\"routeList.php?firstLetter=$letter&bysuburb=yes\">$letter...</a></li>\n";
}
}
else {
foreach ($suburbs as $suburb) {
- if (startsWith($suburb, $firstLetter)) {
+ if (startsWith($suburb, $_REQUEST['firstLetter'])) {
echo '<li><a href="routeList.php?suburb=' . urlencode($suburb) . '">' . $suburb . '</a></li>';
}
}
}
echo '</ul>';
}
-else if (isset($nearby) || isset($suburb)) {
+else if ($_REQUEST['nearby'] || $_REQUEST['suburb']) {
$routes = Array();
- if ($suburb) {
- include_header($suburb . " - " . ucwords(service_period()) , "routeList");
- navbar();
- timePlaceSettings();
- trackEvent("Route Lists", "Routes By Suburb", $suburb);
- $routes = getRoutesbysuburbs($suburb);
+ if ($_REQUEST['suburb']) {
+ $suburb = filter_var($_REQUEST['suburb'], FILTER_SANITIZE_STRING);
+ include_header($suburb ." - ".ucwords(service_period()), "routeList");
+ navbar();
+ timePlaceSettings();
+ trackEvent("Route Lists", "Routes By Suburb", $suburb);
+ $routes = getRoutesBySuburb($suburb);
+
}
- if (isset($nearby)) {
+ if ($_REQUEST['nearby']) {
include_header("Routes Nearby", "routeList", true, true);
- trackEvent("Route Lists", "Routes Nearby", $_SESSION['lat'] . "," . $_SESSION['lon']);
- navbar();
- timePlaceSettings(true);
+ trackEvent("Route Lists", "Routes Nearby", $_SESSION['lat'].",".$_SESSION['lon']);
+ navbar();
+ timePlaceSettings(true);
if (!isset($_SESSION['lat']) || !isset($_SESSION['lat']) || $_SESSION['lat'] == "" || $_SESSION['lon'] == "") {
include_footer();
die();
}
- $routes = getRoutesNearby($_SESSION['lat'], $_SESSION['lon']);
+ $routes = getRoutesNearby($_SESSION['lat'],$_SESSION['lon']);
}
+
echo ' <ul data-role="listview" data-filter="true" data-inset="true" >';
- if ($routes) {
- foreach ($routes as $route) {
- echo '<li><a href="trip.php?routeid=' . $route['route_id'] . '"><h3>' . $route['route_short_name'] . "</h3><p>" . $route['route_long_name'] . " (" . ucwords($route['service_id']) . ")</p>";
- if (isset($nearby)) {
- $time = getTimeInterpolatedRouteAtStop($route['route_id'], $route['stop_id']);
- echo '<span class="ui-li-count">' . ($time['arrival_time'] ? $time['arrival_time'] : "No more trips today") . "<br>" . floor($route['distance']) . 'm away</span>';
- }
- echo "</a></li>\n";
+ if ($routes) {
+ foreach ($routes as $route) {
+ echo '<li><a href="trip.php?routeid=' . $route['route_id'] . '"><h3>' . $route['route_short_name'] . "</h3><p>" . $route['route_long_name'] . " (" . ucwords($route['service_id']) . ")</p>";
+ if ($_REQUEST['nearby']) {
+ $time = getTimeInterpolatedRouteAtStop($route['route_id'], $route['stop_id']);
+ echo '<span class="ui-li-count">'.($time['arrival_time']?$time['arrival_time']:"No more trips today")."<br>" .floor($route['distance']) . 'm away</span>';
}
+ echo "</a></li>\n";
}
- else {
- echo "<li style='text-align: center;'> No routes nearby.</li>";
- }
+ } else {
+ echo "<li style='text-align: center;'> No routes nearby.</li>";
+ }
}
-else if (isset($bynumber) || isset($numberSeries)) {
+else if ($_REQUEST['bynumber'] || $_REQUEST['numberSeries']) {
include_header("Routes by Number", "routeList");
navbar();
echo ' <ul data-role="listview" data-inset="true">';
- if (isset($bynumber)) {
+ if ($_REQUEST['bynumber']) {
$routes = getRoutesByNumber();
$routeSeries = Array();
$seriesRange = Array();
@@ -99,8 +101,8 @@
echo "</a></li>\n";
}
}
- else if ($numberSeries) {
- $routes = getRoutesByNumberSeries($numberSeries);
+ else if ($_REQUEST['numberSeries']) {
+ $routes = getRoutesByNumber($_REQUEST['numberSeries']);
foreach ($routes as $route) {
echo '<li> <a href="trip.php?routeid=' . $route['route_id'] . '"><h3>' . $route['route_short_name'] . "</h3><p>" . $route['route_long_name'] . " (" . ucwords($route['service_id']) . ")</p></a></li>\n";
}
@@ -110,8 +112,8 @@
include_header("Routes by Destination", "routeList");
navbar();
echo ' <ul data-role="listview" data-inset="true">';
- if (isset($routeDestination)) {
- foreach (getRoutesByDestination($routeDestination) as $route) {
+ if ($_REQUEST['routeDestination']) {
+ foreach (getRoutesByDestination(urldecode($_REQUEST['routeDestination'])) as $route) {
echo '<li><a href="trip.php?routeid=' . $route["route_id"] . '"><h3>' . $route["route_short_name"] . '</h3><p>' . $route["route_long_name"] . " (" . ucwords($route['service_id']) . ")</p></a></li>\n";
}
}
--- a/stop.php
+++ b/stop.php
@@ -1,5 +1,7 @@
<?php
include ('include/common.inc.php');
+$stopid = filter_var($_REQUEST['stopid'], FILTER_SANITIZE_NUMBER_INT);
+$stopcode = filter_var($_REQUEST['stopcode'], FILTER_SANITIZE_STRING);
if ($stopid) $stop = getStop($stopid);
/*if ($stopcode != "" && $stop[5] != $stopcode) {
$url = $APIurl . "/json/stopcodesearch?q=" . $stopcode;
@@ -19,7 +21,8 @@
$allStopsTrips = Array();
$fetchedTripSequences = Array();
$stopLinks = "";
-if (isset($stopids)) {
+if (isset($_REQUEST['stopids'])) {
+ $stopids = explode(",", filter_var($_REQUEST['stopids'], FILTER_SANITIZE_STRING));
foreach ($stopids as $sub_stopid) {
$stops[] = getStop($sub_stopid);
}
--- a/stopList.php
+++ b/stopList.php
@@ -1,13 +1,17 @@
<?php
include ('include/common.inc.php');
$stops = Array();
+function filterByFirstLetter($var)
+{
+ return $var[1][0] == $_REQUEST['firstLetter'];
+}
function navbar()
{
echo '
<div data-role="navbar">
<ul>
<li><a href="stopList.php">Timing Points</a></li>
- <li><a href="stopList.php?bysuburbs=yes">By Suburb</a></li>
+ <li><a href="stopList.php?suburbs=yes">By Suburb</a></li>
<li><a href="stopList.php?nearby=yes">Nearby Stops</a></li>
<li><a href="stopList.php?allstops=yes">All Stops</a></li>
</ul>
@@ -15,18 +19,18 @@
';
}
// By suburb
-if (isset($bysuburbs)) {
+if (isset($_REQUEST['suburbs'])) {
include_header("Stops by Suburb", "stopList");
navbar();
echo ' <ul data-role="listview" data-filter="true" data-inset="true" >';
- if (!isset($firstLetter)) {
+ if (!isset($_REQUEST['firstLetter'])) {
foreach (range('A', 'Z') as $letter) {
- echo "<li><a href=\"stopList.php?firstLetter=$letter&bysuburbs=yes\">$letter...</a></li>\n";
+ echo "<li><a href=\"stopList.php?firstLetter=$letter&suburbs=yes\">$letter...</a></li>\n";
}
}
else {
foreach ($suburbs as $suburb) {
- if (startsWith($suburb, $firstLetter)) {
+ if (startsWith($suburb, $_REQUEST['firstLetter'])) {
echo '<li><a href="stopList.php?suburb=' . urlencode($suburb) . '">' . $suburb . '</a></li>';
}
}
@@ -35,39 +39,41 @@
}
else {
// Timing Points / All stops
- if (isset($allstops)) {
+ if ($_REQUEST['allstops']) {
$listType = 'allstops=yes';
$stops = getStops();
include_header("All Stops", "stopList");
navbar();
timePlaceSettings();
}
- else if (isset($nearby)) {
+ else if ($_REQUEST['nearby']) {
$listType = 'nearby=yes';
include_header("Nearby Stops", "stopList", true, true);
- trackEvent("Stop Lists", "Stops Nearby", $_SESSION['lat'] . "," . $_SESSION['lon']);
+ trackEvent("Stop Lists","Stops Nearby", $_SESSION['lat'].",".$_SESSION['lon']);
navbar();
timePlaceSettings(true);
if (!isset($_SESSION['lat']) || !isset($_SESSION['lat']) || $_SESSION['lat'] == "" || $_SESSION['lon'] == "") {
include_footer();
die();
}
- $stops = getNearbyStops($_SESSION['lat'], $_SESSION['lon'], 15);
+
+ $stops = getNearbyStops($_SESSION['lat'],$_SESSION['lon'],15);
}
- else if (isset($suburb)) {
+ else if ($_REQUEST['suburb']) {
+ $suburb = filter_var($_REQUEST['suburb'], FILTER_SANITIZE_STRING);
$stops = getStopsBySuburb($suburb);
include_header("Stops in " . ucwords($suburb) , "stopList");
navbar();
- trackEvent("Stop Lists", "Stops By Suburb", $suburb);
+ trackEvent("Stop Lists","Stops By Suburb", $suburb);
}
else {
- $stops = getStops(true, $firstLetter);
+ $stops = getStops(true,$_REQUEST['firstLetter']);
include_header("Timing Points / Major Stops", "stopList");
navbar();
timePlaceSettings();
}
echo ' <ul data-role="listview" data-filter="true" data-inset="true" >';
- if (!isset($firstLetter) && !isset($suburb) && !isset($nearby)) {
+ if (!isset($_REQUEST['firstLetter']) && !$_REQUEST['suburb'] && !$_REQUEST['nearby']) {
foreach (range('A', 'Z') as $letter) {
echo "<li><a href=\"stopList.php?firstLetter=$letter&$listType\">$letter...</a></li>\n";
}
@@ -85,12 +91,11 @@
if (!startsWith($stopsGrouped['stop_codes'][0], "Wj")) echo '<img src="css/images/time.png" alt="Timing Point: " class="ui-li-icon">';
echo '<a href="stop.php?stopids=' . implode(",", $stopsGrouped['stop_ids']) . '">';
if (isset($_SESSION['lat']) && isset($_SESSION['lon'])) {
- echo '<span class="ui-li-count">' . distance($stop['stop_lat'], $stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
+ echo '<span class="ui-li-count">' . distance($stop['stop_lat'],$stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
}
echo bracketsMeanNewLine(trim(preg_replace("/\(Platform.*/", "", $stop['stop_name'])) . '(' . sizeof($stopsGrouped["stop_ids"]) . ' stops)');
echo "</a></li>\n";
- flush();
- @ob_flush();
+ flush(); @ob_flush();
$stopsGrouped = Array();
}
else {
@@ -99,12 +104,11 @@
if (!startsWith($stop['stop_code'], "Wj")) echo '<img src="css/images/time.png" alt="Timing Point" class="ui-li-icon">';
echo '<a href="stop.php?stopid=' . $stop['stop_id'] . (startsWith($stop['stop_code'], "Wj") ? '&stopcode=' . $stop['stop_code'] : "") . '">';
if (isset($_SESSION['lat']) && isset($_SESSION['lon'])) {
- echo '<span class="ui-li-count">' . distance($stop['stop_lat'], $stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
+ echo '<span class="ui-li-count">' . distance($stop['stop_lat'],$stop['stop_lon'], $_SESSION['lat'], $_SESSION['lon'], true) . 'm away</span>';
}
echo bracketsMeanNewLine($stop['stop_name']);
echo "</a></li>\n";
- flush();
- @ob_flush();
+ flush(); @ob_flush();
}
}
else {