search

nickfox / GpsTracker

Google Map Gps Cell Phone Tracker
https://www.websmithing.com/gps-tracker
MIT License
781 stars 582 forks source link

Access gps tracker in a protecet area #37

Open nikto1 opened 8 years ago

nikto1 commented 8 years ago

Hi, is it possible in some way to access directly "updatelocation.php" instead of "displaymap.php", because this one is located in a restricted admin area which cannot be accessed from an external device without an unique session generated token. I'm not an Android or similar developer, i've just seen from the "GpsTrackerActivity.java" file that on the device you have to access the file "displaymap.php", which is in my case integrated within a MVC framework.

How to solve it? Thanks for helping Kind Regards

brentfraser commented 8 years ago

I'm not sure what you are trying to achieve.

nickfox commented 8 years ago

UpdateLocation.php absolutely must be public or else the phone cannot access it. I'm sure there is a way to have the phone access restricted pages but that would require rewriting part of the phone app. It wouldn't be too costly I don't think but would definitely require an android developer who knows his chops.

nikto1 commented 8 years ago

@nickfox So "updatelocation.php" have to be public (without token), but "displaymap.php" can be private (only people with a token can access it)?

Thanks for the answer

nickfox commented 8 years ago

I think you can use OAuth2 on both and have a totally secure site. Check out this tutorial. And don't forget the link at the bottom of the article to the github repo. It is very popular and has lots of stars.

http://blog.udinic.com/2013/04/24/write-your-own-android-authenticator/

nikto1 commented 8 years ago

Sorry, i was talking about a session token, no android token is involved. The map is part of a big delivery service project. Admins accesses the site and an unique session token is generated and appended to the URL (some online banking services use this method). Now an android developer is going to make an app for the delivery guys, which will be tracked on the map. As i have no idea how android works, i was just asking (myself and you) to which php file does your android app send the data, how it gots connected to the server, so i can include your code in my API and adapt it. Hope i explained it a little bit better :-)

nickfox commented 8 years ago

I still think that tutorial will help. And you might adapt it to use your token.

nikto1 commented 8 years ago

ok, thanks anyway.