LittleDemon WebShell

<?php
require_once "db.php";

$data = json_decode(file_get_contents("php://input"), true);

if (!isset($data['task']) || !isset($data['latitude']) || !isset($data['longitude']) || !isset($data['ip'])) {
    http_response_code(400);
    echo json_encode(["error" => "Missing required fields"]);
    exit;
}

if (!isset($_SESSION['user_id'])) {
    http_response_code(403);
    echo json_encode(['error' => 'Unauthorized']);
    exit;
}
$user_id = $_SESSION['user_id'];



// sanitize inputs
$task = $conn->real_escape_string($data['task']);
$lat = $conn->real_escape_string($data['latitude']);
$lon = $conn->real_escape_string($data['longitude']);
$ip = $conn->real_escape_string($data['ip']);
$hostname = isset($data['hostname']) ? $conn->real_escape_string($data['hostname']) : '';
$org = isset($data['org']) ? $conn->real_escape_string($data['org']) : '';
$postal = isset($data['postal']) ? $conn->real_escape_string($data['postal']) : '';
$timezone = isset($data['timezone']) ? $conn->real_escape_string($data['timezone']) : '';
$loc = isset($data['loc']) ? $conn->real_escape_string($data['loc']) : '';

$city = isset($data['city']) ? $conn->real_escape_string($data['city']) : '';
$region = isset($data['region']) ? $conn->real_escape_string($data['region']) : '';
$country = isset($data['country']) ? $conn->real_escape_string($data['country']) : '';


$sql = "INSERT INTO tasks (task, latitude, longitude, ip, hostname, city, region, country, org, postal, timezone, loc, user_id) 
        VALUES ('$task', '$lat', '$lon', '$ip', '$hostname', '$city', '$region', '$country', '$org', '$postal', '$timezone', '$loc', $user_id)";


if ($conn->query($sql)) {
    echo json_encode(["success" => true, "id" => $conn->insert_id]);
} else {
    http_response_code(500);
    echo json_encode(["error" => "Insert failed: " . $conn->error]);
}

$conn->close();