inventarioSustancias/public_html/scripts/opaso.php

<?php
/*  Authors         :   Carlos C. Corrada-Bravo
                        David J. Ortiz-Rivera

    Organization    :   Centro de Desarrollo y Consultoria Computacional
    Project         :   OPASO Material Registry   
    File            :   opaso.php
    Description     :   Handle API requests for OPASO */

    /* display errors */ 
	error_reporting(E_ALL);
	ini_set("display_errors",1);

	/* opaso() - handle api requests for opaso */
	function opaso(){
		/* import database */ 
		require "../config/database.php";

		/* verify api call */
		if(isset($_POST["query"])){
			$error = false;
			$expired = false;
			$response = array();
			$q = $_POST["query"];

			/* verify user session */
			if($q != 1){
	            if(session_expired()){
	            	$expired = true;
					$response["status"] = "expired";
	            }
			}

			/* handle request */
			if(!$expired){
				switch($q){
					case 0:		/* register user */
						/* verify args */
						if(isset($_POST["person_name"]) and isset($_POST["email"]) and isset($_POST["phone_number"])){
							$password = "n/a";
							$email = $_POST["email"];
							$person_name = $_POST["person_name"];
							$phone_number = $_POST["phone_number"];

				            /* register user */
				            if($_SESSION["access_level"] === "admin" or $_SESSION["access_level"] === "investigator"){
								$register = $db->prepare("INSERT INTO Person(person_name,email,password,phone) VALUES (?,?,?,?)");
								$register->bind_param("ssss",$person_name,$email,$password,$phone_number);
								
								/* extract id */ 
								if($register->execute()){
									$person_id = $db->insert_id;
									$response["status"] = "success";
									$response["person_id"] = $person_id;
									$response["message"] = "Person registered successfully";
								}

								/* query failed */ 
								else{
									$error = true;
									$message = "Registration failed, possible duplicate";
								}

								$register->close();
				            }

				            /* restricted access level */
				            else{
								$error = true;
								$message = "Access not allowed";
				            }
						}

						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 1:		/* log in user */
						/* verify args */ 
						if(isset($_POST["email"]) and isset($_POST["password"])){
							/* fetch hashed password and user data */
							$email = $_POST["email"];
							$password = $_POST["password"];
							$login = $db->prepare("SELECT person_id,person_name,password FROM Person WHERE email=?");
							$login->bind_param("s",$email);
							$login->execute();
							$login->bind_result($person_id,$person_name,$hashed_password);
							$login->store_result();
							$login->fetch();

							/* match password with hash */ 
							if(password_verify($password,$hashed_password)){
								/* fetch authorized laboratories */
								$authorized = $db->prepare("SELECT Authorized.lab_id,Laboratory.lab_room,Authorized.access_level FROM Authorized INNER JOIN Laboratory ON Laboratory.lab_id = Authorized.lab_id WHERE person_id=? AND Authorized.access_level!='none' ORDER BY Laboratory.lab_room ASC");
								$authorized->bind_param("i",$person_id);
								$authorized->execute();
								$authorized->bind_result($lab_id,$lab_room,$access_level);

								/* initialize authorized array */
								start_session();
								$_SESSION["authorized"] = array();
								$access_level = "technician";
								$pi_flag = false;
								$admin_flag = false;

								/* fetch entries */
								while($authorized->fetch()){
									if($access_level == "investigator"){
										$pi_flag = true;
									}

									elseif($access_level == "admin"){
										$admin_flag = true;
									}

							    	$_SESSION["authorized"][$lab_id] = array("lab_room" => $lab_room, "access_level" => $access_level);
								}

								/* set user data */
								$_SESSION["person_id"] = $person_id;
								$_SESSION["person_name"] = explode(" ",$person_name)[0];

								/* set highest access level */
								if($pi_flag){
									$access_level = "investigator";
								}

								elseif($admin_flag){
									$access_level = "admin";
								}

								$_SESSION["access_level"] = $access_level;
				    			$_SESSION["created"] = time();
								$_SESSION["last_activity"] = time();

								$login->close();
								$authorized->close();

								$response["status"] = "success";
							}

							/* passwords don't match */ 
							else{
								$error = true;
								$message = "Login failed";
							}
						}

						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 2:		/* get laboratories */
						/* fetch authorized laboratories */
						$auth = $db->prepare("SELECT Authorized.lab_id,Laboratory.lab_room,Authorized.access_level FROM Authorized INNER JOIN Laboratory ON Laboratory.lab_id = Authorized.lab_id WHERE person_id=? AND Authorized.access_level!='none' ORDER BY Laboratory.lab_room ASC");
						$auth->bind_param("i",$_SESSION["person_id"]);
						$auth->execute();
						$auth->bind_result($lab_id,$lab_room,$access_level);
						
						/* initialize authorized array */
						start_session();
						$_SESSION["authorized"] = array();
						$pi_flag = false;
						$admin_flag = false;
						$access_level = "technician";
						$response["authorized"] = array();

						/* fetch entries */
						while($auth->fetch()){
							if($access_level == "investigator"){
								$pi_flag = true;
							}

							elseif($access_level == "admin"){
								$admin_flag = true;
							}

					    	$_SESSION["authorized"][$lab_id] = array("lab_room" => $lab_room, "access_level" => $access_level);
		                	array_push($response["authorized"],array("lab_id" => $lab_id,"lab_room" => $lab_room, "access_level" => $access_level));
						}

						$auth->close();

						/* determine highest access level */
						if($pi_flag){
							$access_level = "investigator";
						}

						elseif($admin_flag){
							$access_level = "admin";
						}

						$_SESSION["access_level"] = $access_level;
						$response["status"] = "success";
						break;
					case 3:		/* get laboratory inventory */
						/* verify args */
						if(isset($_POST["lab_id"])){
							/* match lab id with authorized labs */
							$lab_id = $_POST["lab_id"];
							if(array_key_exists($lab_id,$_SESSION["authorized"])){
								/* fetch lab inventory */
								$laboratory = $db->prepare("SELECT Material.mat_id,Manufacturer.man_id,Material.mat_name,Manufacturer.man_name,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location FROM Lab_Material INNER JOIN Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Lab_Material.man_id=Manufacturer.man_id WHERE Lab_Material.lab_id=? ORDER BY Material.mat_name,Lab_Material.capacity ASC");
								$laboratory->bind_param("i",$lab_id);
								$laboratory->execute();
								$laboratory->bind_result($mat_id,$man_id,$mat_name,$man_name,$capacity,$quantity,$total,$uom,$location);
								$laboratory->store_result();
								
								$response["lab"] = array();
								$response["lab"]["inventory"] = array();
								while($laboratory->fetch()){
									array_push($response["lab"]["inventory"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom,"location" => $location));
								}

								/* fetch lab personnel */
								$personnel = $db->prepare("SELECT Person.person_name,Authorized.access_level FROM Authorized INNER JOIN Person ON Person.person_id=Authorized.person_id WHERE Authorized.lab_id=? AND Authorized.access_level!='none' ORDER BY Authorized.access_level ASC");
								$personnel->bind_param("i",$lab_id);
								$personnel->execute();
								$personnel->bind_result($person_name,$access_level);
								$personnel->store_result();
								
								$response["lab"]["personnel"] = array();
								while($personnel->fetch()){
									array_push($response["lab"]["personnel"],array("person_name" => $person_name,"access_level" => $access_level));
								}

								$personnel->close();						
								$laboratory->close();
						    	$response["status"] = "success";
							}

							/* lab not authorized */ 
							else{					
								$error = true;
								$message = "Laboratory not authorized";	
							}
						}

						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 4:		/* get lab inventory */
						/* verify args */
						if(isset($_POST["lab_id"])){
							/* match lab id with authorized labs */
							$lab_id = $_POST["lab_id"];
							if(array_key_exists($lab_id,$_SESSION["authorized"])){
								/* fetch lab inventory */
								$inventory = $db->prepare("SELECT Material.mat_id,Manufacturer.man_id,Material.mat_name,Material.cas,Manufacturer.man_name,Material_Manufacturer.sds,Material.state,Material.type,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location FROM (Lab_Material INNER JOIN Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Lab_Material.man_id=Manufacturer.man_id INNER JOIN Material_Manufacturer ON Lab_Material.mat_id=Material_Manufacturer.mat_id AND Lab_Material.man_id=Material_Manufacturer.man_id) WHERE Lab_Material.lab_id=? ORDER BY Material.mat_name,Lab_Material.capacity ASC");
								$inventory->bind_param("i",$lab_id);
								$inventory->execute();
								$inventory->bind_result($mat_id,$man_id,$mat_name,$cas,$man_name,$sds,$state,$type,$capacity,$quantity,$total,$uom,$location);
								$inventory->store_result();
								
								$response["lab"] = array();
								$response["lab"]["inventory"] = array();
								$hazard = $db->prepare("SELECT Material_Hazard.code,Hazard.description FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.lab_id=? AND Lab_Material.man_id=? GROUP BY Material_Hazard.code,Hazard.description ORDER BY Material_Hazard.code ASC");

								/* fetch hazard data */
								while($inventory->fetch()){
									$hazard->bind_param("idii",$mat_id,$capacity,$lab_id,$man_id);
									$hazard->execute();
									$hazard->bind_result($ghs,$description);
									$hazard->store_result();
									
									$full_ghs = array();
									$full_description = array();
									
									/* fetch hazard details */
									while($hazard->fetch()){
										if(!(array_search($ghs,$full_ghs))){
											array_push($full_ghs,$ghs);
											array_push($full_description,$description);
										}
									}

									array_push($response["lab"]["inventory"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"cas" => $cas,"sds" => urlencode($sds),"ghs" => implode(",",$full_ghs),"state" => $state,"type" => $type,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom,"location" => $location));
								}
								
								$inventory->close();
						    	$response["status"] = "success";
							}

							/* lab not authorized */ 
							else{					
								$error = true;
								$message = "Laboratory not authorized";	
							}
						}

						/* missing args */
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 5:		/* edit cell*/
						/* verify args */
						if(isset($_POST["lab_id"]) and isset($_POST["field"]) and isset($_POST["data"])){
							$amount = 0;
							$field = $_POST["field"];
							$lab_id = $_POST["lab_id"];
							$data = json_decode($_POST["data"],true);
							
							if($field === "man_name"){
								$transaction = "edit manufacturer";
							}

							elseif($field === "mat_name"){
								$transaction = "edit material";
							}

							else{
								$transaction = "edit " . $field;
							}

							/* match lab id with authorized labs */
							if(array_key_exists($lab_id,$_SESSION["authorized"])){
								switch($field){
									case "mat_name": 	/* update material name */
										$update = $db->prepare("UPDATE Material SET mat_name=? WHERE mat_id=?");
										$update->bind_param("si",$data["mat_name"],$data["mat_id"]);

										if(!$update->execute()){
											$error = true;
											$message = "Update failed";
										}

										$update->close();
										break;
									case "man_name": 	/* update manufacturer name */
										$update = $db->prepare("UPDATE Manufacturer SET man_name=? WHERE man_id=?");
										$update->bind_param("si",$data["man_name"],$data["man_id"]);
										
										if(!$update->execute()){
											$error = true;
											$message = "Update failed";
										}

										$update->close();
										break;
									case "cas":  		/* update material cas num */
										$update = $db->prepare("UPDATE Material SET cas=? WHERE mat_id=?");
										$update->bind_param("si",$data["cas"],$data["mat_id"]);
										
										if(!$update->execute()){
											$error = true;
											$message = "Update failed";
										}

										$update->close();
										break;
									case "sds":  		/* update material sds */
										$update = $db->prepare("UPDATE Material_Manufacturer SET sds=? WHERE mat_id=? AND man_id=?");
										$update->bind_param("sii",$data["sds"],$data["mat_id"],$data["man_id"]);
										
										if(!$update->execute()){
											$error = true;
											$message = "Update failed";
										}

										$update->close();
										break;
									case "ghs": 		/* update ghs */
										$delete = $db->prepare("DELETE FROM Material_Hazard WHERE mat_id=?");
										$delete->bind_param("i",$data["mat_id"]);
										
										if(!$delete->execute()){
											$error = true;
											$message = "Update failed";
										}

										else{
											$insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");
											$ghs = explode(",",$data["ghs"]);

											for($i = 0; $i <  sizeof($ghs); $i++){
												if($ghs[$i]){
													$insert->bind_param("is",$data["mat_id"],$ghs[$i]);
													
													if(!$insert->execute()){
														$insert_ghs = $db->prepare("INSERT INTO Hazard(code) VALUES(?)");
														$insert_ghs->bind_param("s",$ghs[$i]);
														
														if(!$insert_ghs->execute()){
															$error = true;
															$message = "Update failed";
															break;
														}
														else{
															$insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");
															$insert->bind_param("is",$data["mat_id"],$ghs[$i]);
															if(!$insert->execute()){
																$error = true;
																$message = "Update failed";
																break;
															}
														}
													}
												}
											}
											
											$insert->close();
										}

										$delete->close();
										break;
									case "state":
										$update = $db->prepare("UPDATE Material SET state=? WHERE mat_id=?");
										$update->bind_param("si",$data["state"],$data["mat_id"]);
										
										if(!$update->execute()){
											$error = true;
											$message = "Update failed";
										}

										$update->close();
										break;

									case "location":
										$update = $db->prepare("UPDATE Lab_Material SET location=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");
										$update->bind_param("siiids",$data["location"],$data["mat_id"],$lab_id,$data["man_id"],$data["capacity"],$data["uom"]);
										
										if(!$update->execute()){
											$error = true;
											$message = "Update failed";
										}

										$update->close();
										break;

									case "type":
										$update = $db->prepare("UPDATE Material SET type=? WHERE mat_id=?");
										$update->bind_param("si",$data["type"],$data["mat_id"]);
										
										if(!$update->execute()){
											$error = true;
											$message = "Update failed";
										}

										$update->close();
										break;

									case "capacity":
										$update = $db->prepare("UPDATE Lab_Material SET capacity=?,quantity=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");
										$update->bind_param("diiiids",$data["new_capacity"],$data["quantity"],$data["mat_id"],$lab_id,$data["man_id"],$data["prev_capacity"],$data["uom"]);
										
										if(!$update->execute()){
											$error = true;
											$message = "Update failed";
										}

										$update->close();
										break;

									case "quantity": 	/* update quantity */
									case "total": 		/* update total */
										$update = $db->prepare("UPDATE Lab_Material SET total=?,quantity=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");
										$update->bind_param("diiiids",$data["total"],$data["quantity"],$data["mat_id"],$lab_id,$data["man_id"],$data["capacity"],$data["uom"]);

										$amount = $data["total"];
										
										if(!$update->execute()){
											$error = true;
											$message = "Update failed";
										}

										$update->close();
										break;

									case "uom": 	/* update uom */
										$update = $db->prepare("UPDATE Material SET uom=? WHERE mat_id=? AND uom=?");
										$update->bind_param("sis",$data["new_uom"],$data["mat_id"],$data["prev_uom"]);
										
										if(!$update->execute()){
											$error = true;
											$message = $update->error;
										}

										else{
											$update = $db->prepare("UPDATE Lab_Material SET uom=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");
											$update->bind_param("siiids",$data["new_uom"],$data["mat_id"],$lab_id,$data["man_id"],$data["capacity"],$data["prev_uom"]);
											
											if(!$update->execute()){
												$error = true;
												$message = "Material update failed";
											}
										}

										$update->close();
										break;

									default:
										$error = true;
										$message = "Incorrect field query";
										break;
								}

								/* record transaction */
								if(!$error){
									$timestamp = date("Y-m-d H:i:s");
									$insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");
									$insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$data["mat_id"],$data["man_id"],$data["capacity"],$lab_id,$amount,$data["uom"]);

									if($insert->execute()){
								    	$response["status"] = "success";
								    	$response["message"] = "Field updated successfully";
									}

									/* transaction failed */ 
									else{
										$error = true;
										$message = "Field update failed";;
									}

									$insert->close();
								}
							}

							/* lab not authorized */ 
							else{					
								$error = true;
								$message = "Laboratory not authorized";	
							}
						}

						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 6:		/* edit row */
						/* verify args */
						if(isset($_POST["lab_id"]) and isset($_POST["mat_id"]) and isset($_POST["man_id"]) and isset($_POST["uom"]) and isset($_POST["capacity"]) and isset($_POST["data"])){
							$lab_id = $_POST["lab_id"];
							$mat_id = $_POST["mat_id"];
							$man_id = $_POST["man_id"];
							$uom = $_POST["uom"];
							$transaction = "edit";
							$capacity = $_POST["capacity"];
							$data = json_decode($_POST["data"],true);
							$total = $data["capacity"] * $data["quantity"];

							/* match lab id with authorized labs */ 
							if(array_key_exists($lab_id,$_SESSION["authorized"])){
								$material = $db->prepare("UPDATE Material SET mat_name=?,cas=?,state=?,type=?,uom=? WHERE mat_id=? AND uom=?");
								$material->bind_param("sssssis",$data["mat_name"],$data["cas"],$data["state"],$data["type"],$data["uom"],$mat_id,$uom);
								
								if(!$material->execute()){
									$error = true;
									$message = "Material update failed";
								}

								$material->close();

								$manufacturer = $db->prepare("UPDATE Manufacturer SET man_name=? WHERE man_id=?");
								$manufacturer->bind_param("si",$data["man_name"],$man_id);
								
								if(!$manufacturer->execute() and !$error){
									$error = true;
									$message = "Manufacturer update failed";
								}

								$manufacturer->close();
								$update = $db->prepare("UPDATE Material_Manufacturer SET sds=? WHERE mat_id=? AND man_id=?");
								$update->bind_param("sii",$data["sds"],$mat_id,$man_id);

								if(!$update->execute() and !$error){
									$error = true;
									$message = "Update failed";
								}
								
								$update->close();
								$delete = $db->prepare("DELETE FROM Material_Hazard WHERE mat_id=?");
								$delete->bind_param("i",$mat_id);
								
								if(!$delete->execute() and !$error){
									$error = true;
									$message = "GHS update failed";
								}

								else{
									$insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");
									$ghs = explode(",",$data["ghs"]);

									for($i = 0; $i <  sizeof($ghs); $i++){
										if($ghs[$i]){
											$insert->bind_param("is",$mat_id,$ghs[$i]);
											
											if(!$insert->execute() and !$error){
												$insert_ghs = $db->prepare("INSERT INTO Hazard(code) VALUES(?)");
												$insert_ghs->bind_param("s",$ghs[$i]);
												
												if(!$insert_ghs->execute() and !$error){
													$error = true;
													$message = "GHS update failed";
													break;
												}
												else{
													$insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");
													$insert->bind_param("is",$mat_id,$ghs[$i]);
													if(!$insert->execute()){
														$error = true;
														$message = "GHS update failed";
														break;
													}
												}
											}
										}
									}
								}

								$delete->close();
								$insert->close();

								$update = $db->prepare("UPDATE Lab_Material SET capacity=?,quantity=?,total=?,location=?,uom=? WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");
								$update->bind_param("didssiiids",$data["capacity"],$data["quantity"],$total,$data["location"],$data["uom"],$mat_id,$lab_id,$man_id,$capacity,$uom);
								
								if(!$update->execute() and !$error){
									$error = true;
									$message = "Material update failed";
								}

								$update->close();

								/* record transaction */
								if(!$error){
									$timestamp = date("Y-m-d H:i:s");
									$insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");
									$insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$total,$uom);

									if($insert->execute()){
								    	$response["status"] = "success";
								    	$response["message"] = "Entry updated successfully";
									}

									/* transaction failed */ 
									else{
										$error = true;
										$message = "Entry update failed";;
									}

									$insert->close();
								}
							}

							/* lab not authorized */ 
							else{					
								$error = true;
								$message = "Laboratory not authorized";	
							}
						}

						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 8: 	/* delete row */
						/* verify args */
						if(isset($_POST["lab_id"]) and isset($_POST["data"])){
							$lab_id = $_POST["lab_id"];
							$data = json_decode($_POST["data"],true);
							$uom = $data["uom"];
							$amount = $data["total"];
							$transaction = "delete";
							$capacity = $data["capacity"];
							$mat_id = $data["material"]["mat_id"];
							$man_id = $data["manufacturer"]["man_id"];

							/* match lab id with authorized labs */
							if(array_key_exists($lab_id,$_SESSION["authorized"])){
								$delete = $db->prepare("DELETE FROM Lab_Material WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");
								$delete->bind_param("iiids",$mat_id,$lab_id,$man_id,$capacity,$uom);

								/* record transaction */
								if($delete->execute()){
									$timestamp = date("Y-m-d H:i:s");
									$insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");
									$insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$amount,$uom);

									if($insert->execute()){
								    	$response["status"] = "success";
								    	$response["message"] = "Entry deleted successfully";
									}
									/* transaction failed */ 
									else{
										$error = true;
										$message = "Material delete failed";
									}
									$delete->close();
								}

								/* query failed */ 
								else{
									$error = true;
									$message = "Material delete failed";
								}
							}
							/* lab not authorized */ 
							else{					
								$error = true;
								$message = "Laboratory not authorized";	
							}
						}
						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 9:		/* material transaction */
						/* verify args */
						if(isset($_POST["lab_id"]) and isset($_POST["mat_id"]) and isset($_POST["capacity"]) and isset($_POST["transaction"]) and isset($_POST["man_id"]) and isset($_POST["total"]) and isset($_POST["amount"]) and isset($_POST["uom"])){
							$flag = false;
							$lab_id = $_POST["lab_id"];
							$mat_id = $_POST["mat_id"];
							$capacity = $_POST["capacity"];
							$transaction = $_POST["transaction"];
							$total = $_POST["total"];
							$uom = $_POST["uom"];
							$man_id = $_POST["man_id"];
							$amount = $_POST["amount"];
							$delete = false;

							/* match lab id with authorized labs */
							if(array_key_exists($lab_id,$_SESSION["authorized"])){

								/* update total amount */
								if($total > 0){
			                        $containers = ceil($total/$capacity);
									$update = $db->prepare("UPDATE Lab_Material SET total=?,quantity=? WHERE mat_id=? AND man_id=? AND lab_id=? AND capacity=? AND uom=?");
									$update->bind_param("diiiids",$total,$containers,$mat_id,$man_id,$lab_id,$capacity,$uom);
									if($update->execute()){
										$update->close();
										$flag = true;
									}

									/* transaction failed */ 
									else{
										$error = true;
										$message = "Transaction failed";
									}
								}

								/* material consumed, remove entry */
								else{
									$flag = true;
									$delete = true;
								}

								/* record transaction */
								if($flag){
									$timestamp = date("Y-m-d H:i:s");
									$insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");
									$insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$amount,$uom);

									if($insert->execute()){
										if($transaction === "offer"){
											$offered_insert = $db->prepare("INSERT INTO Offered_Material(person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?)");
											$offered_insert->bind_param("isiidids",$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$amount,$uom);

											if($offered_insert->execute()){
												$response["status"] = "success";
												$response["message"] = "Transaction completed successfully";
											}

											else{
												$error = true;
												$message = "Insertion into Offered Materials failed";
											}

											$offered_insert->close();
										}

										else{
											$response["status"] = "success";
											$response["message"] = "Transaction completed successfully";
										}
										if($delete){
											$delete = $db->prepare("DELETE FROM Lab_Material WHERE mat_id=? AND man_id=? AND lab_id=? AND capacity=? AND uom=?");
											$delete->bind_param("iiids",$mat_id,$man_id,$lab_id,$capacity,$uom);

											if($delete->execute()){
												$response["status"] = "success";
												$response["message"] = "Transaction completed successfully";
											}
											
											/* delete failed */ 
											else{
												$error = true;
												$message = "Material removal failed";
											}
											
											$delete->close();
										}
									}

									/* transaction failed */ 
									else{
										$error = true;
										$message ="Transaction failed";
									}

									$insert->close();
								}

								/* initial transaction failed */
								else{
									$error = true;
									$message = "Transaction failed";
								}
							}

							/* lab not authorized */ 
							else{					
								$error = true;
								$message = "Laboratory not authorized";	
							}
						}

						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 10:	/* insert material */
						/* verify args */
						if(isset($_POST["lab_id"]) and isset($_POST["data"])){
							$flag = false;
							$lab_id = $_POST["lab_id"];
							$data = json_decode($_POST["data"],true);
							$capacity = $data["capacity"];
							$mat_name =  $data["mat_name"];
							$total = $data["quantity"] * $capacity;
							$uom = $data["uom"];
							$man_name = $data["man_name"];

							/* match lab id with authorized labs */
							if(array_key_exists($lab_id,$_SESSION["authorized"])){
								/* verify if manufacturer already exists */
								$manufacturer = $db->prepare("SELECT man_id FROM Manufacturer WHERE man_name=?");
								$manufacturer->bind_param("s",$man_name);
								$manufacturer->execute();
								$manufacturer->store_result();
								$manufacturer->bind_result($man_id);
								
								if($manufacturer->num_rows > 0){
									$manufacturer->fetch();
								}
								
								/* insert manufacturer */
								else{
									$insert = $db->prepare("INSERT INTO Manufacturer(man_name) VALUES (?)");
									$insert->bind_param("s",$man_name);

									if($insert->execute()){
										$man_id = $db->insert_id;
									}

									/* insert failed */ 
									else{
										$error = true;
										$message = "Manufacturer insert failed";
									}

									$insert->close();
								}

								$manufacturer->close();

								if($man_id){
									/* verify if material already exists */
									$material = $db->prepare("SELECT mat_id FROM Material WHERE mat_name=? AND uom=?");
									$material->bind_param("ss",$mat_name,$uom);
									$material->execute();
									$material->bind_result($mat_id);
									$material->store_result();

									if($material->num_rows > 0){
										$material->fetch();
									}

									/* insert material */
									else{
										$insert = $db->prepare("INSERT INTO Material(mat_name,cas,state,type,uom) VALUES (?,?,?,?,?)");
										$insert->bind_param("sssss",$mat_name,$data["cas"],$data["state"],$data["type"],$uom);
										
										if($insert->execute()){
											$mat_id = $db->insert_id;
										}

										/* material insert failed */ 
										else{
											$error = true;
											$message = "Material insert failed";
										}

										$insert->close();
									}

									$material->close();
								}

								/* match material and manufacturer */
								if($man_id and $mat_id and !$error){
									$mat_man = $db->prepare("INSERT INTO Material_Manufacturer(mat_id,man_id,sds) VALUES (?,?,?)");
									$mat_man->bind_param("iis",$mat_id,$man_id,$data["sds"]);

									if($mat_man->execute()){
									}

									else{
										$mat_man = $db->prepare("SELECT mat_id FROM Material_Manufacturer WHERE mat_id=? AND man_id=?");
										$mat_man->bind_param("ii",$mat_id,$man_id);
										$mat_man->execute();
										$mat_man->bind_result($mat_id);
										$mat_man->store_result();
										
										if($mat_man->num_rows > 0){

										}

										/* match failed */
										else{
											$error = true;
											$message = "Material/Manufacturer match failed";	
										}
									}
									
									$mat_man->close();

									/* match material and hazard */
									if(!$error){
										$delete = $db->prepare("DELETE FROM Material_Hazard WHERE mat_id=?");
										$delete->bind_param("i",$data["mat_id"]);
										
										if(!$delete->execute()){
											$error = true;
											$message = "Material/Hazard match failedj";
										}

										else{
											$insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");
											$ghs = explode(",",$data["ghs"]);

											for($i = 0; $i <  sizeof($ghs); $i++){
												if($ghs[$i]){
													$insert->bind_param("is",$mat_id,$ghs[$i]);
													
													if(!$insert->execute()){
														$insert_ghs = $db->prepare("INSERT INTO Hazard(code) VALUES(?)");
														$insert_ghs->bind_param("s",$ghs[$i]);
														
														if(!$insert_ghs->execute()){
															$insert = $db->prepare("INSERT INTO Material_Hazard(mat_id,code) VALUES(?,?)");
															$insert->bind_param("is",$mat_id,$ghs[$i]);
															if(!$insert->execute()){
																$error = true;
																$message = "Material/Hazard match failedjh";
																break;
															}
														}
													}
												}
											}

											$insert->close();
										}

										$delete->close();
									}

									/* match material and lab material */
									if(!$error){
										$lab = $db->prepare("SELECT total FROM Lab_Material WHERE mat_id=? AND lab_id=? AND man_id=? AND capacity=? AND uom=?");
										$lab->bind_param("iiids",$mat_id,$lab_id,$man_id,$capacity,$uom);
										$lab->execute();
										$lab->bind_result($new_total);
										$lab->store_result();
										
										/* update total amount */
										if($lab->num_rows > 0){
											$lab->fetch();
											$lab->close();
											$new_total += $total;
			                            	$containers = ceil($new_total/$capacity);
											
											$update = $db->prepare("UPDATE Lab_Material SET total=?,quantity=? WHERE mat_id=? AND man_id=? AND lab_id=? AND capacity=? AND uom=?");
											$update->bind_param("diiiids",$new_total,$containers,$mat_id,$man_id,$lab_id,$capacity,$uom);

											if(!$update->execute()){
												$error = true;
												$message = "Amount update failed";
											}
											
											$update->close();
										}

										/* create new entry */
										else{
											$lab_mat = $db->prepare("INSERT INTO Lab_Material(lab_id,mat_id,capacity,quantity,total,location,uom,man_id) VALUES (?,?,?,?,?,?,?,?)");
											$lab_mat->bind_param("iididssi",$lab_id,$mat_id,$capacity,$data["quantity"],$total,$data["location"],$uom,$man_id);
											
											if($lab_mat->execute()){
												$flag = true;
											}

											/* transaction failed */
											else{
												$error = true;
												$message = "Transaction failed";
											}

											$lab_mat->close();
										}
									}
								}

								/* record transaction */
								if(!$error){
									$timestamp = date("Y-m-d H:i:s");
									$insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");
									$transaction = "add";
									$insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$lab_id,$data["total"],$uom);
									
									if($insert->execute()){
										$response["mat_id"] = $mat_id;
										$response["man_id"] = $man_id;
										$response["status"] = "success";
										$response["message"] = "Material added successfully";
									}

									/* transaction failed */ 
									else{
										$error = true;
										$message = "Transaction failed";
									}

									$insert->close();	
								}
							}

							/* lab not authorized */ 
							else{					
								$error = true;
								$message = "Laboratory not authorized";	
							}
						}

						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 11:	/* log out user */
						/* unset session variables and destroy session */ 
						unset($_SESSION);
						session_destroy();
						$_SESSION = array();
						$response["status"] = "success";
						break;
					case 12: 	/* fetch material details */
						/* verify args */
						if(isset($_POST["lab_id"]) and isset($_POST["mat_id"]) and isset($_POST["man_id"]) and isset($_POST["capacity"]) and isset($_POST["uom"])){
							$lab_id = $_POST["lab_id"];
							$mat_id = $_POST["mat_id"];
							$man_id = $_POST["man_id"];
							$capacity = $_POST["capacity"];
							$uom = $_POST["uom"];

							/* match lab id with authorized labs */
							if(array_key_exists($lab_id,$_SESSION["authorized"])){
								$material = $db->prepare("SELECT Material.cas,Material.state,Material.type,Material_Manufacturer.sds FROM Material INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id LEFT JOIN Material_Manufacturer ON Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id WHERE Lab_Material.lab_id=? AND Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.man_id=? AND Lab_Material.uom=?");

								$material->bind_param("iidis",$lab_id,$mat_id,$capacity,$man_id,$uom);
								$material->execute();
								$material->bind_result($cas,$state,$type,$sds);
								$material->store_result();

								$hazard = $db->prepare("SELECT DISTINCT(Material_Hazard.code) FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.lab_id=? AND Lab_Material.man_id=? AND Lab_Material.uom=? ORDER BY Material_Hazard.code ASC");
								
								/* fetch material details */
								$response["material"] = array();
								if($material->num_rows > 0){
									while($material->fetch()){
										$hazard->bind_param("idiis",$mat_id,$capacity,$lab_id,$man_id,$uom);
										$hazard->execute();
										$hazard->bind_result($ghs);
										$hazard->store_result();
										
										$full_ghs = array();
										$full_description = array();
										
										/* fetch hazard details */
										while($hazard->fetch()){
											if(!(array_search($ghs,$full_ghs))){
												array_push($full_ghs,$ghs);
											}
										}

										$response["material"] = array("cas" => $cas,"ghs" => implode(",",$full_ghs),"state" => $state,"type" => $type,"sds" => urlencode($sds));

									}

									$material->close();
							    	$response["status"] = "success";
								}

								/* empty query */ 
								else{
									$error = true;
									$message = "Material not found";
								}
							}

							/* lab not authorized */ 
							else{					
								$error = true;
								$message = "Laboratory not authorized";	
							}
						}

						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 13:	/* fetch personnel */
						$personnel = $db->prepare("SELECT person_id,person_name FROM Person ORDER BY person_name ASC");
						$personnel->execute();
						$personnel->bind_result($person_id,$person_name);
						$personnel->store_result();
						
						$response["personnel"] = array();

						/* fetch entries */
						while($personnel->fetch()){
							array_push($response["personnel"],array("person_id" => $person_id,"person_name" => $person_name));
						}

						$personnel->close();
				    	$response["status"] = "success";
						break;
					case 14: 	/* add lab */
						/* verify args */
						if(isset($_POST["lab_name"]) and isset($_POST["lab_room"]) and isset($_POST["department"]) and isset($_POST["building"]) and isset($_POST["extension"]) and isset($_POST["pi"])){
							$lab_name = $_POST["lab_name"];
							$lab_room = $_POST["lab_room"];
							$department = $_POST["department"];
							$building = $_POST["building"];
							$extension = $_POST["extension"];
							$pi = $_POST["pi"];
							$access_level = "investigator";

				            /* admins */
				            if($_SESSION["access_level"] == "admin"){
				            	/*  */
								$add_laboratory = $db->prepare("INSERT INTO Laboratory(lab_room,department,building,extension,pi,cho,lab_name) VALUES (?,?,?,?,?,?,?)");
								$add_laboratory->bind_param("sssiiis",$lab_room,$department,$building,$extension,$pi,$pi,$lab_name);
								/* extract id */
								if($add_laboratory->execute()){
									$lab_id = $add_laboratory->insert_id;

									/* authorize pi */
									$auth = $db->prepare("INSERT INTO Authorized(person_id,lab_id,access_level) VALUES (?,?,?)");
									$auth->bind_param("iis",$pi,$lab_id,$access_level);
									
									if($auth->execute()){
										$admins = [75,76];
										$access_level = "admin";

										foreach($admins as $key => $admin){
											$auth->bind_param("iis",$admin,$lab_id,$access_level);
											if(!($auth->execute())){
												$error = true;
												$message = "Access level not granted";
												break;
											}
										}

										$response["lab_id"] = $lab_id;
						    			$_SESSION["authorized"][$lab_id] = array("lab_name" => $lab_name, "access_level" => $_SESSION["access_level"]);
										$response["status"] = "success";
										$response["message"] = "Laboratory created successfully";
									}

									/* access level not granted */
									else{
										$error = true;
										$message = "Access level not granted";
									}

									$auth->close();
								}

								/* query failed */ 
								else{
									$error = true;
									$message = "Laboratory creation failed";
								}

								$add_laboratory->close();
				            }

				            /* restricted access level */
				            else{
								$error = true;
								$message = "Action not allowed";
				            }
						}

						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 15:	/* fetch personnel/access levels */
			            if($_SESSION["access_level"] == "admin" or $_SESSION["access_level"] == "investigator"){
							$personnel = $db->prepare("SELECT person_id,person_name FROM Person WHERE person_id!=? AND person_id!=75 AND person_id!=76 ORDER BY person_name ASC");
							$personnel->bind_param("i",$_SESSION["person_id"]);
							$personnel->execute();
							$personnel->bind_result($person_id,$person_name);
							$personnel->store_result();

							/* generate personnel array */
							$response["personnel"] = array();
							while($personnel->fetch()){
								array_push($response["personnel"],array("person_id" => $person_id,"person_name" => $person_name));
							}

							$personnel->close();

							$access = $db->prepare("SELECT Person.person_id,Person.person_name,Laboratory.lab_room,Laboratory.lab_id,Authorized.access_level FROM Person INNER JOIN Authorized ON Person.person_id=Authorized.person_id INNER JOIN Laboratory ON Laboratory.lab_id=Authorized.lab_id WHERE Person.person_id!=? AND Authorized.access_level!='admin' AND Authorized.access_level!='none' ORDER BY person_name ASC");
							$access->bind_param("i",$_SESSION["person_id"]);
							$access->execute();
							$access->bind_result($person_id,$person_name,$lab_room,$lab_id,$access_level);
							$access->store_result();

							/* generate access levels array */
							$response["access_levels"] = array();
							while($access->fetch()){
								$response["access_levels"][$person_id][$lab_id] = array("lab_room" => $lab_room,"access_level" => $access_level);
							}

							$access->close();

							/* extract authorized laboratories */
							$auth = $db->prepare("SELECT Authorized.lab_id,Laboratory.lab_room,Authorized.access_level FROM Authorized INNER JOIN Laboratory ON Laboratory.lab_id = Authorized.lab_id WHERE person_id=? AND Authorized.access_level!='none' ORDER BY Laboratory.lab_room ASC");
							$auth->bind_param("i",$_SESSION["person_id"]);
							$auth->execute();
							$auth->bind_result($lab_id,$lab_room,$access_level);

							/* generate authorized arrays */
							$response["labs"] = array();
							$_SESSION["authorized"] = array();
							$response["authorized"] = array();
							while($auth->fetch()){
								array_push($response["labs"],array("lab_id" => $lab_id,"lab_room" => $lab_room));
						    	$_SESSION["authorized"][$lab_id] = array("lab_room" => $lab_room, "access_level" => $access_level);
								$response["authorized"][$lab_id] = array("lab_room" => $lab_room,"access_level" => $access_level);
							}

							$auth->close();
							$response["status"] = "success";
			            }

			            /* restricted access level */
			            else{
							$error = true;
							$message = "Access denied";
			            }
						break;
					case 16:    /* update access level */				
						/* verify args */
						if(isset($_POST["lab_id"]) and isset($_POST["person_id"]) and isset($_POST["access_level"]) and isset($_POST["action"])){
							$lab_id = $_POST["lab_id"];
							$person_id = $_POST["person_id"];
							$access_level = $_POST["access_level"];
							$action = $_POST["action"];

				            /* register user */
				            if($_SESSION["access_level"] == "admin" or $_SESSION["access_level"] == "investigator"){
				            	if($action == "authorize"){
									$insert = $db->prepare("INSERT INTO Authorized(person_id,lab_id,access_level) VALUES (?,?,?)");
									$insert->bind_param("iis",$person_id,$lab_id,$access_level);
									
									if($insert->execute()){
										$response["status"] = "success";
										$response["message"] = "Access level granted";
									}

									/* insert failed */ 
									else{
										/* match lab id with authorized labs */
										if(array_key_exists($lab_id,$_SESSION["authorized"])){
											$flag = false;
											if($_SESSION["access_level"] != "admin"){
												$select = $db->prepare("SELECT pi FROM Laboratory WHERE lab_id=?");
												$select->bind_param("i",$lab_id);
												$select->execute();
												$select->bind_result($pi);
												$select->store_result();
												$select->fetch();
												
												if($pi == $person_id){
													$error = true;
													$flag = true;
													$message = "Access level not updated";
												}

												$select->close();
											}

											if(!$flag){
												$update = $db->prepare("UPDATE Authorized SET access_level=? WHERE person_id=? AND lab_id=?");
												$update->bind_param("sii",$access_level,$person_id,$lab_id);
												
												if($update->execute()){
													$response["status"] = "success";
													$response["message"] = "Access level updated";
												}
												
												/* update failed */ 
												else{
													$error = true;
													$message = "Access level not updated";
												}

												$update->close();
											}
										}

										/* lab not authorized */ 
										else{
											$error = true;
											$message = "Action not allowed";
										}
									}

									$insert->close();
				            	}

				            	/* restrict */
				            	else{
									/* match lab id with authorized labs */
									if(array_key_exists($lab_id,$_SESSION["authorized"])){
										$flag = false;
										if($_SESSION["access_level"] != "admin"){
											$select = $db->prepare("SELECT pi FROM Laboratory WHERE lab_id=?");
											$select->bind_param("i",$lab_id);
											$select->execute();
											$select->bind_result($pi);
											$select->store_result();
											$select->fetch();
											
											if($pi == $person_id){
												$error = true;
												$flag = true;
												$message = "Access level not updated";
											}

											$select->close();
										}

										if(!$flag){
											$update = $db->prepare("UPDATE Authorized SET access_level=? WHERE person_id=? AND lab_id=?");	 
											$update->bind_param("sii",$access_level,$person_id,$lab_id);
											if($update->execute()){
												$response["status"] = "success";
												$response["message"] = "Access level updated";
											}

											/* update failed */ 
											else{
												$error = true;
												$message = "Access level not updated";
											}

											$update->close();
										}
									}

									/* lab not authorized */ 
									else{
										$error = true;
										$message = "Action not allowed";
									}
				            	}
				            }

				            /* restricted access level */
				            else{
								$error = true;
								$message = "Action not allowed";
				            }
						}

						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 17:	/* fetch laboratories */
			            if($_SESSION["access_level"] === "admin" or $_SESSION["access_level"] === "investigator"){
					        if($_SESSION["access_level"] === "admin"){
					        	$query = "SELECT Laboratory.lab_id,Laboratory.lab_room,Laboratory.department,Laboratory.building,Laboratory.extension,Laboratory.pi,Person.person_name,Laboratory.lab_name FROM Laboratory INNER JOIN Person ON Person.person_id=Laboratory.pi ORDER BY Laboratory.lab_room ASC";
					        	$bind_flag = false;
					        }

					        else if($_SESSION["access_level"] === "investigator"){
				        		$query = "SELECT Laboratory.lab_id,Laboratory.lab_room,Laboratory.department,Laboratory.building,Laboratory.extension,Laboratory.pi,Person.person_name,Laboratory.lab_name FROM Laboratory INNER JOIN Person ON Person.person_id=Laboratory.pi WHERE Laboratory.pi=?  ORDER BY Laboratory.lab_room ASC";
				        		$bind_flag = true;
				        	}

							$labs = $db->prepare($query);
							if($bind_flag){
								$labs->bind_param("i",$_SESSION["person_id"]);
							}

							$labs->execute();
							$labs->bind_result($lab_id,$lab_room,$department,$building,$extension,$pi,$person_name,$lab_name);

							/* extract authorized laboratories */
							$response["laboratories"] = array();
							while($labs->fetch()){
			                	array_push($response["laboratories"],array("lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room),"lab_name" => $lab_name,"department" => $department,"building" => $building,"extension" => $extension,"pi" => array("person_id" => $pi,"person_name" => $person_name)));
							}

							$labs->close();
							$response["status"] = "success";
						}

			            /* restricted access level */
			            else{
							$error = true;
							$message = "Access denied";
			            }	
						break;
					case 18: 	/* edit lab */
						/* verify args */
						if(isset($_POST["lab_id"]) and isset($_POST["lab_name"]) and isset($_POST["lab_room"]) and isset($_POST["department"]) and isset($_POST["building"]) and isset($_POST["extension"]) and isset($_POST["pi"])){
							$lab_id = $_POST["lab_id"];
							$lab_name = $_POST["lab_name"];
							$lab_room = $_POST["lab_room"];
							$department = $_POST["department"];
							$building = $_POST["building"];
							$extension = $_POST["extension"];
							$pi = $_POST["pi"];
							$access_level = "investigator";

				            /* update lab */
				            if(($_SESSION["access_level"] == "admin" or $_SESSION["access_level"] == "investigator") and array_key_exists($lab_id,$_SESSION["authorized"])){
								$update = $db->prepare("UPDATE Laboratory SET lab_room=?,department=?,building=?,extension=?,pi=?,lab_name=? WHERE lab_id=?");
								$update->bind_param("ssssisi",$lab_room,$department,$building,$extension,$pi,$lab_name,$lab_id);

								/* authorize pi */
								if($update->execute()){
									$auth = $db->prepare("INSERT INTO Authorized(person_id,lab_id,access_level) VALUES (?,?,?)");
									$auth->bind_param("iis",$pi,$lab_id,$access_level);
									
									if($auth->execute()){
										$response["status"] = "success";
										$response["message"] = "Laboratory updated successfully";
									}

									/* possible duplicate */
									else{
										$update = $db->prepare("UPDATE Authorized SET access_level=? WHERE person_id=? AND lab_id=?");
										$update->bind_param("sii",$access_level,$pi,$lab_id);
										
										if($update->execute()){
											$response["status"] = "success";
											$response["message"] = "Laboratory updated successfully";
										}

										/* update failed */ 
										else{
											$error = true;
											$message = "Access level not granted";
										}
									}

									$auth->close();
								}

								/* update failed */
								else{
									$error = true;
									$message = "Laboratory update failed";
								}

								$update->close();
				            }

				            /* restricted access level */
				            else{
								$error = true;
								$message = "Action not allowed";
				            }
						}

						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 19: 	/* fetch materials */
						/* verify args */
						if(isset($_POST["page"])){
							$page = $_POST["page"];
							$offset = $page * 50;

			            	/* generate query */
							$query = "SELECT Material.mat_id,Material.mat_name,Material.cas,Lab_Material.uom,Lab_Material.total FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id WHERE ";
							
							foreach($_SESSION["authorized"] as $lab_id => $auth){
			            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";
			            	}

			            	$query = substr($query,0,-3);
			            	$query .= "ORDER BY Material.mat_name";

			            	$materials = $db->prepare($query);
							$materials->execute();
							$materials->bind_result($mat_id,$mat_name,$cas,$uom,$total);
							$materials->store_result();

							/* fetch material data */
							$response["materials"] = array();
							$response["identifiers"] = array();

							while($materials->fetch()){
								if(!array_key_exists($mat_id,$response["materials"])){
									$response["materials"][$mat_id] = array("mat_name" => $mat_name,"cas" => $cas,"total" => array(utf8_encode($uom) => $total));
									array_push($response["identifiers"],array("mat_id" => $mat_id));
								}

								else{
									if(!array_key_exists($uom,$response["materials"][$mat_id]["total"])){
										$response["materials"][$mat_id]["total"][utf8_encode($uom)] = $total;
									}

									else{
										$response["materials"][$mat_id]["total"][utf8_encode($uom)] += $total;
									}
								}
							}
							
							$materials->close();
							$response["status"] = "success";
			            }

						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 20: 	/* fetch total materials */
						$query = "SELECT COUNT(*) FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id INNER JOIN Laboratory ON Laboratory.lab_id=Lab_Material.lab_id WHERE ";
		            	
		            	foreach($_SESSION["authorized"] as $lab_id => $auth){
		            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";
		            	}

		            	$query = substr($query,0,-4);

		            	$count = $db->prepare($query);
						$count->execute();
						$count->bind_result($total);
						$count->store_result();

						if($count->fetch()){
							$response["total"] = $total;
							$response["status"] = "success";
						}

						/* some error */
						else{
							$error = true;
							$message = "Some error ocurred";
						}

						$count->close();
						break;
					case 21: 	/* fetch material info */
						/* verify args */
						if(isset($_POST["mat_id"])){
							$mat_id = $_POST["mat_id"];
			            	$query = "SELECT Lab_Material.uom,Lab_Material.man_id,Manufacturer.man_name,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.lab_id,Laboratory.lab_room FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id INNER JOIN Laboratory ON Laboratory.lab_id=Lab_Material.lab_id WHERE Material.mat_id=? AND (";

							foreach($_SESSION["authorized"] as $lab_id => $auth){
			            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";
			            	}

		            		$query = substr($query,0,-4);
			            	$query .= ")  ORDER BY Material.mat_name ASC";

			            	$material = $db->prepare($query);
							$material->bind_param("i",$mat_id);
							$material->execute();
							$material->bind_result($uom,$man_id,$man_name,$capacity,$quantity,$total,$lab_id,$lab_room);
							$material->store_result();
							
							$response["details"] = array();
							while($material->fetch()){
								array_push($response["details"],array("lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room),"manufacturer" => $man_name,"capacity" => $capacity . $uom,"quantity" => $quantity,"total" => $total . $uom));
							}
							
							$material->close();
							$response["status"] = "success";
			            }

						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 22: 	/* fetch transactions */
			            if($_SESSION["access_level"] === "admin" or $_SESSION["access_level"] === "investigator"){
							$query = "SELECT Person.person_name,Transaction.timestamp,Material.mat_name,Manufacturer.man_name,Transaction.capacity,Laboratory.lab_room,Transaction.amount,Transaction.uom,Transaction.type,Transaction.lab_id,Transaction.mat_id FROM Transaction INNER JOIN Laboratory ON Laboratory.lab_id=Transaction.lab_id INNER JOIN Material ON Material.mat_id=Transaction.mat_id INNER JOIN Person ON Person.person_id=Transaction.person_id INNER JOIN Manufacturer ON Manufacturer.man_id=Transaction.man_id WHERE ";
			            	
			            	foreach($_SESSION["authorized"] as $lab_id => $auth){
			            		$query .= "Transaction.lab_id=". $lab_id ." OR ";
			            	}

			            	$query = substr($query,0,-3);
			            	$query .= "ORDER BY Transaction.timestamp DESC";

			            	$transactions = $db->prepare($query);
							$transactions->execute();
							$transactions->bind_result($person_name,$timestamp,$mat_name,$man_name,$capacity,$lab_room,$amount,$uom,$type,$lab_id,$mat_id);
							$transactions->store_result();
							
							$response["transactions"] = array();
							while($transactions->fetch()){
								array_push($response["transactions"],array("type" => $type,"person_name" => $person_name,"timestamp" => $timestamp,"material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"man_name" => $man_name,"lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room),"capacity" => $capacity . $uom,"amount" => $amount . $uom));
							}	

							$transactions->close();
							$response["status"] = "success";
			            }

						/* not authorized */ 
						else{
							$error = true;
							$message = "Access denied";
						}
						break;
					case 23: 	/* fetch single material */
						/* verify args */
						if(isset($_POST["mat_id"])){
							$mat_id = $_POST["mat_id"];
							$query = "SELECT Material.mat_id,Material.mat_name,Material.cas,Lab_Material.uom,Lab_Material.total FROM `Material` INNER JOIN Lab_Material ON Lab_Material.mat_id=Material.mat_id WHERE Material.mat_id=? AND (";
							
							foreach($_SESSION["authorized"] as $lab_id => $auth){
			            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";
			            	}

			            	$query = substr($query,0,-4);
			            	$query .= ")";

			            	$material = $db->prepare($query);
			            	$material->bind_param("i",$mat_id);
							$material->execute();
							$material->bind_result($mat_id,$mat_name,$cas,$uom,$total);
							$material->store_result();

							/* fetch material data */
							$response["material"] = array();
							$response["identifier"] = array();

							while($material->fetch()){
								if(!array_key_exists($mat_id,$response["material"])){
									$response["material"][$mat_id] = array("mat_name" => $mat_name,"cas" => $cas,"total" => array(utf8_encode($uom) => $total));
									array_push($response["identifier"],array("mat_id" => $mat_id));
								}

								else{
									if(!array_key_exists($uom,$response["material"][$mat_id]["total"])){
										$response["material"][$mat_id]["total"][utf8_encode($uom)] = $total;
									}

									else{
										$response["material"][$mat_id]["total"][utf8_encode($uom)] += $total;
									}
								}
							}

							$material->close();
							$response["status"] = "success";
						}

						/* missing args */ 
						else{
							$error = true;
							$message = "One or more arguments missing";
						}
						break;
					case 24: 	/* download table */
						/* verify args */
						if(isset($_POST["download_type"])){
			            	/* handle by download type */
							$download_type = $_POST["download_type"];
			            	switch($download_type){
			            		case "full_report": 			/* full material report */
			            			/* fetch material data */
									$query = "SELECT Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Material.state,Material.type,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location,Laboratory.lab_room FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id WHERE (";
									
									/* authorized labs */
									foreach($_SESSION["authorized"] as $lab_id => $auth){
					            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";
					            	}

				            		$query = substr($query,0,-4);
				            		$query .= ") ORDER BY Material.mat_name";
					            	$title = "Full Material Report";
					            	$file_name = $download_type . ".csv";

					            	$report = $db->prepare($query);
									$report->execute();
									$report->bind_result($mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$state,$type,$capacity,$quantity,$total,$uom,$location,$lab_room);
									$report->store_result();

									$hazard = $db->prepare("SELECT Material_Hazard.code,Hazard.description FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.man_id=? GROUP BY Material_Hazard.code,Hazard.description ORDER BY Material_Hazard.code ASC");

									$key = 2;
									$data = array(array(""),array("Material","Manufacturer","SDS Link","CAS Num.","State","Type","Capacity","Quantity","Total","GHS Code","Hazard Description","Location","Laboratory"));
									
									while($report->fetch()){
										$hazard->bind_param("idi",$mat_id,$capacity,$man_id);
										$hazard->execute();
										$hazard->bind_result($ghs,$description);
										$hazard->store_result();
										
										$full_ghs = array();
										$full_description = array();
										
										/* fetch hazard details */
										while($hazard->fetch()){
											if(!(array_search($ghs,$full_ghs))){
												array_push($full_ghs,$ghs);
												array_push($full_description,$description);
											}
										}

										$data[$key] = array("mat_name" => $mat_name,"man_name" => $man_name,"sds" => $sds,"cas" => $cas,"state" => $state,"type" => $type,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"ghs" => implode(",",$full_ghs),"description" => implode(",",$full_description),"location" => $location,"lab_room" => $lab_room);
										$key += 1;
									}

									/* generate csv */
									$hazard->close();
									$report->close();
							    	$response["status"] = "success";
									$response["file_name"] = $file_name;
									$response["url"] = gen_csv($data,$title);
			            			break;
								case "full_lab_report": 		/* full lab report */
			            			/* fetch material data */
									$query = "SELECT Lab_Material.lab_id,Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Laboratory.lab_room FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id WHERE (";
									
									/* authorized labs */
									foreach($_SESSION["authorized"] as $lab_id => $auth){
					            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";
					            	}

				            		$query = substr($query,0,-4);
					            	$query .= ")  ORDER BY Material.mat_name";
					            	$title = "Full Laboratory Report";
					            	$file_name = $download_type . ".csv";

					            	$report = $db->prepare($query);
									$report->execute();
									$report->bind_result($lab_id,$mat_id,$man_id,$mat_name,$capacity,$quantity,$total,$uom,$lab_room);
									$report->store_result();

									$data = array();
									$labs = array();
									
									/* fetch material quantities */
									while($report->fetch()){
										if(!array_key_exists($mat_id,$data)){
											$data[$mat_id] = array("mat_name" => $mat_name,"total" => array($uom => $total),"uom" => array($uom));
										}

										/* update totals */
										else{
											if(!array_key_exists($uom,$data[$mat_id]["total"])){
												$data[$mat_id]["total"][$uom] = $total;
												array_push($data[$mat_id]["uom"],$uom);
											}
											else{
												$data[$mat_id]["total"][$uom] += $total;
											}
										}
										
										/* save lab quantities */
										if(!array_key_exists($mat_id,$labs)){
											$labs[$mat_id] = array();
										}

										/* duplicate laboratories */
										if(!array_key_exists($lab_id,$labs[$mat_id])){
											$labs[$mat_id][$lab_id] = array(array("lab_room" => $lab_room,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom));
										}

										else{
							        		array_push($labs[$mat_id][$lab_id],array("lab_room" => $lab_room,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"uom" => $uom));

										}
									}

									/* generate report format */
									$key = 2;
									$tmp = array(array(""),array("Material","Total","Laboratories"));
							        foreach($data as $mat_id => $arr){
							        	$total = "";
							        	foreach($data[$mat_id]["total"] as $uom => $value){
							        		$total .= $data[$mat_id]["total"][$uom].$uom." / "; 
							        	}
										$total = substr($total,0,-3);
										$tmp[$key] = array("","");
							            $tmp[$key+1] = array("","");
							            $tmp[$key+2] = array($data[$mat_id]["mat_name"],$total);

							        	foreach($labs[$mat_id] as $lab_id => $lab_data){
							        		for($i=0; $i < sizeof($lab_data); $i++){
								        		array_push($tmp[$key],$labs[$mat_id][$lab_id][$i]["lab_room"]);
								        		array_push($tmp[$key],"");
								        		array_push($tmp[$key],"");
								        		array_push($tmp[$key+1],"Capacity");
								        		array_push($tmp[$key+1],"Qty.");
								        		array_push($tmp[$key+1],"Total");
								        		array_push($tmp[$key+2],$labs[$mat_id][$lab_id][$i]["capacity"].$labs[$mat_id][$lab_id][$i]["uom"]);
								        		array_push($tmp[$key+2],$labs[$mat_id][$lab_id][$i]["quantity"]);
								        		array_push($tmp[$key+2],$labs[$mat_id][$lab_id][$i]["total"].$labs[$mat_id][$lab_id][$i]["uom"]);
							        		}
							        	}

							        	$tmp[$key+3] = array("");
							        	$key += 4;
							        }

									/* generate csv */
									$report->close();
							    	$response["status"] = "success";
									$response["file_name"] = $file_name;
									$response["url"] = gen_csv($tmp,$title);
			            			break;
								case "ghs_report": 		/* ghs report */
									/* verify args */
									if(isset($_POST["ghs"])){
										$ghs = $_POST["ghs"];
					            		$query = "SELECT Hazard.description,Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location,Laboratory.lab_room,Laboratory.lab_id FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE ((";

										foreach($_SESSION["authorized"] as $lab_id => $auth){
						            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";
						            	}

						            	$query = substr($query,0,-4);
						            	$query .= ") AND Material_Hazard.code=?) ORDER BY Material.mat_name ASC";
						            	
						            	$report = $db->prepare($query);
						            	$report->bind_param("s",$ghs);
										$report->execute();
										$report->bind_result($description,$mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$capacity,$quantity,$total,$uom,$location,$lab_room,$lab_id);
										$report->store_result();

										$key = 2;
										$data = array(array(""),array("Material","Manufacturer","SDS Link","CAS Num.","Capacity","Quantity","Total","Location","Laboratory"));
										while($report->fetch()){
											$data[$key] = array("mat_name" => $mat_name,"man_name" => $man_name,"sds" => urlencode($sds),"cas" => $cas,"capacity" => $capacity.$uom,"quantity" => $quantity,"total" => $total.$uom,"location" => $location,"lab_room" => $lab_room);
											$key += 1;
										}

										/* generate csv */
										$report->close();
								    	$response["status"] = "success";
										$response["file_name"] = $ghs . "_report.csv";
										$response["url"] = gen_csv($data,$ghs ." Report \nDescription: " . $description);
									}
			            			
									/* missing args */
									else{
										$error = true;
										$message = "One or more args are missing";
									}
			            			break;
			            		case "lab_report":
									/* verify args */
									if(isset($_POST["lab_id"])){
				            			/* fetch material data */
										$lab_id = $_POST["lab_id"];
										if(array_key_exists($lab_id,$_SESSION["authorized"])){

							            	$lab_room = $_SESSION["authorized"][$lab_id]["lab_room"];
							            	$title = $lab_room . " Lab Report";
							            	$file_name = $lab_room . "_" . $download_type . ".csv";

							            	$report = $db->prepare("SELECT Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Material.state,Material.type,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id WHERE Lab_Material.lab_id=? ORDER BY Material.mat_name");
							            	$report->bind_param("i",$lab_id);
											$report->execute();
											$report->bind_result($mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$state,$type,$capacity,$quantity,$total,$uom,$location);
											$report->store_result();

											$hazard = $db->prepare("SELECT Material_Hazard.code,Hazard.description FROM Lab_Material INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE Lab_Material.mat_id=? AND Lab_Material.capacity=? AND Lab_Material.man_id=? GROUP BY Material_Hazard.code,Hazard.description ORDER BY Material_Hazard.code ASC");

											$key = 2;
											$data = array(array(""),array("Material","Manufacturer","SDS Link","CAS Num.","State","Type","Capacity","Quantity","Total","GHS Code","Hazard Description","Location","Laboratory"));
											
											while($report->fetch()){
												$hazard->bind_param("idi",$mat_id,$capacity,$man_id);
												$hazard->execute();
												$hazard->bind_result($ghs,$description);
												$hazard->store_result();
												
												$full_ghs = array();
												$full_description = array();
												
												/* fetch hazard details */
												while($hazard->fetch()){
													if(!(array_search($ghs,$full_ghs))){
														array_push($full_ghs,$ghs);
														array_push($full_description,$description);
													}
												}

												$data[$key] = array("mat_name" => $mat_name,"man_name" => $man_name,"sds" => $sds,"cas" => $cas,"state" => $state,"type" => $type,"capacity" => $capacity,"quantity" => $quantity,"total" => $total,"ghs" => implode(",",$full_ghs),"description" => implode(",",$full_description),"location" => $location,"lab_room" => $lab_room);
												$key += 1;
											}

											/* generate csv */
											$hazard->close();
											$report->close();
									    	$response["status"] = "success";
											$response["file_name"] = $file_name;
											$response["url"] = gen_csv($data,$title);
										}
									}
									
									/* missing args */
									else{
										$error = true;
										$message = "One or more args are missing";
									}
			            			break;
			            		default:
									$error = true;
									$message = "Incorrect download type";
			            			break;
			            	}
						}

						/* missing args */
						else{
							$error = true;
							$message = "One or more args are missing";
						}
						break;
					case 25: 	/* fetch ghs codes */
		            	$ghs = $db->prepare("SELECT DISTINCT(code) FROM Material_Hazard ORDER BY code ASC");
						$ghs->execute();
						$ghs->bind_result($code);
						$ghs->store_result();

						$response["ghs"] = array();
						while($ghs->fetch()){
							$response["ghs"][$code] = array("icon" => urlencode("/images/" . $code . ".png"));
						}

						$ghs->close();
				    	$response["status"] = "success";
						break;
					case 26: 	/* fetch materials by ghs */
						/* verify args */
						if(isset($_POST["ghs"])){
							$ghs = $_POST["ghs"];
		            		$query = "SELECT DISTINCT Hazard.description,Lab_Material.mat_id,Lab_Material.man_id,Material.mat_name,Manufacturer.man_name,Material_Manufacturer.sds,Material.cas,Lab_Material.capacity,Lab_Material.quantity,Lab_Material.total,Lab_Material.uom,Lab_Material.location,Laboratory.lab_room,Laboratory.lab_id FROM Lab_Material INNER JOIN Material ON Material.mat_id=Lab_Material.mat_id INNER JOIN Manufacturer ON Manufacturer.man_id=Lab_Material.man_id LEFT JOIN Material_Manufacturer ON (Material_Manufacturer.mat_id=Material.mat_id AND Material_Manufacturer.man_id=Lab_Material.man_id) INNER JOIN Laboratory ON Lab_Material.lab_id=Laboratory.lab_id INNER JOIN Material_Hazard ON Material_Hazard.mat_id=Lab_Material.mat_id INNER JOIN Hazard ON Hazard.code=Material_Hazard.code WHERE ((";

							foreach($_SESSION["authorized"] as $lab_id => $auth){
			            		$query .= "Lab_Material.lab_id=". $lab_id ." OR ";
			            	}

			            	$query = substr($query,0,-4);
			            	$query .= ") AND Material_Hazard.code=?) ORDER BY Material.mat_name ASC";
			            	
			            	$materials = $db->prepare($query);
			            	$materials->bind_param("s",$ghs);
							$materials->execute();
							$materials->bind_result($description,$mat_id,$man_id,$mat_name,$man_name,$sds,$cas,$capacity,$quantity,$total,$uom,$location,$lab_room,$lab_id);
							$materials->store_result();

							$response["ghs"] = array();
							while($materials->fetch()){
								array_push($response["ghs"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"sds" => urlencode($sds),"cas" => $cas,"capacity" => $capacity.$uom,"quantity" => $quantity,"total" => $total.$uom,"location" => $location,"laboratory" => array("lab_id" => $lab_id,"lab_room" => $lab_room)));
							}

							$materials->close();
					    	$response["status"] = "success";
					    	$response["description"] = $description;
						}
						
						/* missing args */
						else{
							$error = true;
							$message = "One or more args are missing";
						}
						break;
					case 27: 	/* fetch offered materials */
		            	$offered = $db->prepare("SELECT Person.person_name,Person.person_id,Laboratory.lab_room,Offered_Material.lab_id,Manufacturer.man_name,Offered_Material.man_id,Material.mat_name,Offered_Material.mat_id,Offered_Material.capacity,Offered_Material.uom,Offered_Material.amount,Offered_Material.timestamp FROM Offered_Material INNER JOIN Laboratory ON Laboratory.lab_id=Offered_Material.lab_id INNER JOIN Material ON Material.mat_id=Offered_Material.mat_id INNER JOIN Person ON Person.person_id=Offered_Material.person_id INNER JOIN Manufacturer ON Manufacturer.man_id=Offered_Material.man_id ORDER BY Offered_Material.timestamp DESC");
						$offered->execute();
						$offered->bind_result($person_name,$person_id,$lab_room,$lab_id,$man_name,$man_id,$mat_name,$mat_id,$capacity,$uom,$amount,$timestamp);
						$offered->store_result();

						/* save materials */
						$response["offered"] = array();
						while($offered->fetch()){
							array_push($response["offered"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name,"uom" => $uom,"timestamp" => $timestamp),"timestamp" => $timestamp,"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"capacity" => $capacity.$uom,"amount" => $amount.$uom,"person" => array("person_id" => $person_id,"person_name" => $person_name),"lab" => array("lab_id" => $lab_id,"lab_room" => $lab_room)));
						}

						$offered->close();
				    	$response["status"] = "success";
						$response["person_id"] = $_SESSION["person_id"];
						break;
					case 28: 	/* request offered materials */
			            /* verify args */
						if(isset($_POST["person_id"]) and isset($_POST["lab_id"]) and isset($_POST["request"])){
							$request = json_decode($_POST["request"],true);
							$mat_id = $request["material"]["mat_id"];
							$timestamp = $request["material"]["timestamp"];
							$man_id = $request["manufacturer"]["man_id"];
							$o_lab_id = $request["lab"]["lab_id"];
							$n_lab_id = $_POST["lab_id"];
							$uom = $request["material"]["uom"];
							$capacity = str_replace($uom,"",$request["capacity"]);
							$amount = str_replace($uom,"",$request["amount"]);
							$person_id = $_POST["person_id"];

			            	$insert = $db->prepare("INSERT INTO Request(`timestamp`,person_id,mat_id,man_id,capacity,uom,lab_id,amount,request_lab_id) VALUES (?,?,?,?,?,?,?,?,?)");
							$insert->bind_param("siiidsidi",$timestamp,$person_id,$mat_id,$man_id,$capacity,$uom,$o_lab_id,$amount,$n_lab_id);

							if($insert->execute()){
					    		$response["status"] = "success";
					    		$response["message"] = "Request submited";
							}

							/* request failed */
							else{
								$error = true;
								$message = "Request failed";
							}

							$insert->close();
						}

						/* missing args */
						else{
							$error = true;
							$message = "One or more args are missing";
						}
						break;
					case 29: 	/* fetch requested materials */
		            	$requested = $db->prepare("SELECT Person.person_name,Person.person_id,Laboratory.lab_room,L.lab_room,Request.lab_id,Request.request_lab_id,Manufacturer.man_name,Request.man_id,Material.mat_name,Request.mat_id,Request.capacity,Request.uom,Request.amount,Request.request_lab_id,Request.timestamp FROM Request INNER JOIN Laboratory ON Laboratory.lab_id=Request.lab_id INNER JOIN Material ON Material.mat_id=Request.mat_id INNER JOIN Person ON Person.person_id=Request.person_id INNER JOIN Manufacturer ON Manufacturer.man_id=Request.man_id INNER JOIN Laboratory as L ON L.lab_id=Request.request_lab_id ORDER BY Material.mat_name ASC");
						$requested->execute();
						$requested->bind_result($person_name,$person_id,$prev_lab_room,$new_lab_room,$prev_lab_id,$new_lab_id,$man_name,$man_id,$mat_name,$mat_id,$capacity,$uom,$amount,$request_lab_id,$timestamp);
						$requested->store_result();

						$response["requested"] = array();
						while($requested->fetch()){
							array_push($response["requested"],array("material" => array("mat_id" => $mat_id,"mat_name" => $mat_name,"uom" => $uom,"timestamp" => $timestamp),"manufacturer" => array("man_id" => $man_id,"man_name" => $man_name),"capacity" => $capacity.$uom,"amount" => $amount.$uom,"person" => array("person_id" => $person_id,"person_name" => $person_name),"prev_lab" => array("lab_id" => $prev_lab_id,"lab_room" => $prev_lab_room),"new_lab" => array("lab_id" => $new_lab_id,"lab_room" => $new_lab_room)));
						}

						$requested->close();
				    	$response["status"] = "success";
						break;
					case 30: 	/* handle requested materials */
			            /* verify args */
						if(isset($_POST["type"]) and isset($_POST["material"])){
							$type = $_POST["type"];
							$material = json_decode($_POST["material"],true);
							$mat_id = $material["material"]["mat_id"];
							$timestamp = $material["material"]["timestamp"];
							$man_id = $material["manufacturer"]["man_id"];
							$prev_lab_id = $material["prev_lab"]["lab_id"];
							$new_lab_id = $material["new_lab"]["lab_id"];
							$uom = $material["material"]["uom"];
							$capacity = (float) str_replace($uom,"",$material["capacity"]);
							$amount = (float) str_replace($uom,"",$material["amount"]);
							$person_id = $material["person"]["person_id"];
							$quantity = ceil($amount/$capacity);
							$location = "n/a";
							$delete = false;

							if($type === "accept"){
								$transaction = "add";
								$select = $db->prepare("SELECT total FROM Lab_Material WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=?");
								$select->bind_param("iidis",$mat_id,$new_lab_id,$capacity,$man_id,$uom);
								$select->execute();
								$select->bind_result($total);
								$select->store_result();

								if($select->num_rows > 0){
									$select->fetch();
									$total += $amount;

									$update = $db->prepare("UPDATE Lab_Material SET total=? WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=?");
									$update->bind_param("diidis",$total,$mat_id,$new_lab_id,$capacity,$man_id,$uom);
									if($update->execute()){
										$delete = true;
									}

									/* request failed */
									else{
										$error = true;
										$message = $update->error;
									}
									
									$update->close();
								}

								/* insert into lab */
								else{
									$insert = $db->prepare("INSERT INTO Lab_Material(lab_id,mat_id,capacity,quantity,total,location,uom,man_id) VALUES (?,?,?,?,?,?,?,?)");
									$insert->bind_param("iididssi",$new_lab_id,$mat_id,$capacity,$quantity,$amount,$location,$uom,$man_id);

									if($insert->execute()){
										$delete = true;
									}

									/* request failed */
									else{
										$error = true;
										$message = "Request failed";
									}

									$insert->close();
								}

								$select->close();

								/* record transaction */
								if($delete){
									$insert = $db->prepare("INSERT INTO Transaction(type,person_id,`timestamp`,mat_id,man_id,capacity,lab_id,amount,uom) VALUES (?,?,?,?,?,?,?,?,?)");
									$insert->bind_param("sisiidids",$transaction,$_SESSION["person_id"],$timestamp,$mat_id,$man_id,$capacity,$new_lab_id,$amount,$uom);

									if(!$insert->execute()){
										$error = true;
										$message = $insert->error;
										$delete = false;
					    			}

									$insert->close();
								}
							}

							else{
								$delete = true;
							}

							if($delete){
								$delete = $db->prepare("DELETE FROM Request WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=? AND person_id=? AND request_lab_id=? AND `timestamp`=?");
								$delete->bind_param("iidisiis",$mat_id,$prev_lab_id,$capacity,$man_id,$uom,$person_id,$new_lab_id,$timestamp);
								$offer = $db->prepare("DELETE FROM Offered_Material WHERE mat_id=? AND lab_id=? AND capacity=? AND man_id=? AND uom=? AND `timestamp`=?");
								$offer->bind_param("iidiss",$mat_id,$prev_lab_id,$capacity,$man_id,$uom,$timestamp);

								if($delete->execute()){
									if($offer->execute()){
						    			$response["status"] = "success";
					    				$response["message"] = "Request answered successfully";
									}

									/* request failed */
									else{
										$error = true;
										$message = "Request failed";
									}

									$offer->close();
								}

								/* request failed */
								else{
									$error = true;
									$message = "Request failed";
								}

								$delete->close();
							}
						}

						/* missing args */
						else{
							$error = true;
							$message = "One or more args are missing";
						}
						break;
					default:	/* non defined requests */
						$error = true;
						$message = "Invalid request";
						break;
				}
			}
		}

		/* missing api call */ 
		else{
			$error = true;
			$message = "One or more arguments are missing";
		}

		/* handle errors */ 
		if($error){
			$response = array("status" => "error","message" => $message);
		}

		/* query response */ 
		$db->close();
		echo json_encode(utf8_response($response));
	}

	/* start session */
	function start_session(){
		/* start user session */
		if(!isset($_SESSION)){
			session_start();
	    }
	}

	/* utf8_response($obj: array/string) - parse response as utf-8 */
	function utf8_response($obj){
	    if(is_array($obj)){
	        foreach($obj as $key => $value){
	            $obj[$key] = utf8_response($value);
	        }
	    }

		else if(is_string($obj)){
		    return utf8_encode($obj);
		}

	    return $obj;
	}

	/* session_expired() - verify if session is expired */
	function session_expired(){
		/* start session */
		start_session();

		/* check for expired session */
		if(!isset($_SESSION["last_activity"]) or (time() - $_SESSION["last_activity"]) > 1800){

			/* destroy session */
			session_unset();
			session_destroy();
			$_SESSION = array();
			$expired = true;
		}

		/* update last activity */
		else{
			/* update session id, after 30 mins */
			if((time() - $_SESSION["created"]) > 1800){
			    /* update session id/creation time */
			    session_regenerate_id(true);
			    $_SESSION["created"] = time();
			}
			
			$_SESSION['last_activity'] = time();
			$expired = false;
		}

		return $expired;
	}

	/* gen_csv($data: array of arrays,$title: string) - generate csv file */
	function gen_csv($data,$title){
		/* generate file name */
		$file_name = "../tmp/" . bin2hex(random_bytes(16)) . ".csv";

	    $f = fopen($file_name,"w");
	    fwrite($f,$title . "\n");
	    fwrite($f,"Report generated: " . $timestamp = date("Y-m-d H:i:s") . "\n");
	    foreach($data as $row){
	    	fputcsv($f,$row,",");
	    }

	    fclose($f);
	    return str_replace("..","",$file_name);
	}

	opaso();
?>