CDCC
/
inventarioSustancias
Seguir 2
Destacar 0
Cuchillo 0
Código Incidencias 0 Peticiones pull 0 Lanzamientos 0 Wiki Actividad
Proyecto en colaboración con OPASO
26 Commits
1 Rama
Árbol: 5546a31c23
Ramas Etiquetas
${ item.name }
Crear rama ${ searchTerm }
desde '5546a31c23'
${ noResults }
inventarioSustancias/public_html/scripts/opaso.php

opaso.php 5.1KB
Histórico Original

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164 
  1. <?php

  2. /*  Authors         :   Carlos C. Corrada-Bravo

  3.                         David J. Ortiz-Rivera

  4.                         José A. Quiñones-Flores

  5. 

  6.     Organization    :   Centro de Desarrollo y Consultoria Computacional

  7.     Project         :   OPASO Material Registry   

  8.     File            :   opaso.php

  9.     Description     :   Handle API requests for OPASO */

  10. 	require "config.php";

  11. 	error_reporting(E_ALL);

  12. 	ini_set("display_errors",1);

  13. 	

  14. 

  15. 	/* extract api call */

  16. 	if(isset($_POST["query"])){

  17. 		$query = $_POST["query"];

  18. 		$response = array();	/* response array */

  19. 		$error = false;

  20. 		/* handle query */ 

  21. 		switch($query){

  22. 			case 0:		/* Register user */

  23. 				break;

  24. 			case 1:		/* Login user */

  25. 				break;

  26. 			case 2:		/* Get laboratories */

  27. 				break;

  28. 			case 3:		/* Get materials */

  29. 				break;

  30. 			case 4:		/* Get inventory by lab */

  31. 				/* extract args */ 

  32. 				if(isset($_POST["laboratory"])){

  33. 					$laboratory = $_POST["laboratory"];

  34. 					if($lab_name = $db->prepare("SELECT lname FROM Laboratory WHERE lid=?")){

  35. 						$lab_name->bind_param("i",$laboratory);		/* bind laboratory to query and execute */

  36. 						if($lab_name->execute()){

  37. 							$lab_name->bind_result($lname);

  38. 							$lab_name->store_result();

  39. 							if($lab_name->num_rows > 0){

  40. 								while($lab_name->fetch()){

  41. 									$response["laboratory"] = $lname;

  42. 								}

  43. 							}

  44. 							else{

  45. 								$error = true;

  46. 								$message = "Lab not found.";

  47. 							}

  48. 						}

  49. 						else{

  50. 							$error = true;

  51. 							$message = "Something went wrong.";

  52. 						}

  53. 					}

  54. 					else{

  55. 						$error = true;

  56. 						$message = "Something went wrong.";

  57. 					}

  58. 					/* prepare query */ 

  59. 					if($inventory = $db->prepare("SELECT eid,chemical,cas,manufacturer,sds,ghs,hazard,state,type,amount,quantity,total,uom,location FROM Inventory WHERE lid=?")){

  60. 						$inventory->bind_param("i",$laboratory);		/* bind laboratory to query and execute */

  61. 						if($inventory->execute()){

  62. 							$inventory->bind_result($eid,$chemical,$cas,$manufacturer,$sds,$ghs,$hazard,$state,$type,$amount,$quantity,$total,$uom,$location);

  63. 							$inventory->store_result();

  64. 							if($inventory->num_rows > 0){

  65. 								$response["status"] = "success";

  66. 								$response["inventory"] = [];

  67. 								$options = [

  68. 								    "cost" => 8,

  69. 								];

  70. 								while($inventory->fetch()){

  71. 									$response["inventory"][password_hash($eid,PASSWORD_DEFAULT,$options)] = ["chemical" => $chemical,"cas" => $cas,"manufacturer" => $manufacturer,"sds" => $sds,"ghs" => $ghs,"hazard" => $hazard,"state" => $state,"type" => $type,"amount" => $amount,"quantity" => $quantity,"total" => $total,"uom" => $uom,"location" => $location];

  72. 								}

  73. 							}

  74. 							else{

  75. 								$error = true;

  76. 								$message = "No results found.";

  77. 							}

  78. 							$inventory->close();

  79. 						}

  80. 						else{

  81. 							$error = true;

  82. 							$message = "Something went wrong.";

  83. 						}

  84. 					}

  85. 					else{

  86. 						$error = true;

  87. 						$message = "Something went wrong.";

  88. 					}

  89. 				}

  90. 				/* missing args */ 

  91. 				else{

  92. 					$error = true;

  93. 					$message = "One ore more arguments missing.";

  94. 				}

  95. 				break;

  96. 			case 5:		/* */

  97. 				break;

  98. 			case 6:		/* edit row */

  99. 				/* extract args */

  100. 				if(isset($_POST["eid"]) and isset($_POST["laboratory"]) and isset($_POST["fields"])){

  101. 					$eid = $_POST["eid"];

  102. 					$laboratory = $_POST["laboratories"];

  103. 					$fields = $_POST["fields"];

  104. 					/* match row with authorized rows */ 

  105. 					$uid = "";

  106. 					$labs = array();

  107. 					for($l=0; $l < sizeof($labs); $l++){

  108. 						if($rows = $db->prepare("SELECT eid FROM Laboratory WHERE lid=?")){

  109. 							$rows->bind_param("i",$labs[$l]);		/* bind laboratory to query and execute */

  110. 							if($rows->execute()){

  111. 								$rows->bind_result($rid);

  112. 								$rows->store_result();

  113. 								if($rows->num_rows > 0){

  114. 									while($rows->fetch()){

  115. 										/* if ids match, update row */ 

  116. 										if(password_verify($rid,$_POST["eid"])){

  117. 											if($update_row = $db->prepare("UPDATE Inventory SET chemical=?,manufacturer=?,sds=?,cas=?,state=?,hazard=?,type=?,amount=?,quantity=?,total=?,location=?,ghs=?,uom=? WHERE eid=?")){

  118. 												$update_row->bind_param("sssssssssssssi",$fields["chemical"],$fields["manufacturer"],$fields["sds"],$fields["cas"],$fields["state"],$fields["hazard"],$fields["type"],$fields["amount"],$fields["quantity"],$fields["total"],$fields["ghs"],$fields["uom"],$rid);

  119. 												if($update_row->execute()){

  120. 													$response["status"] = "success";

  121. 												}

  122. 											}

  123. 										}	

  124. 									}

  125. 								}

  126. 

  127. 								else{

  128. 									$error = true;

  129. 									$message = "No results found.";

  130. 								}

  131. 							}

  132. 						}

  133. 					}

  134. 				}

  135. 				/* missing args */ 

  136. 				else{

  137. 					$error = true;

  138. 					$message = "One ore more arguments missing.";

  139. 				}

  140. 				break;

  141. 			case 7: 	/* edit inventory row */

  142. 				print_r($_POST);

  143. 				break;

  144. 			case 8: 	/* copy inventory row */

  145. 				print_r($_POST);

  146. 				break;

  147. 			default:	/* non defined requests */

  148. 				print_r($_POST);

  149. 

  150. 				echo "request not defined";

  151. 				break;

  152. 		}

  153. 		if($error){

  154. 			$response = array();

  155. 			$response["status"] = "error";

  156. 			$response["error"] = $message;

  157. 		}

  158. 		echo json_encode($response);

  159. 	}

  160. 	/* missing api call */ 

  161. 	else{

  162. 		echo "one or more arguments are missing";

  163. 	}

  164. ?>