<?php
/*  Authors         :   Carlos C. Corrada-Bravo
                        David J. Ortiz-Rivera
                        José A. Quiñones-Flores

    Organization    :   Centro de Desarrollo y Consultoria Computacional
    Project         :   OPASO Material Registry   
    File            :   opaso.php
    Description     :   Handle API requests for OPASO */
	require "config.php";
	error_reporting(E_ALL);
	ini_set("display_errors",1);
	

	/* extract api call */
	if(isset($_POST["query"])){
		$query = $_POST["query"];
		$response = array();	/* response array */
		$error = false;
		/* handle query */ 
		switch($query){
			case 0:		/* Register user */
				break;
			case 1:		/* Login user */
				break;
			case 2:		/* Get laboratories */
				break;
			case 3:		/* Get materials */
				break;
			case 4:		/* Get inventory by lab */
				/* extract args */ 
				if(isset($_POST["laboratory"])){
					$laboratory = $_POST["laboratory"];
					if($lab_name = $db->prepare("SELECT lname FROM Laboratory WHERE lid=?")){
						$lab_name->bind_param("i",$laboratory);		/* bind laboratory to query and execute */
						if($lab_name->execute()){
							$lab_name->bind_result($lname);
							$lab_name->store_result();
							if($lab_name->num_rows > 0){
								while($lab_name->fetch()){
									$response["laboratory"] = $lname;
								}
							}
							else{
								$error = true;
								$message = "Lab not found.";
							}
						}
						else{
							$error = true;
							$message = "Something went wrong.";
						}
					}
					else{
						$error = true;
						$message = "Something went wrong.";
					}
					/* prepare query */ 
					if($inventory = $db->prepare("SELECT eid,chemical,cas,manufacturer,sds,ghs,hazard,state,type,amount,quantity,total,uom,location FROM Inventory WHERE lid=?")){
						$inventory->bind_param("i",$laboratory);		/* bind laboratory to query and execute */
						if($inventory->execute()){
							$inventory->bind_result($eid,$chemical,$cas,$manufacturer,$sds,$ghs,$hazard,$state,$type,$amount,$quantity,$total,$uom,$location);
							$inventory->store_result();
							if($inventory->num_rows > 0){
								$response["status"] = "success";
								$response["inventory"] = [];
								$options = [
								    "cost" => 8,
								];
								while($inventory->fetch()){
									$response["inventory"][password_hash($eid,PASSWORD_DEFAULT,$options)] = ["chemical" => $chemical,"cas" => $cas,"manufacturer" => $manufacturer,"sds" => $sds,"ghs" => $ghs,"hazard" => $hazard,"state" => $state,"type" => $type,"amount" => $amount,"quantity" => $quantity,"total" => $total,"uom" => $uom,"location" => $location];
								}
							}
							else{
								$error = true;
								$message = "No results found.";
							}
							$inventory->close();
						}
						else{
							$error = true;
							$message = "Something went wrong.";
						}
					}
					else{
						$error = true;
						$message = "Something went wrong.";
					}
				}
				/* missing args */ 
				else{
					$error = true;
					$message = "One ore more arguments missing.";
				}
				break;
			case 5:		/* */
				break;
			case 6:		/* edit row */
				/* extract args */
				if(isset($_POST["eid"]) and isset($_POST["laboratory"]) and isset($_POST["fields"])){
					$eid = $_POST["eid"];
					$laboratory = $_POST["laboratories"];
					$fields = $_POST["fields"];
					/* match row with authorized rows */ 
					$uid = "";
					$labs = array();
					for($l=0; $l < sizeof($labs); $l++){
						if($rows = $db->prepare("SELECT eid FROM Laboratory WHERE lid=?")){
							$rows->bind_param("i",$labs[$l]);		/* bind laboratory to query and execute */
							if($rows->execute()){
								$rows->bind_result($rid);
								$rows->store_result();
								if($rows->num_rows > 0){
									while($rows->fetch()){
										/* if ids match, update row */ 
										if(password_verify($rid,$_POST["eid"])){
											if($update_row = $db->prepare("UPDATE Inventory SET chemical=?,manufacturer=?,sds=?,cas=?,state=?,hazard=?,type=?,amount=?,quantity=?,total=?,location=?,ghs=?,uom=? WHERE eid=?")){
												$update_row->bind_param("sssssssssssssi",$fields["chemical"],$fields["manufacturer"],$fields["sds"],$fields["cas"],$fields["state"],$fields["hazard"],$fields["type"],$fields["amount"],$fields["quantity"],$fields["total"],$fields["ghs"],$fields["uom"],$rid);
												if($update_row->execute()){
													$response["status"] = "success";
												}
											}
										}	
									}
								}

								else{
									$error = true;
									$message = "No results found.";
								}
							}
						}
					}
				}
				/* missing args */ 
				else{
					$error = true;
					$message = "One ore more arguments missing.";
				}
				break;
			case 7: 	/* edit inventory row */
				print_r($_POST);
				break;
			case 8: 	/* copy inventory row */
				print_r($_POST);
				break;
			default:	/* non defined requests */
				print_r($_POST);

				echo "request not defined";
				break;
		}
		if($error){
			$response = array();
			$response["status"] = "error";
			$response["error"] = $message;
		}
		echo json_encode($response);
	}
	/* missing api call */ 
	else{
		echo "one or more arguments are missing";
	}
?>