diff --git a/code2item.php b/code2item.php
index a4abe2d..ab4fa67 100644
--- a/code2item.php
+++ b/code2item.php
@@ -1,2 +1,2 @@
-<?php
-
+<?php
+
diff --git a/database.mwb b/database.mwb
new file mode 100644
index 0000000..7f12b5f
Binary files /dev/null and b/database.mwb differ
diff --git a/database.mwb.bak b/database.mwb.bak
new file mode 100644
index 0000000..18f19d0
Binary files /dev/null and b/database.mwb.bak differ
diff --git a/dbsettings.php b/dbsettings.php
index baf6e6d..d9b8ab3 100644
--- a/dbsettings.php
+++ b/dbsettings.php
@@ -7,4 +7,4 @@ $database = new medoo([
     'username' => 'c0terranquest',
     'password' => 'qinkifTQ!OMY2',
     'charset' => 'latin1'
-        ]);
+        ]);
\ No newline at end of file
diff --git a/geocaches.php b/geocaches.php
index b1cbb42..a58fa6a 100644
--- a/geocaches.php
+++ b/geocaches.php
@@ -1,39 +1,39 @@
-<?php
-
-require 'required.php';
-
-$okapi = "http://opencaching.us/okapi/";
-
-if (is_empty($VARS['lat']) || is_empty($VARS['long'])) {
-    sendError("Missing information.", true);
-}
-
-if (!preg_match('/-?[0-9]{1,3}\.[0-9]{3,}/', $VARS['lat'])) {
-    sendError("Latitude (lat) is in the wrong format.", true);
-}
-
-if (!preg_match('/-?[0-9]{1,3}\.[0-9]{3,}/', $VARS['long'])) {
-    sendError("Longitude (long) is in the wrong format.", true);
-}
-
-$lat = $VARS['lat'];
-$long = $VARS['long'];
-
-$limit = 25;
-if (!is_empty($VARS['limit']) && is_numeric($VARS['limit'])) {
-    $limit = intval($VARS['limit']);
-}
-
-$json = file_get_contents($okapi . "services/caches/search/nearest?center=" . $lat . "|" . $long . "&limit=" . $limit . "&consumer_key=" . GEOCACHE_KEY);
-
-if (!$json)
-    sendError("Something went wrong, try again later.", true);
-
-$caches = json_decode($json)->results;
-
-$list = "";
-foreach ($caches as $val) {
-    $list .= $val . "|";
-}
-echo file_get_contents($okapi . "services/caches/geocaches?consumer_key=" . GEOCACHE_KEY . "&cache_codes=" . rtrim($list, "|"));
-
+<?php
+
+require 'required.php';
+
+$okapi = "http://opencaching.us/okapi/";
+
+if (is_empty($VARS['lat']) || is_empty($VARS['long'])) {
+    sendError("Missing information.", true);
+}
+
+if (!preg_match('/-?[0-9]{1,3}\.[0-9]{3,}/', $VARS['lat'])) {
+    sendError("Latitude (lat) is in the wrong format.", true);
+}
+
+if (!preg_match('/-?[0-9]{1,3}\.[0-9]{3,}/', $VARS['long'])) {
+    sendError("Longitude (long) is in the wrong format.", true);
+}
+
+$lat = $VARS['lat'];
+$long = $VARS['long'];
+
+$limit = 25;
+if (!is_empty($VARS['limit']) && is_numeric($VARS['limit'])) {
+    $limit = intval($VARS['limit']);
+}
+
+$json = file_get_contents($okapi . "services/caches/search/nearest?center=" . $lat . "|" . $long . "&limit=" . $limit . "&consumer_key=" . GEOCACHE_KEY);
+
+if (!$json)
+    sendError("Something went wrong, try again later.", true);
+
+$caches = json_decode($json)->results;
+
+$list = "";
+foreach ($caches as $val) {
+    $list .= $val . "|";
+}
+echo file_get_contents($okapi . "services/caches/geocaches?consumer_key=" . GEOCACHE_KEY . "&cache_codes=" . rtrim($list, "|"));
+
diff --git a/getbadges.php b/getbadges.php
index a7533db..8356896 100644
--- a/getbadges.php
+++ b/getbadges.php
@@ -2,6 +2,8 @@
 
 require 'required.php';
 
+require 'onlyloggedin.php';
+
 if (is_empty($VARS['user'])) {
     sendError("Missing data.", true);
 }
diff --git a/getstats.php b/getstats.php
index c89a127..5e0fe3b 100644
--- a/getstats.php
+++ b/getstats.php
@@ -2,6 +2,8 @@
 
 require 'required.php';
 
+require 'onlyloggedin.php';
+
 if (is_empty($VARS['user'])) {
     sendError("Missing data.", true);
 }
@@ -12,4 +14,5 @@ $stats = $database->select('players', ['level', 'energy', 'maxenergy', 'lastping
 $out = [];
 $out['status'] = 'OK';
 $out['stats'] = $stats;
+$out['stats']['lastping'] = 0;
 echo json_encode($out);
\ No newline at end of file
diff --git a/onlyloggedin.php b/onlyloggedin.php
new file mode 100644
index 0000000..11f32f8
--- /dev/null
+++ b/onlyloggedin.php
@@ -0,0 +1,9 @@
+<?php
+
+/**
+ * Require/include this to make login required.
+ */
+
+if ($_SESSION['loggedin'] != true) {
+    sendError('SESSION EXPIRED: Please reauthenticate.', true);
+}
\ No newline at end of file
diff --git a/ping.php b/ping.php
index 44dc882..4d6c1fe 100644
--- a/ping.php
+++ b/ping.php
@@ -2,6 +2,8 @@
 
 require 'required.php';
 
+require 'onlyloggedin.php';
+
 if (is_empty($VARS['user']) || is_empty($VARS['lat']) || is_empty($VARS['long'])) {
     sendError("Missing data.", true);
 }
@@ -14,7 +16,7 @@ if (!preg_match('/-?[0-9]{1,3}\.[0-9]{4,}/', $VARS['long'])) {
     sendError("Longitude (long) is in the wrong format.", true);
 }
 
-$uuid = file_get_contents("https://sso.netsyms.com/api/getguid.php?user=" . $VARS['user']);
+$uuid = $_SESSION['uuid'];
 
 $database->update('players', ['latitude' => $VARS['lat'], 'longitude' => $VARS['long'], '#lastping' => 'NOW()'], ['uuid' => $uuid]);
 
diff --git a/pinglogin.php b/pinglogin.php
index 6d211c0..4c206fc 100644
--- a/pinglogin.php
+++ b/pinglogin.php
@@ -8,6 +8,10 @@ if (is_empty($VARS['user'])) {
 
 $guid = file_get_contents("https://sso.netsyms.com/api/getguid.php?user=" . $VARS['user']);
 
+if (is_empty($guid)) {
+    sendError("Account does not exist.", true);
+}
+
 if ($database->has('players', ['uuid' => $guid])) {
     sendOK();
 } else {
@@ -25,4 +29,8 @@ if ($database->has('players', ['uuid' => $guid])) {
     $email = file_get_contents("https://sso.netsyms.com/api/getemail.php?user=" . $VARS['user']);
 
     mail($email, "Account Update", $message, $headers);
-}
\ No newline at end of file
+}
+// Setup the session
+$_SESSION['username'] = $VARS['user'];
+$_SESSION['guid'] = $_SESSION['uuid'] = $guid;
+$_SESSION['loggedin'] = true;
diff --git a/places.php b/places.php
index fb9e0c3..2420c64 100644
--- a/places.php
+++ b/places.php
@@ -1,8 +1,105 @@
 <?php
 
-/* 
- * To change this license header, choose License Headers in Project Properties.
- * To change this template file, choose Tools | Templates
- * and open the template in the editor.
+/**
+ * Takes the latitude and longitude and gets nearby places from OSM.
+ * 
+ * Uses WGS84 in the DD.DD format, because I say so.
  */
+require 'required.php';
 
+$placebase;
+try {
+    $placebase = new medoo([
+        'database_type' => PDB_TYPE,
+        'database_name' => PDB_NAME,
+        'server' => PDB_SERVER,
+        'username' => PDB_USER,
+        'password' => PDB_PASS,
+        'charset' => PDB_CHARSET
+    ]);
+} catch (Exception $ex) {
+    header('HTTP/1.1 500 Internal Server Error');
+    sendError('Location database error.  Try again later.', true);
+}
+
+use AnthonyMartin\GeoLocation\GeoLocation as GeoLocation;
+
+if (is_empty($VARS['lat'])) {
+    sendError("Missing required latitude (lat) variable.", true);
+}
+
+if (is_empty($VARS['long'])) {
+    sendError("Missing required longitude (long) variable.", true);
+}
+
+if (!preg_match('/-?[0-9]{1,3}\.[0-9]{1,}/', $VARS['lat'])) {
+    sendError("Latitude (lat) is in the wrong format, or does not have enough precision (DD.DD, at least 2 decimal places.", true);
+}
+
+if (!preg_match('/-?[0-9]{1,3}\.[0-9]{1,}/', $VARS['long'])) {
+    sendError("Longitude (long) is in the wrong format, or does not have enough precision (DD.DD, at least 2 decimal places.", true);
+}
+
+$lat = number_format((float) $VARS['lat'], 5, '.', '');
+$long = number_format((float) $VARS['long'], 5, '.', '');
+
+$radius = 5;
+if (!is_empty($VARS['radius']) && is_numeric($VARS['radius'])) {
+    $radius = floatval($VARS['radius']);
+}
+
+$userlocation = GeoLocation::fromDegrees($VARS['lat'], $VARS['long']);
+$searchbounds = $userlocation->boundingCoordinates($radius, 'miles');
+
+if (is_empty($VARS['names'])) {
+    $places = $placebase->select('places', '*', ['AND' => [
+            'latitude[>]' => $searchbounds[0]->getLatitudeInDegrees(),
+            'latitude[<]' => $searchbounds[1]->getLatitudeInDegrees(),
+            'longitude[>]' => $searchbounds[0]->getLongitudeInDegrees(),
+            'longitude[<]' => $searchbounds[1]->getLongitudeInDegrees()],
+        "LIMIT" => 100
+    ]);
+} else {
+    $places = $placebase->select('places', '*', ['AND' => [
+            'latitude[>]' => $searchbounds[0]->getLatitudeInDegrees(),
+            'latitude[<]' => $searchbounds[1]->getLatitudeInDegrees(),
+            'longitude[>]' => $searchbounds[0]->getLongitudeInDegrees(),
+            'longitude[<]' => $searchbounds[1]->getLongitudeInDegrees(),
+            'name[!]' => ''],
+        "LIMIT" => 100
+    ]);
+}
+
+
+
+$data['status'] = 'OK';
+$data['places'] = $places;
+header('Content-Type: application/json');
+$geo['name'] = "Places";
+$geo['type'] = 'FeatureCollection';
+$geo['features'] = [];
+foreach ($places as $place) {
+    if (!$database->has('locations', ['osmid' => $place['osmid']])) {
+        $database->insert('locations', ['osmid' => $place['osmid'], 'teamid' => 0]);
+    }
+    $gameinfo = $database->select('locations', ['teamid', 'owneruuid'], ['osmid' => $place['osmid']])[0];
+    $geo['features'][] = array("type" => "Feature",
+        "geometry" => [
+            "type" => "Point",
+            "coordinates" => [
+                floatval($place['longitude']),
+                floatval($place['latitude'])
+            ]
+        ],
+        "properties" => [
+            "osm_id" => intval($place['osmid']),
+            "name" => ($place['name'] == '' ? null : $place['name']),
+            "name:en" => ($place['name'] == '' ? null : $place['name']),
+            "amenity" => ($place['amenity'] == '' ? null : $place['amenity']),
+            "historic" => ($place['historic'] == '' ? null : $place['historic']),
+            "tourism" => ($place['tourism'] == '' ? null : $place['tourism']),
+            "gameinfo" => ['teamid' => $gameinfo['teamid'], 'owneruuid' => $gameinfo['owneruuid']]
+        ]
+    );
+}
+echo json_encode($geo);
\ No newline at end of file
diff --git a/required.php b/required.php
index 058653b..dc88e5c 100644
--- a/required.php
+++ b/required.php
@@ -1,74 +1,75 @@
-<?php
-
-/**
- * This file contains global settings and things that should be loaded at the
- * top of each file.
- */
-ob_start();
-
-header("Access-Control-Allow-Origin: *");
-
-if (strtolower($_GET['format']) == 'plain') {
-    define("JSON", false);
-    header('Content-Type: text/plain');
-} else {
-    define("JSON", true);
-    header('Content-Type: application/json');
-}
-
-// Composer
-require 'vendor/autoload.php';
-// API response formatters
-require 'response.php';
-// Settings file
-require 'settings.php';
-
-// Database settings
-// Also inits database and stuff
-$database;
-try {
-    $database = new medoo([
-        'database_type' => DB_TYPE,
-        'database_name' => DB_NAME,
-        'server' => DB_SERVER,
-        'username' => DB_USER,
-        'password' => DB_PASS,
-        'charset' => DB_CHARSET
-    ]);
-} catch (Exception $ex) {
-    header('HTTP/1.1 500 Internal Server Error');
-    sendError('Database error.  Try again later.', true);
-}
-
-// Show errors and stuff?
-define("DEBUG", false);
-
-// Use POST instead of GET?
-if (!is_empty($_GET['post']) && $_GET['post'] == '1') {
-    define("GET", false);
-} else {
-    define("GET", true);
-}
-
-
-if (!DEBUG) {
-    error_reporting(0);
-} else {
-    error_reporting(E_ALL);
-    ini_set('display_errors', 'On');
-}
-$VARS;
-if (GET) {
-    $VARS = $_GET;
-} else {
-    $VARS = $_POST;
-}
-
-/**
- * Checks if a string or whatever is empty.
- * @param $str The thingy to check
- * @return boolean True if it's empty or whatever.
- */
-function is_empty($str) {
-    return (!isset($str) || $str == '' || $str == null);
-}
+<?php
+
+/**
+ * This file contains global settings and things that should be loaded at the
+ * top of each file.
+ */
+ob_start();
+session_start();
+
+header("Access-Control-Allow-Origin: *");
+
+if (strtolower($_GET['format']) == 'plain') {
+    define("JSON", false);
+    header('Content-Type: text/plain');
+} else {
+    define("JSON", true);
+    header('Content-Type: application/json');
+}
+
+// Composer
+require 'vendor/autoload.php';
+// API response formatters
+require 'response.php';
+// Settings file
+require 'settings.php';
+
+// Database settings
+// Also inits database and stuff
+$database;
+try {
+    $database = new medoo([
+        'database_type' => DB_TYPE,
+        'database_name' => DB_NAME,
+        'server' => DB_SERVER,
+        'username' => DB_USER,
+        'password' => DB_PASS,
+        'charset' => DB_CHARSET
+    ]);
+} catch (Exception $ex) {
+    header('HTTP/1.1 500 Internal Server Error');
+    sendError('Database error.  Try again later.', true);
+}
+
+// Show errors and stuff?
+define("DEBUG", false);
+
+// Use POST instead of GET?
+if (!is_empty($_GET['post']) && $_GET['post'] == '1') {
+    define("GET", false);
+} else {
+    define("GET", true);
+}
+
+
+if (!DEBUG) {
+    error_reporting(0);
+} else {
+    error_reporting(E_ALL);
+    ini_set('display_errors', 'On');
+}
+$VARS;
+if (GET) {
+    $VARS = $_GET;
+} else {
+    $VARS = $_POST;
+}
+
+/**
+ * Checks if a string or whatever is empty.
+ * @param $str The thingy to check
+ * @return boolean True if it's empty or whatever.
+ */
+function is_empty($str) {
+    return (!isset($str) || $str == '' || $str == null);
+}
diff --git a/robots.txt b/robots.txt
index 7d329b1..1f53798 100644
--- a/robots.txt
+++ b/robots.txt
@@ -1 +1,2 @@
 User-agent: *
+Disallow: /
diff --git a/settings.php b/settings.php
index 8252388..607bc87 100644
--- a/settings.php
+++ b/settings.php
@@ -2,9 +2,17 @@
 
 
 define("DB_TYPE", "mysql");
-define("DB_NAME", "c0terranquest");
+define("DB_NAME", "gs-terranquest");
 define("DB_SERVER", "localhost");
-define("DB_USER", "c0terranquest");
-define("DB_PASS", "qinkifTQ!OMY2");
+define("DB_USER", "terranquest");
+define("DB_PASS", "");
 define("DB_CHARSET", "latin1");
+
+define("PDB_TYPE", "mysql");
+define("PDB_NAME", "c0places");
+define("PDB_SERVER", "earth.apis.netsyms.net");
+define("PDB_USER", "c0terranquestgs");
+define("PDB_PASS", "sTcGg3@3");
+define("PDB_CHARSET", "latin1");
+
 define("GEOCACHE_KEY", "z6BxjV5ssS7DYrzfF7pw");