CDCC
/
inventarioSustancias
Watch 2
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Proyecto en colaboración con OPASO
39 Commits
1 Branch
Tree: 8d03572927
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '8d03572927'
${ noResults }
inventarioSustancias/public_html/scripts/opaso.php

opaso.php 88KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309 
  1. <?php

  2. /*  Authors         :   Carlos C. Corrada-Bravo

  3.                         David J. Ortiz-Rivera

  4. 

  5.     Organization    :   Centro de Desarrollo y Consultoria Computacional

  6.     Project         :   OPASO Material Registry   

  7.     File            :   opaso.php

  8.     Description     :   Handle API requests for OPASO */

  9. 

  10.     /* display errors */ 

  11. 	error_reporting(E_ALL);

  12. 	ini_set("display_errors",1);

  13. 

  14. 	/* opaso() - handle api requests for opaso */

  15. 	function opaso(){

  16. 		/* import database */ 

  17. 		require "../config/database.php";

  18. 

  19. 		/* verify api call */

  20. 		if(isset($_POST["query"])){

  21. 			$error = false;

  22. 			$expired = false;

  23. 			$response = array();

  24. 			$q = $_POST["query"];

  25. 

  26. 			/* verify user session */

  27. 			if($q != 1){

  28. 	            if(session_expired()){

  29. 	            	$expired = true;

  30. 					$response["status"] = "expired";

  31. 	            }

  32. 			}

  33. 

  34. 			/* handle request */

  35. 			if(!$expired){

  36. 				switch($q){

  37. 					case 0:		/* register user */

  38. 						/* verify args */

  39. 						if(isset($_POST["person_name"]) and isset($_POST["email"]) and isset($_POST["phone_number"])){

  40. 							$password = "n/a";

  41. 							$email = $_POST["email"];

  42. 							$person_name = $_POST["person_name"];

  43. 							$phone_number = $_POST["phone_number"];

  44. 

  45. 				            /* register user */

  46. 				            if($_SESSION["access_level"] === "admin" or $_SESSION["access_level"] === "investigator"){

  47. 								$register = $db->prepare("INSERT INTO Person(person_name,email,password,phone) VALUES (?,?,?,?)");

  48. 								$register->bind_param("ssss",$person_name,$email,$password,$phone_number);

  49. 								

  50. 								/* extract id */ 

  51. 								if($register->execute()){

  52. 									$person_id = $db->insert_id;

  53. 									$response["status"] = "success";

  54. 									$response["person_id"] = $person_id;

  55. 									$response["message"] = "Person registered successfully";

  56. 								}

  57. 

  58. 								/* query failed */ 

  59. 								else{

  60. 									$error = true;

  61. 									$message = "Registration failed, possible duplicate";

  62. 								}

  63. 

  64. 								$register->close();

  65. 				            }

  66. 

  67. 				            /* restricted access level */

  68. 				            else{

  69. 								$error = true;

  70. 								$message = "Access not allowed";

  71. 				            }

  72. 						}

  73. 

  74. 						/* missing args */ 

  75. 						else{

  76. 							$error = true;

  77. 							$message = "One or more arguments missing";

  78. 						}

  79. 						break;

  80. 					case 1:		/* log in user */

  81. 						/* verify args */ 

  82. 						if(isset($_POST["email"]) and isset($_POST["password"])){

  83. 							/* fetch hashed password and user data */

  84. 							$email = $_POST["email"];

  85. 							$password = $_POST["password"];

  86. 							$login = $db->prepare("SELECT person_id,person_name,password FROM Person WHERE email=?");

  87. 							$login->bind_param("s",$email);

  88. 							$login->execute();

  89. 							$login->bind_result($person_id,$person_name,$hashed_password);

  90. 							$login->store_result();

  91. 							$login->fetch();

  92. 

  93. 							/* match password with hash */ 

  94. 							if(password_verify($password,$hashed_password)){

  95. 								/* fetch authorized laboratories */

  96. 								$authorized = $db->prepare("SELECT Authorized.lab_id,Laboratory.lab_room,Authorized.access_level FROM Authorized INNER JOIN Laboratory ON Laboratory.lab_id = Authorized.lab_id WHERE person_id=? AND Authorized.access_level!='none' ORDER BY Laboratory.lab_room ASC");

  97. 								$authorized->bind_param("i",$person_id);

  98. 								$authorized->execute();

  99. 								$authorized->bind_result($lab_id,$lab_room,$access_level);

  100. 

  101. 								/* initialize authorized array */

  102. 								start_session();

  103. 								$_SESSION["authorized"] = array();

  104. 								$access_level = "technician";

  105. 								$pi_flag = false;

  106. 								$admin_flag = false;

  107. 

  108. 								/* fetch entries */

  109. 								while($authorized->fetch()){

  110. 									if($access_level == "investigator"){

  111. 										$pi_flag = true;

  112. 									}

  113. 

  114. 									elseif($access_level == "admin"){

  115. 										$admin_flag = true;

  116. 									}

  117. 

  118. 							    	$_SESSION["authorized"][$lab_id] = array("lab_room" => $lab_room, "access_level" => $access_level);

  119. 								}

  120. 

  121. 								/* set user data */

  122. 								$_SESSION["person_id"] = $person_id;

  123. 								$_SESSION["person_name"] = explode(" ",$person_name)[0];

  124. 

  125. 								/* set highest access level */

  126. 								if($pi_flag){

  127. 									$access_level = "investigator";

  128. 								}

  129. 

  130. 								elseif($admin_flag){

  131. 									$access_level = "admin";

  132. 								}

  133. 

  134. 								$_SESSION["access_level"] = $access_level;

  135. 				    			$_SESSION["created"] = time();

  136. 								$_SESSION["last_activity"] = time();

  137. 

  138. 								$login->close();

  139. 								$authorized->close();

  140. 

  141. 								$response["status"] = "success";

  142. 							}

  143. 

  144. 							/* passwords don't match */ 

  145. 							else{

  146. 								$error = true;

  147. 								$message = "Login failed";

  148. 							}

  149. 						}

  150. 

  151. 						/* missing args */ 

  152. 						else{

  153. 							$error = true;

  154. 							$message = "One or more arguments missing";

  155. 						}

  156. 						break;

  157. 					case 2:		/* get laboratories */

  158. 						/* fetch authorized laboratories */

  159. 						$auth = $db->prepare("SELECT Authorized.lab_id,Laboratory.lab_room,Authorized.access_level FROM Authorized INNER JOIN Laboratory ON Laboratory.lab_id = Authorized.lab_id WHERE person_id=? AND Authorized.access_level!='none' ORDER BY Laboratory.lab_room ASC");

  160. 						$auth->bind_param("i",$_SESSION["person_id"]);

  161. 						$auth->execute();

  162. 						$auth->bind_result($lab_id,$lab_room,$access_level);

  163. 						

  164. 						/* initialize authorized array */

  165. 						start_session();

  166. 						$_SESSION["authorized"] = array();

  167. 						$pi_flag = false;

  168. 						$admin_flag = false;

  169. 						$access_level = "technician";

  170. 						$response["authorized"] = array();

  171. 

  172. 						/* fetch entries */

  173. 						while($auth->fetch()){

  174. 							if($access_level == "investigator"){

  175. 								$pi_flag = true;

  176. 							}

  177. 

  178. 							elseif($access_level == "admin"){

  179. 								$admin_flag = true;

  180. 							}

  181. 

  182. 					    	$_SESSION["authorized"][$lab_id] = array("lab_room" => $lab_room, "access_level" => $access_level);

  183. 		                	array_push($response["authorized"],array("lab_id" => $lab_id,"lab_room" => $lab_room, "access_level" => $access_level));

  184. 						}

  185. 

  186. 						$auth->close();

  187. 

  188. 						/* determine highest access level */

  189. 						if($pi_flag){

  190. 							$access_level = "investigator";

  191. 						}

  192. 

  193. 						elseif($admin_flag){

  194. 							$access_level = "admin";

  195. 						}

  196. 

  197. 						$_SESSION["access_level"] = $access_level;

  198. 						$response["status"] = "success";

  199. 						break;

  200. 					case 3:		/* get laboratory inventory */

  201. 						/* verify args */

  202. 						if(isset($_POST["lab_id"])){

  203. 							/* match lab id with authorized labs */

  204. 							$lab_id = $_POST["lab_id"];

  205. 							if(array_key_exists($lab_id,$_SESSION["authorized"])){

  206. 								/* fetch lab inventory */

  207. 								$laboratory = $db->prepare("SELECT Material.mat_id,Manufacturer.man_id,Material.mat_name,Manufacturer.man_name,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location FROM Lab_Material INNER JOIN Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Lab_Material.man_id=Manufacturer.man_id WHERE Lab_Material.lab_id=? ORDER BY Material.mat_name,Lab_Material.capacity ASC");

  208. 								$laboratory->bind_param("i",$lab_id);

  209. 								$laboratory->execute();

  210. 								$laboratory->bind_result($mat_id,$man_id,$mat_name,$man_name,$capacity,$quantity,$total,$uom,$location);

  211. 								$laboratory->store_result();

  212. 								

  213. 								$response["lab"] = array();

  214. 								$response["lab"]["inventory"] = array();

  215. 								while($laboratory->fetch()){

  216. 									array_push($response["lab"]["inventory"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom,"location" => $location));

  217. 								}

  218. 

  219. 								/* fetch lab personnel */

  220. 								$personnel = $db->prepare("SELECT Person.person_name,Authorized.access_level FROM Authorized INNER JOIN Person ON Person.person_id=Authorized.person_id WHERE Authorized.lab_id=? AND Authorized.access_level!='none' ORDER BY Authorized.access_level ASC");

  221. 								$personnel->bind_param("i",$lab_id);

  222. 								$personnel->execute();

  223. 								$personnel->bind_result($person_name,$access_level);

  224. 								$personnel->store_result();

  225. 								

  226. 								$response["lab"]["personnel"] = array();

  227. 								while($personnel->fetch()){

  228. 									array_push($response["lab"]["personnel"],array("person_name" => $person_name,"access_level" => $access_level));

  229. 								}

  230. 

  231. 								$personnel->close();						

  232. 								$laboratory->close();

  233. 						    	$response["status"] = "success";

  234. 							}

  235. 

  236. 							/* lab not authorized */ 

  237. 							else{					

  238. 								$error = true;

  239. 								$message = "Laboratory not authorized";	

  240. 							}

  241. 						}

  242. 

  243. 						/* missing args */ 

  244. 						else{

  245. 							$error = true;

  246. 							$message = "One or more arguments missing";

  247. 						}

  248. 						break;

  249. 					case 4:		/* get lab inventory */

  250. 						/* verify args */

  251. 						if(isset($_POST["lab_id"])){

  252. 							/* match lab id with authorized labs */

  253. 							$lab_id = $_POST["lab_id"];

  254. 							if(array_key_exists($lab_id,$_SESSION["authorized"])){

  255. 								/* fetch lab inventory */

  256. 								$inventory = $db->prepare("SELECT Material.mat_id,Manufacturer.man_id,Material.mat_name,Material.cas,Manufacturer.man_name,Material_Manufacturer.sds,Material.state,Material.type,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location FROM (Lab_Material INNER JOIN Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Lab_Material.man_id=Manufacturer.man_id INNER JOIN Material_Manufacturer ON Lab_Material.mat_id=Material_Manufacturer.mat_id AND Lab_Material.man_id=Material_Manufacturer.man_id) WHERE Lab_Material.lab_id=? ORDER BY Material.mat_name,Lab_Material.capacity ASC");

  257. 								$inventory->bind_param("i",$lab_id);

  258. 								$inventory->execute();

  259. 								$inventory->bind_result($mat_id,$man_id,$mat_name,$cas,$man_name,$sds,$state,$type,$capacity,$quantity,$total,$uom,$location);

  260. 								$inventory->store_result();

  261. 								

  262. 								$response["lab"] = array();

  263. 								$response["lab"]["inventory"] = array();

  264. 								$hazard = $db->prepare("SELECT Material_Hazard.code,Hazard.description FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.lab_id=? AND Lab_Material.man_id=? GROUP BY Material_Hazard.code,Hazard.description ORDER BY Material_Hazard.code ASC");

  265. 

  266. 								/* fetch hazard data */

  267. 								while($inventory->fetch()){

  268. 									$hazard->bind_param("idii",$mat_id,$capacity,$lab_id,$man_id);

  269. 									$hazard->execute();

  270. 									$hazard->bind_result($ghs,$description);

  271. 									$hazard->store_result();

  272. 									

  273. 									$full_ghs = array();

  274. 									$full_description = array();

  275. 									

  276. 									/* fetch hazard details */

  277. 									while($hazard->fetch()){

  278. 										if(!(array_search($ghs,$full_ghs))){

  279. 											array_push($full_ghs,$ghs);

  280. 											array_push($full_description,$description);

  281. 										}

  282. 									}

  283. 

  284. 									array_push($response["lab"]["inventory"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"cas" => $cas,"sds" => urlencode($sds),"ghs" => implode(",",$full_ghs),"state" => $state,"type" => $type,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom,"location" => $location));

  285. 								}

  286. 								

  287. 								$inventory->close();

  288. 						    	$response["status"] = "success";

  289. 							}

  290. 

  291. 							/* lab not authorized */ 

  292. 							else{					

  293. 								$error = true;

  294. 								$message = "Laboratory not authorized";	

  295. 							}

  296. 						}

  297. 

  298. 						/* missing args */

  299. 						else{

  300. 							$error = true;

  301. 							$message = "One or more arguments missing";

  302. 						}

  303. 						break;

  304. 					case 5:		/* edit cell*/

  305. 						/* verify args */

  306. 						if(isset($_POST["lab_id"]) and isset($_POST["field"]) and isset($_POST["data"])){

  307. 							$amount = 0;

  308. 							$field = $_POST["field"];

  309. 							$lab_id = $_POST["lab_id"];

  310. 							$data = json_decode($_POST["data"],true);

  311. 							

  312. 							if($field === "man_name"){

  313. 								$transaction = "edit manufacturer";

  314. 							}

  315. 

  316. 							elseif($field === "mat_name"){

  317. 								$transaction = "edit material";

  318. 							}

  319. 

  320. 							else{

  321. 								$transaction = "edit " . $field;

  322. 							}

  323. 

  324. 							/* match lab id with authorized labs */

  325. 							if(array_key_exists($lab_id,$_SESSION["authorized"])){

  326. 								switch($field){

  327. 									case "mat_name": 	/* update material name */

  328. 										$update = $db->prepare("UPDATE Material SET mat_name=? WHERE mat_id=?");

  329. 										$update->bind_param("si",$data["mat_name"],$data["mat_id"]);

  330. 

  331. 										if(!$update->execute()){

  332. 											$error = true;

  333. 											$message = "Update failed";

  334. 										}

  335. 

  336. 										$update->close();

  337. 										break;

  338. 									case "man_name": 	/* update manufacturer name */

  339. 										$update = $db->prepare("UPDATE Manufacturer SET man_name=? WHERE man_id=?");

  340. 										$update->bind_param("si",$data["man_name"],$data["man_id"]);

  341. 										

  342. 										if(!$update->execute()){

  343. 											$error = true;

  344. 											$message = "Update failed";

  345. 										}

  346. 

  347. 										$update->close();

  348. 										break;

  349. 									case "cas":  		/* update material cas num */

  350. 										$update = $db->prepare("UPDATE Material SET cas=? WHERE mat_id=?");

  351. 										$update->bind_param("si",$data["cas"],$data["mat_id"]);

  352. 										

  353. 										if(!$update->execute()){

  354. 											$error = true;

  355. 											$message = "Update failed";

  356. 										}

  357. 

  358. 										$update->close();

  359. 										break;

  360. 									case "sds":  		/* update material sds */

  361. 										$update = $db->prepare("UPDATE Material_Manufacturer SET sds=? WHERE mat_id=? AND man_id=?");

  362. 										$update->bind_param("sii",$data["sds"],$data["mat_id"],$data["man_id"]);

  363. 										

  364. 										if(!$update->execute()){

  365. 											$error = true;

  366. 											$message = "Update failed";

  367. 										}

  368. 

  369. 										$update->close();

  370. 										break;

  371. 									case "ghs": 		/* update ghs */

  372. 										$delete = $db->prepare("DELETE FROM Material_Hazard WHERE mat_id=?");

  373. 										$delete->bind_param("i",$data["mat_id"]);

  374. 										

  375. 										if(!$delete->execute()){

  376. 											$error = true;

  377. 											$message = "Update failed";

  378. 										}

  379. 

  380. 										else{

  381. 											$insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");

  382. 											$ghs = explode(",",$data["ghs"]);

  383. 

  384. 											for($i = 0; $i <  sizeof($ghs); $i++){

  385. 												if($ghs[$i]){

  386. 													$insert->bind_param("is",$data["mat_id"],$ghs[$i]);

  387. 													

  388. 													if(!$insert->execute()){

  389. 														$insert_ghs = $db->prepare("INSERT INTO Hazard(code) VALUES(?)");

  390. 														$insert_ghs->bind_param("s",$ghs[$i]);

  391. 														

  392. 														if(!$insert_ghs->execute()){

  393. 															$error = true;

  394. 															$message = "Update failed";

  395. 															break;

  396. 														}

  397. 														else{

  398. 															$insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");

  399. 															$insert->bind_param("is",$data["mat_id"],$ghs[$i]);

  400. 															if(!$insert->execute()){

  401. 																$error = true;

  402. 																$message = "Update failed";

  403. 																break;

  404. 															}

  405. 														}

  406. 													}

  407. 												}

  408. 											}

  409. 											

  410. 											$insert->close();

  411. 										}

  412. 

  413. 										$delete->close();

  414. 										break;

  415. 									case "state":

  416. 										$update = $db->prepare("UPDATE Material SET state=? WHERE mat_id=?");

  417. 										$update->bind_param("si",$data["state"],$data["mat_id"]);

  418. 										

  419. 										if(!$update->execute()){

  420. 											$error = true;

  421. 											$message = "Update failed";

  422. 										}

  423. 

  424. 										$update->close();

  425. 										break;

  426. 

  427. 									case "location":

  428. 										$update = $db->prepare("UPDATE Lab_Material SET location=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");

  429. 										$update->bind_param("siiids",$data["location"],$data["mat_id"],$lab_id,$data["man_id"],$data["capacity"],$data["uom"]);

  430. 										

  431. 										if(!$update->execute()){

  432. 											$error = true;

  433. 											$message = "Update failed";

  434. 										}

  435. 

  436. 										$update->close();

  437. 										break;

  438. 

  439. 									case "type":

  440. 										$update = $db->prepare("UPDATE Material SET type=? WHERE mat_id=?");

  441. 										$update->bind_param("si",$data["type"],$data["mat_id"]);

  442. 										

  443. 										if(!$update->execute()){

  444. 											$error = true;

  445. 											$message = "Update failed";

  446. 										}

  447. 

  448. 										$update->close();

  449. 										break;

  450. 

  451. 									case "capacity":

  452. 										$update = $db->prepare("UPDATE Lab_Material SET capacity=?,quantity=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");

  453. 										$update->bind_param("diiiids",$data["new_capacity"],$data["quantity"],$data["mat_id"],$lab_id,$data["man_id"],$data["prev_capacity"],$data["uom"]);

  454. 										

  455. 										if(!$update->execute()){

  456. 											$error = true;

  457. 											$message = "Update failed";

  458. 										}

  459. 

  460. 										$update->close();

  461. 										break;

  462. 

  463. 									case "quantity": 	/* update quantity */

  464. 									case "total": 		/* update total */

  465. 										$update = $db->prepare("UPDATE Lab_Material SET total=?,quantity=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");

  466. 										$update->bind_param("diiiids",$data["total"],$data["quantity"],$data["mat_id"],$lab_id,$data["man_id"],$data["capacity"],$data["uom"]);

  467. 

  468. 										$amount = $data["total"];

  469. 										

  470. 										if(!$update->execute()){

  471. 											$error = true;

  472. 											$message = "Update failed";

  473. 										}

  474. 

  475. 										$update->close();

  476. 										break;

  477. 

  478. 									case "uom": 	/* update uom */

  479. 										$update = $db->prepare("UPDATE Material SET uom=? WHERE mat_id=? AND uom=?");

  480. 										$update->bind_param("sis",$data["new_uom"],$data["mat_id"],$data["prev_uom"]);

  481. 										

  482. 										if(!$update->execute()){

  483. 											$error = true;

  484. 											$message = $update->error;

  485. 										}

  486. 

  487. 										else{

  488. 											$update = $db->prepare("UPDATE Lab_Material SET uom=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");

  489. 											$update->bind_param("siiids",$data["new_uom"],$data["mat_id"],$lab_id,$data["man_id"],$data["capacity"],$data["prev_uom"]);

  490. 											

  491. 											if(!$update->execute()){

  492. 												$error = true;

  493. 												$message = "Material update failed";

  494. 											}

  495. 										}

  496. 

  497. 										$update->close();

  498. 										break;

  499. 

  500. 									default:

  501. 										$error = true;

  502. 										$message = "Incorrect field query";

  503. 										break;

  504. 								}

  505. 

  506. 								/* record transaction */

  507. 								if(!$error){

  508. 									$timestamp = date("Y-m-d H:i:s");

  509. 									$insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");

  510. 									$insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$data["mat_id"],$data["man_id"],$data["capacity"],$lab_id,$amount,$data["uom"]);

  511. 

  512. 									if($insert->execute()){

  513. 								    	$response["status"] = "success";

  514. 								    	$response["message"] = "Field updated successfully";

  515. 									}

  516. 

  517. 									/* transaction failed */ 

  518. 									else{

  519. 										$error = true;

  520. 										$message = "Field update failed";;

  521. 									}

  522. 

  523. 									$insert->close();

  524. 								}

  525. 							}

  526. 

  527. 							/* lab not authorized */ 

  528. 							else{					

  529. 								$error = true;

  530. 								$message = "Laboratory not authorized";	

  531. 							}

  532. 						}

  533. 

  534. 						/* missing args */ 

  535. 						else{

  536. 							$error = true;

  537. 							$message = "One or more arguments missing";

  538. 						}

  539. 						break;

  540. 					case 6:		/* edit row */

  541. 						/* verify args */

  542. 						if(isset($_POST["lab_id"]) and isset($_POST["mat_id"]) and isset($_POST["man_id"]) and isset($_POST["uom"]) and isset($_POST["capacity"]) and isset($_POST["data"])){

  543. 							$lab_id = $_POST["lab_id"];

  544. 							$mat_id = $_POST["mat_id"];

  545. 							$man_id = $_POST["man_id"];

  546. 							$uom = $_POST["uom"];

  547. 							$transaction = "edit";

  548. 							$capacity = $_POST["capacity"];

  549. 							$data = json_decode($_POST["data"],true);

  550. 							$total = $data["capacity"] * $data["quantity"];

  551. 

  552. 							/* match lab id with authorized labs */ 

  553. 							if(array_key_exists($lab_id,$_SESSION["authorized"])){

  554. 								$material = $db->prepare("UPDATE Material SET mat_name=?,cas=?,state=?,type=?,uom=? WHERE mat_id=? AND uom=?");

  555. 								$material->bind_param("sssssis",$data["mat_name"],$data["cas"],$data["state"],$data["type"],$data["uom"],$mat_id,$uom);

  556. 								

  557. 								if(!$material->execute()){

  558. 									$error = true;

  559. 									$message = "Material update failed";

  560. 								}

  561. 

  562. 								$material->close();

  563. 

  564. 								$manufacturer = $db->prepare("UPDATE Manufacturer SET man_name=? WHERE man_id=?");

  565. 								$manufacturer->bind_param("si",$data["man_name"],$man_id);

  566. 								

  567. 								if(!$manufacturer->execute() and !$error){

  568. 									$error = true;

  569. 									$message = "Manufacturer update failed";

  570. 								}

  571. 

  572. 								$manufacturer->close();

  573. 								$update = $db->prepare("UPDATE Material_Manufacturer SET sds=? WHERE mat_id=? AND man_id=?");

  574. 								$update->bind_param("sii",$data["sds"],$mat_id,$man_id);

  575. 

  576. 								if(!$update->execute() and !$error){

  577. 									$error = true;

  578. 									$message = "Update failed";

  579. 								}

  580. 								

  581. 								$update->close();

  582. 								$delete = $db->prepare("DELETE FROM Material_Hazard WHERE mat_id=?");

  583. 								$delete->bind_param("i",$mat_id);

  584. 								

  585. 								if(!$delete->execute() and !$error){

  586. 									$error = true;

  587. 									$message = "GHS update failed";

  588. 								}

  589. 

  590. 								else{

  591. 									$insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");

  592. 									$ghs = explode(",",$data["ghs"]);

  593. 

  594. 									for($i = 0; $i <  sizeof($ghs); $i++){

  595. 										if($ghs[$i]){

  596. 											$insert->bind_param("is",$mat_id,$ghs[$i]);

  597. 											

  598. 											if(!$insert->execute() and !$error){

  599. 												$insert_ghs = $db->prepare("INSERT INTO Hazard(code) VALUES(?)");

  600. 												$insert_ghs->bind_param("s",$ghs[$i]);

  601. 												

  602. 												if(!$insert_ghs->execute() and !$error){

  603. 													$error = true;

  604. 													$message = "GHS update failed";

  605. 													break;

  606. 												}

  607. 												else{

  608. 													$insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");

  609. 													$insert->bind_param("is",$mat_id,$ghs[$i]);

  610. 													if(!$insert->execute()){

  611. 														$error = true;

  612. 														$message = "GHS update failed";

  613. 														break;

  614. 													}

  615. 												}

  616. 											}

  617. 										}

  618. 									}

  619. 								}

  620. 

  621. 								$delete->close();

  622. 								$insert->close();

  623. 

  624. 								$update = $db->prepare("UPDATE Lab_Material SET capacity=?,quantity=?,total=?,location=?,uom=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");

  625. 								$update->bind_param("didssiiids",$data["capacity"],$data["quantity"],$total,$data["location"],$data["uom"],$mat_id,$lab_id,$man_id,$capacity,$uom);

  626. 								

  627. 								if(!$update->execute() and !$error){

  628. 									$error = true;

  629. 									$message = "Material update failed";

  630. 								}

  631. 

  632. 								$update->close();

  633. 

  634. 								/* record transaction */

  635. 								if(!$error){

  636. 									$timestamp = date("Y-m-d H:i:s");

  637. 									$insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");

  638. 									$insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$total,$uom);

  639. 

  640. 									if($insert->execute()){

  641. 								    	$response["status"] = "success";

  642. 								    	$response["message"] = "Entry updated successfully";

  643. 									}

  644. 

  645. 									/* transaction failed */ 

  646. 									else{

  647. 										$error = true;

  648. 										$message = "Entry update failed";;

  649. 									}

  650. 

  651. 									$insert->close();

  652. 								}

  653. 							}

  654. 

  655. 							/* lab not authorized */ 

  656. 							else{					

  657. 								$error = true;

  658. 								$message = "Laboratory not authorized";	

  659. 							}

  660. 						}

  661. 

  662. 						/* missing args */ 

  663. 						else{

  664. 							$error = true;

  665. 							$message = "One or more arguments missing";

  666. 						}

  667. 						break;

  668. 					case 8: 	/* delete row */

  669. 						/* verify args */

  670. 						if(isset($_POST["lab_id"]) and isset($_POST["data"])){

  671. 							$lab_id = $_POST["lab_id"];

  672. 							$data = json_decode($_POST["data"],true);

  673. 							$uom = $data["uom"];

  674. 							$amount = $data["total"];

  675. 							$transaction = "delete";

  676. 							$capacity = $data["capacity"];

  677. 							$mat_id = $data["material"]["mat_id"];

  678. 							$man_id = $data["manufacturer"]["man_id"];

  679. 

  680. 							/* match lab id with authorized labs */

  681. 							if(array_key_exists($lab_id,$_SESSION["authorized"])){

  682. 								$delete = $db->prepare("DELETE FROM Lab_Material WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");

  683. 								$delete->bind_param("iiids",$mat_id,$lab_id,$man_id,$capacity,$uom);

  684. 

  685. 								/* record transaction */

  686. 								if($delete->execute()){

  687. 									$timestamp = date("Y-m-d H:i:s");

  688. 									$insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");

  689. 									$insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$amount,$uom);

  690. 

  691. 									if($insert->execute()){

  692. 								    	$response["status"] = "success";

  693. 								    	$response["message"] = "Entry deleted successfully";

  694. 									}

  695. 									/* transaction failed */ 

  696. 									else{

  697. 										$error = true;

  698. 										$message = "Material delete failed";

  699. 									}

  700. 									$delete->close();

  701. 								}

  702. 

  703. 								/* query failed */ 

  704. 								else{

  705. 									$error = true;

  706. 									$message = "Material delete failed";

  707. 								}

  708. 							}

  709. 							/* lab not authorized */ 

  710. 							else{					

  711. 								$error = true;

  712. 								$message = "Laboratory not authorized";	

  713. 							}

  714. 						}

  715. 						/* missing args */ 

  716. 						else{

  717. 							$error = true;

  718. 							$message = "One or more arguments missing";

  719. 						}

  720. 						break;

  721. 					case 9:		/* material transaction */

  722. 						/* verify args */

  723. 						if(isset($_POST["lab_id"]) and isset($_POST["mat_id"]) and isset($_POST["capacity"]) and isset($_POST["transaction"]) and isset($_POST["man_id"]) and isset($_POST["total"]) and isset($_POST["amount"]) and isset($_POST["uom"])){

  724. 							$flag = false;

  725. 							$lab_id = $_POST["lab_id"];

  726. 							$mat_id = $_POST["mat_id"];

  727. 							$capacity = $_POST["capacity"];

  728. 							$transaction = $_POST["transaction"];

  729. 							$total = $_POST["total"];

  730. 							$uom = $_POST["uom"];

  731. 							$man_id = $_POST["man_id"];

  732. 							$amount = $_POST["amount"];

  733. 							$delete = false;

  734. 

  735. 							/* match lab id with authorized labs */

  736. 							if(array_key_exists($lab_id,$_SESSION["authorized"])){

  737. 

  738. 								/* update total amount */

  739. 								if($total > 0){

  740. 			                        $containers = ceil($total/$capacity);

  741. 									$update = $db->prepare("UPDATE Lab_Material SET total=?,quantity=? WHERE mat_id=? AND man_id=? AND lab_id=? AND capacity=? AND uom=?");

  742. 									$update->bind_param("diiiids",$total,$containers,$mat_id,$man_id,$lab_id,$capacity,$uom);

  743. 									if($update->execute()){

  744. 										$update->close();

  745. 										$flag = true;

  746. 									}

  747. 

  748. 									/* transaction failed */ 

  749. 									else{

  750. 										$error = true;

  751. 										$message = "Transaction failed";

  752. 									}

  753. 								}

  754. 

  755. 								/* material consumed, remove entry */

  756. 								else{

  757. 									$flag = true;

  758. 									$delete = true;

  759. 								}

  760. 

  761. 								/* record transaction */

  762. 								if($flag){

  763. 									$timestamp = date("Y-m-d H:i:s");

  764. 									$insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");

  765. 									$insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$amount,$uom);

  766. 

  767. 									if($insert->execute()){

  768. 										if($transaction === "offer"){

  769. 											$offered_insert = $db->prepare("INSERT INTO Offered_Material(person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?)");

  770. 											$offered_insert->bind_param("isiidids",$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$amount,$uom);

  771. 

  772. 											if($offered_insert->execute()){

  773. 												$response["status"] = "success";

  774. 												$response["message"] = "Transaction completed successfully";

  775. 											}

  776. 

  777. 											else{

  778. 												$error = true;

  779. 												$message = "Insertion into Offered Materials failed";

  780. 											}

  781. 

  782. 											$offered_insert->close();

  783. 										}

  784. 

  785. 										else{

  786. 											$response["status"] = "success";

  787. 											$response["message"] = "Transaction completed successfully";

  788. 										}

  789. 										if($delete){

  790. 											$delete = $db->prepare("DELETE FROM Lab_Material WHERE mat_id=? AND man_id=? AND lab_id=? AND capacity=? AND uom=?");

  791. 											$delete->bind_param("iiids",$mat_id,$man_id,$lab_id,$capacity,$uom);

  792. 

  793. 											if($delete->execute()){

  794. 												$response["status"] = "success";

  795. 												$response["message"] = "Transaction completed successfully";

  796. 											}

  797. 											

  798. 											/* delete failed */ 

  799. 											else{

  800. 												$error = true;

  801. 												$message = "Material removal failed";

  802. 											}

  803. 											

  804. 											$delete->close();

  805. 										}

  806. 									}

  807. 

  808. 									/* transaction failed */ 

  809. 									else{

  810. 										$error = true;

  811. 										$message ="Transaction failed";

  812. 									}

  813. 

  814. 									$insert->close();

  815. 								}

  816. 

  817. 								/* initial transaction failed */

  818. 								else{

  819. 									$error = true;

  820. 									$message = "Transaction failed";

  821. 								}

  822. 							}

  823. 

  824. 							/* lab not authorized */ 

  825. 							else{					

  826. 								$error = true;

  827. 								$message = "Laboratory not authorized";	

  828. 							}

  829. 						}

  830. 

  831. 						/* missing args */ 

  832. 						else{

  833. 							$error = true;

  834. 							$message = "One or more arguments missing";

  835. 						}

  836. 						break;

  837. 					case 10:	/* insert material */

  838. 						/* verify args */

  839. 						if(isset($_POST["lab_id"]) and isset($_POST["data"])){

  840. 							$flag = false;

  841. 							$lab_id = $_POST["lab_id"];

  842. 							$data = json_decode($_POST["data"],true);

  843. 							$capacity = $data["capacity"];

  844. 							$mat_name =  $data["mat_name"];

  845. 							$total = $data["quantity"] * $capacity;

  846. 							$uom = $data["uom"];

  847. 							$man_name = $data["man_name"];

  848. 

  849. 							/* match lab id with authorized labs */

  850. 							if(array_key_exists($lab_id,$_SESSION["authorized"])){

  851. 								/* verify if manufacturer already exists */

  852. 								$manufacturer = $db->prepare("SELECT man_id FROM Manufacturer WHERE man_name=?");

  853. 								$manufacturer->bind_param("s",$man_name);

  854. 								$manufacturer->execute();

  855. 								$manufacturer->store_result();

  856. 								$manufacturer->bind_result($man_id);

  857. 								

  858. 								if($manufacturer->num_rows > 0){

  859. 									$manufacturer->fetch();

  860. 								}

  861. 								

  862. 								/* insert manufacturer */

  863. 								else{

  864. 									$insert = $db->prepare("INSERT INTO Manufacturer(man_name) VALUES (?)");

  865. 									$insert->bind_param("s",$man_name);

  866. 

  867. 									if($insert->execute()){

  868. 										$man_id = $db->insert_id;

  869. 									}

  870. 

  871. 									/* insert failed */ 

  872. 									else{

  873. 										$error = true;

  874. 										$message = "Manufacturer insert failed";

  875. 									}

  876. 

  877. 									$insert->close();

  878. 								}

  879. 

  880. 								$manufacturer->close();

  881. 

  882. 								if($man_id){

  883. 									/* verify if material already exists */

  884. 									$material = $db->prepare("SELECT mat_id FROM Material WHERE mat_name=? AND uom=?");

  885. 									$material->bind_param("ss",$mat_name,$uom);

  886. 									$material->execute();

  887. 									$material->bind_result($mat_id);

  888. 									$material->store_result();

  889. 

  890. 									if($material->num_rows > 0){

  891. 										$material->fetch();

  892. 									}

  893. 

  894. 									/* insert material */

  895. 									else{

  896. 										$insert = $db->prepare("INSERT INTO Material(mat_name,cas,state,type,uom) VALUES (?,?,?,?,?)");

  897. 										$insert->bind_param("sssss",$mat_name,$data["cas"],$data["state"],$data["type"],$uom);

  898. 										

  899. 										if($insert->execute()){

  900. 											$mat_id = $db->insert_id;

  901. 										}

  902. 

  903. 										/* material insert failed */ 

  904. 										else{

  905. 											$error = true;

  906. 											$message = "Material insert failed";

  907. 										}

  908. 

  909. 										$insert->close();

  910. 									}

  911. 

  912. 									$material->close();

  913. 								}

  914. 

  915. 								/* match material and manufacturer */

  916. 								if($man_id and $mat_id and !$error){

  917. 									$mat_man = $db->prepare("INSERT INTO Material_Manufacturer(mat_id,man_id,sds) VALUES (?,?,?)");

  918. 									$mat_man->bind_param("iis",$mat_id,$man_id,$data["sds"]);

  919. 

  920. 									if($mat_man->execute()){

  921. 									}

  922. 

  923. 									else{

  924. 										$mat_man = $db->prepare("SELECT mat_id FROM Material_Manufacturer WHERE mat_id=? AND man_id=?");

  925. 										$mat_man->bind_param("ii",$mat_id,$man_id);

  926. 										$mat_man->execute();

  927. 										$mat_man->bind_result($mat_id);

  928. 										$mat_man->store_result();

  929. 										

  930. 										if($mat_man->num_rows > 0){

  931. 

  932. 										}

  933. 

  934. 										/* match failed */

  935. 										else{

  936. 											$error = true;

  937. 											$message = "Material/Manufacturer match failed";	

  938. 										}

  939. 									}

  940. 									

  941. 									$mat_man->close();

  942. 

  943. 									/* match material and hazard */

  944. 									if(!$error){

  945. 										$delete = $db->prepare("DELETE FROM Material_Hazard WHERE mat_id=?");

  946. 										$delete->bind_param("i",$data["mat_id"]);

  947. 										

  948. 										if(!$delete->execute()){

  949. 											$error = true;

  950. 											$message = "Material/Hazard match failedj";

  951. 										}

  952. 

  953. 										else{

  954. 											$insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");

  955. 											$ghs = explode(",",$data["ghs"]);

  956. 

  957. 											for($i = 0; $i <  sizeof($ghs); $i++){

  958. 												if($ghs[$i]){

  959. 													$insert->bind_param("is",$mat_id,$ghs[$i]);

  960. 													

  961. 													if(!$insert->execute()){

  962. 														$insert_ghs = $db->prepare("INSERT INTO Hazard(code) VALUES(?)");

  963. 														$insert_ghs->bind_param("s",$ghs[$i]);

  964. 														

  965. 														if(!$insert_ghs->execute()){

  966. 															$insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");

  967. 															$insert->bind_param("is",$mat_id,$ghs[$i]);

  968. 															if(!$insert->execute()){

  969. 																$error = true;

  970. 																$message = "Material/Hazard match failedjh";

  971. 																break;

  972. 															}

  973. 														}

  974. 													}

  975. 												}

  976. 											}

  977. 

  978. 											$insert->close();

  979. 										}

  980. 

  981. 										$delete->close();

  982. 									}

  983. 

  984. 									/* match material and lab material */

  985. 									if(!$error){

  986. 										$lab = $db->prepare("SELECT total FROM Lab_Material WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");

  987. 										$lab->bind_param("iiids",$mat_id,$lab_id,$man_id,$capacity,$uom);

  988. 										$lab->execute();

  989. 										$lab->bind_result($new_total);

  990. 										$lab->store_result();

  991. 										

  992. 										/* update total amount */

  993. 										if($lab->num_rows > 0){

  994. 											$lab->fetch();

  995. 											$lab->close();

  996. 											$new_total += $total;

  997. 			                            	$containers = ceil($new_total/$capacity);

  998. 											

  999. 											$update = $db->prepare("UPDATE Lab_Material SET total=?,quantity=? WHERE mat_id=? AND man_id=? AND lab_id=? AND capacity=? AND uom=?");

  1000. 											$update->bind_param("diiiids",$new_total,$containers,$mat_id,$man_id,$lab_id,$capacity,$uom);

  1001. 

  1002. 											if(!$update->execute()){

  1003. 												$error = true;

  1004. 												$message = "Amount update failed";

  1005. 											}

  1006. 											

  1007. 											$update->close();

  1008. 										}

  1009. 

  1010. 										/* create new entry */

  1011. 										else{

  1012. 											$lab_mat = $db->prepare("INSERT INTO Lab_Material(lab_id,mat_id,capacity,quantity,total,location,uom,man_id) VALUES (?,?,?,?,?,?,?,?)");

  1013. 											$lab_mat->bind_param("iididssi",$lab_id,$mat_id,$capacity,$data["quantity"],$total,$data["location"],$uom,$man_id);

  1014. 											

  1015. 											if($lab_mat->execute()){

  1016. 												$flag = true;

  1017. 											}

  1018. 

  1019. 											/* transaction failed */

  1020. 											else{

  1021. 												$error = true;

  1022. 												$message = "Transaction failed";

  1023. 											}

  1024. 

  1025. 											$lab_mat->close();

  1026. 										}

  1027. 									}

  1028. 								}

  1029. 

  1030. 								/* record transaction */

  1031. 								if(!$error){

  1032. 									$timestamp = date("Y-m-d H:i:s");

  1033. 									$insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");

  1034. 									$transaction = "add";

  1035. 									$insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$data["total"],$uom);

  1036. 									

  1037. 									if($insert->execute()){

  1038. 										$response["mat_id"] = $mat_id;

  1039. 										$response["man_id"] = $man_id;

  1040. 										$response["status"] = "success";

  1041. 										$response["message"] = "Material added successfully";

  1042. 									}

  1043. 

  1044. 									/* transaction failed */ 

  1045. 									else{

  1046. 										$error = true;

  1047. 										$message = "Transaction failed";

  1048. 									}

  1049. 

  1050. 									$insert->close();	

  1051. 								}

  1052. 							}

  1053. 

  1054. 							/* lab not authorized */ 

  1055. 							else{					

  1056. 								$error = true;

  1057. 								$message = "Laboratory not authorized";	

  1058. 							}

  1059. 						}

  1060. 

  1061. 						/* missing args */ 

  1062. 						else{

  1063. 							$error = true;

  1064. 							$message = "One or more arguments missing";

  1065. 						}

  1066. 						break;

  1067. 					case 11:	/* log out user */

  1068. 						/* unset session variables and destroy session */ 

  1069. 						unset($_SESSION);

  1070. 						session_destroy();

  1071. 						$_SESSION = array();

  1072. 						$response["status"] = "success";

  1073. 						break;

  1074. 					case 12: 	/* fetch material details */

  1075. 						/* verify args */

  1076. 						if(isset($_POST["lab_id"]) and isset($_POST["mat_id"]) and isset($_POST["man_id"]) and isset($_POST["capacity"]) and isset($_POST["uom"])){

  1077. 							$lab_id = $_POST["lab_id"];

  1078. 							$mat_id = $_POST["mat_id"];

  1079. 							$man_id = $_POST["man_id"];

  1080. 							$capacity = $_POST["capacity"];

  1081. 							$uom = $_POST["uom"];

  1082. 

  1083. 							/* match lab id with authorized labs */

  1084. 							if(array_key_exists($lab_id,$_SESSION["authorized"])){

  1085. 								$material = $db->prepare("SELECT Material.cas,Material.state,Material.type,Material_Manufacturer.sds FROM Material INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id LEFT JOIN Material_Manufacturer ON Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id WHERE Lab_Material.lab_id=? AND Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.man_id=? AND Lab_Material.uom=?");

  1086. 

  1087. 								$material->bind_param("iidis",$lab_id,$mat_id,$capacity,$man_id,$uom);

  1088. 								$material->execute();

  1089. 								$material->bind_result($cas,$state,$type,$sds);

  1090. 								$material->store_result();

  1091. 

  1092. 								$hazard = $db->prepare("SELECT DISTINCT(Material_Hazard.code) FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.lab_id=? AND Lab_Material.man_id=? AND Lab_Material.uom=? ORDER BY Material_Hazard.code ASC");

  1093. 								

  1094. 								/* fetch material details */

  1095. 								$response["material"] = array();

  1096. 								if($material->num_rows > 0){

  1097. 									while($material->fetch()){

  1098. 										$hazard->bind_param("idiis",$mat_id,$capacity,$lab_id,$man_id,$uom);

  1099. 										$hazard->execute();

  1100. 										$hazard->bind_result($ghs);

  1101. 										$hazard->store_result();

  1102. 										

  1103. 										$full_ghs = array();

  1104. 										$full_description = array();

  1105. 										

  1106. 										/* fetch hazard details */

  1107. 										while($hazard->fetch()){

  1108. 											if(!(array_search($ghs,$full_ghs))){

  1109. 												array_push($full_ghs,$ghs);

  1110. 											}

  1111. 										}

  1112. 

  1113. 										$response["material"] = array("cas" => $cas,"ghs" => implode(",",$full_ghs),"state" => $state,"type" => $type,"sds" => urlencode($sds));

  1114. 

  1115. 									}

  1116. 

  1117. 									$material->close();

  1118. 							    	$response["status"] = "success";

  1119. 								}

  1120. 

  1121. 								/* empty query */ 

  1122. 								else{

  1123. 									$error = true;

  1124. 									$message = "Material not found";

  1125. 								}

  1126. 							}

  1127. 

  1128. 							/* lab not authorized */ 

  1129. 							else{					

  1130. 								$error = true;

  1131. 								$message = "Laboratory not authorized";	

  1132. 							}

  1133. 						}

  1134. 

  1135. 						/* missing args */ 

  1136. 						else{

  1137. 							$error = true;

  1138. 							$message = "One or more arguments missing";

  1139. 						}

  1140. 						break;

  1141. 					case 13:	/* fetch personnel */

  1142. 						$personnel = $db->prepare("SELECT person_id,person_name FROM Person ORDER BY person_name ASC");

  1143. 						$personnel->execute();

  1144. 						$personnel->bind_result($person_id,$person_name);

  1145. 						$personnel->store_result();

  1146. 						

  1147. 						$response["personnel"] = array();

  1148. 

  1149. 						/* fetch entries */

  1150. 						while($personnel->fetch()){

  1151. 							array_push($response["personnel"],array("person_id" => $person_id,"person_name" => $person_name));

  1152. 						}

  1153. 

  1154. 						$personnel->close();

  1155. 				    	$response["status"] = "success";

  1156. 						break;

  1157. 					case 14: 	/* add lab */

  1158. 						/* verify args */

  1159. 						if(isset($_POST["lab_name"]) and isset($_POST["lab_room"]) and isset($_POST["department"]) and isset($_POST["building"]) and isset($_POST["extension"]) and isset($_POST["pi"])){

  1160. 							$lab_name = $_POST["lab_name"];

  1161. 							$lab_room = $_POST["lab_room"];

  1162. 							$department = $_POST["department"];

  1163. 							$building = $_POST["building"];

  1164. 							$extension = $_POST["extension"];

  1165. 							$pi = $_POST["pi"];

  1166. 							$access_level = "investigator";

  1167. 

  1168. 				            /* admins */

  1169. 				            if($_SESSION["access_level"] == "admin"){

  1170. 				            	/*  */

  1171. 								$add_laboratory = $db->prepare("INSERT INTO Laboratory(lab_room,department,building,extension,pi,cho,lab_name) VALUES (?,?,?,?,?,?,?)");

  1172. 								$add_laboratory->bind_param("sssiiis",$lab_room,$department,$building,$extension,$pi,$pi,$lab_name);

  1173. 								/* extract id */

  1174. 								if($add_laboratory->execute()){

  1175. 									$lab_id = $add_laboratory->insert_id;

  1176. 

  1177. 									/* authorize pi */

  1178. 									$auth = $db->prepare("INSERT INTO Authorized(person_id,lab_id,access_level) VALUES (?,?,?)");

  1179. 									$auth->bind_param("iis",$pi,$lab_id,$access_level);

  1180. 									

  1181. 									if($auth->execute()){

  1182. 										$admins = [75,76];

  1183. 										$access_level = "admin";

  1184. 

  1185. 										foreach($admins as $key => $admin){

  1186. 											$auth->bind_param("iis",$admin,$lab_id,$access_level);

  1187. 											if(!($auth->execute())){

  1188. 												$error = true;

  1189. 												$message = "Access level not granted";

  1190. 												break;

  1191. 											}

  1192. 										}

  1193. 

  1194. 										$response["lab_id"] = $lab_id;

  1195. 						    			$_SESSION["authorized"][$lab_id] = array("lab_name" => $lab_name, "access_level" => $_SESSION["access_level"]);

  1196. 										$response["status"] = "success";

  1197. 										$response["message"] = "Laboratory created successfully";

  1198. 									}

  1199. 

  1200. 									/* access level not granted */

  1201. 									else{

  1202. 										$error = true;

  1203. 										$message = "Access level not granted";

  1204. 									}

  1205. 

  1206. 									$auth->close();

  1207. 								}

  1208. 

  1209. 								/* query failed */ 

  1210. 								else{

  1211. 									$error = true;

  1212. 									$message = "Laboratory creation failed";

  1213. 								}

  1214. 

  1215. 								$add_laboratory->close();

  1216. 				            }

  1217. 

  1218. 				            /* restricted access level */

  1219. 				            else{

  1220. 								$error = true;

  1221. 								$message = "Action not allowed";

  1222. 				            }

  1223. 						}

  1224. 

  1225. 						/* missing args */ 

  1226. 						else{

  1227. 							$error = true;

  1228. 							$message = "One or more arguments missing";

  1229. 						}

  1230. 						break;

  1231. 					case 15:	/* fetch personnel/access levels */

  1232. 			            if($_SESSION["access_level"] == "admin" or $_SESSION["access_level"] == "investigator"){

  1233. 							$personnel = $db->prepare("SELECT person_id,person_name FROM Person WHERE person_id!=? AND person_id!=75 AND person_id!=76 ORDER BY person_name ASC");

  1234. 							$personnel->bind_param("i",$_SESSION["person_id"]);

  1235. 							$personnel->execute();

  1236. 							$personnel->bind_result($person_id,$person_name);

  1237. 							$personnel->store_result();

  1238. 

  1239. 							/* generate personnel array */

  1240. 							$response["personnel"] = array();

  1241. 							while($personnel->fetch()){

  1242. 								array_push($response["personnel"],array("person_id" => $person_id,"person_name" => $person_name));

  1243. 							}

  1244. 

  1245. 							$personnel->close();

  1246. 

  1247. 							$access = $db->prepare("SELECT Person.person_id,Person.person_name,Laboratory.lab_room,Laboratory.lab_id,Authorized.access_level FROM Person INNER JOIN Authorized ON Person.person_id=Authorized.person_id INNER JOIN Laboratory ON Laboratory.lab_id=Authorized.lab_id WHERE Person.person_id!=? AND Authorized.access_level!='admin' AND Authorized.access_level!='none' ORDER BY person_name ASC");

  1248. 							$access->bind_param("i",$_SESSION["person_id"]);

  1249. 							$access->execute();

  1250. 							$access->bind_result($person_id,$person_name,$lab_room,$lab_id,$access_level);

  1251. 							$access->store_result();

  1252. 

  1253. 							/* generate access levels array */

  1254. 							$response["access_levels"] = array();

  1255. 							while($access->fetch()){

  1256. 								$response["access_levels"][$person_id][$lab_id] = array("lab_room" => $lab_room,"access_level" => $access_level);

  1257. 							}

  1258. 

  1259. 							$access->close();

  1260. 

  1261. 							/* extract authorized laboratories */

  1262. 							$auth = $db->prepare("SELECT Authorized.lab_id,Laboratory.lab_room,Authorized.access_level FROM Authorized INNER JOIN Laboratory ON Laboratory.lab_id = Authorized.lab_id WHERE person_id=? AND Authorized.access_level!='none' ORDER BY Laboratory.lab_room ASC");

  1263. 							$auth->bind_param("i",$_SESSION["person_id"]);

  1264. 							$auth->execute();

  1265. 							$auth->bind_result($lab_id,$lab_room,$access_level);

  1266. 

  1267. 							/* generate authorized arrays */

  1268. 							$response["labs"] = array();

  1269. 							$_SESSION["authorized"] = array();

  1270. 							$response["authorized"] = array();

  1271. 							while($auth->fetch()){

  1272. 								array_push($response["labs"],array("lab_id" => $lab_id,"lab_room" => $lab_room));

  1273. 						    	$_SESSION["authorized"][$lab_id] = array("lab_room" => $lab_room, "access_level" => $access_level);

  1274. 								$response["authorized"][$lab_id] = array("lab_room" => $lab_room,"access_level" => $access_level);

  1275. 							}

  1276. 

  1277. 							$auth->close();

  1278. 							$response["status"] = "success";

  1279. 			            }

  1280. 

  1281. 			            /* restricted access level */

  1282. 			            else{

  1283. 							$error = true;

  1284. 							$message = "Access denied";

  1285. 			            }

  1286. 						break;

  1287. 					case 16:    /* update access level */				

  1288. 						/* verify args */

  1289. 						if(isset($_POST["lab_id"]) and isset($_POST["person_id"]) and isset($_POST["access_level"]) and isset($_POST["action"])){

  1290. 							$lab_id = $_POST["lab_id"];

  1291. 							$person_id = $_POST["person_id"];

  1292. 							$access_level = $_POST["access_level"];

  1293. 							$action = $_POST["action"];

  1294. 

  1295. 				            /* register user */

  1296. 				            if($_SESSION["access_level"] == "admin" or $_SESSION["access_level"] == "investigator"){

  1297. 				            	if($action == "authorize"){

  1298. 									$insert = $db->prepare("INSERT INTO Authorized(person_id,lab_id,access_level) VALUES (?,?,?)");

  1299. 									$insert->bind_param("iis",$person_id,$lab_id,$access_level);

  1300. 									

  1301. 									if($insert->execute()){

  1302. 										$response["status"] = "success";

  1303. 										$response["message"] = "Access level granted";

  1304. 									}

  1305. 

  1306. 									/* insert failed */ 

  1307. 									else{

  1308. 										/* match lab id with authorized labs */

  1309. 										if(array_key_exists($lab_id,$_SESSION["authorized"])){

  1310. 											$flag = false;

  1311. 											if($_SESSION["access_level"] != "admin"){

  1312. 												$select = $db->prepare("SELECT pi FROM Laboratory WHERE lab_id=?");

  1313. 												$select->bind_param("i",$lab_id);

  1314. 												$select->execute();

  1315. 												$select->bind_result($pi);

  1316. 												$select->store_result();

  1317. 												$select->fetch();

  1318. 												

  1319. 												if($pi == $person_id){

  1320. 													$error = true;

  1321. 													$flag = true;

  1322. 													$message = "Access level not updated";

  1323. 												}

  1324. 

  1325. 												$select->close();

  1326. 											}

  1327. 

  1328. 											if(!$flag){

  1329. 												$update = $db->prepare("UPDATE Authorized SET access_level=? WHERE person_id=? AND lab_id=?");

  1330. 												$update->bind_param("sii",$access_level,$person_id,$lab_id);

  1331. 												

  1332. 												if($update->execute()){

  1333. 													$response["status"] = "success";

  1334. 													$response["message"] = "Access level updated";

  1335. 												}

  1336. 												

  1337. 												/* update failed */ 

  1338. 												else{

  1339. 													$error = true;

  1340. 													$message = "Access level not updated";

  1341. 												}

  1342. 

  1343. 												$update->close();

  1344. 											}

  1345. 										}

  1346. 

  1347. 										/* lab not authorized */ 

  1348. 										else{

  1349. 											$error = true;

  1350. 											$message = "Action not allowed";

  1351. 										}

  1352. 									}

  1353. 

  1354. 									$insert->close();

  1355. 				            	}

  1356. 

  1357. 				            	/* restrict */

  1358. 				            	else{

  1359. 									/* match lab id with authorized labs */

  1360. 									if(array_key_exists($lab_id,$_SESSION["authorized"])){

  1361. 										$flag = false;

  1362. 										if($_SESSION["access_level"] != "admin"){

  1363. 											$select = $db->prepare("SELECT pi FROM Laboratory WHERE lab_id=?");

  1364. 											$select->bind_param("i",$lab_id);

  1365. 											$select->execute();

  1366. 											$select->bind_result($pi);

  1367. 											$select->store_result();

  1368. 											$select->fetch();

  1369. 											

  1370. 											if($pi == $person_id){

  1371. 												$error = true;

  1372. 												$flag = true;

  1373. 												$message = "Access level not updated";

  1374. 											}

  1375. 

  1376. 											$select->close();

  1377. 										}

  1378. 

  1379. 										if(!$flag){

  1380. 											$update = $db->prepare("UPDATE Authorized SET access_level=? WHERE person_id=? AND lab_id=?");	 

  1381. 											$update->bind_param("sii",$access_level,$person_id,$lab_id);

  1382. 											if($update->execute()){

  1383. 												$response["status"] = "success";

  1384. 												$response["message"] = "Access level updated";

  1385. 											}

  1386. 

  1387. 											/* update failed */ 

  1388. 											else{

  1389. 												$error = true;

  1390. 												$message = "Access level not updated";

  1391. 											}

  1392. 

  1393. 											$update->close();

  1394. 										}

  1395. 									}

  1396. 

  1397. 									/* lab not authorized */ 

  1398. 									else{

  1399. 										$error = true;

  1400. 										$message = "Action not allowed";

  1401. 									}

  1402. 				            	}

  1403. 				            }

  1404. 

  1405. 				            /* restricted access level */

  1406. 				            else{

  1407. 								$error = true;

  1408. 								$message = "Action not allowed";

  1409. 				            }

  1410. 						}

  1411. 

  1412. 						/* missing args */ 

  1413. 						else{

  1414. 							$error = true;

  1415. 							$message = "One or more arguments missing";

  1416. 						}

  1417. 						break;

  1418. 					case 17:	/* fetch laboratories */

  1419. 			            if($_SESSION["access_level"] === "admin" or $_SESSION["access_level"] === "investigator"){

  1420. 					        if($_SESSION["access_level"] === "admin"){

  1421. 					        	$query = "SELECT Laboratory.lab_id,Laboratory.lab_room,Laboratory.department,Laboratory.building,Laboratory.extension,Laboratory.pi,Person.person_name,Laboratory.lab_name FROM Laboratory INNER JOIN Person ON Person.person_id=Laboratory.pi ORDER BY Laboratory.lab_room ASC";

  1422. 					        	$bind_flag = false;

  1423. 					        }

  1424. 

  1425. 					        else if($_SESSION["access_level"] === "investigator"){

  1426. 				        		$query = "SELECT Laboratory.lab_id,Laboratory.lab_room,Laboratory.department,Laboratory.building,Laboratory.extension,Laboratory.pi,Person.person_name,Laboratory.lab_name FROM Laboratory INNER JOIN Person ON Person.person_id=Laboratory.pi WHERE Laboratory.pi=?  ORDER BY Laboratory.lab_room ASC";

  1427. 				        		$bind_flag = true;

  1428. 				        	}

  1429. 

  1430. 							$labs = $db->prepare($query);

  1431. 							if($bind_flag){

  1432. 								$labs->bind_param("i",$_SESSION["person_id"]);

  1433. 							}

  1434. 

  1435. 							$labs->execute();

  1436. 							$labs->bind_result($lab_id,$lab_room,$department,$building,$extension,$pi,$person_name,$lab_name);

  1437. 

  1438. 							/* extract authorized laboratories */

  1439. 							$response["laboratories"] = array();

  1440. 							while($labs->fetch()){

  1441. 			                	array_push($response["laboratories"],array("lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room),"lab_name" => $lab_name,"department" => $department,"building" => $building,"extension" => $extension,"pi" => array("person_id" => $pi,"person_name" => $person_name)));

  1442. 							}

  1443. 

  1444. 							$labs->close();

  1445. 							$response["status"] = "success";

  1446. 						}

  1447. 

  1448. 			            /* restricted access level */

  1449. 			            else{

  1450. 							$error = true;

  1451. 							$message = "Access denied";

  1452. 			            }	

  1453. 						break;

  1454. 					case 18: 	/* edit lab */

  1455. 						/* verify args */

  1456. 						if(isset($_POST["lab_id"]) and isset($_POST["lab_name"]) and isset($_POST["lab_room"]) and isset($_POST["department"]) and isset($_POST["building"]) and isset($_POST["extension"]) and isset($_POST["pi"])){

  1457. 							$lab_id = $_POST["lab_id"];

  1458. 							$lab_name = $_POST["lab_name"];

  1459. 							$lab_room = $_POST["lab_room"];

  1460. 							$department = $_POST["department"];

  1461. 							$building = $_POST["building"];

  1462. 							$extension = $_POST["extension"];

  1463. 							$pi = $_POST["pi"];

  1464. 							$access_level = "investigator";

  1465. 

  1466. 				            /* update lab */

  1467. 				            if(($_SESSION["access_level"] == "admin" or $_SESSION["access_level"] == "investigator") and array_key_exists($lab_id,$_SESSION["authorized"])){

  1468. 								$update = $db->prepare("UPDATE Laboratory SET lab_room=?,department=?,building=?,extension=?,pi=?,lab_name=? WHERE lab_id=?");

  1469. 								$update->bind_param("ssssisi",$lab_room,$department,$building,$extension,$pi,$lab_name,$lab_id);

  1470. 

  1471. 								/* authorize pi */

  1472. 								if($update->execute()){

  1473. 									$auth = $db->prepare("INSERT INTO Authorized(person_id,lab_id,access_level) VALUES (?,?,?)");

  1474. 									$auth->bind_param("iis",$pi,$lab_id,$access_level);

  1475. 									

  1476. 									if($auth->execute()){

  1477. 										$response["status"] = "success";

  1478. 										$response["message"] = "Laboratory updated successfully";

  1479. 									}

  1480. 

  1481. 									/* possible duplicate */

  1482. 									else{

  1483. 										$update = $db->prepare("UPDATE Authorized SET access_level=? WHERE person_id=? AND lab_id=?");

  1484. 										$update->bind_param("sii",$access_level,$pi,$lab_id);

  1485. 										

  1486. 										if($update->execute()){

  1487. 											$response["status"] = "success";

  1488. 											$response["message"] = "Laboratory updated successfully";

  1489. 										}

  1490. 

  1491. 										/* update failed */ 

  1492. 										else{

  1493. 											$error = true;

  1494. 											$message = "Access level not granted";

  1495. 										}

  1496. 									}

  1497. 

  1498. 									$auth->close();

  1499. 								}

  1500. 

  1501. 								/* update failed */

  1502. 								else{

  1503. 									$error = true;

  1504. 									$message = "Laboratory update failed";

  1505. 								}

  1506. 

  1507. 								$update->close();

  1508. 				            }

  1509. 

  1510. 				            /* restricted access level */

  1511. 				            else{

  1512. 								$error = true;

  1513. 								$message = "Action not allowed";

  1514. 				            }

  1515. 						}

  1516. 

  1517. 						/* missing args */ 

  1518. 						else{

  1519. 							$error = true;

  1520. 							$message = "One or more arguments missing";

  1521. 						}

  1522. 						break;

  1523. 					case 19: 	/* fetch materials */

  1524. 						/* verify args */

  1525. 						if(isset($_POST["page"])){

  1526. 							$page = $_POST["page"];

  1527. 							$offset = $page * 50;

  1528. 

  1529. 			            	/* generate query */

  1530. 							$query = "SELECT Material.mat_id,Material.mat_name,Material.cas,Lab_Material.uom,Lab_Material.total FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id WHERE ";

  1531. 							

  1532. 							foreach($_SESSION["authorized"] as $lab_id => $auth){

  1533. 			            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";

  1534. 			            	}

  1535. 

  1536. 			            	$query = substr($query,0,-3);

  1537. 			            	$query .= "ORDER BY Material.mat_name";

  1538. 

  1539. 			            	$materials = $db->prepare($query);

  1540. 							$materials->execute();

  1541. 							$materials->bind_result($mat_id,$mat_name,$cas,$uom,$total);

  1542. 							$materials->store_result();

  1543. 

  1544. 							/* fetch material data */

  1545. 							$response["materials"] = array();

  1546. 							$response["identifiers"] = array();

  1547. 

  1548. 							while($materials->fetch()){

  1549. 								if(!array_key_exists($mat_id,$response["materials"])){

  1550. 									$response["materials"][$mat_id] = array("mat_name" => $mat_name,"cas" => $cas,"total" => array(utf8_encode($uom) => $total));

  1551. 									array_push($response["identifiers"],array("mat_id" => $mat_id));

  1552. 								}

  1553. 

  1554. 								else{

  1555. 									if(!array_key_exists($uom,$response["materials"][$mat_id]["total"])){

  1556. 										$response["materials"][$mat_id]["total"][utf8_encode($uom)] = $total;

  1557. 									}

  1558. 

  1559. 									else{

  1560. 										$response["materials"][$mat_id]["total"][utf8_encode($uom)] += $total;

  1561. 									}

  1562. 								}

  1563. 							}

  1564. 							

  1565. 							$materials->close();

  1566. 							$response["status"] = "success";

  1567. 			            }

  1568. 

  1569. 						/* missing args */ 

  1570. 						else{

  1571. 							$error = true;

  1572. 							$message = "One or more arguments missing";

  1573. 						}

  1574. 						break;

  1575. 					case 20: 	/* fetch total materials */

  1576. 						$query = "SELECT COUNT(*) FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id INNER JOIN Laboratory ON Laboratory.lab_id=Lab_Material.lab_id WHERE ";

  1577. 		            	

  1578. 		            	foreach($_SESSION["authorized"] as $lab_id => $auth){

  1579. 		            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";

  1580. 		            	}

  1581. 

  1582. 		            	$query = substr($query,0,-4);

  1583. 

  1584. 		            	$count = $db->prepare($query);

  1585. 						$count->execute();

  1586. 						$count->bind_result($total);

  1587. 						$count->store_result();

  1588. 

  1589. 						if($count->fetch()){

  1590. 							$response["total"] = $total;

  1591. 							$response["status"] = "success";

  1592. 						}

  1593. 

  1594. 						/* some error */

  1595. 						else{

  1596. 							$error = true;

  1597. 							$message = "Some error ocurred";

  1598. 						}

  1599. 

  1600. 						$count->close();

  1601. 						break;

  1602. 					case 21: 	/* fetch material info */

  1603. 						/* verify args */

  1604. 						if(isset($_POST["mat_id"])){

  1605. 							$mat_id = $_POST["mat_id"];

  1606. 			            	$query = "SELECT Lab_Material.uom,Lab_Material.man_id,Manufacturer.man_name,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.lab_id,Laboratory.lab_room FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id INNER JOIN Laboratory ON Laboratory.lab_id=Lab_Material.lab_id WHERE Material.mat_id=? AND (";

  1607. 

  1608. 							foreach($_SESSION["authorized"] as $lab_id => $auth){

  1609. 			            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";

  1610. 			            	}

  1611. 

  1612. 		            		$query = substr($query,0,-4);

  1613. 			            	$query .= ")  ORDER BY Material.mat_name ASC";

  1614. 

  1615. 			            	$material = $db->prepare($query);

  1616. 							$material->bind_param("i",$mat_id);

  1617. 							$material->execute();

  1618. 							$material->bind_result($uom,$man_id,$man_name,$capacity,$quantity,$total,$lab_id,$lab_room);

  1619. 							$material->store_result();

  1620. 							

  1621. 							$response["details"] = array();

  1622. 							while($material->fetch()){

  1623. 								array_push($response["details"],array("lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room),"manufacturer" => $man_name,"capacity" => $capacity . $uom,"quantity" => $quantity,"total" => $total . $uom));

  1624. 							}

  1625. 							

  1626. 							$material->close();

  1627. 							$response["status"] = "success";

  1628. 			            }

  1629. 

  1630. 						/* missing args */ 

  1631. 						else{

  1632. 							$error = true;

  1633. 							$message = "One or more arguments missing";

  1634. 						}

  1635. 						break;

  1636. 					case 22: 	/* fetch transactions */

  1637. 			            if($_SESSION["access_level"] === "admin" or $_SESSION["access_level"] === "investigator"){

  1638. 							$query = "SELECT Person.person_name,Transaction.timestamp,Material.mat_name,Manufacturer.man_name,Transaction.capacity,Laboratory.lab_room,Transaction.amount,Transaction.uom,Transaction.type,Transaction.lab_id,Transaction.mat_id FROM Transaction INNER JOIN Laboratory ON Laboratory.lab_id=Transaction.lab_id INNER JOIN Material ON Material.mat_id=Transaction.mat_id INNER JOIN Person ON Person.person_id=Transaction.person_id INNER JOIN Manufacturer ON Manufacturer.man_id=Transaction.man_id WHERE ";

  1639. 			            	

  1640. 			            	foreach($_SESSION["authorized"] as $lab_id => $auth){

  1641. 			            		$query .= "Transaction.lab_id=". $lab_id ." OR ";

  1642. 			            	}

  1643. 

  1644. 			            	$query = substr($query,0,-3);

  1645. 			            	$query .= "ORDER BY Transaction.timestamp DESC";

  1646. 

  1647. 			            	$transactions = $db->prepare($query);

  1648. 							$transactions->execute();

  1649. 							$transactions->bind_result($person_name,$timestamp,$mat_name,$man_name,$capacity,$lab_room,$amount,$uom,$type,$lab_id,$mat_id);

  1650. 							$transactions->store_result();

  1651. 							

  1652. 							$response["transactions"] = array();

  1653. 							while($transactions->fetch()){

  1654. 								array_push($response["transactions"],array("type" => $type,"person_name" => $person_name,"timestamp" => $timestamp,"material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"man_name" => $man_name,"lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room),"capacity" => $capacity . $uom,"amount" => $amount . $uom));

  1655. 							}	

  1656. 

  1657. 							$transactions->close();

  1658. 							$response["status"] = "success";

  1659. 			            }

  1660. 

  1661. 						/* not authorized */ 

  1662. 						else{

  1663. 							$error = true;

  1664. 							$message = "Access denied";

  1665. 						}

  1666. 						break;

  1667. 					case 23: 	/* fetch single material */

  1668. 						/* verify args */

  1669. 						if(isset($_POST["mat_id"])){

  1670. 							$mat_id = $_POST["mat_id"];

  1671. 							$query = "SELECT Material.mat_id,Material.mat_name,Material.cas,Lab_Material.uom,Lab_Material.total FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id WHERE Material.mat_id=? AND (";

  1672. 							

  1673. 							foreach($_SESSION["authorized"] as $lab_id => $auth){

  1674. 			            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";

  1675. 			            	}

  1676. 

  1677. 			            	$query = substr($query,0,-4);

  1678. 			            	$query .= ")";

  1679. 

  1680. 			            	$material = $db->prepare($query);

  1681. 			            	$material->bind_param("i",$mat_id);

  1682. 							$material->execute();

  1683. 							$material->bind_result($mat_id,$mat_name,$cas,$uom,$total);

  1684. 							$material->store_result();

  1685. 

  1686. 							/* fetch material data */

  1687. 							$response["material"] = array();

  1688. 							$response["identifier"] = array();

  1689. 

  1690. 							while($material->fetch()){

  1691. 								if(!array_key_exists($mat_id,$response["material"])){

  1692. 									$response["material"][$mat_id] = array("mat_name" => $mat_name,"cas" => $cas,"total" => array(utf8_encode($uom) => $total));

  1693. 									array_push($response["identifier"],array("mat_id" => $mat_id));

  1694. 								}

  1695. 

  1696. 								else{

  1697. 									if(!array_key_exists($uom,$response["material"][$mat_id]["total"])){

  1698. 										$response["material"][$mat_id]["total"][utf8_encode($uom)] = $total;

  1699. 									}

  1700. 

  1701. 									else{

  1702. 										$response["material"][$mat_id]["total"][utf8_encode($uom)] += $total;

  1703. 									}

  1704. 								}

  1705. 							}

  1706. 

  1707. 							$material->close();

  1708. 							$response["status"] = "success";

  1709. 						}

  1710. 

  1711. 						/* missing args */ 

  1712. 						else{

  1713. 							$error = true;

  1714. 							$message = "One or more arguments missing";

  1715. 						}

  1716. 						break;

  1717. 					case 24: 	/* download table */

  1718. 						/* verify args */

  1719. 						if(isset($_POST["download_type"])){

  1720. 			            	/* handle by download type */

  1721. 							$download_type = $_POST["download_type"];

  1722. 			            	switch($download_type){

  1723. 			            		case "full_report": 			/* full material report */

  1724. 			            			/* fetch material data */

  1725. 									$query = "SELECT Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Material.state,Material.type,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location,Laboratory.lab_room FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id WHERE (";

  1726. 									

  1727. 									/* authorized labs */

  1728. 									foreach($_SESSION["authorized"] as $lab_id => $auth){

  1729. 					            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";

  1730. 					            	}

  1731. 

  1732. 				            		$query = substr($query,0,-4);

  1733. 				            		$query .= ") ORDER BY Material.mat_name";

  1734. 					            	$title = "Full Material Report";

  1735. 					            	$file_name = $download_type . ".csv";

  1736. 

  1737. 					            	$report = $db->prepare($query);

  1738. 									$report->execute();

  1739. 									$report->bind_result($mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$state,$type,$capacity,$quantity,$total,$uom,$location,$lab_room);

  1740. 									$report->store_result();

  1741. 

  1742. 									$hazard = $db->prepare("SELECT Material_Hazard.code,Hazard.description FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.man_id=? GROUP BY Material_Hazard.code,Hazard.description ORDER BY Material_Hazard.code ASC");

  1743. 

  1744. 									$key = 2;

  1745. 									$data = array(array(""),array("Material","Manufacturer","SDS Link","CAS Num.","State","Type","Capacity","Quantity","Total","GHS Code","Hazard Description","Location","Laboratory"));

  1746. 									

  1747. 									while($report->fetch()){

  1748. 										$hazard->bind_param("idi",$mat_id,$capacity,$man_id);

  1749. 										$hazard->execute();

  1750. 										$hazard->bind_result($ghs,$description);

  1751. 										$hazard->store_result();

  1752. 										

  1753. 										$full_ghs = array();

  1754. 										$full_description = array();

  1755. 										

  1756. 										/* fetch hazard details */

  1757. 										while($hazard->fetch()){

  1758. 											if(!(array_search($ghs,$full_ghs))){

  1759. 												array_push($full_ghs,$ghs);

  1760. 												array_push($full_description,$description);

  1761. 											}

  1762. 										}

  1763. 

  1764. 										$data[$key] = array("mat_name" => $mat_name,"man_name" => $man_name,"sds" => $sds,"cas" => $cas,"state" => $state,"type" => $type,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"ghs" => implode(",",$full_ghs),"description" => implode(",",$full_description),"location" => $location,"lab_room" => $lab_room);

  1765. 										$key += 1;

  1766. 									}

  1767. 

  1768. 									/* generate csv */

  1769. 									$hazard->close();

  1770. 									$report->close();

  1771. 							    	$response["status"] = "success";

  1772. 									$response["file_name"] = $file_name;

  1773. 									$response["url"] = gen_csv($data,$title);

  1774. 			            			break;

  1775. 								case "full_lab_report": 		/* full lab report */

  1776. 			            			/* fetch material data */

  1777. 									$query = "SELECT Lab_Material.lab_id,Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Laboratory.lab_room FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id WHERE (";

  1778. 									

  1779. 									/* authorized labs */

  1780. 									foreach($_SESSION["authorized"] as $lab_id => $auth){

  1781. 					            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";

  1782. 					            	}

  1783. 

  1784. 				            		$query = substr($query,0,-4);

  1785. 					            	$query .= ")  ORDER BY Material.mat_name";

  1786. 					            	$title = "Full Laboratory Report";

  1787. 					            	$file_name = $download_type . ".csv";

  1788. 

  1789. 					            	$report = $db->prepare($query);

  1790. 									$report->execute();

  1791. 									$report->bind_result($lab_id,$mat_id,$man_id,$mat_name,$capacity,$quantity,$total,$uom,$lab_room);

  1792. 									$report->store_result();

  1793. 

  1794. 									$data = array();

  1795. 									$labs = array();

  1796. 									

  1797. 									/* fetch material quantities */

  1798. 									while($report->fetch()){

  1799. 										if(!array_key_exists($mat_id,$data)){

  1800. 											$data[$mat_id] = array("mat_name" => $mat_name,"total" => array($uom => $total),"uom" => array($uom));

  1801. 										}

  1802. 

  1803. 										/* update totals */

  1804. 										else{

  1805. 											if(!array_key_exists($uom,$data[$mat_id]["total"])){

  1806. 												$data[$mat_id]["total"][$uom] = $total;

  1807. 												array_push($data[$mat_id]["uom"],$uom);

  1808. 											}

  1809. 											else{

  1810. 												$data[$mat_id]["total"][$uom] += $total;

  1811. 											}

  1812. 										}

  1813. 										

  1814. 										/* save lab quantities */

  1815. 										if(!array_key_exists($mat_id,$labs)){

  1816. 											$labs[$mat_id] = array();

  1817. 										}

  1818. 

  1819. 										/* duplicate laboratories */

  1820. 										if(!array_key_exists($lab_id,$labs[$mat_id])){

  1821. 											$labs[$mat_id][$lab_id] = array(array("lab_room" => $lab_room,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom));

  1822. 										}

  1823. 

  1824. 										else{

  1825. 							        		array_push($labs[$mat_id][$lab_id],array("lab_room" => $lab_room,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom));

  1826. 

  1827. 										}

  1828. 									}

  1829. 

  1830. 									/* generate report format */

  1831. 									$key = 2;

  1832. 									$tmp = array(array(""),array("Material","Total","Laboratories"));

  1833. 							        foreach($data as $mat_id => $arr){

  1834. 							        	$total = "";

  1835. 							        	foreach($data[$mat_id]["total"] as $uom => $value){

  1836. 							        		$total .= $data[$mat_id]["total"][$uom].$uom." / "; 

  1837. 							        	}

  1838. 										$total = substr($total,0,-3);

  1839. 										$tmp[$key] = array("","");

  1840. 							            $tmp[$key+1] = array("","");

  1841. 							            $tmp[$key+2] = array($data[$mat_id]["mat_name"],$total);

  1842. 

  1843. 							        	foreach($labs[$mat_id] as $lab_id => $lab_data){

  1844. 							        		for($i=0; $i < sizeof($lab_data); $i++){

  1845. 								        		array_push($tmp[$key],$labs[$mat_id][$lab_id][$i]["lab_room"]);

  1846. 								        		array_push($tmp[$key],"");

  1847. 								        		array_push($tmp[$key],"");

  1848. 								        		array_push($tmp[$key+1],"Capacity");

  1849. 								        		array_push($tmp[$key+1],"Qty.");

  1850. 								        		array_push($tmp[$key+1],"Total");

  1851. 								        		array_push($tmp[$key+2],$labs[$mat_id][$lab_id][$i]["capacity"].$labs[$mat_id][$lab_id][$i]["uom"]);

  1852. 								        		array_push($tmp[$key+2],$labs[$mat_id][$lab_id][$i]["quantity"]);

  1853. 								        		array_push($tmp[$key+2],$labs[$mat_id][$lab_id][$i]["total"].$labs[$mat_id][$lab_id][$i]["uom"]);

  1854. 							        		}

  1855. 							        	}

  1856. 

  1857. 							        	$tmp[$key+3] = array("");

  1858. 							        	$key += 4;

  1859. 							        }

  1860. 

  1861. 									/* generate csv */

  1862. 									$report->close();

  1863. 							    	$response["status"] = "success";

  1864. 									$response["file_name"] = $file_name;

  1865. 									$response["url"] = gen_csv($tmp,$title);

  1866. 			            			break;

  1867. 								case "ghs_report": 		/* ghs report */

  1868. 									/* verify args */

  1869. 									if(isset($_POST["ghs"])){

  1870. 										$ghs = $_POST["ghs"];

  1871. 					            		$query = "SELECT Hazard.description,Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location,Laboratory.lab_room,Laboratory.lab_id FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE ((";

  1872. 

  1873. 										foreach($_SESSION["authorized"] as $lab_id => $auth){

  1874. 						            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";

  1875. 						            	}

  1876. 

  1877. 						            	$query = substr($query,0,-4);

  1878. 						            	$query .= ") AND Material_Hazard.code=?) ORDER BY Material.mat_name ASC";

  1879. 						            	

  1880. 						            	$report = $db->prepare($query);

  1881. 						            	$report->bind_param("s",$ghs);

  1882. 										$report->execute();

  1883. 										$report->bind_result($description,$mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$capacity,$quantity,$total,$uom,$location,$lab_room,$lab_id);

  1884. 										$report->store_result();

  1885. 

  1886. 										$key = 2;

  1887. 										$data = array(array(""),array("Material","Manufacturer","SDS Link","CAS Num.","Capacity","Quantity","Total","Location","Laboratory"));

  1888. 										while($report->fetch()){

  1889. 											$data[$key] = array("mat_name" => $mat_name,"man_name" => $man_name,"sds" => urlencode($sds),"cas" => $cas,"capacity" => $capacity.$uom,"quantity" => $quantity,"total" => $total.$uom,"location" => $location,"lab_room" => $lab_room);

  1890. 											$key += 1;

  1891. 										}

  1892. 

  1893. 										/* generate csv */

  1894. 										$report->close();

  1895. 								    	$response["status"] = "success";

  1896. 										$response["file_name"] = $ghs . "_report.csv";

  1897. 										$response["url"] = gen_csv($data,$ghs ." Report \nDescription: " . $description);

  1898. 									}

  1899. 			            			

  1900. 									/* missing args */

  1901. 									else{

  1902. 										$error = true;

  1903. 										$message = "One or more args are missing";

  1904. 									}

  1905. 			            			break;

  1906. 			            		case "lab_report":

  1907. 									/* verify args */

  1908. 									if(isset($_POST["lab_id"])){

  1909. 				            			/* fetch material data */

  1910. 										$lab_id = $_POST["lab_id"];

  1911. 										if(array_key_exists($lab_id,$_SESSION["authorized"])){

  1912. 

  1913. 							            	$lab_room = $_SESSION["authorized"][$lab_id]["lab_room"];

  1914. 							            	$title = $lab_room . " Lab Report";

  1915. 							            	$file_name = $lab_room . "_" . $download_type . ".csv";

  1916. 

  1917. 							            	$report = $db->prepare("SELECT Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Material.state,Material.type,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id WHERE Lab_Material.lab_id=? ORDER BY Material.mat_name");

  1918. 							            	$report->bind_param("i",$lab_id);

  1919. 											$report->execute();

  1920. 											$report->bind_result($mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$state,$type,$capacity,$quantity,$total,$uom,$location);

  1921. 											$report->store_result();

  1922. 

  1923. 											$hazard = $db->prepare("SELECT Material_Hazard.code,Hazard.description FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.man_id=? GROUP BY Material_Hazard.code,Hazard.description ORDER BY Material_Hazard.code ASC");

  1924. 

  1925. 											$key = 2;

  1926. 											$data = array(array(""),array("Material","Manufacturer","SDS Link","CAS Num.","State","Type","Capacity","Quantity","Total","GHS Code","Hazard Description","Location","Laboratory"));

  1927. 											

  1928. 											while($report->fetch()){

  1929. 												$hazard->bind_param("idi",$mat_id,$capacity,$man_id);

  1930. 												$hazard->execute();

  1931. 												$hazard->bind_result($ghs,$description);

  1932. 												$hazard->store_result();

  1933. 												

  1934. 												$full_ghs = array();

  1935. 												$full_description = array();

  1936. 												

  1937. 												/* fetch hazard details */

  1938. 												while($hazard->fetch()){

  1939. 													if(!(array_search($ghs,$full_ghs))){

  1940. 														array_push($full_ghs,$ghs);

  1941. 														array_push($full_description,$description);

  1942. 													}

  1943. 												}

  1944. 

  1945. 												$data[$key] = array("mat_name" => $mat_name,"man_name" => $man_name,"sds" => $sds,"cas" => $cas,"state" => $state,"type" => $type,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"ghs" => implode(",",$full_ghs),"description" => implode(",",$full_description),"location" => $location,"lab_room" => $lab_room);

  1946. 												$key += 1;

  1947. 											}

  1948. 

  1949. 											/* generate csv */

  1950. 											$hazard->close();

  1951. 											$report->close();

  1952. 									    	$response["status"] = "success";

  1953. 											$response["file_name"] = $file_name;

  1954. 											$response["url"] = gen_csv($data,$title);

  1955. 										}

  1956. 									}

  1957. 									

  1958. 									/* missing args */

  1959. 									else{

  1960. 										$error = true;

  1961. 										$message = "One or more args are missing";

  1962. 									}

  1963. 			            			break;

  1964. 			            		default:

  1965. 									$error = true;

  1966. 									$message = "Incorrect download type";

  1967. 			            			break;

  1968. 			            	}

  1969. 						}

  1970. 

  1971. 						/* missing args */

  1972. 						else{

  1973. 							$error = true;

  1974. 							$message = "One or more args are missing";

  1975. 						}

  1976. 						break;

  1977. 					case 25: 	/* fetch ghs codes */

  1978. 		            	$ghs = $db->prepare("SELECT DISTINCT(code) FROM Material_Hazard ORDER BY code ASC");

  1979. 						$ghs->execute();

  1980. 						$ghs->bind_result($code);

  1981. 						$ghs->store_result();

  1982. 

  1983. 						$response["ghs"] = array();

  1984. 						while($ghs->fetch()){

  1985. 							$response["ghs"][$code] = array("icon" => urlencode("/images/" . $code . ".png"));

  1986. 						}

  1987. 

  1988. 						$ghs->close();

  1989. 				    	$response["status"] = "success";

  1990. 						break;

  1991. 					case 26: 	/* fetch materials by ghs */

  1992. 						/* verify args */

  1993. 						if(isset($_POST["ghs"])){

  1994. 							$ghs = $_POST["ghs"];

  1995. 		            		$query = "SELECT DISTINCT Hazard.description,Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location,Laboratory.lab_room,Laboratory.lab_id FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE ((";

  1996. 

  1997. 							foreach($_SESSION["authorized"] as $lab_id => $auth){

  1998. 			            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";

  1999. 			            	}

  2000. 

  2001. 			            	$query = substr($query,0,-4);

  2002. 			            	$query .= ") AND Material_Hazard.code=?) ORDER BY Material.mat_name ASC";

  2003. 			            	

  2004. 			            	$materials = $db->prepare($query);

  2005. 			            	$materials->bind_param("s",$ghs);

  2006. 							$materials->execute();

  2007. 							$materials->bind_result($description,$mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$capacity,$quantity,$total,$uom,$location,$lab_room,$lab_id);

  2008. 							$materials->store_result();

  2009. 

  2010. 							$response["ghs"] = array();

  2011. 							while($materials->fetch()){

  2012. 								array_push($response["ghs"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"sds" => urlencode($sds),"cas" => $cas,"capacity" => $capacity.$uom,"quantity" => $quantity,"total" => $total.$uom,"location" => $location,"laboratory" => array("lab_id" => $lab_id,"lab_room" => $lab_room)));

  2013. 							}

  2014. 

  2015. 							$materials->close();

  2016. 					    	$response["status"] = "success";

  2017. 					    	$response["description"] = $description;

  2018. 						}

  2019. 						

  2020. 						/* missing args */

  2021. 						else{

  2022. 							$error = true;

  2023. 							$message = "One or more args are missing";

  2024. 						}

  2025. 						break;

  2026. 					case 27: 	/* fetch offered materials */

  2027. 		            	$offered = $db->prepare("SELECT Person.person_name,Person.person_id,Laboratory.lab_room,Offered_Material.lab_id,Manufacturer.man_name,Offered_Material.man_id,Material.mat_name,Offered_Material.mat_id,Offered_Material.capacity,Offered_Material.uom,Offered_Material.amount,Offered_Material.timestamp FROM Offered_Material INNER JOIN Laboratory ON Laboratory.lab_id=Offered_Material.lab_id INNER JOIN Material ON Material.mat_id=Offered_Material.mat_id INNER JOIN Person ON Person.person_id=Offered_Material.person_id INNER JOIN Manufacturer ON Manufacturer.man_id=Offered_Material.man_id ORDER BY Offered_Material.timestamp DESC");

  2028. 						$offered->execute();

  2029. 						$offered->bind_result($person_name,$person_id,$lab_room,$lab_id,$man_name,$man_id,$mat_name,$mat_id,$capacity,$uom,$amount,$timestamp);

  2030. 						$offered->store_result();

  2031. 

  2032. 						/* save materials */

  2033. 						$response["offered"] = array();

  2034. 						while($offered->fetch()){

  2035. 							array_push($response["offered"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name,"uom" => $uom,"timestamp" => $timestamp),"timestamp" => $timestamp,"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"capacity" => $capacity.$uom,"amount" => $amount.$uom,"person" => array("person_id" => $person_id,"person_name" => $person_name),"lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room)));

  2036. 						}

  2037. 

  2038. 						$offered->close();

  2039. 				    	$response["status"] = "success";

  2040. 						$response["person_id"] = $_SESSION["person_id"];

  2041. 						break;

  2042. 					case 28: 	/* request offered materials */

  2043. 			            /* verify args */

  2044. 						if(isset($_POST["person_id"]) and isset($_POST["lab_id"]) and isset($_POST["request"])){

  2045. 							$request = json_decode($_POST["request"],true);

  2046. 							$mat_id = $request["material"]["mat_id"];

  2047. 							$timestamp = $request["material"]["timestamp"];

  2048. 							$man_id = $request["manufacturer"]["man_id"];

  2049. 							$o_lab_id = $request["lab"]["lab_id"];

  2050. 							$n_lab_id = $_POST["lab_id"];

  2051. 							$uom = $request["material"]["uom"];

  2052. 							$capacity = str_replace($uom,"",$request["capacity"]);

  2053. 							$amount = str_replace($uom,"",$request["amount"]);

  2054. 							$person_id = $_POST["person_id"];

  2055. 

  2056. 			            	$insert = $db->prepare("INSERT INTO Request(`timestamp`,person_id,mat_id,man_id,capacity,uom,lab_id,amount,request_lab_id) VALUES (?,?,?,?,?,?,?,?,?)");

  2057. 							$insert->bind_param("siiidsidi",$timestamp,$person_id,$mat_id,$man_id,$capacity,$uom,$o_lab_id,$amount,$n_lab_id);

  2058. 

  2059. 							if($insert->execute()){

  2060. 					    		$response["status"] = "success";

  2061. 					    		$response["message"] = "Request submited";

  2062. 							}

  2063. 

  2064. 							/* request failed */

  2065. 							else{

  2066. 								$error = true;

  2067. 								$message = "Request failed";

  2068. 							}

  2069. 

  2070. 							$insert->close();

  2071. 						}

  2072. 

  2073. 						/* missing args */

  2074. 						else{

  2075. 							$error = true;

  2076. 							$message = "One or more args are missing";

  2077. 						}

  2078. 						break;

  2079. 					case 29: 	/* fetch requested materials */

  2080. 		            	$requested = $db->prepare("SELECT Person.person_name,Person.person_id,Laboratory.lab_room,L.lab_room,Request.lab_id,Request.request_lab_id,Manufacturer.man_name,Request.man_id,Material.mat_name,Request.mat_id,Request.capacity,Request.uom,Request.amount,Request.request_lab_id,Request.timestamp FROM Request INNER JOIN Laboratory ON Laboratory.lab_id=Request.lab_id INNER JOIN Material ON Material.mat_id=Request.mat_id INNER JOIN Person ON Person.person_id=Request.person_id INNER JOIN Manufacturer ON Manufacturer.man_id=Request.man_id INNER JOIN Laboratory as L ON L.lab_id=Request.request_lab_id ORDER BY Material.mat_name ASC");

  2081. 						$requested->execute();

  2082. 						$requested->bind_result($person_name,$person_id,$prev_lab_room,$new_lab_room,$prev_lab_id,$new_lab_id,$man_name,$man_id,$mat_name,$mat_id,$capacity,$uom,$amount,$request_lab_id,$timestamp);

  2083. 						$requested->store_result();

  2084. 

  2085. 						$response["requested"] = array();

  2086. 						while($requested->fetch()){

  2087. 							array_push($response["requested"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name,"uom" => $uom,"timestamp" => $timestamp),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"capacity" => $capacity.$uom,"amount" => $amount.$uom,"person" => array("person_id" => $person_id,"person_name" => $person_name),"prev_lab" => array("lab_id" => $prev_lab_id,"lab_room" => $prev_lab_room),"new_lab" => array("lab_id" => $new_lab_id,"lab_room" => $new_lab_room)));

  2088. 						}

  2089. 

  2090. 						$requested->close();

  2091. 				    	$response["status"] = "success";

  2092. 						break;

  2093. 					case 30: 	/* handle requested materials */

  2094. 			            /* verify args */

  2095. 						if(isset($_POST["type"]) and isset($_POST["material"])){

  2096. 							$type = $_POST["type"];

  2097. 							$material = json_decode($_POST["material"],true);

  2098. 							$mat_id = $material["material"]["mat_id"];

  2099. 							$timestamp = $material["material"]["timestamp"];

  2100. 							$man_id = $material["manufacturer"]["man_id"];

  2101. 							$prev_lab_id = $material["prev_lab"]["lab_id"];

  2102. 							$new_lab_id = $material["new_lab"]["lab_id"];

  2103. 							$uom = $material["material"]["uom"];

  2104. 							$capacity = (float) str_replace($uom,"",$material["capacity"]);

  2105. 							$amount = (float) str_replace($uom,"",$material["amount"]);

  2106. 							$person_id = $material["person"]["person_id"];

  2107. 							$quantity = ceil($amount/$capacity);

  2108. 							$location = "n/a";

  2109. 							$delete = false;

  2110. 

  2111. 							if($type === "accept"){

  2112. 								$transaction = "add";

  2113. 								$select = $db->prepare("SELECT total FROM Lab_Material WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=?");

  2114. 								$select->bind_param("iidis",$mat_id,$new_lab_id,$capacity,$man_id,$uom);

  2115. 								$select->execute();

  2116. 								$select->bind_result($total);

  2117. 								$select->store_result();

  2118. 

  2119. 								if($select->num_rows > 0){

  2120. 									$select->fetch();

  2121. 									$total += $amount;

  2122. 

  2123. 									$update = $db->prepare("UPDATE Lab_Material SET total=? WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=?");

  2124. 									$update->bind_param("diidis",$total,$mat_id,$new_lab_id,$capacity,$man_id,$uom);

  2125. 									if($update->execute()){

  2126. 										$delete = true;

  2127. 									}

  2128. 

  2129. 									/* request failed */

  2130. 									else{

  2131. 										$error = true;

  2132. 										$message = $update->error;

  2133. 									}

  2134. 									

  2135. 									$update->close();

  2136. 								}

  2137. 

  2138. 								/* insert into lab */

  2139. 								else{

  2140. 									$insert = $db->prepare("INSERT INTO Lab_Material(lab_id,mat_id,capacity,quantity,total,location,uom,man_id) VALUES (?,?,?,?,?,?,?,?)");

  2141. 									$insert->bind_param("iididssi",$new_lab_id,$mat_id,$capacity,$quantity,$amount,$location,$uom,$man_id);

  2142. 

  2143. 									if($insert->execute()){

  2144. 										$delete = true;

  2145. 									}

  2146. 

  2147. 									/* request failed */

  2148. 									else{

  2149. 										$error = true;

  2150. 										$message = "Request failed";

  2151. 									}

  2152. 

  2153. 									$insert->close();

  2154. 								}

  2155. 

  2156. 								$select->close();

  2157. 

  2158. 								/* record transaction */

  2159. 								if($delete){

  2160. 									$insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");

  2161. 									$insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$new_lab_id,$amount,$uom);

  2162. 

  2163. 									if(!$insert->execute()){

  2164. 										$error = true;

  2165. 										$message = $insert->error;

  2166. 										$delete = false;

  2167. 					    			}

  2168. 

  2169. 									$insert->close();

  2170. 								}

  2171. 							}

  2172. 

  2173. 							else{

  2174. 								$delete = true;

  2175. 							}

  2176. 

  2177. 							if($delete){

  2178. 								$delete = $db->prepare("DELETE FROM Request WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=? AND person_id=? AND request_lab_id=? AND `timestamp`=?");

  2179. 								$delete->bind_param("iidisiis",$mat_id,$prev_lab_id,$capacity,$man_id,$uom,$person_id,$new_lab_id,$timestamp);

  2180. 								$offer = $db->prepare("DELETE FROM Offered_Material WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=? AND `timestamp`=?");

  2181. 								$offer->bind_param("iidiss",$mat_id,$prev_lab_id,$capacity,$man_id,$uom,$timestamp);

  2182. 

  2183. 								if($delete->execute()){

  2184. 									if($offer->execute()){

  2185. 						    			$response["status"] = "success";

  2186. 					    				$response["message"] = "Request answered successfully";

  2187. 									}

  2188. 

  2189. 									/* request failed */

  2190. 									else{

  2191. 										$error = true;

  2192. 										$message = "Request failed";

  2193. 									}

  2194. 

  2195. 									$offer->close();

  2196. 								}

  2197. 

  2198. 								/* request failed */

  2199. 								else{

  2200. 									$error = true;

  2201. 									$message = "Request failed";

  2202. 								}

  2203. 

  2204. 								$delete->close();

  2205. 							}

  2206. 						}

  2207. 

  2208. 						/* missing args */

  2209. 						else{

  2210. 							$error = true;

  2211. 							$message = "One or more args are missing";

  2212. 						}

  2213. 						break;

  2214. 					default:	/* non defined requests */

  2215. 						$error = true;

  2216. 						$message = "Invalid request";

  2217. 						break;

  2218. 				}

  2219. 			}

  2220. 		}

  2221. 

  2222. 		/* missing api call */ 

  2223. 		else{

  2224. 			$error = true;

  2225. 			$message = "One or more arguments are missing";

  2226. 		}

  2227. 

  2228. 		/* handle errors */ 

  2229. 		if($error){

  2230. 			$response = array("status" => "error","message" => $message);

  2231. 		}

  2232. 

  2233. 		/* query response */ 

  2234. 		$db->close();

  2235. 		echo json_encode(utf8_response($response));

  2236. 	}

  2237. 

  2238. 	/* start session */

  2239. 	function start_session(){

  2240. 		/* start user session */

  2241. 		if(!isset($_SESSION)){

  2242. 			session_start();

  2243. 	    }

  2244. 	}

  2245. 

  2246. 	/* utf8_response($obj: array/string) - parse response as utf-8 */

  2247. 	function utf8_response($obj){

  2248. 	    if(is_array($obj)){

  2249. 	        foreach($obj as $key => $value){

  2250. 	            $obj[$key] = utf8_response($value);

  2251. 	        }

  2252. 	    }

  2253. 

  2254. 		else if(is_string($obj)){

  2255. 		    return utf8_encode($obj);

  2256. 		}

  2257. 

  2258. 	    return $obj;

  2259. 	}

  2260. 

  2261. 	/* session_expired() - verify if session is expired */

  2262. 	function session_expired(){

  2263. 		/* start session */

  2264. 		start_session();

  2265. 

  2266. 		/* check for expired session */

  2267. 		if(!isset($_SESSION["last_activity"]) or (time() - $_SESSION["last_activity"]) > 1800){

  2268. 

  2269. 			/* destroy session */

  2270. 			session_unset();

  2271. 			session_destroy();

  2272. 			$_SESSION = array();

  2273. 			$expired = true;

  2274. 		}

  2275. 

  2276. 		/* update last activity */

  2277. 		else{

  2278. 			/* update session id, after 30 mins */

  2279. 			if((time() - $_SESSION["created"]) > 1800){

  2280. 			    /* update session id/creation time */

  2281. 			    session_regenerate_id(true);

  2282. 			    $_SESSION["created"] = time();

  2283. 			}

  2284. 			

  2285. 			$_SESSION['last_activity'] = time();

  2286. 			$expired = false;

  2287. 		}

  2288. 

  2289. 		return $expired;

  2290. 	}

  2291. 

  2292. 	/* gen_csv($data: array of arrays,$title: string) - generate csv file */

  2293. 	function gen_csv($data,$title){

  2294. 		/* generate file name */

  2295. 		$file_name = "../tmp/" . bin2hex(random_bytes(16)) . ".csv";

  2296. 

  2297. 	    $f = fopen($file_name,"w");

  2298. 	    fwrite($f,$title . "\n");

  2299. 	    fwrite($f,"Report generated: " . $timestamp = date("Y-m-d H:i:s") . "\n");

  2300. 	    foreach($data as $row){

  2301. 	    	fputcsv($f,$row,",");

  2302. 	    }

  2303. 

  2304. 	    fclose($f);

  2305. 	    return str_replace("..","",$file_name);

  2306. 	}

  2307. 

  2308. 	opaso();

  2309. ?>