prepare("INSERT INTO Person(person_name,email,password,phone) VALUES (?,?,?,?)"); $register->bind_param("ssss",$person_name,$email,$password,$phone_number); /* extract id */ if($register->execute()){ $person_id = $db->insert_id; $response["status"] = "success"; $response["person_id"] = $person_id; $response["message"] = "Person registered successfully"; } /* query failed */ else{ $error = true; $message = "Registration failed, possible duplicate"; } $register->close(); } /* restricted access level */ else{ $error = true; $message = "Access not allowed"; } } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 1: /* log in user */ /* verify args */ if(isset($_POST["email"]) and isset($_POST["password"])){ /* fetch hashed password and user data */ $email = $_POST["email"]; $password = $_POST["password"]; $login = $db->prepare("SELECT person_id,person_name,password FROM Person WHERE email=?"); $login->bind_param("s",$email); $login->execute(); $login->bind_result($person_id,$person_name,$hashed_password); $login->store_result(); $login->fetch(); /* match password with hash */ if(password_verify($password,$hashed_password)){ /* fetch authorized laboratories */ $authorized = $db->prepare("SELECT Authorized.lab_id,Laboratory.lab_room,Authorized.access_level FROM Authorized INNER JOIN Laboratory ON Laboratory.lab_id = Authorized.lab_id WHERE person_id=? AND Authorized.access_level!='none' ORDER BY Laboratory.lab_room ASC"); $authorized->bind_param("i",$person_id); $authorized->execute(); $authorized->bind_result($lab_id,$lab_room,$access_level); /* initialize authorized array */ start_session(); $_SESSION["authorized"] = array(); $access_level = "technician"; $pi_flag = false; $admin_flag = false; /* fetch entries */ while($authorized->fetch()){ if($access_level == "investigator"){ $pi_flag = true; } elseif($access_level == "admin"){ $admin_flag = true; } $_SESSION["authorized"][$lab_id] = array("lab_room" => $lab_room, "access_level" => $access_level); } /* set user data */ $_SESSION["person_id"] = $person_id; $_SESSION["person_name"] = explode(" ",$person_name)[0]; /* set highest access level */ if($pi_flag){ $access_level = "investigator"; } elseif($admin_flag){ $access_level = "admin"; } $_SESSION["access_level"] = $access_level; $_SESSION["created"] = time(); $_SESSION["last_activity"] = time(); $login->close(); $authorized->close(); $response["status"] = "success"; } /* passwords don't match */ else{ $error = true; $message = "Login failed"; } } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 2: /* get laboratories */ /* fetch authorized laboratories */ $auth = $db->prepare("SELECT Authorized.lab_id,Laboratory.lab_room,Authorized.access_level FROM Authorized INNER JOIN Laboratory ON Laboratory.lab_id = Authorized.lab_id WHERE person_id=? AND Authorized.access_level!='none' ORDER BY Laboratory.lab_room ASC"); $auth->bind_param("i",$_SESSION["person_id"]); $auth->execute(); $auth->bind_result($lab_id,$lab_room,$access_level); /* initialize authorized array */ start_session(); $_SESSION["authorized"] = array(); $pi_flag = false; $admin_flag = false; $access_level = "technician"; $response["authorized"] = array(); /* fetch entries */ while($auth->fetch()){ if($access_level == "investigator"){ $pi_flag = true; } elseif($access_level == "admin"){ $admin_flag = true; } $_SESSION["authorized"][$lab_id] = array("lab_room" => $lab_room, "access_level" => $access_level); array_push($response["authorized"],array("lab_id" => $lab_id,"lab_room" => $lab_room, "access_level" => $access_level)); } $auth->close(); /* determine highest access level */ if($pi_flag){ $access_level = "investigator"; } elseif($admin_flag){ $access_level = "admin"; } $_SESSION["access_level"] = $access_level; $response["status"] = "success"; break; case 3: /* get laboratory inventory */ /* verify args */ if(isset($_POST["lab_id"])){ /* match lab id with authorized labs */ $lab_id = $_POST["lab_id"]; if(array_key_exists($lab_id,$_SESSION["authorized"])){ /* fetch lab inventory */ $laboratory = $db->prepare("SELECT Material.mat_id,Manufacturer.man_id,Material.mat_name,Manufacturer.man_name,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location FROM Lab_Material INNER JOIN Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Lab_Material.man_id=Manufacturer.man_id WHERE Lab_Material.lab_id=? ORDER BY Material.mat_name,Lab_Material.capacity ASC"); $laboratory->bind_param("i",$lab_id); $laboratory->execute(); $laboratory->bind_result($mat_id,$man_id,$mat_name,$man_name,$capacity,$quantity,$total,$uom,$location); $laboratory->store_result(); $response["lab"] = array(); $response["lab"]["inventory"] = array(); while($laboratory->fetch()){ array_push($response["lab"]["inventory"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom,"location" => $location)); } /* fetch lab personnel */ $personnel = $db->prepare("SELECT Person.person_name,Authorized.access_level FROM Authorized INNER JOIN Person ON Person.person_id=Authorized.person_id WHERE Authorized.lab_id=? AND Authorized.access_level!='none' ORDER BY Authorized.access_level ASC"); $personnel->bind_param("i",$lab_id); $personnel->execute(); $personnel->bind_result($person_name,$access_level); $personnel->store_result(); $response["lab"]["personnel"] = array(); while($personnel->fetch()){ array_push($response["lab"]["personnel"],array("person_name" => $person_name,"access_level" => $access_level)); } $personnel->close(); $laboratory->close(); $response["status"] = "success"; } /* lab not authorized */ else{ $error = true; $message = "Laboratory not authorized"; } } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 4: /* get lab inventory */ /* verify args */ if(isset($_POST["lab_id"])){ /* match lab id with authorized labs */ $lab_id = $_POST["lab_id"]; if(array_key_exists($lab_id,$_SESSION["authorized"])){ /* fetch lab inventory */ $inventory = $db->prepare("SELECT Material.mat_id,Manufacturer.man_id,Material.mat_name,Material.cas,Manufacturer.man_name,Material_Manufacturer.sds,Material.state,Material.type,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location FROM (Lab_Material INNER JOIN Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Lab_Material.man_id=Manufacturer.man_id INNER JOIN Material_Manufacturer ON Lab_Material.mat_id=Material_Manufacturer.mat_id AND Lab_Material.man_id=Material_Manufacturer.man_id) WHERE Lab_Material.lab_id=? ORDER BY Material.mat_name,Lab_Material.capacity ASC"); $inventory->bind_param("i",$lab_id); $inventory->execute(); $inventory->bind_result($mat_id,$man_id,$mat_name,$cas,$man_name,$sds,$state,$type,$capacity,$quantity,$total,$uom,$location); $inventory->store_result(); $response["lab"] = array(); $response["lab"]["inventory"] = array(); $hazard = $db->prepare("SELECT Material_Hazard.code,Hazard.description FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.lab_id=? AND Lab_Material.man_id=? GROUP BY Material_Hazard.code,Hazard.description ORDER BY Material_Hazard.code ASC"); /* fetch hazard data */ while($inventory->fetch()){ $hazard->bind_param("idii",$mat_id,$capacity,$lab_id,$man_id); $hazard->execute(); $hazard->bind_result($ghs,$description); $hazard->store_result(); $full_ghs = array(); $full_description = array(); /* fetch hazard details */ while($hazard->fetch()){ if(!(array_search($ghs,$full_ghs))){ array_push($full_ghs,$ghs); array_push($full_description,$description); } } array_push($response["lab"]["inventory"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"cas" => $cas,"sds" => urlencode($sds),"ghs" => implode(",",$full_ghs),"state" => $state,"type" => $type,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom,"location" => $location)); } $inventory->close(); $response["status"] = "success"; } /* lab not authorized */ else{ $error = true; $message = "Laboratory not authorized"; } } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 5: /* edit cell*/ /* verify args */ if(isset($_POST["lab_id"]) and isset($_POST["field"]) and isset($_POST["data"])){ $amount = 0; $field = $_POST["field"]; $lab_id = $_POST["lab_id"]; $data = json_decode($_POST["data"],true); if($field === "man_name"){ $transaction = "edit manufacturer"; } elseif($field === "mat_name"){ $transaction = "edit material"; } else{ $transaction = "edit " . $field; } /* match lab id with authorized labs */ if(array_key_exists($lab_id,$_SESSION["authorized"])){ switch($field){ case "mat_name": /* update material name */ $update = $db->prepare("UPDATE Material SET mat_name=? WHERE mat_id=?"); $update->bind_param("si",$data["mat_name"],$data["mat_id"]); if(!$update->execute()){ $error = true; $message = "Update failed"; } $update->close(); break; case "man_name": /* update manufacturer name */ $update = $db->prepare("UPDATE Manufacturer SET man_name=? WHERE man_id=?"); $update->bind_param("si",$data["man_name"],$data["man_id"]); if(!$update->execute()){ $error = true; $message = "Update failed"; } $update->close(); break; case "cas": /* update material cas num */ $update = $db->prepare("UPDATE Material SET cas=? WHERE mat_id=?"); $update->bind_param("si",$data["cas"],$data["mat_id"]); if(!$update->execute()){ $error = true; $message = "Update failed"; } $update->close(); break; case "sds": /* update material sds */ $update = $db->prepare("UPDATE Material_Manufacturer SET sds=? WHERE mat_id=? AND man_id=?"); $update->bind_param("sii",$data["sds"],$data["mat_id"],$data["man_id"]); if(!$update->execute()){ $error = true; $message = "Update failed"; } $update->close(); break; case "ghs": /* update ghs */ $delete = $db->prepare("DELETE FROM Material_Hazard WHERE mat_id=?"); $delete->bind_param("i",$data["mat_id"]); if(!$delete->execute()){ $error = true; $message = "Update failed"; } else{ $insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)"); $ghs = explode(",",$data["ghs"]); for($i = 0; $i < sizeof($ghs); $i++){ if($ghs[$i]){ $insert->bind_param("is",$data["mat_id"],$ghs[$i]); if(!$insert->execute()){ $insert_ghs = $db->prepare("INSERT INTO Hazard(code) VALUES(?)"); $insert_ghs->bind_param("s",$ghs[$i]); if(!$insert_ghs->execute()){ $error = true; $message = "Update failed"; break; } else{ $insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)"); $insert->bind_param("is",$data["mat_id"],$ghs[$i]); if(!$insert->execute()){ $error = true; $message = "Update failed"; break; } } } } } $insert->close(); } $delete->close(); break; case "state": $update = $db->prepare("UPDATE Material SET state=? WHERE mat_id=?"); $update->bind_param("si",$data["state"],$data["mat_id"]); if(!$update->execute()){ $error = true; $message = "Update failed"; } $update->close(); break; case "location": $update = $db->prepare("UPDATE Lab_Material SET location=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?"); $update->bind_param("siiids",$data["location"],$data["mat_id"],$lab_id,$data["man_id"],$data["capacity"],$data["uom"]); if(!$update->execute()){ $error = true; $message = "Update failed"; } $update->close(); break; case "type": $update = $db->prepare("UPDATE Material SET type=? WHERE mat_id=?"); $update->bind_param("si",$data["type"],$data["mat_id"]); if(!$update->execute()){ $error = true; $message = "Update failed"; } $update->close(); break; case "capacity": $update = $db->prepare("UPDATE Lab_Material SET capacity=?,quantity=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?"); $update->bind_param("diiiids",$data["new_capacity"],$data["quantity"],$data["mat_id"],$lab_id,$data["man_id"],$data["prev_capacity"],$data["uom"]); if(!$update->execute()){ $error = true; $message = "Update failed"; } $update->close(); break; case "quantity": /* update quantity */ case "total": /* update total */ $update = $db->prepare("UPDATE Lab_Material SET total=?,quantity=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?"); $update->bind_param("diiiids",$data["total"],$data["quantity"],$data["mat_id"],$lab_id,$data["man_id"],$data["capacity"],$data["uom"]); $amount = $data["total"]; if(!$update->execute()){ $error = true; $message = "Update failed"; } $update->close(); break; case "uom": /* update uom */ $update = $db->prepare("UPDATE Material SET uom=? WHERE mat_id=? AND uom=?"); $update->bind_param("sis",$data["new_uom"],$data["mat_id"],$data["prev_uom"]); if(!$update->execute()){ $error = true; $message = $update->error; } else{ $update = $db->prepare("UPDATE Lab_Material SET uom=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?"); $update->bind_param("siiids",$data["new_uom"],$data["mat_id"],$lab_id,$data["man_id"],$data["capacity"],$data["prev_uom"]); if(!$update->execute()){ $error = true; $message = "Material update failed"; } } $update->close(); break; default: $error = true; $message = "Incorrect field query"; break; } /* record transaction */ if(!$error){ $timestamp = date("Y-m-d H:i:s"); $insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)"); $insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$data["mat_id"],$data["man_id"],$data["capacity"],$lab_id,$amount,$data["uom"]); if($insert->execute()){ $response["status"] = "success"; $response["message"] = "Field updated successfully"; } /* transaction failed */ else{ $error = true; $message = "Field update failed";; } $insert->close(); } } /* lab not authorized */ else{ $error = true; $message = "Laboratory not authorized"; } } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 6: /* edit row */ /* verify args */ if(isset($_POST["lab_id"]) and isset($_POST["mat_id"]) and isset($_POST["man_id"]) and isset($_POST["uom"]) and isset($_POST["capacity"]) and isset($_POST["data"])){ $lab_id = $_POST["lab_id"]; $mat_id = $_POST["mat_id"]; $man_id = $_POST["man_id"]; $uom = $_POST["uom"]; $transaction = "edit"; $capacity = $_POST["capacity"]; $data = json_decode($_POST["data"],true); $total = $data["capacity"] * $data["quantity"]; /* match lab id with authorized labs */ if(array_key_exists($lab_id,$_SESSION["authorized"])){ $material = $db->prepare("UPDATE Material SET mat_name=?,cas=?,state=?,type=?,uom=? WHERE mat_id=? AND uom=?"); $material->bind_param("sssssis",$data["mat_name"],$data["cas"],$data["state"],$data["type"],$data["uom"],$mat_id,$uom); if(!$material->execute()){ $error = true; $message = "Material update failed"; } $material->close(); $manufacturer = $db->prepare("UPDATE Manufacturer SET man_name=? WHERE man_id=?"); $manufacturer->bind_param("si",$data["man_name"],$man_id); if(!$manufacturer->execute() and !$error){ $error = true; $message = "Manufacturer update failed"; } $manufacturer->close(); $update = $db->prepare("UPDATE Material_Manufacturer SET sds=? WHERE mat_id=? AND man_id=?"); $update->bind_param("sii",$data["sds"],$mat_id,$man_id); if(!$update->execute() and !$error){ $error = true; $message = "Update failed"; } $update->close(); $delete = $db->prepare("DELETE FROM Material_Hazard WHERE mat_id=?"); $delete->bind_param("i",$mat_id); if(!$delete->execute() and !$error){ $error = true; $message = "GHS update failed"; } else{ $insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)"); $ghs = explode(",",$data["ghs"]); for($i = 0; $i < sizeof($ghs); $i++){ if($ghs[$i]){ $insert->bind_param("is",$mat_id,$ghs[$i]); if(!$insert->execute() and !$error){ $insert_ghs = $db->prepare("INSERT INTO Hazard(code) VALUES(?)"); $insert_ghs->bind_param("s",$ghs[$i]); if(!$insert_ghs->execute() and !$error){ $error = true; $message = "GHS update failed"; break; } else{ $insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)"); $insert->bind_param("is",$mat_id,$ghs[$i]); if(!$insert->execute()){ $error = true; $message = "GHS update failed"; break; } } } } } } $delete->close(); $insert->close(); $update = $db->prepare("UPDATE Lab_Material SET capacity=?,quantity=?,total=?,location=?,uom=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?"); $update->bind_param("didssiiids",$data["capacity"],$data["quantity"],$total,$data["location"],$data["uom"],$mat_id,$lab_id,$man_id,$capacity,$uom); if(!$update->execute() and !$error){ $error = true; $message = "Material update failed"; } $update->close(); /* record transaction */ if(!$error){ $timestamp = date("Y-m-d H:i:s"); $insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)"); $insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$total,$uom); if($insert->execute()){ $response["status"] = "success"; $response["message"] = "Entry updated successfully"; } /* transaction failed */ else{ $error = true; $message = "Entry update failed";; } $insert->close(); } } /* lab not authorized */ else{ $error = true; $message = "Laboratory not authorized"; } } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 8: /* delete row */ /* verify args */ if(isset($_POST["lab_id"]) and isset($_POST["data"])){ $lab_id = $_POST["lab_id"]; $data = json_decode($_POST["data"],true); $uom = $data["uom"]; $amount = $data["total"]; $transaction = "delete"; $capacity = $data["capacity"]; $mat_id = $data["material"]["mat_id"]; $man_id = $data["manufacturer"]["man_id"]; /* match lab id with authorized labs */ if(array_key_exists($lab_id,$_SESSION["authorized"])){ $delete = $db->prepare("DELETE FROM Lab_Material WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?"); $delete->bind_param("iiids",$mat_id,$lab_id,$man_id,$capacity,$uom); /* record transaction */ if($delete->execute()){ $timestamp = date("Y-m-d H:i:s"); $insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)"); $insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$amount,$uom); if($insert->execute()){ $response["status"] = "success"; $response["message"] = "Entry deleted successfully"; } /* transaction failed */ else{ $error = true; $message = "Material delete failed"; } $delete->close(); } /* query failed */ else{ $error = true; $message = "Material delete failed"; } } /* lab not authorized */ else{ $error = true; $message = "Laboratory not authorized"; } } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 9: /* material transaction */ /* verify args */ if(isset($_POST["lab_id"]) and isset($_POST["mat_id"]) and isset($_POST["capacity"]) and isset($_POST["transaction"]) and isset($_POST["man_id"]) and isset($_POST["total"]) and isset($_POST["amount"]) and isset($_POST["uom"])){ $flag = false; $lab_id = $_POST["lab_id"]; $mat_id = $_POST["mat_id"]; $capacity = $_POST["capacity"]; $transaction = $_POST["transaction"]; $total = $_POST["total"]; $uom = $_POST["uom"]; $man_id = $_POST["man_id"]; $amount = $_POST["amount"]; $delete = false; /* match lab id with authorized labs */ if(array_key_exists($lab_id,$_SESSION["authorized"])){ /* update total amount */ if($total > 0){ $containers = ceil($total/$capacity); $update = $db->prepare("UPDATE Lab_Material SET total=?,quantity=? WHERE mat_id=? AND man_id=? AND lab_id=? AND capacity=? AND uom=?"); $update->bind_param("diiiids",$total,$containers,$mat_id,$man_id,$lab_id,$capacity,$uom); if($update->execute()){ $update->close(); $flag = true; } /* transaction failed */ else{ $error = true; $message = "Transaction failed"; } } /* material consumed, remove entry */ else{ $flag = true; $delete = true; } /* record transaction */ if($flag){ $timestamp = date("Y-m-d H:i:s"); $insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)"); $insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$amount,$uom); if($insert->execute()){ if($transaction === "offer"){ $offered_insert = $db->prepare("INSERT INTO Offered_Material(person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?)"); $offered_insert->bind_param("isiidids",$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$amount,$uom); if($offered_insert->execute()){ $response["status"] = "success"; $response["message"] = "Transaction completed successfully"; } else{ $error = true; $message = "Insertion into Offered Materials failed"; } $offered_insert->close(); } else{ $response["status"] = "success"; $response["message"] = "Transaction completed successfully"; } if($delete){ $delete = $db->prepare("DELETE FROM Lab_Material WHERE mat_id=? AND man_id=? AND lab_id=? AND capacity=? AND uom=?"); $delete->bind_param("iiids",$mat_id,$man_id,$lab_id,$capacity,$uom); if($delete->execute()){ $response["status"] = "success"; $response["message"] = "Transaction completed successfully"; } /* delete failed */ else{ $error = true; $message = "Material removal failed"; } $delete->close(); } } /* transaction failed */ else{ $error = true; $message ="Transaction failed"; } $insert->close(); } /* initial transaction failed */ else{ $error = true; $message = "Transaction failed"; } } /* lab not authorized */ else{ $error = true; $message = "Laboratory not authorized"; } } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 10: /* insert material */ /* verify args */ if(isset($_POST["lab_id"]) and isset($_POST["data"])){ $flag = false; $lab_id = $_POST["lab_id"]; $data = json_decode($_POST["data"],true); $capacity = $data["capacity"]; $mat_name = $data["mat_name"]; $total = $data["quantity"] * $capacity; $uom = $data["uom"]; $man_name = $data["man_name"]; /* match lab id with authorized labs */ if(array_key_exists($lab_id,$_SESSION["authorized"])){ /* verify if manufacturer already exists */ $manufacturer = $db->prepare("SELECT man_id FROM Manufacturer WHERE man_name=?"); $manufacturer->bind_param("s",$man_name); $manufacturer->execute(); $manufacturer->store_result(); $manufacturer->bind_result($man_id); if($manufacturer->num_rows > 0){ $manufacturer->fetch(); } /* insert manufacturer */ else{ $insert = $db->prepare("INSERT INTO Manufacturer(man_name) VALUES (?)"); $insert->bind_param("s",$man_name); if($insert->execute()){ $man_id = $db->insert_id; } /* insert failed */ else{ $error = true; $message = "Manufacturer insert failed"; } $insert->close(); } $manufacturer->close(); if($man_id){ /* verify if material already exists */ $material = $db->prepare("SELECT mat_id FROM Material WHERE mat_name=? AND uom=?"); $material->bind_param("ss",$mat_name,$uom); $material->execute(); $material->bind_result($mat_id); $material->store_result(); if($material->num_rows > 0){ $material->fetch(); } /* insert material */ else{ $insert = $db->prepare("INSERT INTO Material(mat_name,cas,state,type,uom) VALUES (?,?,?,?,?)"); $insert->bind_param("sssss",$mat_name,$data["cas"],$data["state"],$data["type"],$uom); if($insert->execute()){ $mat_id = $db->insert_id; } /* material insert failed */ else{ $error = true; $message = "Material insert failed"; } $insert->close(); } $material->close(); } /* match material and manufacturer */ if($man_id and $mat_id and !$error){ $mat_man = $db->prepare("INSERT INTO Material_Manufacturer(mat_id,man_id,sds) VALUES (?,?,?)"); $mat_man->bind_param("iis",$mat_id,$man_id,$data["sds"]); if($mat_man->execute()){ } else{ $mat_man = $db->prepare("SELECT mat_id FROM Material_Manufacturer WHERE mat_id=? AND man_id=?"); $mat_man->bind_param("ii",$mat_id,$man_id); $mat_man->execute(); $mat_man->bind_result($mat_id); $mat_man->store_result(); if($mat_man->num_rows > 0){ } /* match failed */ else{ $error = true; $message = "Material/Manufacturer match failed"; } } $mat_man->close(); /* match material and hazard */ if(!$error){ $delete = $db->prepare("DELETE FROM Material_Hazard WHERE mat_id=?"); $delete->bind_param("i",$data["mat_id"]); if(!$delete->execute()){ $error = true; $message = "Material/Hazard match failedj"; } else{ $insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)"); $ghs = explode(",",$data["ghs"]); for($i = 0; $i < sizeof($ghs); $i++){ if($ghs[$i]){ $insert->bind_param("is",$mat_id,$ghs[$i]); if(!$insert->execute()){ $insert_ghs = $db->prepare("INSERT INTO Hazard(code) VALUES(?)"); $insert_ghs->bind_param("s",$ghs[$i]); if(!$insert_ghs->execute()){ $insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)"); $insert->bind_param("is",$mat_id,$ghs[$i]); if(!$insert->execute()){ $error = true; $message = "Material/Hazard match failedjh"; break; } } } } } $insert->close(); } $delete->close(); } /* match material and lab material */ if(!$error){ $lab = $db->prepare("SELECT total FROM Lab_Material WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?"); $lab->bind_param("iiids",$mat_id,$lab_id,$man_id,$capacity,$uom); $lab->execute(); $lab->bind_result($new_total); $lab->store_result(); /* update total amount */ if($lab->num_rows > 0){ $lab->fetch(); $lab->close(); $new_total += $total; $containers = ceil($new_total/$capacity); $update = $db->prepare("UPDATE Lab_Material SET total=?,quantity=? WHERE mat_id=? AND man_id=? AND lab_id=? AND capacity=? AND uom=?"); $update->bind_param("diiiids",$new_total,$containers,$mat_id,$man_id,$lab_id,$capacity,$uom); if(!$update->execute()){ $error = true; $message = "Amount update failed"; } $update->close(); } /* create new entry */ else{ $lab_mat = $db->prepare("INSERT INTO Lab_Material(lab_id,mat_id,capacity,quantity,total,location,uom,man_id) VALUES (?,?,?,?,?,?,?,?)"); $lab_mat->bind_param("iididssi",$lab_id,$mat_id,$capacity,$data["quantity"],$total,$data["location"],$uom,$man_id); if($lab_mat->execute()){ $flag = true; } /* transaction failed */ else{ $error = true; $message = "Transaction failed"; } $lab_mat->close(); } } } /* record transaction */ if(!$error){ $timestamp = date("Y-m-d H:i:s"); $insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)"); $transaction = "add"; $insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$data["total"],$uom); if($insert->execute()){ $response["mat_id"] = $mat_id; $response["man_id"] = $man_id; $response["status"] = "success"; $response["message"] = "Material added successfully"; } /* transaction failed */ else{ $error = true; $message = "Transaction failed"; } $insert->close(); } } /* lab not authorized */ else{ $error = true; $message = "Laboratory not authorized"; } } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 11: /* log out user */ /* unset session variables and destroy session */ unset($_SESSION); session_destroy(); $_SESSION = array(); $response["status"] = "success"; break; case 12: /* fetch material details */ /* verify args */ if(isset($_POST["lab_id"]) and isset($_POST["mat_id"]) and isset($_POST["man_id"]) and isset($_POST["capacity"]) and isset($_POST["uom"])){ $lab_id = $_POST["lab_id"]; $mat_id = $_POST["mat_id"]; $man_id = $_POST["man_id"]; $capacity = $_POST["capacity"]; $uom = $_POST["uom"]; /* match lab id with authorized labs */ if(array_key_exists($lab_id,$_SESSION["authorized"])){ $material = $db->prepare("SELECT Material.cas,Material.state,Material.type,Material_Manufacturer.sds FROM Material INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id LEFT JOIN Material_Manufacturer ON Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id WHERE Lab_Material.lab_id=? AND Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.man_id=? AND Lab_Material.uom=?"); $material->bind_param("iidis",$lab_id,$mat_id,$capacity,$man_id,$uom); $material->execute(); $material->bind_result($cas,$state,$type,$sds); $material->store_result(); $hazard = $db->prepare("SELECT DISTINCT(Material_Hazard.code) FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.lab_id=? AND Lab_Material.man_id=? AND Lab_Material.uom=? ORDER BY Material_Hazard.code ASC"); /* fetch material details */ $response["material"] = array(); if($material->num_rows > 0){ while($material->fetch()){ $hazard->bind_param("idiis",$mat_id,$capacity,$lab_id,$man_id,$uom); $hazard->execute(); $hazard->bind_result($ghs); $hazard->store_result(); $full_ghs = array(); $full_description = array(); /* fetch hazard details */ while($hazard->fetch()){ if(!(array_search($ghs,$full_ghs))){ array_push($full_ghs,$ghs); } } $response["material"] = array("cas" => $cas,"ghs" => implode(",",$full_ghs),"state" => $state,"type" => $type,"sds" => urlencode($sds)); } $material->close(); $response["status"] = "success"; } /* empty query */ else{ $error = true; $message = "Material not found"; } } /* lab not authorized */ else{ $error = true; $message = "Laboratory not authorized"; } } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 13: /* fetch personnel */ $personnel = $db->prepare("SELECT person_id,person_name FROM Person ORDER BY person_name ASC"); $personnel->execute(); $personnel->bind_result($person_id,$person_name); $personnel->store_result(); $response["personnel"] = array(); /* fetch entries */ while($personnel->fetch()){ array_push($response["personnel"],array("person_id" => $person_id,"person_name" => $person_name)); } $personnel->close(); $response["status"] = "success"; break; case 14: /* add lab */ /* verify args */ if(isset($_POST["lab_name"]) and isset($_POST["lab_room"]) and isset($_POST["department"]) and isset($_POST["building"]) and isset($_POST["extension"]) and isset($_POST["pi"])){ $lab_name = $_POST["lab_name"]; $lab_room = $_POST["lab_room"]; $department = $_POST["department"]; $building = $_POST["building"]; $extension = $_POST["extension"]; $pi = $_POST["pi"]; $access_level = "investigator"; /* admins */ if($_SESSION["access_level"] == "admin"){ /* */ $add_laboratory = $db->prepare("INSERT INTO Laboratory(lab_room,department,building,extension,pi,cho,lab_name) VALUES (?,?,?,?,?,?,?)"); $add_laboratory->bind_param("sssiiis",$lab_room,$department,$building,$extension,$pi,$pi,$lab_name); /* extract id */ if($add_laboratory->execute()){ $lab_id = $add_laboratory->insert_id; /* authorize pi */ $auth = $db->prepare("INSERT INTO Authorized(person_id,lab_id,access_level) VALUES (?,?,?)"); $auth->bind_param("iis",$pi,$lab_id,$access_level); if($auth->execute()){ $admins = [75,76]; $access_level = "admin"; foreach($admins as $key => $admin){ $auth->bind_param("iis",$admin,$lab_id,$access_level); if(!($auth->execute())){ $error = true; $message = "Access level not granted"; break; } } $response["lab_id"] = $lab_id; $_SESSION["authorized"][$lab_id] = array("lab_name" => $lab_name, "access_level" => $_SESSION["access_level"]); $response["status"] = "success"; $response["message"] = "Laboratory created successfully"; } /* access level not granted */ else{ $error = true; $message = "Access level not granted"; } $auth->close(); } /* query failed */ else{ $error = true; $message = "Laboratory creation failed"; } $add_laboratory->close(); } /* restricted access level */ else{ $error = true; $message = "Action not allowed"; } } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 15: /* fetch personnel/access levels */ if($_SESSION["access_level"] == "admin" or $_SESSION["access_level"] == "investigator"){ $personnel = $db->prepare("SELECT person_id,person_name FROM Person WHERE person_id!=? AND person_id!=75 AND person_id!=76 ORDER BY person_name ASC"); $personnel->bind_param("i",$_SESSION["person_id"]); $personnel->execute(); $personnel->bind_result($person_id,$person_name); $personnel->store_result(); /* generate personnel array */ $response["personnel"] = array(); while($personnel->fetch()){ array_push($response["personnel"],array("person_id" => $person_id,"person_name" => $person_name)); } $personnel->close(); $access = $db->prepare("SELECT Person.person_id,Person.person_name,Laboratory.lab_room,Laboratory.lab_id,Authorized.access_level FROM Person INNER JOIN Authorized ON Person.person_id=Authorized.person_id INNER JOIN Laboratory ON Laboratory.lab_id=Authorized.lab_id WHERE Person.person_id!=? AND Authorized.access_level!='admin' AND Authorized.access_level!='none' ORDER BY person_name ASC"); $access->bind_param("i",$_SESSION["person_id"]); $access->execute(); $access->bind_result($person_id,$person_name,$lab_room,$lab_id,$access_level); $access->store_result(); /* generate access levels array */ $response["access_levels"] = array(); while($access->fetch()){ $response["access_levels"][$person_id][$lab_id] = array("lab_room" => $lab_room,"access_level" => $access_level); } $access->close(); /* extract authorized laboratories */ $auth = $db->prepare("SELECT Authorized.lab_id,Laboratory.lab_room,Authorized.access_level FROM Authorized INNER JOIN Laboratory ON Laboratory.lab_id = Authorized.lab_id WHERE person_id=? AND Authorized.access_level!='none' ORDER BY Laboratory.lab_room ASC"); $auth->bind_param("i",$_SESSION["person_id"]); $auth->execute(); $auth->bind_result($lab_id,$lab_room,$access_level); /* generate authorized arrays */ $response["labs"] = array(); $_SESSION["authorized"] = array(); $response["authorized"] = array(); while($auth->fetch()){ array_push($response["labs"],array("lab_id" => $lab_id,"lab_room" => $lab_room)); $_SESSION["authorized"][$lab_id] = array("lab_room" => $lab_room, "access_level" => $access_level); $response["authorized"][$lab_id] = array("lab_room" => $lab_room,"access_level" => $access_level); } $auth->close(); $response["status"] = "success"; } /* restricted access level */ else{ $error = true; $message = "Access denied"; } break; case 16: /* update access level */ /* verify args */ if(isset($_POST["lab_id"]) and isset($_POST["person_id"]) and isset($_POST["access_level"]) and isset($_POST["action"])){ $lab_id = $_POST["lab_id"]; $person_id = $_POST["person_id"]; $access_level = $_POST["access_level"]; $action = $_POST["action"]; /* register user */ if($_SESSION["access_level"] == "admin" or $_SESSION["access_level"] == "investigator"){ if($action == "authorize"){ $insert = $db->prepare("INSERT INTO Authorized(person_id,lab_id,access_level) VALUES (?,?,?)"); $insert->bind_param("iis",$person_id,$lab_id,$access_level); if($insert->execute()){ $response["status"] = "success"; $response["message"] = "Access level granted"; } /* insert failed */ else{ /* match lab id with authorized labs */ if(array_key_exists($lab_id,$_SESSION["authorized"])){ $flag = false; if($_SESSION["access_level"] != "admin"){ $select = $db->prepare("SELECT pi FROM Laboratory WHERE lab_id=?"); $select->bind_param("i",$lab_id); $select->execute(); $select->bind_result($pi); $select->store_result(); $select->fetch(); if($pi == $person_id){ $error = true; $flag = true; $message = "Access level not updated"; } $select->close(); } if(!$flag){ $update = $db->prepare("UPDATE Authorized SET access_level=? WHERE person_id=? AND lab_id=?"); $update->bind_param("sii",$access_level,$person_id,$lab_id); if($update->execute()){ $response["status"] = "success"; $response["message"] = "Access level updated"; } /* update failed */ else{ $error = true; $message = "Access level not updated"; } $update->close(); } } /* lab not authorized */ else{ $error = true; $message = "Action not allowed"; } } $insert->close(); } /* restrict */ else{ /* match lab id with authorized labs */ if(array_key_exists($lab_id,$_SESSION["authorized"])){ $flag = false; if($_SESSION["access_level"] != "admin"){ $select = $db->prepare("SELECT pi FROM Laboratory WHERE lab_id=?"); $select->bind_param("i",$lab_id); $select->execute(); $select->bind_result($pi); $select->store_result(); $select->fetch(); if($pi == $person_id){ $error = true; $flag = true; $message = "Access level not updated"; } $select->close(); } if(!$flag){ $update = $db->prepare("UPDATE Authorized SET access_level=? WHERE person_id=? AND lab_id=?"); $update->bind_param("sii",$access_level,$person_id,$lab_id); if($update->execute()){ $response["status"] = "success"; $response["message"] = "Access level updated"; } /* update failed */ else{ $error = true; $message = "Access level not updated"; } $update->close(); } } /* lab not authorized */ else{ $error = true; $message = "Action not allowed"; } } } /* restricted access level */ else{ $error = true; $message = "Action not allowed"; } } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 17: /* fetch laboratories */ if($_SESSION["access_level"] === "admin" or $_SESSION["access_level"] === "investigator"){ if($_SESSION["access_level"] === "admin"){ $query = "SELECT Laboratory.lab_id,Laboratory.lab_room,Laboratory.department,Laboratory.building,Laboratory.extension,Laboratory.pi,Person.person_name,Laboratory.lab_name FROM Laboratory INNER JOIN Person ON Person.person_id=Laboratory.pi ORDER BY Laboratory.lab_room ASC"; $bind_flag = false; } else if($_SESSION["access_level"] === "investigator"){ $query = "SELECT Laboratory.lab_id,Laboratory.lab_room,Laboratory.department,Laboratory.building,Laboratory.extension,Laboratory.pi,Person.person_name,Laboratory.lab_name FROM Laboratory INNER JOIN Person ON Person.person_id=Laboratory.pi WHERE Laboratory.pi=? ORDER BY Laboratory.lab_room ASC"; $bind_flag = true; } $labs = $db->prepare($query); if($bind_flag){ $labs->bind_param("i",$_SESSION["person_id"]); } $labs->execute(); $labs->bind_result($lab_id,$lab_room,$department,$building,$extension,$pi,$person_name,$lab_name); /* extract authorized laboratories */ $response["laboratories"] = array(); while($labs->fetch()){ array_push($response["laboratories"],array("lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room),"lab_name" => $lab_name,"department" => $department,"building" => $building,"extension" => $extension,"pi" => array("person_id" => $pi,"person_name" => $person_name))); } $labs->close(); $response["status"] = "success"; } /* restricted access level */ else{ $error = true; $message = "Access denied"; } break; case 18: /* edit lab */ /* verify args */ if(isset($_POST["lab_id"]) and isset($_POST["lab_name"]) and isset($_POST["lab_room"]) and isset($_POST["department"]) and isset($_POST["building"]) and isset($_POST["extension"]) and isset($_POST["pi"])){ $lab_id = $_POST["lab_id"]; $lab_name = $_POST["lab_name"]; $lab_room = $_POST["lab_room"]; $department = $_POST["department"]; $building = $_POST["building"]; $extension = $_POST["extension"]; $pi = $_POST["pi"]; $access_level = "investigator"; /* update lab */ if(($_SESSION["access_level"] == "admin" or $_SESSION["access_level"] == "investigator") and array_key_exists($lab_id,$_SESSION["authorized"])){ $update = $db->prepare("UPDATE Laboratory SET lab_room=?,department=?,building=?,extension=?,pi=?,lab_name=? WHERE lab_id=?"); $update->bind_param("ssssisi",$lab_room,$department,$building,$extension,$pi,$lab_name,$lab_id); /* authorize pi */ if($update->execute()){ $auth = $db->prepare("INSERT INTO Authorized(person_id,lab_id,access_level) VALUES (?,?,?)"); $auth->bind_param("iis",$pi,$lab_id,$access_level); if($auth->execute()){ $response["status"] = "success"; $response["message"] = "Laboratory updated successfully"; } /* possible duplicate */ else{ $update = $db->prepare("UPDATE Authorized SET access_level=? WHERE person_id=? AND lab_id=?"); $update->bind_param("sii",$access_level,$pi,$lab_id); if($update->execute()){ $response["status"] = "success"; $response["message"] = "Laboratory updated successfully"; } /* update failed */ else{ $error = true; $message = "Access level not granted"; } } $auth->close(); } /* update failed */ else{ $error = true; $message = "Laboratory update failed"; } $update->close(); } /* restricted access level */ else{ $error = true; $message = "Action not allowed"; } } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 19: /* fetch materials */ /* verify args */ if(isset($_POST["page"])){ $page = $_POST["page"]; $offset = $page * 50; /* generate query */ $query = "SELECT Material.mat_id,Material.mat_name,Material.cas,Lab_Material.uom,Lab_Material.total FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id WHERE "; foreach($_SESSION["authorized"] as $lab_id => $auth){ $query .= "Lab_Material.lab_id=". $lab_id ." OR "; } $query = substr($query,0,-3); $query .= "ORDER BY Material.mat_name"; $materials = $db->prepare($query); $materials->execute(); $materials->bind_result($mat_id,$mat_name,$cas,$uom,$total); $materials->store_result(); /* fetch material data */ $response["materials"] = array(); $response["identifiers"] = array(); while($materials->fetch()){ if(!array_key_exists($mat_id,$response["materials"])){ $response["materials"][$mat_id] = array("mat_name" => $mat_name,"cas" => $cas,"total" => array(utf8_encode($uom) => $total)); array_push($response["identifiers"],array("mat_id" => $mat_id)); } else{ if(!array_key_exists($uom,$response["materials"][$mat_id]["total"])){ $response["materials"][$mat_id]["total"][utf8_encode($uom)] = $total; } else{ $response["materials"][$mat_id]["total"][utf8_encode($uom)] += $total; } } } $materials->close(); $response["status"] = "success"; } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 20: /* fetch total materials */ $query = "SELECT COUNT(*) FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id INNER JOIN Laboratory ON Laboratory.lab_id=Lab_Material.lab_id WHERE "; foreach($_SESSION["authorized"] as $lab_id => $auth){ $query .= "Lab_Material.lab_id=". $lab_id ." OR "; } $query = substr($query,0,-4); $count = $db->prepare($query); $count->execute(); $count->bind_result($total); $count->store_result(); if($count->fetch()){ $response["total"] = $total; $response["status"] = "success"; } /* some error */ else{ $error = true; $message = "Some error ocurred"; } $count->close(); break; case 21: /* fetch material info */ /* verify args */ if(isset($_POST["mat_id"])){ $mat_id = $_POST["mat_id"]; $query = "SELECT Lab_Material.uom,Lab_Material.man_id,Manufacturer.man_name,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.lab_id,Laboratory.lab_room FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id INNER JOIN Laboratory ON Laboratory.lab_id=Lab_Material.lab_id WHERE Material.mat_id=? AND ("; foreach($_SESSION["authorized"] as $lab_id => $auth){ $query .= "Lab_Material.lab_id=". $lab_id ." OR "; } $query = substr($query,0,-4); $query .= ") ORDER BY Material.mat_name ASC"; $material = $db->prepare($query); $material->bind_param("i",$mat_id); $material->execute(); $material->bind_result($uom,$man_id,$man_name,$capacity,$quantity,$total,$lab_id,$lab_room); $material->store_result(); $response["details"] = array(); while($material->fetch()){ array_push($response["details"],array("lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room),"manufacturer" => $man_name,"capacity" => $capacity . $uom,"quantity" => $quantity,"total" => $total . $uom)); } $material->close(); $response["status"] = "success"; } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 22: /* fetch transactions */ if($_SESSION["access_level"] === "admin" or $_SESSION["access_level"] === "investigator"){ $query = "SELECT Person.person_name,Transaction.timestamp,Material.mat_name,Manufacturer.man_name,Transaction.capacity,Laboratory.lab_room,Transaction.amount,Transaction.uom,Transaction.type,Transaction.lab_id,Transaction.mat_id FROM Transaction INNER JOIN Laboratory ON Laboratory.lab_id=Transaction.lab_id INNER JOIN Material ON Material.mat_id=Transaction.mat_id INNER JOIN Person ON Person.person_id=Transaction.person_id INNER JOIN Manufacturer ON Manufacturer.man_id=Transaction.man_id WHERE "; foreach($_SESSION["authorized"] as $lab_id => $auth){ $query .= "Transaction.lab_id=". $lab_id ." OR "; } $query = substr($query,0,-3); $query .= "ORDER BY Transaction.timestamp DESC"; $transactions = $db->prepare($query); $transactions->execute(); $transactions->bind_result($person_name,$timestamp,$mat_name,$man_name,$capacity,$lab_room,$amount,$uom,$type,$lab_id,$mat_id); $transactions->store_result(); $response["transactions"] = array(); while($transactions->fetch()){ array_push($response["transactions"],array("type" => $type,"person_name" => $person_name,"timestamp" => $timestamp,"material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"man_name" => $man_name,"lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room),"capacity" => $capacity . $uom,"amount" => $amount . $uom)); } $transactions->close(); $response["status"] = "success"; } /* not authorized */ else{ $error = true; $message = "Access denied"; } break; case 23: /* fetch single material */ /* verify args */ if(isset($_POST["mat_id"])){ $mat_id = $_POST["mat_id"]; $query = "SELECT Material.mat_id,Material.mat_name,Material.cas,Lab_Material.uom,Lab_Material.total FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id WHERE Material.mat_id=? AND ("; foreach($_SESSION["authorized"] as $lab_id => $auth){ $query .= "Lab_Material.lab_id=". $lab_id ." OR "; } $query = substr($query,0,-4); $query .= ")"; $material = $db->prepare($query); $material->bind_param("i",$mat_id); $material->execute(); $material->bind_result($mat_id,$mat_name,$cas,$uom,$total); $material->store_result(); /* fetch material data */ $response["material"] = array(); $response["identifier"] = array(); while($material->fetch()){ if(!array_key_exists($mat_id,$response["material"])){ $response["material"][$mat_id] = array("mat_name" => $mat_name,"cas" => $cas,"total" => array(utf8_encode($uom) => $total)); array_push($response["identifier"],array("mat_id" => $mat_id)); } else{ if(!array_key_exists($uom,$response["material"][$mat_id]["total"])){ $response["material"][$mat_id]["total"][utf8_encode($uom)] = $total; } else{ $response["material"][$mat_id]["total"][utf8_encode($uom)] += $total; } } } $material->close(); $response["status"] = "success"; } /* missing args */ else{ $error = true; $message = "One or more arguments missing"; } break; case 24: /* download table */ /* verify args */ if(isset($_POST["download_type"])){ /* handle by download type */ $download_type = $_POST["download_type"]; switch($download_type){ case "full_report": /* full material report */ /* fetch material data */ $query = "SELECT Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Material.state,Material.type,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location,Laboratory.lab_room FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id WHERE ("; /* authorized labs */ foreach($_SESSION["authorized"] as $lab_id => $auth){ $query .= "Lab_Material.lab_id=". $lab_id ." OR "; } $query = substr($query,0,-4); $query .= ") ORDER BY Material.mat_name"; $title = "Full Material Report"; $file_name = $download_type . ".csv"; $report = $db->prepare($query); $report->execute(); $report->bind_result($mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$state,$type,$capacity,$quantity,$total,$uom,$location,$lab_room); $report->store_result(); $hazard = $db->prepare("SELECT Material_Hazard.code,Hazard.description FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.man_id=? GROUP BY Material_Hazard.code,Hazard.description ORDER BY Material_Hazard.code ASC"); $key = 2; $data = array(array(""),array("Material","Manufacturer","SDS Link","CAS Num.","State","Type","Capacity","Quantity","Total","GHS Code","Hazard Description","Location","Laboratory")); while($report->fetch()){ $hazard->bind_param("idi",$mat_id,$capacity,$man_id); $hazard->execute(); $hazard->bind_result($ghs,$description); $hazard->store_result(); $full_ghs = array(); $full_description = array(); /* fetch hazard details */ while($hazard->fetch()){ if(!(array_search($ghs,$full_ghs))){ array_push($full_ghs,$ghs); array_push($full_description,$description); } } $data[$key] = array("mat_name" => $mat_name,"man_name" => $man_name,"sds" => $sds,"cas" => $cas,"state" => $state,"type" => $type,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"ghs" => implode(",",$full_ghs),"description" => implode(",",$full_description),"location" => $location,"lab_room" => $lab_room); $key += 1; } /* generate csv */ $hazard->close(); $report->close(); $response["status"] = "success"; $response["file_name"] = $file_name; $response["url"] = gen_csv($data,$title); break; case "full_lab_report": /* full lab report */ /* fetch material data */ $query = "SELECT Lab_Material.lab_id,Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Laboratory.lab_room FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id WHERE ("; /* authorized labs */ foreach($_SESSION["authorized"] as $lab_id => $auth){ $query .= "Lab_Material.lab_id=". $lab_id ." OR "; } $query = substr($query,0,-4); $query .= ") ORDER BY Material.mat_name"; $title = "Full Laboratory Report"; $file_name = $download_type . ".csv"; $report = $db->prepare($query); $report->execute(); $report->bind_result($lab_id,$mat_id,$man_id,$mat_name,$capacity,$quantity,$total,$uom,$lab_room); $report->store_result(); $data = array(); $labs = array(); /* fetch material quantities */ while($report->fetch()){ if(!array_key_exists($mat_id,$data)){ $data[$mat_id] = array("mat_name" => $mat_name,"total" => array($uom => $total),"uom" => array($uom)); } /* update totals */ else{ if(!array_key_exists($uom,$data[$mat_id]["total"])){ $data[$mat_id]["total"][$uom] = $total; array_push($data[$mat_id]["uom"],$uom); } else{ $data[$mat_id]["total"][$uom] += $total; } } /* save lab quantities */ if(!array_key_exists($mat_id,$labs)){ $labs[$mat_id] = array(); } /* duplicate laboratories */ if(!array_key_exists($lab_id,$labs[$mat_id])){ $labs[$mat_id][$lab_id] = array(array("lab_room" => $lab_room,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom)); } else{ array_push($labs[$mat_id][$lab_id],array("lab_room" => $lab_room,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom)); } } /* generate report format */ $key = 2; $tmp = array(array(""),array("Material","Total","Laboratories")); foreach($data as $mat_id => $arr){ $total = ""; foreach($data[$mat_id]["total"] as $uom => $value){ $total .= $data[$mat_id]["total"][$uom].$uom." / "; } $total = substr($total,0,-3); $tmp[$key] = array("",""); $tmp[$key+1] = array("",""); $tmp[$key+2] = array($data[$mat_id]["mat_name"],$total); foreach($labs[$mat_id] as $lab_id => $lab_data){ for($i=0; $i < sizeof($lab_data); $i++){ array_push($tmp[$key],$labs[$mat_id][$lab_id][$i]["lab_room"]); array_push($tmp[$key],""); array_push($tmp[$key],""); array_push($tmp[$key+1],"Capacity"); array_push($tmp[$key+1],"Qty."); array_push($tmp[$key+1],"Total"); array_push($tmp[$key+2],$labs[$mat_id][$lab_id][$i]["capacity"].$labs[$mat_id][$lab_id][$i]["uom"]); array_push($tmp[$key+2],$labs[$mat_id][$lab_id][$i]["quantity"]); array_push($tmp[$key+2],$labs[$mat_id][$lab_id][$i]["total"].$labs[$mat_id][$lab_id][$i]["uom"]); } } $tmp[$key+3] = array(""); $key += 4; } /* generate csv */ $report->close(); $response["status"] = "success"; $response["file_name"] = $file_name; $response["url"] = gen_csv($tmp,$title); break; case "ghs_report": /* ghs report */ /* verify args */ if(isset($_POST["ghs"])){ $ghs = $_POST["ghs"]; $query = "SELECT Hazard.description,Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location,Laboratory.lab_room,Laboratory.lab_id FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE (("; foreach($_SESSION["authorized"] as $lab_id => $auth){ $query .= "Lab_Material.lab_id=". $lab_id ." OR "; } $query = substr($query,0,-4); $query .= ") AND Material_Hazard.code=?) ORDER BY Material.mat_name ASC"; $report = $db->prepare($query); $report->bind_param("s",$ghs); $report->execute(); $report->bind_result($description,$mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$capacity,$quantity,$total,$uom,$location,$lab_room,$lab_id); $report->store_result(); $key = 2; $data = array(array(""),array("Material","Manufacturer","SDS Link","CAS Num.","Capacity","Quantity","Total","Location","Laboratory")); while($report->fetch()){ $data[$key] = array("mat_name" => $mat_name,"man_name" => $man_name,"sds" => urlencode($sds),"cas" => $cas,"capacity" => $capacity.$uom,"quantity" => $quantity,"total" => $total.$uom,"location" => $location,"lab_room" => $lab_room); $key += 1; } /* generate csv */ $report->close(); $response["status"] = "success"; $response["file_name"] = $ghs . "_report.csv"; $response["url"] = gen_csv($data,$ghs ." Report \nDescription: " . $description); } /* missing args */ else{ $error = true; $message = "One or more args are missing"; } break; case "lab_report": /* verify args */ if(isset($_POST["lab_id"])){ /* fetch material data */ $lab_id = $_POST["lab_id"]; if(array_key_exists($lab_id,$_SESSION["authorized"])){ $lab_room = $_SESSION["authorized"][$lab_id]["lab_room"]; $title = $lab_room . " Lab Report"; $file_name = $lab_room . "_" . $download_type . ".csv"; $report = $db->prepare("SELECT Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Material.state,Material.type,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id WHERE Lab_Material.lab_id=? ORDER BY Material.mat_name"); $report->bind_param("i",$lab_id); $report->execute(); $report->bind_result($mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$state,$type,$capacity,$quantity,$total,$uom,$location); $report->store_result(); $hazard = $db->prepare("SELECT Material_Hazard.code,Hazard.description FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.man_id=? GROUP BY Material_Hazard.code,Hazard.description ORDER BY Material_Hazard.code ASC"); $key = 2; $data = array(array(""),array("Material","Manufacturer","SDS Link","CAS Num.","State","Type","Capacity","Quantity","Total","GHS Code","Hazard Description","Location","Laboratory")); while($report->fetch()){ $hazard->bind_param("idi",$mat_id,$capacity,$man_id); $hazard->execute(); $hazard->bind_result($ghs,$description); $hazard->store_result(); $full_ghs = array(); $full_description = array(); /* fetch hazard details */ while($hazard->fetch()){ if(!(array_search($ghs,$full_ghs))){ array_push($full_ghs,$ghs); array_push($full_description,$description); } } $data[$key] = array("mat_name" => $mat_name,"man_name" => $man_name,"sds" => $sds,"cas" => $cas,"state" => $state,"type" => $type,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"ghs" => implode(",",$full_ghs),"description" => implode(",",$full_description),"location" => $location,"lab_room" => $lab_room); $key += 1; } /* generate csv */ $hazard->close(); $report->close(); $response["status"] = "success"; $response["file_name"] = $file_name; $response["url"] = gen_csv($data,$title); } } /* missing args */ else{ $error = true; $message = "One or more args are missing"; } break; default: $error = true; $message = "Incorrect download type"; break; } } /* missing args */ else{ $error = true; $message = "One or more args are missing"; } break; case 25: /* fetch ghs codes */ $ghs = $db->prepare("SELECT DISTINCT(code) FROM Material_Hazard ORDER BY code ASC"); $ghs->execute(); $ghs->bind_result($code); $ghs->store_result(); $response["ghs"] = array(); while($ghs->fetch()){ $response["ghs"][$code] = array("icon" => urlencode("/images/" . $code . ".png")); } $ghs->close(); $response["status"] = "success"; break; case 26: /* fetch materials by ghs */ /* verify args */ if(isset($_POST["ghs"])){ $ghs = $_POST["ghs"]; $query = "SELECT DISTINCT Hazard.description,Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location,Laboratory.lab_room,Laboratory.lab_id FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE (("; foreach($_SESSION["authorized"] as $lab_id => $auth){ $query .= "Lab_Material.lab_id=". $lab_id ." OR "; } $query = substr($query,0,-4); $query .= ") AND Material_Hazard.code=?) ORDER BY Material.mat_name ASC"; $materials = $db->prepare($query); $materials->bind_param("s",$ghs); $materials->execute(); $materials->bind_result($description,$mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$capacity,$quantity,$total,$uom,$location,$lab_room,$lab_id); $materials->store_result(); $response["ghs"] = array(); while($materials->fetch()){ array_push($response["ghs"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"sds" => urlencode($sds),"cas" => $cas,"capacity" => $capacity.$uom,"quantity" => $quantity,"total" => $total.$uom,"location" => $location,"laboratory" => array("lab_id" => $lab_id,"lab_room" => $lab_room))); } $materials->close(); $response["status"] = "success"; $response["description"] = $description; } /* missing args */ else{ $error = true; $message = "One or more args are missing"; } break; case 27: /* fetch offered materials */ $offered = $db->prepare("SELECT Person.person_name,Person.person_id,Laboratory.lab_room,Offered_Material.lab_id,Manufacturer.man_name,Offered_Material.man_id,Material.mat_name,Offered_Material.mat_id,Offered_Material.capacity,Offered_Material.uom,Offered_Material.amount,Offered_Material.timestamp FROM Offered_Material INNER JOIN Laboratory ON Laboratory.lab_id=Offered_Material.lab_id INNER JOIN Material ON Material.mat_id=Offered_Material.mat_id INNER JOIN Person ON Person.person_id=Offered_Material.person_id INNER JOIN Manufacturer ON Manufacturer.man_id=Offered_Material.man_id ORDER BY Offered_Material.timestamp DESC"); $offered->execute(); $offered->bind_result($person_name,$person_id,$lab_room,$lab_id,$man_name,$man_id,$mat_name,$mat_id,$capacity,$uom,$amount,$timestamp); $offered->store_result(); /* save materials */ $response["offered"] = array(); while($offered->fetch()){ array_push($response["offered"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name,"uom" => $uom,"timestamp" => $timestamp),"timestamp" => $timestamp,"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"capacity" => $capacity.$uom,"amount" => $amount.$uom,"person" => array("person_id" => $person_id,"person_name" => $person_name),"lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room))); } $offered->close(); $response["status"] = "success"; $response["person_id"] = $_SESSION["person_id"]; break; case 28: /* request offered materials */ /* verify args */ if(isset($_POST["person_id"]) and isset($_POST["lab_id"]) and isset($_POST["request"])){ $request = json_decode($_POST["request"],true); $mat_id = $request["material"]["mat_id"]; $timestamp = $request["material"]["timestamp"]; $man_id = $request["manufacturer"]["man_id"]; $o_lab_id = $request["lab"]["lab_id"]; $n_lab_id = $_POST["lab_id"]; $uom = $request["material"]["uom"]; $capacity = str_replace($uom,"",$request["capacity"]); $amount = str_replace($uom,"",$request["amount"]); $person_id = $_POST["person_id"]; $insert = $db->prepare("INSERT INTO Request(`timestamp`,person_id,mat_id,man_id,capacity,uom,lab_id,amount,request_lab_id) VALUES (?,?,?,?,?,?,?,?,?)"); $insert->bind_param("siiidsidi",$timestamp,$person_id,$mat_id,$man_id,$capacity,$uom,$o_lab_id,$amount,$n_lab_id); if($insert->execute()){ $response["status"] = "success"; $response["message"] = "Request submited"; } /* request failed */ else{ $error = true; $message = "Request failed"; } $insert->close(); } /* missing args */ else{ $error = true; $message = "One or more args are missing"; } break; case 29: /* fetch requested materials */ $requested = $db->prepare("SELECT Person.person_name,Person.person_id,Laboratory.lab_room,L.lab_room,Request.lab_id,Request.request_lab_id,Manufacturer.man_name,Request.man_id,Material.mat_name,Request.mat_id,Request.capacity,Request.uom,Request.amount,Request.request_lab_id,Request.timestamp FROM Request INNER JOIN Laboratory ON Laboratory.lab_id=Request.lab_id INNER JOIN Material ON Material.mat_id=Request.mat_id INNER JOIN Person ON Person.person_id=Request.person_id INNER JOIN Manufacturer ON Manufacturer.man_id=Request.man_id INNER JOIN Laboratory as L ON L.lab_id=Request.request_lab_id ORDER BY Material.mat_name ASC"); $requested->execute(); $requested->bind_result($person_name,$person_id,$prev_lab_room,$new_lab_room,$prev_lab_id,$new_lab_id,$man_name,$man_id,$mat_name,$mat_id,$capacity,$uom,$amount,$request_lab_id,$timestamp); $requested->store_result(); $response["requested"] = array(); while($requested->fetch()){ array_push($response["requested"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name,"uom" => $uom,"timestamp" => $timestamp),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"capacity" => $capacity.$uom,"amount" => $amount.$uom,"person" => array("person_id" => $person_id,"person_name" => $person_name),"prev_lab" => array("lab_id" => $prev_lab_id,"lab_room" => $prev_lab_room),"new_lab" => array("lab_id" => $new_lab_id,"lab_room" => $new_lab_room))); } $requested->close(); $response["status"] = "success"; break; case 30: /* handle requested materials */ /* verify args */ if(isset($_POST["type"]) and isset($_POST["material"])){ $type = $_POST["type"]; $material = json_decode($_POST["material"],true); $mat_id = $material["material"]["mat_id"]; $timestamp = $material["material"]["timestamp"]; $man_id = $material["manufacturer"]["man_id"]; $prev_lab_id = $material["prev_lab"]["lab_id"]; $new_lab_id = $material["new_lab"]["lab_id"]; $uom = $material["material"]["uom"]; $capacity = (float) str_replace($uom,"",$material["capacity"]); $amount = (float) str_replace($uom,"",$material["amount"]); $person_id = $material["person"]["person_id"]; $quantity = ceil($amount/$capacity); $location = "n/a"; $delete = false; if($type === "accept"){ $transaction = "add"; $select = $db->prepare("SELECT total FROM Lab_Material WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=?"); $select->bind_param("iidis",$mat_id,$new_lab_id,$capacity,$man_id,$uom); $select->execute(); $select->bind_result($total); $select->store_result(); if($select->num_rows > 0){ $select->fetch(); $total += $amount; $update = $db->prepare("UPDATE Lab_Material SET total=? WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=?"); $update->bind_param("diidis",$total,$mat_id,$new_lab_id,$capacity,$man_id,$uom); if($update->execute()){ $delete = true; } /* request failed */ else{ $error = true; $message = $update->error; } $update->close(); } /* insert into lab */ else{ $insert = $db->prepare("INSERT INTO Lab_Material(lab_id,mat_id,capacity,quantity,total,location,uom,man_id) VALUES (?,?,?,?,?,?,?,?)"); $insert->bind_param("iididssi",$new_lab_id,$mat_id,$capacity,$quantity,$amount,$location,$uom,$man_id); if($insert->execute()){ $delete = true; } /* request failed */ else{ $error = true; $message = "Request failed"; } $insert->close(); } $select->close(); /* record transaction */ if($delete){ $insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)"); $insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$new_lab_id,$amount,$uom); if(!$insert->execute()){ $error = true; $message = $insert->error; $delete = false; } $insert->close(); } } else{ $delete = true; } if($delete){ $delete = $db->prepare("DELETE FROM Request WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=? AND person_id=? AND request_lab_id=? AND `timestamp`=?"); $delete->bind_param("iidisiis",$mat_id,$prev_lab_id,$capacity,$man_id,$uom,$person_id,$new_lab_id,$timestamp); $offer = $db->prepare("DELETE FROM Offered_Material WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=? AND `timestamp`=?"); $offer->bind_param("iidiss",$mat_id,$prev_lab_id,$capacity,$man_id,$uom,$timestamp); if($delete->execute()){ if($offer->execute()){ $response["status"] = "success"; $response["message"] = "Request answered successfully"; } /* request failed */ else{ $error = true; $message = "Request failed"; } $offer->close(); } /* request failed */ else{ $error = true; $message = "Request failed"; } $delete->close(); } } /* missing args */ else{ $error = true; $message = "One or more args are missing"; } break; default: /* non defined requests */ $error = true; $message = "Invalid request"; break; } } } /* missing api call */ else{ $error = true; $message = "One or more arguments are missing"; } /* handle errors */ if($error){ $response = array("status" => "error","message" => $message); } /* query response */ $db->close(); echo json_encode(utf8_response($response)); } /* start session */ function start_session(){ /* start user session */ if(!isset($_SESSION)){ session_start(); } } /* utf8_response($obj: array/string) - parse response as utf-8 */ function utf8_response($obj){ if(is_array($obj)){ foreach($obj as $key => $value){ $obj[$key] = utf8_response($value); } } else if(is_string($obj)){ return utf8_encode($obj); } return $obj; } /* session_expired() - verify if session is expired */ function session_expired(){ /* start session */ start_session(); /* check for expired session */ if(!isset($_SESSION["last_activity"]) or (time() - $_SESSION["last_activity"]) > 1800){ /* destroy session */ session_unset(); session_destroy(); $_SESSION = array(); $expired = true; } /* update last activity */ else{ /* update session id, after 30 mins */ if((time() - $_SESSION["created"]) > 1800){ /* update session id/creation time */ session_regenerate_id(true); $_SESSION["created"] = time(); } $_SESSION['last_activity'] = time(); $expired = false; } return $expired; } /* gen_csv($data: array of arrays,$title: string) - generate csv file */ function gen_csv($data,$title){ /* generate file name */ $file_name = "../tmp/" . bin2hex(random_bytes(16)) . ".csv"; $f = fopen($file_name,"w"); fwrite($f,$title . "\n"); fwrite($f,"Report generated: " . $timestamp = date("Y-m-d H:i:s") . "\n"); foreach($data as $row){ fputcsv($f,$row,","); } fclose($f); return str_replace("..","",$file_name); } opaso(); ?>